5 apt-get
-y install --no-install-recommends initramfs-tools libpng16-16 strace libsensors5 libexpat1 libdrm2
10 #######################################################################
11 # Strip the image to a small minimal system without removing the debian
14 # Copy timezone file and remove tzdata package
16 cp /usr
/share
/zoneinfo
/Etc
/UTC
/etc
/localtime
18 UNNEEDED_PACKAGES
="libfdisk1
22 export DEBIAN_FRONTEND
=noninteractive
24 # Removing unused packages
25 for PACKAGE
in ${UNNEEDED_PACKAGES}
28 if ! apt-get remove
--purge --yes "${PACKAGE}"
30 echo "WARNING: ${PACKAGE} isn't installed"
34 apt-get autoremove
--yes || true
39 # Dropping documentation, localization, i18n files, etc
40 rm -rf /usr
/share
/doc
/*
41 rm -rf /usr
/share
/locale
/*
43 rm -rf /usr
/share
/i18n
/*
44 rm -rf /usr
/share
/info
/*
45 rm -rf /usr
/share
/lintian
/*
46 rm -rf /usr
/share
/common-licenses
/*
47 rm -rf /usr
/share
/mime
/*
49 # Dropping reportbug scripts
52 # Drop udev hwdb not required on a stripped system
53 rm -rf /lib
/udev
/hwdb.bin
/lib
/udev
/hwdb.d
/*
55 # Drop all gconv conversions && binaries
57 rm -rf usr
/sbin
/iconvconfig
58 rm -rf usr
/lib
/*/gconv
/
60 # Remove libusb database
61 rm -rf usr
/sbin
/update-usbids
62 rm -rf var
/lib
/usbutils
/usb.ids
63 rm -rf usr
/share
/misc
/usb.ids
65 #######################################################################
66 # Crush into a minimal production image to be deployed via some type of image
68 # IMPORTANT: The Debian system is not longer functional at this point,
69 # for example, apt and dpkg will stop working
71 UNNEEDED_PACKAGES
="apt libapt-pkg5.0 "\
72 "ncurses-bin ncurses-base libncursesw5 libncurses5 "\
74 "debconf libdebconfclient0 "\
75 "e2fsprogs e2fslibs libfdisk1 "\
78 "init-system-helpers "\
82 "libsemanage1 libsemanage-common "\
89 "debian-archive-keyring "\
90 "libgl1 libgl1-mesa-dri libglapi-mesa libglvnd0 libglx-mesa0 libegl-mesa0 libgles2 "\
92 "libx11-data libthai-data "\
95 # Removing unneeded packages
96 for PACKAGE
in ${UNNEEDED_PACKAGES}
98 echo "Forcing removal of ${PACKAGE}"
99 if ! dpkg
--purge --force-remove-essential --force-depends "${PACKAGE}"
101 echo "WARNING: ${PACKAGE} isn't installed"
105 # Show what's left package-wise before dropping dpkg itself
106 COLUMNS
=300 dpkg-query
-W --showformat='${Installed-Size;10}\t${Package}\n' |
sort -k1,1n
109 dpkg
--purge --force-remove-essential --force-depends dpkg
111 # No apt or dpkg, no need for its configuration archives
115 # Drop directories not part of ostree
116 # Note that /var needs to exist as ostree bind mounts the deployment /var over
118 rm -rf var
/* opt srv share
120 # ca-certificates are in /etc drop the source
121 rm -rf usr
/share
/ca-certificates
123 # No bash, no need for completions
124 rm -rf usr
/share
/bash-completion
126 # No zsh, no need for comletions
127 rm -rf usr
/share
/zsh
/vendor-completions
129 # drop gcc-6 python helpers
130 rm -rf usr
/share
/gcc-6
132 # Drop sysvinit leftovers
134 rm -rf etc
/rc
[0-6S].d
136 # Drop upstart helpers
139 # Various xtables helpers
140 rm -rf usr
/lib
/xtables
143 # TODO: only remaining locale is actually "C". Should we really remove it?
144 rm -rf usr
/lib
/locale
/*
152 # Systemd dns resolver
153 find usr etc
-name '*systemd-resolve*' -prune -exec rm -r {} \
;
155 # Systemd network configuration
156 find usr etc
-name '*networkd*' -prune -exec rm -r {} \
;
159 find usr etc
-name '*timesyncd*' -prune -exec rm -r {} \
;
161 # systemd hw database manager
162 find usr etc
-name '*systemd-hwdb*' -prune -exec rm -r {} \
;
165 find usr etc
-name '*fuse*' -prune -exec rm -r {} \
;
167 # lsb init function leftovers
170 # Only needed when adding libraries
171 rm usr
/sbin
/ldconfig
*
176 # Remove pam module to authenticate against a DB
177 # plus libdb-5.3.so that is only used by this pam module
178 rm usr
/lib
/*/security
/pam_userdb.so
179 rm usr
/lib
/*/libdb-5.3.so
181 # remove NSS support for nis, nisplus and hesiod
182 rm usr
/lib
/*/libnss_hesiod
*
183 rm usr
/lib
/*/libnss_nis
*