• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2
3set -ex
4
5if [ $DEBIAN_ARCH = arm64 ]; then
6    ARCH_PACKAGES="firmware-qcom-media"
7elif [ $DEBIAN_ARCH = amd64 ]; then
8    ARCH_PACKAGES="firmware-amd-graphics
9                   libelf1
10                   libllvm11
11                   libva2
12                   libva-drm2
13                  "
14fi
15
16INSTALL_CI_FAIRY_PACKAGES="git
17                           python3-dev
18                           python3-pip
19                           python3-setuptools
20                           python3-wheel
21                           "
22
23apt-get -y install --no-install-recommends \
24    $ARCH_PACKAGES \
25    $INSTALL_CI_FAIRY_PACKAGES \
26    ca-certificates \
27    firmware-realtek \
28    initramfs-tools \
29    libasan6 \
30    libexpat1 \
31    libpng16-16 \
32    libpython3.9 \
33    libsensors5 \
34    libvulkan1 \
35    libwaffle-1-0 \
36    libx11-6 \
37    libx11-xcb1 \
38    libxcb-dri2-0 \
39    libxcb-dri3-0 \
40    libxcb-glx0 \
41    libxcb-present0 \
42    libxcb-randr0 \
43    libxcb-shm0 \
44    libxcb-sync1 \
45    libxcb-xfixes0 \
46    libxdamage1 \
47    libxext6 \
48    libxfixes3 \
49    libxkbcommon0 \
50    libxrender1 \
51    libxshmfence1 \
52    libxxf86vm1 \
53    netcat-openbsd \
54    python3 \
55    python3-lxml \
56    python3-mako \
57    python3-numpy \
58    python3-packaging \
59    python3-pil \
60    python3-renderdoc \
61    python3-requests \
62    python3-simplejson \
63    python3-yaml \
64    sntp \
65    strace \
66    waffle-utils \
67    wget \
68    xinit \
69    xserver-xorg-core \
70    xz-utils
71
72# Needed for ci-fairy, this revision is able to upload files to
73# MinIO and doesn't depend on git
74pip3 install git+http://gitlab.freedesktop.org/freedesktop/ci-templates@0f1abc24c043e63894085a6bd12f14263e8b29eb
75
76apt-get purge -y \
77        $INSTALL_CI_FAIRY_PACKAGES
78
79passwd root -d
80chsh -s /bin/sh
81
82cat > /init <<EOF
83#!/bin/sh
84export PS1=lava-shell:
85exec sh
86EOF
87chmod +x  /init
88
89#######################################################################
90# Strip the image to a small minimal system without removing the debian
91# toolchain.
92
93# xz compress firmware so it doesn't waste RAM at runtime on ramdisk systems
94find /lib/firmware -type f -print0 | \
95    xargs -0r -P4 -n4 xz -T1 -C crc32
96
97# Copy timezone file and remove tzdata package
98rm -rf /etc/localtime
99cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
100
101UNNEEDED_PACKAGES="
102        libfdisk1
103        "
104
105export DEBIAN_FRONTEND=noninteractive
106
107# Removing unused packages
108for PACKAGE in ${UNNEEDED_PACKAGES}
109do
110	echo ${PACKAGE}
111	if ! apt-get remove --purge --yes "${PACKAGE}"
112	then
113		echo "WARNING: ${PACKAGE} isn't installed"
114	fi
115done
116
117apt-get autoremove --yes || true
118
119# Dropping logs
120rm -rf /var/log/*
121
122# Dropping documentation, localization, i18n files, etc
123rm -rf /usr/share/doc/*
124rm -rf /usr/share/locale/*
125rm -rf /usr/share/X11/locale/*
126rm -rf /usr/share/man
127rm -rf /usr/share/i18n/*
128rm -rf /usr/share/info/*
129rm -rf /usr/share/lintian/*
130rm -rf /usr/share/common-licenses/*
131rm -rf /usr/share/mime/*
132
133# Dropping reportbug scripts
134rm -rf /usr/share/bug
135
136# Drop udev hwdb not required on a stripped system
137rm -rf /lib/udev/hwdb.bin /lib/udev/hwdb.d/*
138
139# Drop all gconv conversions && binaries
140rm -rf usr/bin/iconv
141rm -rf usr/sbin/iconvconfig
142rm -rf usr/lib/*/gconv/
143
144# Remove libusb database
145rm -rf usr/sbin/update-usbids
146rm -rf var/lib/usbutils/usb.ids
147rm -rf usr/share/misc/usb.ids
148
149#######################################################################
150# Crush into a minimal production image to be deployed via some type of image
151# updating system.
152# IMPORTANT: The Debian system is not longer functional at this point,
153# for example, apt and dpkg will stop working
154
155UNNEEDED_PACKAGES="apt libapt-pkg6.0 "\
156"ncurses-bin ncurses-base libncursesw6 libncurses6 "\
157"perl-base "\
158"debconf libdebconfclient0 "\
159"e2fsprogs e2fslibs libfdisk1 "\
160"insserv "\
161"udev "\
162"init-system-helpers "\
163"bash "\
164"cpio "\
165"xz-utils "\
166"passwd "\
167"libsemanage1 libsemanage-common "\
168"libsepol1 "\
169"gpgv "\
170"hostname "\
171"adduser "\
172"debian-archive-keyring "\
173"libegl1-mesa-dev "\
174"libegl-mesa0 "\
175"libgl1-mesa-dev "\
176"libgl1-mesa-dri "\
177"libglapi-mesa "\
178"libgles2-mesa-dev "\
179"libglx-mesa0 "\
180"mesa-common-dev "\
181
182# Removing unneeded packages
183for PACKAGE in ${UNNEEDED_PACKAGES}
184do
185	echo "Forcing removal of ${PACKAGE}"
186	if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}"
187	then
188		echo "WARNING: ${PACKAGE} isn't installed"
189	fi
190done
191
192# Show what's left package-wise before dropping dpkg itself
193COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n
194
195# Drop dpkg
196dpkg --purge --force-remove-essential --force-depends  dpkg
197
198# No apt or dpkg, no need for its configuration archives
199rm -rf etc/apt
200rm -rf etc/dpkg
201
202# Drop directories not part of ostree
203# Note that /var needs to exist as ostree bind mounts the deployment /var over
204# it
205rm -rf var/* opt srv share
206
207# ca-certificates are in /etc drop the source
208rm -rf usr/share/ca-certificates
209
210# No bash, no need for completions
211rm -rf usr/share/bash-completion
212
213# No zsh, no need for comletions
214rm -rf usr/share/zsh/vendor-completions
215
216# drop gcc python helpers
217rm -rf usr/share/gcc
218
219# Drop sysvinit leftovers
220rm -rf etc/init.d
221rm -rf etc/rc[0-6S].d
222
223# Drop upstart helpers
224rm -rf etc/init
225
226# Various xtables helpers
227rm -rf usr/lib/xtables
228
229# Drop all locales
230# TODO: only remaining locale is actually "C". Should we really remove it?
231rm -rf usr/lib/locale/*
232
233# partition helpers
234rm -rf usr/sbin/*fdisk
235
236# local compiler
237rm -rf usr/bin/localedef
238
239# Systemd dns resolver
240find usr etc -name '*systemd-resolve*' -prune -exec rm -r {} \;
241
242# Systemd network configuration
243find usr etc -name '*networkd*' -prune -exec rm -r {} \;
244
245# systemd ntp client
246find usr etc -name '*timesyncd*' -prune -exec rm -r {} \;
247
248# systemd hw database manager
249find usr etc -name '*systemd-hwdb*' -prune -exec rm -r {} \;
250
251# No need for fuse
252find usr etc -name '*fuse*' -prune -exec rm -r {} \;
253
254# lsb init function leftovers
255rm -rf usr/lib/lsb
256
257# Only needed when adding libraries
258rm -rf usr/sbin/ldconfig*
259
260# Games, unused
261rmdir usr/games
262
263# Remove pam module to authenticate against a DB
264# plus libdb-5.3.so that is only used by this pam module
265rm -rf usr/lib/*/security/pam_userdb.so
266rm -rf usr/lib/*/libdb-5.3.so
267
268# remove NSS support for nis, nisplus and hesiod
269rm -rf usr/lib/*/libnss_hesiod*
270rm -rf usr/lib/*/libnss_nis*
271