Remove $HOME/.cache dir before collecting image files

Installation of packages during GSC's build step may create files under `$HOME/.cache`. Also, some original Docker images may have unclean state with these files not removed. To prevent `finalize_manifest.py` from collecting these files for the `sgx.trusted_files` list, we remove them in the intermediate GSC image. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · Oct 21, 2022 · 7d5ca56 · 7d5ca56
1 parent af6d2f4
commit 7d5ca56
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/templates/Dockerfile.common.build.template b/templates/Dockerfile.common.build.template
@@ -20,9 +20,15 @@ RUN mkdir -p /gramine/app_files
 # Make the app image user owner of /gramine/app_files directory
 RUN chown {{app_user}} /gramine/app_files/
 
+# Remove root-user cached files if any (may have been created during install step above)
+RUN rm -rf $HOME/.cache
+
 # Switch back to original app_image user
 USER {{app_user}}
 
+# Remove original-user cached files if any (some images have unclean state)
+RUN rm -rf $HOME/.cache
+
 # Copy path-specific installation of Gramine
 {% if debug %}
 COPY --from=gramine --chown={{app_user}} /gramine/ /gramine/