Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tW1Ch-00DTOh-BS for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 09 Jan 2025 22:40:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tW1Cg-009aXY-Jf for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 09 Jan 2025 22:40:38 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tW1Cg-009aXP-Ax for pgsql-pkg-debian@lists.postgresql.org; Thu, 09 Jan 2025 22:40:38 +0000 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tW1Cc-000o7O-1e for pgsql-pkg-debian@lists.postgresql.org; Thu, 09 Jan 2025 22:40:37 +0000 Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-43622267b2eso16157985e9.0 for ; Thu, 09 Jan 2025 14:40:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ongres.com; s=gsuite; t=1736462434; x=1737067234; darn=lists.postgresql.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=GhU9K4oVVU4i8icS/wt181FA+zODCoyYW0qFVbmRywE=; b=aUd8vWp2V+YutFNVt4YWzJoohBta3cl22rcDJOcmUqJlMFkf085YxqaOQvj7j7hwTl CdR6it2vxYOTojYD3Oy0ESnc+mXYTuy8/TXuUphH7kFzWbdO0x2gkoyBvcmiz9+ToG78 JkM2dYt2kksiaqp6NOg33qsioI2wiDIlm5zkY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736462434; x=1737067234; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=GhU9K4oVVU4i8icS/wt181FA+zODCoyYW0qFVbmRywE=; b=Fi1ITRHg/rgX2J850Tuih22Wq5l3X3ZJqi9zycYf0NMruRT36RLe0+9hne3/yHABcx rDck/t6JANE4RfQm3OrLZ8PALKC/ha+y1pBzAc3a+cEFB+YSRW9hUxCDr71RHpWvkyaW jIHqpJEzWhJwkXMIJn7zUp0dqIVC2BMZ6v4dsxJ4JXzwwj1CYMG2li5SQFjC7X6B8p4/ s3Zybzf89amoTBfbKeup4WbKnn5cGBj6X/niamJVvjuW2Pz8lGO+PWJHAVCuEAHmzmNL LsvIv8kagk6yaj69bPL6v5lVSnNkhakFmsFc0SDu5uX6JTJxrC5zt8//amBce5EWhW1Y 0VdQ== X-Forwarded-Encrypted: i=1; AJvYcCWgb5vljOzN2K1B3jFdx98jq4egDvn4TsxXWP9H1hvSaCI00V10h6mh3GAUH11radnn48TVOyx6ghexBde2U8Em@lists.postgresql.org X-Gm-Message-State: AOJu0YzHsnhx2fGfJomXkw7nA0UrhtUfbgyeT2iEJrOH62c3e2Hmn0f+ EXVPr9D8AGbCRCKPFW7eCkTpIdquZHeSLBEWunWSNlKADpKACYoXP+tq5MAW/b0= X-Gm-Gg: ASbGncvTzRyvmkXhJ44739gxsI3yAEzcHx6wmJ02gJa18p6KcU9v9j0IDuNru3De5a+ OvYkiQbdfadKu4kfsi2cTgBOnoE1mQE+oaQzpvt9/tcXorg6btJVga+FpZTf/qli6JUCmolLxXk QJp25lxLvvsBpsmCS/C5b3Jqvc9nJbW8Mmfic9PCcRebwpng7UlfcKUtRqToDKfFLegK2vpcEQ+ JOTbpgs0mFrB2Sq1VRIAlJp644D/3b4P6kLM6vt75E5c77OuScwfvxIKUiw0Wpz9egVMA8WA7xG qYq3Au+fm5zIVZNy1Eal X-Google-Smtp-Source: AGHT+IGjG/mQtl9igz2tvLQe5m02RcPv0ZoL22JqWRiQKnfwPc8IN+hJgDaOpqM2EGMAgmEQw4G9RQ== X-Received: by 2002:a05:6000:712:b0:38a:615c:8225 with SMTP id ffacd0b85a97d-38a87305486mr8122151f8f.15.1736462433804; Thu, 09 Jan 2025 14:40:33 -0800 (PST) Received: from [192.168.1.115] (108.red-81-35-42.dynamicip.rima-tde.net. [81.35.42.108]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e37d0casm2898275f8f.11.2025.01.09.14.40.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 09 Jan 2025 14:40:32 -0800 (PST) Content-Type: multipart/alternative; boundary="------------t3UH03WFK0L16XZwNG2I8ZHd" Message-ID: Date: Thu, 9 Jan 2025 23:40:31 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: deb package sizes To: Jeremy Schneider Cc: Christoph Berg , pgsql-pkg-debian@lists.postgresql.org References: <20250109005301.3b145092@jeremy-ThinkPad-T430s> <20250109090845.24e1df6e@jeremy-ThinkPad-T430s> Content-Language: en-US From: =?UTF-8?B?w4FsdmFybyBIZXJuw6FuZGV6?= Autocrypt: addr=aht@ongres.com; keydata= xsFNBF8HXQQBEACnRGsBas+BUNQkdN0O0qqfjL/G78gxAI2/6pTLsvXOmA0a6A+o16HynaBc PYgWeMrPj3fAlHQ4dyw2CF++LKRmr0xx04GaSi3bijCutRiyFFpdvl2VVRWlYmQhrfS4dVRl 2cHn+umoj9DOf0DpPYLyB/tHZIaBz1TU/69/7qD3G4NaAI2uGCji2pBNI1TEhOGXPE7HHGxJ k4Paf4Dby3VVeufcsTPa006kXj/aEObinpE41Yl/UgeQbnnPazHPXrFyfWpPqw6+kz7Tb+19 sOGJJAJplVmyqZ2Mewf1RtGOsBD8JABpdzLtv+FxKumnMcEYHLFgD6EQQQZiygg/wUQdXZll mvvxlI5VKjxHPnfPvqM44vhWSVPZicH4lWHHXPipesan+7Qg5lVjTnJZHpA6qJtddlNESFKf XHm7hzRgOyFuFwU2MABVjQv1noMJqOtM+SaSprEOwt4azanK/CUYQtjNKvAqxOv+YDQ6mWnF +Ly97BqSu/xufPzriEL7Qz/tY4Hj4nZAxtud+txhO8LCvu4NsXZUbiuMYgKzxmG9fUFkEAyL btBvveH0vzH0wO10lVq0MNeVWTREfRQ8bLjxj5h0pCz65x6+bdtpO0pQXmV1w0hFvwxobRHt JubEKLiDPktJ5jHVsa+JqP34SxHm6e9TKG2EQJVlz03RU7g4tQARAQABzTZBbHZhcm8gSGVy bmFuZGV6IChPbkdyZXMgR1BHIGFjY291bnQpIDxhaHRAb25ncmVzLmNvbT7CwY4EEwEKADgW IQTZ+rL52ABbxJPBTt4qF9KKhgviwwUCXwddBAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRAqF9KKhgviw7WED/44JVShqBCxbSRceu6TOR/H391tAvfyHsAV9vplA7qaqabppqC8 rWL7t6Ngs53473TgPD+fUDo2gS/8c+TKmJGaGVnbXmFBrEB941nJ2r9Y97NtDXs3j7N7Ed4o nr7p01S8Q3BTIWb5tUYa+EkUFOMozPfN3OKStWPhonXADuDv6lZhmw6XkaZ5UHaf4Oj3HGeM 0KyKWzcVzs47d3Gvi6xjeKOK3VjGNrLKeqO/Ebs8m/WpFSc73s4EbiX9141rcTpHBKzETToE wC85hXYNcVF+Is9SFBAbiC05gA4f+4IZK9W+C4o4cRWOlSCE2imgD375JKStaFi158HGL/uG 8sH1ttnG1vjLUQFE694qHOUXTMUjpyiJPsZLf98LTXSawI35tFV0JwBnwPCYvIn7Bavame17 fpszGQraXKqQKhBB+rAaHkiDTeYnFlR5St13yhbwwR7JfuHZJ4LvKbCbTxgWhNHH97k+6p9v cYo4cvcqgbzWG8TPDCZVR4syqfdDlpYS0YCjv2p/JkJ/rjMoopqroGYHOsNa4bltGri0e2Ms L72DQ4qDDqat9QQlgUIUeHB7wYlVTqy1s3z0etAHNCfV86LjcBIbx9ZIx4ztQsCkVCaKFAcX HZqBlo/3O4Xo9ULWYT5SCH7XXfXADxblsSRqTDAACWf/86EpwDMVHMOl6M7BTQRfB10EARAA uWfs9X2szukOUjFRCuwJgkVKByY8j2i4C4b4/aQF1dJqjo5Ucf16HzDv7LJJgVIEA0XTjuon 1EelvdIcFR1cjO2b1j8k/tUc8eG0SCr/DfhbYBHllFLTT3CMNuwqqxPJ1/8HlNWrrZreloli /wKu5Mq2XKYkvGj/jWnUpW/nzRQJK+uQYNgNsSdcEeQUFcj0NCs3nRNsz/Av9lfMbcKL3ndE vYIid9KL3cT65tuwO6/x6dgTsT84tdDqqOCCuu2bfltXP4wFtXVGvTC43UpMhEO2VDNCiM19 iihwsXJoG6dHgbh8ozINbMrmZyS68h+ITuiaFc1a7JrlXdxnMedGoIsQX0jKbYuNQEP66ovg 3gGq5TGJ+/2TvytcVHqu0mHV382z5/2duaYyTzlvTaMu9snBW5ACBn1WVguzSn1RiTBvvbd2 kKTKtFXMkwK8EGp/0OEXAoBbSIiIeAUjAFs038YxRj24IIEI4TGNXfZwCLVDS+51EnNwI9YJ fOW5F5l1KiKbHDPsLDj1XytHWaX2jGcNYnFIPVbH1ctj9us7uhttlvJ+F3hBsr1+BfFsCZeu +UbpTF67QUxXlbo8FJbDxYQ/WPG5tClBNAXYkaUsrcR3Oe/DYLrdvWbx2P3FKVZZUit+BAxs +JhhgPaaMA9GOnagyPSteX5nvEfu0hPmtgMAEQEAAcLBdgQYAQoAIBYhBNn6svnYAFvEk8FO 3ioX0oqGC+LDBQJfB10EAhsMAAoJECoX0oqGC+LDiBYP/ivrzautlV1odKBYmhWC5uRPazp5 7Q+Z5q8ak6UkSes9+P8laJRyEcxlGm95BJKiYNq8V9L2HTiLJ1OS+QpDW+xDBVpPoQ6S8Scs Tp3YDIze4MPEk22gaWvXAmfr8KACFlDO4GPKTNarN2CL9zoVL8A16O8vIUoPnaH+Qaq3mgy9 y0HlSPO+Vyy0W1zaxhLg9iG+c0jXNe+NrIZMzgZ6xMlxhUdIRFdsS9somXQbidlu53hSqf1/ oGv53Xcv0N1O/2rxgXm6eMypl9MzSEVo62VEphxH2rGKzT7/xKB8HgxIwb9P4Zc9N2JI0GOk vSliuLlmZplSJoqLl2uXsbz+uo5FLkMGrzHH3gNxjHYDX42rbRx1dkcXNfSMizKXY+N9ICy5 +6cx/z4Dj6gSucmVYKySRNdlXQ11/mklV/DoJ1bED6nKyqGBbCDuVGpjvaaBpVJutnPtN6M1 PHSlduJgSI1xQvOc5OiwME2gxiVnXRNYXjdh4DXMjagg1W9GvJnbgSxsKmmEPL2/XaFJRnKK NvktDmXISoacIVqyx4nu+X33e212iAltBrZbSGN1Ehx81FP7LmNuV0H/SYAEyogGS5RFlfAn zrHPa5TQtrzsrc3UuCmxy7/lPImx1n4bdpD/mTZUWmYHrtmRHpl/VFCi1jrOTpr6f1SAusdA ycqrESCJ In-Reply-To: <20250109090845.24e1df6e@jeremy-ThinkPad-T430s> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------t3UH03WFK0L16XZwNG2I8ZHd Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 9/1/25 18:08, Jeremy Schneider wrote: > On Thu, 9 Jan 2025 17:06:57 +0100 > Álvaro Hernández wrote: > >> On 9/1/25 10:07, Christoph Berg wrote: >>> Re: Jeremy Schneider >>>> I'm wondering if there might be any support for providing a >>>> "postgresql-slim" package on PGDG which excludes llvm and python? I >>>> think this might almost cut the total install size in half, and I >>>> think there might be many users who would value having the option. >>>> >>> Hi, >>> >>> could you explain why 250 MB is too much? Disk space these days is >>> ultra cheap >>     Hi Christoph. >> >>     Container images allow (are meant to) contain only the necessary >> files needed to run the process that will be run when the image is >> run. As such, any additional file poses two main problems: >> >> * Disk space is cheap. Bandwidth not so much. Time to start a >> >> * Security analysis. Unneeded files (specially binaries, but not > Another concern is the impact of image rebuilds as dependencies are > updated. Tianon (a primary maintainer of the docker images) has noted > that they limit frequency of the debian base containers, because every > rebuild of the base container triggers an avalance of downstream > rebuilds. CNPG was doing daily rebuilds for awhile, and every time any > python dependency was updated you'd get a new image - boto3 was > notorious for very frequent updates. So with a different image version > for every day, a single server running multiple copies of postgres might > easily end up with multiple image versions on the server as copies are > slowly updated.     I see this as a symptom of a different, bigger issue: that package versions, and all transitive dependencies, should be version pinned when building container images. I haven't seen too many examples of taking the effort to do this. But it's the only way to have a way to re-run building images and guarantee outputs that are reproducible. Once you have this in place, you can decide how and when you upgrade which versions.     Actually, even version pinning is not enough, unless the package system guarantees that a version of a package is strictly immutable (and AFAIK this is usually not the case). So digest pinning is essentially required. > But with ICU there is at least the option that someone could rebuild an > old version and run it on the new debian release. That's nearly > impossible with glibc. >     Exactly, and this is doable.     Álvaro -- Alvaro Hernandez ----------- OnGres --------------t3UH03WFK0L16XZwNG2I8ZHd Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

On 9/1/25 18:08, Jeremy Schneider wrote:
On Thu, 9 Jan 2025 17:06:57 +0100
Álvaro Hernández <aht@ongres.com> wrote:


On 9/1/25 10:07, Christoph Berg wrote:

Re: Jeremy Schneider  

I'm wondering if there might be any support for providing a
"postgresql-slim" package on PGDG which excludes llvm and python? I
think this might almost cut the total install size in half, and I
think there might be many users who would value having the option.
 

Hi,

could you explain why 250 MB is too much? Disk space these days is
ultra cheap  

     Hi Christoph.

     Container images allow (are meant to) contain only the necessary 
files needed to run the process that will be run when the image is
run. As such, any additional file poses two main problems:

* Disk space is cheap. Bandwidth not so much. Time to start a

* Security analysis. Unneeded files (specially binaries, but not

Another concern is the impact of image rebuilds as dependencies are
updated. Tianon (a primary maintainer of the docker images) has noted
that they limit frequency of the debian base containers, because every
rebuild of the base container triggers an avalance of downstream
rebuilds. CNPG was doing daily rebuilds for awhile, and every time any
python dependency was updated you'd get a new image - boto3 was
notorious for very frequent updates. So with a different image version
for every day, a single server running multiple copies of postgres might
easily end up with multiple image versions on the server as copies are
slowly updated.

    I see this as a symptom of a different, bigger issue: that package versions, and all transitive dependencies, should be version pinned when building container images. I haven't seen too many examples of taking the effort to do this. But it's the only way to have a way to re-run building images and guarantee outputs that are reproducible. Once you have this in place, you can decide how and when you upgrade which versions.

    Actually, even version pinning is not enough, unless the package system guarantees that a version of a package is strictly immutable (and AFAIK this is usually not the case). So digest pinning is essentially required.

But with ICU there is at least the option that someone could rebuild an
old version and run it on the new debian release. That's nearly
impossible with glibc.

    Exactly, and this is doable.


    Álvaro


-- 

Alvaro Hernandez


-----------
OnGres
--------------t3UH03WFK0L16XZwNG2I8ZHd--