Remove wget from default busybox config.

Wget is a http/https client. We have decided to remove it from the default busybox build as simply good hygiene. Images that need a command line http client have the following options: * add curl package * add wget package * use busybox-full package instead of busybox. Also note that ssl config option is dropped. This is because wget is the only thing that was pulling it in.
wolfi-dev · Feb 7, 2024 · fd65ed3 · fd65ed3
1 parent 30e35f7
commit fd65ed3
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 13 deletions.
diff --git a/busybox.yaml b/busybox.yaml
@@ -1,7 +1,7 @@
 package:
   name: busybox
   version: 1.36.1
-  epoch: 5
+  epoch: 6
   description: "swiss-army knife for embedded systems"
   copyright:
     - license: GPL-2.0-only
@@ -104,6 +104,25 @@ subpackages:
           #!/bin/busybox sh
           /bin/busybox --install -s
 
+    test:
+      environment:
+        contents:
+          packages:
+            - wolfi-base
+      pipeline:
+        - runs: |
+            busybox --help
+            busybox --list-full >full.txt
+            # These programs are expected to be present
+            for p in nc netcat wget; do
+                if ! grep "bin/$p" full.txt; then
+                    echo "$p is not present in busybox --list-full output"
+                    exit 1
+                fi
+                "$p" --help ||
+                  { echo "$p --help exited $?. expected pass"; exit 1; }
+            done
+
 test:
   environment:
     contents:
@@ -113,10 +132,16 @@ test:
     - runs: |
         busybox --help
         busybox --list-full >full.txt
-        if grep bin/nc full.txt || grep bin/netcat full.txt; then
-          echo "found netcat or nc in list-full output"
-          exit 1
-        fi
+
+        # These programs have been intentionally removed from default busybox
+        for p in nc netcat wget; do
+            if grep "bin/$p" full.txt; then
+                echo "Found '$p' in list-full output"
+                exit 1
+            fi
+            command -v "$p" &&
+              { echo "command '$p' is present. It should not be."; exit 1; }
+        done
 
 update:
   enabled: true

diff --git a/busybox/busyboxconfig b/busybox/busyboxconfig
@@ -980,21 +980,21 @@ CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0
 # CONFIG_FEATURE_TFTP_PUT is not set
 # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
 # CONFIG_TFTP_DEBUG is not set
-CONFIG_TLS=y
+# CONFIG_TLS is not set
 CONFIG_TRACEROUTE=y
 CONFIG_TRACEROUTE6=y
 CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
 CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y
 CONFIG_TUNCTL=y
 CONFIG_FEATURE_TUNCTL_UG=y
 CONFIG_VCONFIG=y
-CONFIG_WGET=y
-CONFIG_FEATURE_WGET_LONG_OPTIONS=y
-CONFIG_FEATURE_WGET_STATUSBAR=y
-CONFIG_FEATURE_WGET_FTP=y
-CONFIG_FEATURE_WGET_AUTHENTICATION=y
-CONFIG_FEATURE_WGET_TIMEOUT=y
-CONFIG_FEATURE_WGET_HTTPS=y
+# CONFIG_WGET is not set
+# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
+# CONFIG_FEATURE_WGET_STATUSBAR is not set
+# CONFIG_FEATURE_WGET_FTP is not set
+# CONFIG_FEATURE_WGET_AUTHENTICATION is not set
+# CONFIG_FEATURE_WGET_TIMEOUT is not set
+# CONFIG_FEATURE_WGET_HTTPS is not set
 # CONFIG_FEATURE_WGET_OPENSSL is not set
 # CONFIG_WHOIS is not set
 # CONFIG_ZCIP is not set