2baaeeb22d9b55ebae94fa367626a8e0e3daf178
5 apt-get
-y install --no-install-recommends \
22 export PS1=lava-shell:
27 #######################################################################
28 # Strip the image to a small minimal system without removing the debian
31 # xz compress firmware so it doesn't waste RAM at runtime.
32 find /lib
/firmware
-type f
-print0 |
xargs -0r -P4 -n4 xz
-T1 -C crc32
34 # Copy timezone file and remove tzdata package
36 cp /usr
/share
/zoneinfo
/Etc
/UTC
/etc
/localtime
38 UNNEEDED_PACKAGES
="libfdisk1
42 export DEBIAN_FRONTEND
=noninteractive
44 # Removing unused packages
45 for PACKAGE
in ${UNNEEDED_PACKAGES}
48 if ! apt-get remove
--purge --yes "${PACKAGE}"
50 echo "WARNING: ${PACKAGE} isn't installed"
54 apt-get autoremove
--yes || true
59 # Dropping documentation, localization, i18n files, etc
60 rm -rf /usr
/share
/doc
/*
61 rm -rf /usr
/share
/locale
/*
63 rm -rf /usr
/share
/i18n
/*
64 rm -rf /usr
/share
/info
/*
65 rm -rf /usr
/share
/lintian
/*
66 rm -rf /usr
/share
/common-licenses
/*
67 rm -rf /usr
/share
/mime
/*
69 # Dropping reportbug scripts
72 # Drop udev hwdb not required on a stripped system
73 rm -rf /lib
/udev
/hwdb.bin
/lib
/udev
/hwdb.d
/*
75 # Drop all gconv conversions && binaries
77 rm -rf usr
/sbin
/iconvconfig
78 rm -rf usr
/lib
/*/gconv
/
80 # Remove libusb database
81 rm -rf usr
/sbin
/update-usbids
82 rm -rf var
/lib
/usbutils
/usb.ids
83 rm -rf usr
/share
/misc
/usb.ids
85 #######################################################################
86 # Crush into a minimal production image to be deployed via some type of image
88 # IMPORTANT: The Debian system is not longer functional at this point,
89 # for example, apt and dpkg will stop working
91 UNNEEDED_PACKAGES
="apt libapt-pkg5.0 "\
92 "ncurses-bin ncurses-base libncursesw5 libncurses5 "\
94 "debconf libdebconfclient0 "\
95 "e2fsprogs e2fslibs libfdisk1 "\
98 "init-system-helpers "\
103 "libsemanage1 libsemanage-common "\
108 "debian-archive-keyring "\
110 # Removing unneeded packages
111 for PACKAGE
in ${UNNEEDED_PACKAGES}
113 echo "Forcing removal of ${PACKAGE}"
114 if ! dpkg
--purge --force-remove-essential --force-depends "${PACKAGE}"
116 echo "WARNING: ${PACKAGE} isn't installed"
120 # Show what's left package-wise before dropping dpkg itself
121 COLUMNS
=300 dpkg-query
-W --showformat='${Installed-Size;10}\t${Package}\n' |
sort -k1,1n
124 dpkg
--purge --force-remove-essential --force-depends dpkg
126 # No apt or dpkg, no need for its configuration archives
130 # Drop directories not part of ostree
131 # Note that /var needs to exist as ostree bind mounts the deployment /var over
133 rm -rf var
/* opt srv share
135 # ca-certificates are in /etc drop the source
136 rm -rf usr
/share
/ca-certificates
138 # No bash, no need for completions
139 rm -rf usr
/share
/bash-completion
141 # No zsh, no need for comletions
142 rm -rf usr
/share
/zsh
/vendor-completions
144 # drop gcc-6 python helpers
145 rm -rf usr
/share
/gcc-6
147 # Drop sysvinit leftovers
149 rm -rf etc
/rc
[0-6S].d
151 # Drop upstart helpers
154 # Various xtables helpers
155 rm -rf usr
/lib
/xtables
158 # TODO: only remaining locale is actually "C". Should we really remove it?
159 rm -rf usr
/lib
/locale
/*
167 # Systemd dns resolver
168 find usr etc
-name '*systemd-resolve*' -prune -exec rm -r {} \
;
170 # Systemd network configuration
171 find usr etc
-name '*networkd*' -prune -exec rm -r {} \
;
174 find usr etc
-name '*timesyncd*' -prune -exec rm -r {} \
;
176 # systemd hw database manager
177 find usr etc
-name '*systemd-hwdb*' -prune -exec rm -r {} \
;
180 find usr etc
-name '*fuse*' -prune -exec rm -r {} \
;
182 # lsb init function leftovers
185 # Only needed when adding libraries
186 rm usr
/sbin
/ldconfig
*
191 # Remove pam module to authenticate against a DB
192 # plus libdb-5.3.so that is only used by this pam module
193 rm usr
/lib
/*/security
/pam_userdb.so
194 rm usr
/lib
/*/libdb-5.3.so
196 # remove NSS support for nis, nisplus and hesiod
197 rm usr
/lib
/*/libnss_hesiod
*
198 rm usr
/lib
/*/libnss_nis
*