Slices

What are package slices?

Since Debian packages are simply archives that can be inspected, navigated and deconstructed, it is possible to define slices of packages that contain minimal, complementary, loosely-coupled sets of files based on package metadata and content. Such package slices are subsets of Debian packages, with their own content and set of dependencies to other internal and external slices.

The use of package slices provides the ability to build minimal root file system from the wider set of Ubuntu packages.

Debian package slices with dependencies

This image illustrates the simple case where, at a package level, package B depends on package A. However, there might be files in A that B doesn’t actually need, but which are provided for convenience or completeness. By identifying the files in A that are actually needed by B, we can divide A into slices that serve this purpose. In this example, the files in the package slice, A_slice3, are not needed for B to function. To make package B usable in the same way, it can also be divided into slices.

With these slice definitions in place, Chisel is able to extract a highly-customised and specialised slice of the Ubuntu distribution, which one could see as a block of stone from which we can carve and extract only the small and relevant parts that we need to run our applications, thus keeping the file system small and less exposed to vulnerabilities.

Defining slices

A package’s slices can be defined via a YAML slice definitions file. Check Slice definitions for more information about this file’s format.

Naming convention

In Chisel, slices are recognized by the following pattern: <package_name>_<slice_name>.

For example, the slice libc6_libs refers to the slice definition libs of the package libc6.

The use of an underscore in this pattern is what distinguishes package names from slice names, as this character is not allowed in Debian package names.