Created
April 12, 2026 11:43
-
-
Save MShekow/4cd2e3d5f1c3fe82956c53560454fc44 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file illustrates a trick for how to delete files from minimal/hardened/distroless images | |
| # that lack a shell, thus "RUN rm <path>" doesn't work. | |
| # Example use case: you want to use a minimal image as base image, but even though that image | |
| # is "minimal", it still contains a few files/folders that you want to delete (e.g. npm in a Node image). | |
| # Note: this approach does NOT make the resulting image smaller - running "rm" only marks the | |
| # deleted files/folders as deleted, making them inaccessible at run-time. The image actually grows | |
| # by approx. 2 MB, due to the busybox tools. | |
| # Note2: This is a somewhat "ugly" trick, but the alternatives (COPY, ADD) don't allow you to "replace" folders | |
| FROM some-minimal-image, e.g., mcr.microsoft.com/azurelinux/distroless/nodejs:24-nonroot | |
| ARG PATH_TO_DELETE=/some/path/you/want/to/delete # e.g. /usr/lib/node_modules which contains sub-dirs "corepack" and "npm" | |
| # Copy statically-compiled shell and "rm". We need /bin/sh to make the RUN line below work | |
| COPY --from=busybox:musl /bin/rm /rm | |
| COPY --from=busybox:musl /bin/sh /bin/sh | |
| USER 0 # user-switch only needed if the default user would be unable to delete the files otherwise | |
| # Delete the folder(s), and then also delete the shell and the "rm" tool again | |
| RUN /rm -rf $PATH_TO_DELETE && /rm /bin/sh && /rm /rm | |
| USER nonroot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment