1#!/bin/bash 2 3set -ex 4 5if [ $DEBIAN_ARCH = arm64 ]; then 6 ARCH_PACKAGES="firmware-qcom-media" 7elif [ $DEBIAN_ARCH = amd64 ]; then 8 # Upstream LLVM package repository 9 apt-get -y install --no-install-recommends gnupg ca-certificates 10 apt-key add /llvm-snapshot.gpg.key 11 echo "deb https://apt.llvm.org/buster/ llvm-toolchain-buster-10 main" >/etc/apt/sources.list.d/llvm10.list 12 apt-get update 13 14 ARCH_PACKAGES="libelf1 15 libllvm10 16 libxcb-dri2-0 17 libxcb-dri3-0 18 libxcb-present0 19 libxcb-sync1 20 libxcb-xfixes0 21 libxshmfence1 22 firmware-amd-graphics 23 " 24fi 25 26apt-get -y install --no-install-recommends \ 27 ca-certificates \ 28 curl \ 29 initramfs-tools \ 30 libpng16-16 \ 31 strace \ 32 libsensors5 \ 33 libexpat1 \ 34 libx11-6 \ 35 libx11-xcb1 \ 36 $ARCH_PACKAGES \ 37 netcat-openbsd \ 38 python3 \ 39 libpython3.7 \ 40 python3-pil \ 41 python3-pytest \ 42 python3-requests \ 43 python3-yaml \ 44 sntp \ 45 wget \ 46 xz-utils 47 48if [ -n "$INCLUDE_VK_CTS" ]; then 49 apt-get install -y libvulkan1 50fi 51 52passwd root -d 53chsh -s /bin/sh 54 55cat > /init <<EOF 56#!/bin/sh 57export PS1=lava-shell: 58exec sh 59EOF 60chmod +x /init 61 62mkdir -p /lib/firmware/rtl_nic 63wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/rtl_nic/rtl8153a-3.fw -O /lib/firmware/rtl_nic/rtl8153a-3.fw 64 65####################################################################### 66# Strip the image to a small minimal system without removing the debian 67# toolchain. 68 69# xz compress firmware so it doesn't waste RAM at runtime. Except db820c's 70# GPU firmware, due to using a precompiled kernel without compression support. 71find /lib/firmware -type f -print0 | \ 72 grep -vz a530 | \ 73 xargs -0r -P4 -n4 xz -T1 -C crc32 74ln -s /lib/firmware/qcom/a530* /lib/firmware/ 75 76# Copy timezone file and remove tzdata package 77rm -rf /etc/localtime 78cp /usr/share/zoneinfo/Etc/UTC /etc/localtime 79 80UNNEEDED_PACKAGES="libfdisk1 81 tzdata 82 diffutils 83 gnupg" 84 85export DEBIAN_FRONTEND=noninteractive 86 87# Removing unused packages 88for PACKAGE in ${UNNEEDED_PACKAGES} 89do 90 echo ${PACKAGE} 91 if ! apt-get remove --purge --yes "${PACKAGE}" 92 then 93 echo "WARNING: ${PACKAGE} isn't installed" 94 fi 95done 96 97apt-get autoremove --yes || true 98 99# Dropping logs 100rm -rf /var/log/* 101 102# Dropping documentation, localization, i18n files, etc 103rm -rf /usr/share/doc/* 104rm -rf /usr/share/locale/* 105rm -rf /usr/share/X11/locale/* 106rm -rf /usr/share/man 107rm -rf /usr/share/i18n/* 108rm -rf /usr/share/info/* 109rm -rf /usr/share/lintian/* 110rm -rf /usr/share/common-licenses/* 111rm -rf /usr/share/mime/* 112 113# Dropping reportbug scripts 114rm -rf /usr/share/bug 115 116# Drop udev hwdb not required on a stripped system 117rm -rf /lib/udev/hwdb.bin /lib/udev/hwdb.d/* 118 119# Drop all gconv conversions && binaries 120rm -rf usr/bin/iconv 121rm -rf usr/sbin/iconvconfig 122rm -rf usr/lib/*/gconv/ 123 124# Remove libusb database 125rm -rf usr/sbin/update-usbids 126rm -rf var/lib/usbutils/usb.ids 127rm -rf usr/share/misc/usb.ids 128 129####################################################################### 130# Crush into a minimal production image to be deployed via some type of image 131# updating system. 132# IMPORTANT: The Debian system is not longer functional at this point, 133# for example, apt and dpkg will stop working 134 135UNNEEDED_PACKAGES="apt libapt-pkg6.0 "\ 136"ncurses-bin ncurses-base libncursesw6 libncurses6 "\ 137"perl-base "\ 138"debconf libdebconfclient0 "\ 139"e2fsprogs e2fslibs libfdisk1 "\ 140"insserv "\ 141"udev "\ 142"init-system-helpers "\ 143"bash "\ 144"cpio "\ 145"xz-utils "\ 146"passwd "\ 147"libsemanage1 libsemanage-common "\ 148"libsepol1 "\ 149"gpgv "\ 150"hostname "\ 151"adduser "\ 152"debian-archive-keyring "\ 153"libegl1-mesa-dev "\ 154"libegl-mesa0 "\ 155"libgl1-mesa-dev "\ 156"libgl1-mesa-dri "\ 157"libglapi-mesa "\ 158"libgles2-mesa-dev "\ 159"libglx-mesa0 "\ 160"mesa-common-dev "\ 161"libz3-4 "\ 162 163# Removing unneeded packages 164for PACKAGE in ${UNNEEDED_PACKAGES} 165do 166 echo "Forcing removal of ${PACKAGE}" 167 if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}" 168 then 169 echo "WARNING: ${PACKAGE} isn't installed" 170 fi 171done 172 173# Show what's left package-wise before dropping dpkg itself 174COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n 175 176# Drop dpkg 177dpkg --purge --force-remove-essential --force-depends dpkg 178 179# No apt or dpkg, no need for its configuration archives 180rm -rf etc/apt 181rm -rf etc/dpkg 182 183# Drop directories not part of ostree 184# Note that /var needs to exist as ostree bind mounts the deployment /var over 185# it 186rm -rf var/* opt srv share 187 188# ca-certificates are in /etc drop the source 189rm -rf usr/share/ca-certificates 190 191# No bash, no need for completions 192rm -rf usr/share/bash-completion 193 194# No zsh, no need for comletions 195rm -rf usr/share/zsh/vendor-completions 196 197# drop gcc-6 python helpers 198rm -rf usr/share/gcc-6 199 200# Drop sysvinit leftovers 201rm -rf etc/init.d 202rm -rf etc/rc[0-6S].d 203 204# Drop upstart helpers 205rm -rf etc/init 206 207# Various xtables helpers 208rm -rf usr/lib/xtables 209 210# Drop all locales 211# TODO: only remaining locale is actually "C". Should we really remove it? 212rm -rf usr/lib/locale/* 213 214# partition helpers 215rm -rf usr/sbin/*fdisk 216 217# local compiler 218rm -rf usr/bin/localedef 219 220# Systemd dns resolver 221find usr etc -name '*systemd-resolve*' -prune -exec rm -r {} \; 222 223# Systemd network configuration 224find usr etc -name '*networkd*' -prune -exec rm -r {} \; 225 226# systemd ntp client 227find usr etc -name '*timesyncd*' -prune -exec rm -r {} \; 228 229# systemd hw database manager 230find usr etc -name '*systemd-hwdb*' -prune -exec rm -r {} \; 231 232# No need for fuse 233find usr etc -name '*fuse*' -prune -exec rm -r {} \; 234 235# lsb init function leftovers 236rm -rf usr/lib/lsb 237 238# Only needed when adding libraries 239rm -rf usr/sbin/ldconfig* 240 241# Games, unused 242rmdir usr/games 243 244# Remove pam module to authenticate against a DB 245# plus libdb-5.3.so that is only used by this pam module 246rm -rf usr/lib/*/security/pam_userdb.so 247rm -rf usr/lib/*/libdb-5.3.so 248 249# remove NSS support for nis, nisplus and hesiod 250rm -rf usr/lib/*/libnss_hesiod* 251rm -rf usr/lib/*/libnss_nis* 252