• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2
3set -ex
4
5if [ $DEBIAN_ARCH = arm64 ]; then
6    ARCH_PACKAGES="firmware-qcom-media
7                   firmware-linux-nonfree
8                   libfontconfig1
9                   libgl1
10                   libglu1-mesa
11                   libvulkan-dev
12    "
13elif [ $DEBIAN_ARCH = amd64 ]; then
14    # Add llvm 13 to the build image
15    apt-get -y install --no-install-recommends wget gnupg2 software-properties-common
16    apt-key add /llvm-snapshot.gpg.key
17    add-apt-repository "deb https://apt.llvm.org/bullseye/ llvm-toolchain-bullseye-13 main"
18
19    ARCH_PACKAGES="firmware-amd-graphics
20                   inetutils-syslogd
21                   iptables
22                   libcap2
23                   libfontconfig1
24                   libelf1
25                   libfdt1
26                   libgl1
27                   libglu1-mesa
28                   libllvm13
29                   libllvm11
30                   libva2
31                   libva-drm2
32                   libvulkan-dev
33                   socat
34                   spirv-tools
35                   sysvinit-core
36                  "
37fi
38
39INSTALL_CI_FAIRY_PACKAGES="git
40                           python3-dev
41                           python3-pip
42                           python3-setuptools
43                           python3-wheel
44                           "
45
46apt-get update
47apt-get -y install --no-install-recommends \
48    $ARCH_PACKAGES \
49    $INSTALL_CI_FAIRY_PACKAGES \
50    $EXTRA_LOCAL_PACKAGES \
51    bash \
52    ca-certificates \
53    firmware-realtek \
54    initramfs-tools \
55    libasan6 \
56    libexpat1 \
57    libpng16-16 \
58    libpython3.9 \
59    libsensors5 \
60    libvulkan1 \
61    libwaffle-1-0 \
62    libx11-6 \
63    libx11-xcb1 \
64    libxcb-dri2-0 \
65    libxcb-dri3-0 \
66    libxcb-glx0 \
67    libxcb-present0 \
68    libxcb-randr0 \
69    libxcb-shm0 \
70    libxcb-sync1 \
71    libxcb-xfixes0 \
72    libxdamage1 \
73    libxext6 \
74    libxfixes3 \
75    libxkbcommon0 \
76    libxrender1 \
77    libxshmfence1 \
78    libxxf86vm1 \
79    netcat-openbsd \
80    python3 \
81    python3-lxml \
82    python3-mako \
83    python3-numpy \
84    python3-packaging \
85    python3-pil \
86    python3-renderdoc \
87    python3-requests \
88    python3-simplejson \
89    python3-yaml \
90    sntp \
91    strace \
92    waffle-utils \
93    wget \
94    xinit \
95    xserver-xorg-core
96
97# Needed for ci-fairy, this revision is able to upload files to
98# MinIO and doesn't depend on git
99pip3 install git+http://gitlab.freedesktop.org/freedesktop/ci-templates@ffe4d1b10aab7534489f0c4bbc4c5899df17d3f2
100
101apt-get purge -y \
102        $INSTALL_CI_FAIRY_PACKAGES
103
104passwd root -d
105chsh -s /bin/sh
106
107cat > /init <<EOF
108#!/bin/sh
109export PS1=lava-shell:
110exec sh
111EOF
112chmod +x  /init
113
114#######################################################################
115# Strip the image to a small minimal system without removing the debian
116# toolchain.
117
118# Copy timezone file and remove tzdata package
119rm -rf /etc/localtime
120cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
121
122UNNEEDED_PACKAGES="
123        libfdisk1
124        "
125
126export DEBIAN_FRONTEND=noninteractive
127
128# Removing unused packages
129for PACKAGE in ${UNNEEDED_PACKAGES}
130do
131	echo ${PACKAGE}
132	if ! apt-get remove --purge --yes "${PACKAGE}"
133	then
134		echo "WARNING: ${PACKAGE} isn't installed"
135	fi
136done
137
138apt-get autoremove --yes || true
139
140# Dropping logs
141rm -rf /var/log/*
142
143# Dropping documentation, localization, i18n files, etc
144rm -rf /usr/share/doc/*
145rm -rf /usr/share/locale/*
146rm -rf /usr/share/X11/locale/*
147rm -rf /usr/share/man
148rm -rf /usr/share/i18n/*
149rm -rf /usr/share/info/*
150rm -rf /usr/share/lintian/*
151rm -rf /usr/share/common-licenses/*
152rm -rf /usr/share/mime/*
153
154# Dropping reportbug scripts
155rm -rf /usr/share/bug
156
157# Drop udev hwdb not required on a stripped system
158rm -rf /lib/udev/hwdb.bin /lib/udev/hwdb.d/*
159
160# Drop all gconv conversions && binaries
161rm -rf usr/bin/iconv
162rm -rf usr/sbin/iconvconfig
163rm -rf usr/lib/*/gconv/
164
165# Remove libusb database
166rm -rf usr/sbin/update-usbids
167rm -rf var/lib/usbutils/usb.ids
168rm -rf usr/share/misc/usb.ids
169
170rm -rf /root/.pip
171
172#######################################################################
173# Crush into a minimal production image to be deployed via some type of image
174# updating system.
175# IMPORTANT: The Debian system is not longer functional at this point,
176# for example, apt and dpkg will stop working
177
178UNNEEDED_PACKAGES="apt libapt-pkg6.0 "\
179"ncurses-bin ncurses-base libncursesw6 libncurses6 "\
180"perl-base "\
181"debconf libdebconfclient0 "\
182"e2fsprogs e2fslibs libfdisk1 "\
183"insserv "\
184"udev "\
185"init-system-helpers "\
186"cpio "\
187"passwd "\
188"libsemanage1 libsemanage-common "\
189"libsepol1 "\
190"gpgv "\
191"hostname "\
192"adduser "\
193"debian-archive-keyring "\
194"libegl1-mesa-dev "\
195"libegl-mesa0 "\
196"libgl1-mesa-dev "\
197"libgl1-mesa-dri "\
198"libglapi-mesa "\
199"libgles2-mesa-dev "\
200"libglx-mesa0 "\
201"mesa-common-dev "\
202"gnupg2 "\
203"software-properties-common " \
204
205# Removing unneeded packages
206for PACKAGE in ${UNNEEDED_PACKAGES}
207do
208	echo "Forcing removal of ${PACKAGE}"
209	if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}"
210	then
211		echo "WARNING: ${PACKAGE} isn't installed"
212	fi
213done
214
215# Show what's left package-wise before dropping dpkg itself
216COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n
217
218# Drop dpkg
219dpkg --purge --force-remove-essential --force-depends  dpkg
220
221# No apt or dpkg, no need for its configuration archives
222rm -rf etc/apt
223rm -rf etc/dpkg
224
225# Drop directories not part of ostree
226# Note that /var needs to exist as ostree bind mounts the deployment /var over
227# it
228rm -rf var/* opt srv share
229
230# ca-certificates are in /etc drop the source
231rm -rf usr/share/ca-certificates
232
233# No need for completions
234rm -rf usr/share/bash-completion
235
236# No zsh, no need for comletions
237rm -rf usr/share/zsh/vendor-completions
238
239# drop gcc python helpers
240rm -rf usr/share/gcc
241
242# Drop sysvinit leftovers
243rm -rf etc/init.d
244rm -rf etc/rc[0-6S].d
245
246# Drop upstart helpers
247rm -rf etc/init
248
249# Various xtables helpers
250rm -rf usr/lib/xtables
251
252# Drop all locales
253# TODO: only remaining locale is actually "C". Should we really remove it?
254rm -rf usr/lib/locale/*
255
256# partition helpers
257rm -rf usr/sbin/*fdisk
258
259# local compiler
260rm -rf usr/bin/localedef
261
262# Systemd dns resolver
263find usr etc -name '*systemd-resolve*' -prune -exec rm -r {} \;
264
265# Systemd network configuration
266find usr etc -name '*networkd*' -prune -exec rm -r {} \;
267
268# systemd ntp client
269find usr etc -name '*timesyncd*' -prune -exec rm -r {} \;
270
271# systemd hw database manager
272find usr etc -name '*systemd-hwdb*' -prune -exec rm -r {} \;
273
274# No need for fuse
275find usr etc -name '*fuse*' -prune -exec rm -r {} \;
276
277# lsb init function leftovers
278rm -rf usr/lib/lsb
279
280# Only needed when adding libraries
281rm -rf usr/sbin/ldconfig*
282
283# Games, unused
284rmdir usr/games
285
286# Remove pam module to authenticate against a DB
287# plus libdb-5.3.so that is only used by this pam module
288rm -rf usr/lib/*/security/pam_userdb.so
289rm -rf usr/lib/*/libdb-5.3.so
290
291# remove NSS support for nis, nisplus and hesiod
292rm -rf usr/lib/*/libnss_hesiod*
293rm -rf usr/lib/*/libnss_nis*
294