undo apt-get update (in docker container)

Question

i'm working with docker and want to create a minimal new layer by installing an application in a zip-file on top of an ubuntu image. The ubuntu image has neither wget nor unzip installed, so i install those by using apt-get which requires an apt-get update first

docker run -it --name app_container ubuntu:latest
# now i have terminal access to the fresh app_container

# install wget and unzip
apt-get update
apt-get install wget -y
apt-get install unzip -y

# download and unpack the app
# ...

# remove wget and unzip
apt-get purge unzip
apt-get purge wget
# i need to remove some dependencies of wget that are no longer needed
apt-get autoremove

at this point it would be nice if the only content of the new docker layer would be the new application, but there are still the files created/updated by apt-get update. I tried to remove those by using

apt-get clean

but a

docker diff app_container

revealed that there where lots of changed files left (that didn't belong to the app). Ok, so those are negligible in size (mainly some residual wget certificates in /etc/ssl and /var/lib/dpkg/info and 23MB of archive files in /var/lib/app/lists) but in the spirit of the cleanest possible docker layer: Is there a smart way to remove those, too? ('smart' meaning without resorting to brute-force rm)

Answer 1

there seems to be no better suggestion than to remove everything from /var/lib/app/lists

Answer 2

Use of apt-get update should be paired with rm -rf /var/lib/apt/lists/* in the same layer.

Use this online tool to get some optimization and clarity check: https://www.fromlatest.io/