5 apt-get
-y install --no-install-recommends \
23 export PS1=lava-shell:
28 mkdir
-p /lib
/firmware
/rtl_nic
29 wget https
://git.kernel.org
/pub
/scm
/linux
/kernel
/git
/firmware
/linux-firmware.git
/tree
/rtl_nic
/rtl8153a-3.fw
-O /lib
/firmware
/rtl_nic
/rtl8153a-3.fw
31 #######################################################################
32 # Strip the image to a small minimal system without removing the debian
35 # xz compress firmware so it doesn't waste RAM at runtime. Except db820c's
36 # GPU firmware, due to using a precompiled kernel without compression support.
37 find /lib
/firmware
-type f
-print0 | \
39 xargs -0r -P4 -n4 xz
-T1 -C crc32
40 ln -s /lib
/firmware
/qcom
/a530
* /lib
/firmware
/
42 # Copy timezone file and remove tzdata package
44 cp /usr
/share
/zoneinfo
/Etc
/UTC
/etc
/localtime
46 UNNEEDED_PACKAGES
="libfdisk1
50 export DEBIAN_FRONTEND
=noninteractive
52 # Removing unused packages
53 for PACKAGE
in ${UNNEEDED_PACKAGES}
56 if ! apt-get remove
--purge --yes "${PACKAGE}"
58 echo "WARNING: ${PACKAGE} isn't installed"
62 apt-get autoremove
--yes || true
67 # Dropping documentation, localization, i18n files, etc
68 rm -rf /usr
/share
/doc
/*
69 rm -rf /usr
/share
/locale
/*
71 rm -rf /usr
/share
/i18n
/*
72 rm -rf /usr
/share
/info
/*
73 rm -rf /usr
/share
/lintian
/*
74 rm -rf /usr
/share
/common-licenses
/*
75 rm -rf /usr
/share
/mime
/*
77 # Dropping reportbug scripts
80 # Drop udev hwdb not required on a stripped system
81 rm -rf /lib
/udev
/hwdb.bin
/lib
/udev
/hwdb.d
/*
83 # Drop all gconv conversions && binaries
85 rm -rf usr
/sbin
/iconvconfig
86 rm -rf usr
/lib
/*/gconv
/
88 # Remove libusb database
89 rm -rf usr
/sbin
/update-usbids
90 rm -rf var
/lib
/usbutils
/usb.ids
91 rm -rf usr
/share
/misc
/usb.ids
93 #######################################################################
94 # Crush into a minimal production image to be deployed via some type of image
96 # IMPORTANT: The Debian system is not longer functional at this point,
97 # for example, apt and dpkg will stop working
99 UNNEEDED_PACKAGES
="apt libapt-pkg6.0 "\
100 "ncurses-bin ncurses-base libncursesw6 libncurses6 "\
102 "debconf libdebconfclient0 "\
103 "e2fsprogs e2fslibs libfdisk1 "\
106 "init-system-helpers "\
111 "libsemanage1 libsemanage-common "\
116 "debian-archive-keyring "\
118 # Removing unneeded packages
119 for PACKAGE
in ${UNNEEDED_PACKAGES}
121 echo "Forcing removal of ${PACKAGE}"
122 if ! dpkg
--purge --force-remove-essential --force-depends "${PACKAGE}"
124 echo "WARNING: ${PACKAGE} isn't installed"
128 # Show what's left package-wise before dropping dpkg itself
129 COLUMNS
=300 dpkg-query
-W --showformat='${Installed-Size;10}\t${Package}\n' |
sort -k1,1n
132 dpkg
--purge --force-remove-essential --force-depends dpkg
134 # No apt or dpkg, no need for its configuration archives
138 # Drop directories not part of ostree
139 # Note that /var needs to exist as ostree bind mounts the deployment /var over
141 rm -rf var
/* opt srv share
143 # ca-certificates are in /etc drop the source
144 rm -rf usr
/share
/ca-certificates
146 # No bash, no need for completions
147 rm -rf usr
/share
/bash-completion
149 # No zsh, no need for comletions
150 rm -rf usr
/share
/zsh
/vendor-completions
152 # drop gcc-6 python helpers
153 rm -rf usr
/share
/gcc-6
155 # Drop sysvinit leftovers
157 rm -rf etc
/rc
[0-6S].d
159 # Drop upstart helpers
162 # Various xtables helpers
163 rm -rf usr
/lib
/xtables
166 # TODO: only remaining locale is actually "C". Should we really remove it?
167 rm -rf usr
/lib
/locale
/*
170 rm -rf usr
/sbin
/*fdisk
173 rm -rf usr
/bin
/localedef
175 # Systemd dns resolver
176 find usr etc
-name '*systemd-resolve*' -prune -exec rm -r {} \
;
178 # Systemd network configuration
179 find usr etc
-name '*networkd*' -prune -exec rm -r {} \
;
182 find usr etc
-name '*timesyncd*' -prune -exec rm -r {} \
;
184 # systemd hw database manager
185 find usr etc
-name '*systemd-hwdb*' -prune -exec rm -r {} \
;
188 find usr etc
-name '*fuse*' -prune -exec rm -r {} \
;
190 # lsb init function leftovers
193 # Only needed when adding libraries
194 rm -rf usr
/sbin
/ldconfig
*
199 # Remove pam module to authenticate against a DB
200 # plus libdb-5.3.so that is only used by this pam module
201 rm -rf usr
/lib
/*/security
/pam_userdb.so
202 rm -rf usr
/lib
/*/libdb-5.3.so
204 # remove NSS support for nis, nisplus and hesiod
205 rm -rf usr
/lib
/*/libnss_hesiod
*
206 rm -rf usr
/lib
/*/libnss_nis
*