Every statement in a dockerfile results in a new layer in the image. There is no need for an env var to store the package list when it can be included inline. This avoids the env variable being later exposed to the container at runtime. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- guests/lcitool | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 0978c40..8252dc2 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -539,34 +539,34 @@ class Application: print("FROM {}".format(facts["docker_base"])) - sys.stdout.write("ENV PACKAGES ") - sys.stdout.write(" \\\n ".join(sorted(pkgs))) - + varmap = {} + varmap["pkgs"] = " \\\n ".join(sorted(pkgs)) if package_format == "deb": sys.stdout.write(textwrap.dedent(""" RUN export DEBIAN_FRONTEND=noninteractive && \\ apt-get update && \\ apt-get dist-upgrade -y && \\ - apt-get install --no-install-recommends -y ${PACKAGES} && \\ + apt-get install --no-install-recommends -y \\ + {pkgs} && \\ apt-get autoremove -y && \\ apt-get autoclean -y - """)) + """).format(**varmap)) elif package_format == "rpm": if os_name == "Fedora" and os_version == "Rawhide": sys.stdout.write(textwrap.dedent(""" RUN yum update -y --nogpgcheck fedora-gpg-keys && \\ yum update -y && \\ - yum install -y ${PACKAGES} && \\ + yum install -y %(pkgs)s && \\ yum autoremove -y && \\ yum clean all -y - """)) + """).format(**varmap)) else: sys.stdout.write(textwrap.dedent(""" RUN yum update -y && \\ - yum install -y ${PACKAGES} && \\ + yum install -y %(pkgs)s && \\ yum autoremove -y && \\ yum clean all -y - """)) + """).format(**varmap)) def run(self): cmdline = self._parser.parse_args() -- 2.20.1