python3-pip package is removed after container sign

[Villain88]

My container requires the python3-pip package to run, however when migrating from gsc 1.4 to gsc 1.6, the package is removed after sign

Steps to reproduce

I used the tag v1.6

Docker file with

...
RUN apt update \
    && apt install -y python3.10 python3-pip
..

• docker build
• gsc build
• ./gsc sign-image

Expected results

python3-pip exists on the system

Actual results

python3-pip has been removed from the system

Additional information

The --no-remove-gramine-deps option has no effect because it only removes/not removes pip packages
I think it makes sense to make removing the python3-pip package optional

[dimakuv]

@jkr0103 @aneessahib Could you look into this?

[aneessahib]

To clarify, the issue is observed only when --no-remove-gramine-deps is used?

[dimakuv]

@aneessahib If I understand correctly, the issues is observed in both cases.

[Villain88]

To clarify, the issue is observed only when --no-remove-gramine-deps is used?

I think problem is here

I forgot to write that I used an image with Ubuntu 20.04

[aneessahib]

Yes, this was expected. python3-pip was removed to bring down the overall size of the container image (as part of a requirement from another client). We had also discussed the option of not doing this step if python3-pip is already present in the base image - However, this resulted in a condition where the size reduction was not good enough (at the time it looked like the if condition resulted in docker introducing additional layers to the image).
I can think of couple of options

1. GSC licensing is no longer restrictive, so users are willing to customize the code as needed.
2. Obvious workarounds - Re-install python3-pip post gsc-sign etc