Tomeu Vizoso | 22d9764 | 2019-12-17 11:50:14 +0100 | [diff] [blame] | 1 | #!/bin/bash |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 2 | |
| 3 | set -ex |
| 4 | |
Tomeu Vizoso | 6c8b921 | 2020-07-03 10:04:20 +0200 | [diff] [blame] | 5 | if [ $DEBIAN_ARCH = arm64 ]; then |
| 6 | ARCH_PACKAGES="firmware-qcom-media" |
| 7 | elif [ $DEBIAN_ARCH = amd64 ]; then |
| 8 | # Upstream LLVM package repository |
| 9 | apt-get -y install --no-install-recommends gnupg ca-certificates |
| 10 | apt-key add /llvm-snapshot.gpg.key |
Dave Airlie | 137d7d2 | 2020-10-06 10:49:00 +1000 | [diff] [blame] | 11 | echo "deb https://apt.llvm.org/buster/ llvm-toolchain-buster-10 main" >/etc/apt/sources.list.d/llvm10.list |
Tomeu Vizoso | 6c8b921 | 2020-07-03 10:04:20 +0200 | [diff] [blame] | 12 | apt-get update |
| 13 | |
| 14 | ARCH_PACKAGES="libelf1 |
Dave Airlie | 137d7d2 | 2020-10-06 10:49:00 +1000 | [diff] [blame] | 15 | libllvm10 |
Tomeu Vizoso | 6c8b921 | 2020-07-03 10:04:20 +0200 | [diff] [blame] | 16 | libxcb-dri2-0 |
| 17 | libxcb-dri3-0 |
| 18 | libxcb-present0 |
| 19 | libxcb-sync1 |
| 20 | libxcb-xfixes0 |
| 21 | libxshmfence1 |
| 22 | firmware-amd-graphics |
| 23 | " |
| 24 | fi |
| 25 | |
Tomeu Vizoso | 22d9764 | 2019-12-17 11:50:14 +0100 | [diff] [blame] | 26 | apt-get -y install --no-install-recommends \ |
Eric Anholt | cf5ba9d | 2020-03-03 14:38:09 -0800 | [diff] [blame] | 27 | ca-certificates \ |
Christian Gmeiner | 096adbe | 2020-06-10 14:44:17 +0200 | [diff] [blame] | 28 | curl \ |
Tomeu Vizoso | 22d9764 | 2019-12-17 11:50:14 +0100 | [diff] [blame] | 29 | initramfs-tools \ |
| 30 | libpng16-16 \ |
| 31 | strace \ |
| 32 | libsensors5 \ |
| 33 | libexpat1 \ |
Rohan Garg | 7406d62 | 2020-01-28 15:19:53 +0100 | [diff] [blame] | 34 | libx11-6 \ |
| 35 | libx11-xcb1 \ |
Tomeu Vizoso | 6c8b921 | 2020-07-03 10:04:20 +0200 | [diff] [blame] | 36 | $ARCH_PACKAGES \ |
Eric Anholt | 3b5e71c | 2020-05-01 09:57:00 -0700 | [diff] [blame] | 37 | netcat-openbsd \ |
Rohan Garg | 7406d62 | 2020-01-28 15:19:53 +0100 | [diff] [blame] | 38 | python3 \ |
| 39 | libpython3.7 \ |
| 40 | python3-pil \ |
| 41 | python3-pytest \ |
| 42 | python3-requests \ |
| 43 | python3-yaml \ |
Tomeu Vizoso | cf8a8b7 | 2020-07-31 06:51:47 +0200 | [diff] [blame] | 44 | sntp \ |
Eric Anholt | 33f3860 | 2020-01-28 12:02:39 -0800 | [diff] [blame] | 45 | wget \ |
| 46 | xz-utils |
Eric Anholt | dd16778 | 2020-05-28 12:50:51 -0700 | [diff] [blame] | 47 | |
| 48 | if [ -n "$INCLUDE_VK_CTS" ]; then |
| 49 | apt-get install -y libvulkan1 |
| 50 | fi |
| 51 | |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 52 | passwd root -d |
| 53 | chsh -s /bin/sh |
Eric Anholt | 54dbb55 | 2020-02-19 10:22:02 -0800 | [diff] [blame] | 54 | |
| 55 | cat > /init <<EOF |
| 56 | #!/bin/sh |
| 57 | export PS1=lava-shell: |
| 58 | exec sh |
| 59 | EOF |
| 60 | chmod +x /init |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 61 | |
Tomeu Vizoso | cf55abe | 2020-07-09 22:38:51 +0200 | [diff] [blame] | 62 | mkdir -p /lib/firmware/rtl_nic |
| 63 | wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/rtl_nic/rtl8153a-3.fw -O /lib/firmware/rtl_nic/rtl8153a-3.fw |
| 64 | |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 65 | ####################################################################### |
| 66 | # Strip the image to a small minimal system without removing the debian |
| 67 | # toolchain. |
| 68 | |
Tomeu Vizoso | cf55abe | 2020-07-09 22:38:51 +0200 | [diff] [blame] | 69 | # xz compress firmware so it doesn't waste RAM at runtime. Except db820c's |
| 70 | # GPU firmware, due to using a precompiled kernel without compression support. |
Eric Anholt | 4bc15e7 | 2020-03-03 14:38:09 -0800 | [diff] [blame] | 71 | find /lib/firmware -type f -print0 | \ |
Tomeu Vizoso | cf55abe | 2020-07-09 22:38:51 +0200 | [diff] [blame] | 72 | grep -vz a530 | \ |
Eric Anholt | 4bc15e7 | 2020-03-03 14:38:09 -0800 | [diff] [blame] | 73 | xargs -0r -P4 -n4 xz -T1 -C crc32 |
Tomeu Vizoso | cf55abe | 2020-07-09 22:38:51 +0200 | [diff] [blame] | 74 | ln -s /lib/firmware/qcom/a530* /lib/firmware/ |
Eric Anholt | 33f3860 | 2020-01-28 12:02:39 -0800 | [diff] [blame] | 75 | |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 76 | # Copy timezone file and remove tzdata package |
| 77 | rm -rf /etc/localtime |
| 78 | cp /usr/share/zoneinfo/Etc/UTC /etc/localtime |
| 79 | |
Tomeu Vizoso | 76af465 | 2019-08-15 10:41:21 +0200 | [diff] [blame] | 80 | UNNEEDED_PACKAGES="libfdisk1 |
| 81 | tzdata |
Tomeu Vizoso | 6c8b921 | 2020-07-03 10:04:20 +0200 | [diff] [blame] | 82 | diffutils |
| 83 | gnupg" |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 84 | |
| 85 | export DEBIAN_FRONTEND=noninteractive |
| 86 | |
| 87 | # Removing unused packages |
| 88 | for PACKAGE in ${UNNEEDED_PACKAGES} |
| 89 | do |
| 90 | echo ${PACKAGE} |
| 91 | if ! apt-get remove --purge --yes "${PACKAGE}" |
| 92 | then |
| 93 | echo "WARNING: ${PACKAGE} isn't installed" |
| 94 | fi |
| 95 | done |
| 96 | |
| 97 | apt-get autoremove --yes || true |
| 98 | |
| 99 | # Dropping logs |
| 100 | rm -rf /var/log/* |
| 101 | |
| 102 | # Dropping documentation, localization, i18n files, etc |
| 103 | rm -rf /usr/share/doc/* |
| 104 | rm -rf /usr/share/locale/* |
Rohan Garg | 7406d62 | 2020-01-28 15:19:53 +0100 | [diff] [blame] | 105 | rm -rf /usr/share/X11/locale/* |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 106 | rm -rf /usr/share/man |
| 107 | rm -rf /usr/share/i18n/* |
| 108 | rm -rf /usr/share/info/* |
| 109 | rm -rf /usr/share/lintian/* |
| 110 | rm -rf /usr/share/common-licenses/* |
| 111 | rm -rf /usr/share/mime/* |
| 112 | |
| 113 | # Dropping reportbug scripts |
| 114 | rm -rf /usr/share/bug |
| 115 | |
| 116 | # Drop udev hwdb not required on a stripped system |
| 117 | rm -rf /lib/udev/hwdb.bin /lib/udev/hwdb.d/* |
| 118 | |
| 119 | # Drop all gconv conversions && binaries |
| 120 | rm -rf usr/bin/iconv |
| 121 | rm -rf usr/sbin/iconvconfig |
| 122 | rm -rf usr/lib/*/gconv/ |
| 123 | |
| 124 | # Remove libusb database |
| 125 | rm -rf usr/sbin/update-usbids |
| 126 | rm -rf var/lib/usbutils/usb.ids |
| 127 | rm -rf usr/share/misc/usb.ids |
| 128 | |
| 129 | ####################################################################### |
| 130 | # Crush into a minimal production image to be deployed via some type of image |
| 131 | # updating system. |
| 132 | # IMPORTANT: The Debian system is not longer functional at this point, |
| 133 | # for example, apt and dpkg will stop working |
| 134 | |
Eric Anholt | 8094a9a | 2020-05-13 16:58:26 -0700 | [diff] [blame] | 135 | UNNEEDED_PACKAGES="apt libapt-pkg6.0 "\ |
| 136 | "ncurses-bin ncurses-base libncursesw6 libncurses6 "\ |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 137 | "perl-base "\ |
| 138 | "debconf libdebconfclient0 "\ |
| 139 | "e2fsprogs e2fslibs libfdisk1 "\ |
| 140 | "insserv "\ |
| 141 | "udev "\ |
| 142 | "init-system-helpers "\ |
| 143 | "bash "\ |
| 144 | "cpio "\ |
Eric Anholt | 33f3860 | 2020-01-28 12:02:39 -0800 | [diff] [blame] | 145 | "xz-utils "\ |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 146 | "passwd "\ |
| 147 | "libsemanage1 libsemanage-common "\ |
| 148 | "libsepol1 "\ |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 149 | "gpgv "\ |
| 150 | "hostname "\ |
| 151 | "adduser "\ |
| 152 | "debian-archive-keyring "\ |
Rohan Garg | 7406d62 | 2020-01-28 15:19:53 +0100 | [diff] [blame] | 153 | "libegl1-mesa-dev "\ |
| 154 | "libegl-mesa0 "\ |
| 155 | "libgl1-mesa-dev "\ |
| 156 | "libgl1-mesa-dri "\ |
| 157 | "libglapi-mesa "\ |
| 158 | "libgles2-mesa-dev "\ |
| 159 | "libglx-mesa0 "\ |
| 160 | "mesa-common-dev "\ |
| 161 | "libz3-4 "\ |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 162 | |
| 163 | # Removing unneeded packages |
| 164 | for PACKAGE in ${UNNEEDED_PACKAGES} |
| 165 | do |
| 166 | echo "Forcing removal of ${PACKAGE}" |
| 167 | if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}" |
| 168 | then |
| 169 | echo "WARNING: ${PACKAGE} isn't installed" |
| 170 | fi |
| 171 | done |
| 172 | |
| 173 | # Show what's left package-wise before dropping dpkg itself |
| 174 | COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n |
| 175 | |
| 176 | # Drop dpkg |
| 177 | dpkg --purge --force-remove-essential --force-depends dpkg |
| 178 | |
| 179 | # No apt or dpkg, no need for its configuration archives |
| 180 | rm -rf etc/apt |
| 181 | rm -rf etc/dpkg |
| 182 | |
| 183 | # Drop directories not part of ostree |
| 184 | # Note that /var needs to exist as ostree bind mounts the deployment /var over |
| 185 | # it |
| 186 | rm -rf var/* opt srv share |
| 187 | |
| 188 | # ca-certificates are in /etc drop the source |
| 189 | rm -rf usr/share/ca-certificates |
| 190 | |
| 191 | # No bash, no need for completions |
| 192 | rm -rf usr/share/bash-completion |
| 193 | |
| 194 | # No zsh, no need for comletions |
| 195 | rm -rf usr/share/zsh/vendor-completions |
| 196 | |
| 197 | # drop gcc-6 python helpers |
| 198 | rm -rf usr/share/gcc-6 |
| 199 | |
| 200 | # Drop sysvinit leftovers |
| 201 | rm -rf etc/init.d |
| 202 | rm -rf etc/rc[0-6S].d |
| 203 | |
| 204 | # Drop upstart helpers |
| 205 | rm -rf etc/init |
| 206 | |
| 207 | # Various xtables helpers |
| 208 | rm -rf usr/lib/xtables |
| 209 | |
| 210 | # Drop all locales |
| 211 | # TODO: only remaining locale is actually "C". Should we really remove it? |
| 212 | rm -rf usr/lib/locale/* |
| 213 | |
| 214 | # partition helpers |
Eric Anholt | 18fc6a9 | 2020-05-13 14:36:36 -0700 | [diff] [blame] | 215 | rm -rf usr/sbin/*fdisk |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 216 | |
| 217 | # local compiler |
Eric Anholt | 18fc6a9 | 2020-05-13 14:36:36 -0700 | [diff] [blame] | 218 | rm -rf usr/bin/localedef |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 219 | |
| 220 | # Systemd dns resolver |
| 221 | find usr etc -name '*systemd-resolve*' -prune -exec rm -r {} \; |
| 222 | |
| 223 | # Systemd network configuration |
| 224 | find usr etc -name '*networkd*' -prune -exec rm -r {} \; |
| 225 | |
| 226 | # systemd ntp client |
| 227 | find usr etc -name '*timesyncd*' -prune -exec rm -r {} \; |
| 228 | |
| 229 | # systemd hw database manager |
| 230 | find usr etc -name '*systemd-hwdb*' -prune -exec rm -r {} \; |
| 231 | |
| 232 | # No need for fuse |
| 233 | find usr etc -name '*fuse*' -prune -exec rm -r {} \; |
| 234 | |
| 235 | # lsb init function leftovers |
| 236 | rm -rf usr/lib/lsb |
| 237 | |
| 238 | # Only needed when adding libraries |
Eric Anholt | 18fc6a9 | 2020-05-13 14:36:36 -0700 | [diff] [blame] | 239 | rm -rf usr/sbin/ldconfig* |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 240 | |
| 241 | # Games, unused |
| 242 | rmdir usr/games |
| 243 | |
| 244 | # Remove pam module to authenticate against a DB |
| 245 | # plus libdb-5.3.so that is only used by this pam module |
Eric Anholt | 18fc6a9 | 2020-05-13 14:36:36 -0700 | [diff] [blame] | 246 | rm -rf usr/lib/*/security/pam_userdb.so |
| 247 | rm -rf usr/lib/*/libdb-5.3.so |
Tomeu Vizoso | cc6bbf6 | 2019-04-29 16:33:22 +0000 | [diff] [blame] | 248 | |
| 249 | # remove NSS support for nis, nisplus and hesiod |
Eric Anholt | 18fc6a9 | 2020-05-13 14:36:36 -0700 | [diff] [blame] | 250 | rm -rf usr/lib/*/libnss_hesiod* |
| 251 | rm -rf usr/lib/*/libnss_nis* |