| #!/usr/bin/env bash |
| # Strip the image to a small minimal system. |
| # When changing this file, you need to bump the following |
| # .gitlab-ci/image-tags.yml tags: |
| # KERNEL_ROOTFS_TAG |
| set -ex |
| |
| export DEBIAN_FRONTEND=noninteractive |
| |
| UNNEEDED_PACKAGES=( |
| libfdisk1 git |
| python3-dev python3-pip python3-setuptools python3-wheel |
| ) |
| |
| # Removing unused packages |
| for PACKAGE in "${UNNEEDED_PACKAGES[@]}" |
| do |
| if ! apt-get remove --purge --yes "${PACKAGE}" |
| then |
| echo "WARNING: ${PACKAGE} isn't installed" |
| fi |
| done |
| |
| apt-get autoremove --yes || true |
| |
| UNNEEDED_PACKAGES=( |
| apt libapt-pkg6.0 |
| ncurses-bin ncurses-base libncursesw6 libncurses6 |
| perl-base |
| debconf libdebconfclient0 |
| e2fsprogs e2fslibs libfdisk1 |
| insserv |
| udev |
| init-system-helpers |
| cpio |
| passwd |
| libsemanage1 libsemanage-common |
| libsepol1 |
| gpgv |
| hostname |
| adduser |
| debian-archive-keyring |
| libegl1-mesa-dev # mesa group |
| libegl-mesa0 |
| libgl1-mesa-dev |
| libgl1-mesa-dri |
| libglapi-mesa |
| libgles2-mesa-dev |
| libglx-mesa0 |
| mesa-common-dev |
| gnupg2 |
| software-properties-common |
| ) |
| |
| # Removing unneeded packages |
| for PACKAGE in "${UNNEEDED_PACKAGES[@]}" |
| do |
| if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}" |
| then |
| echo "WARNING: ${PACKAGE} isn't installed" |
| fi |
| done |
| |
| # Show what's left package-wise before dropping dpkg itself |
| COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n |
| |
| # Drop dpkg |
| dpkg --purge --force-remove-essential --force-depends dpkg |
| |
| # directories for a removal |
| |
| directories=( |
| /var/log/* # logs |
| /usr/share/doc/* # docs, i18n, etc. |
| /usr/share/locale/* |
| /usr/share/X11/locale/* |
| /usr/share/man |
| /usr/share/i18n/* |
| /usr/share/info/* |
| /usr/share/lintian/* |
| /usr/share/common-licenses/* |
| /usr/share/mime/* |
| /usr/share/bug |
| /lib/udev/hwdb.bin # udev hwdb not required on a stripped system |
| /lib/udev/hwdb.d/* |
| /usr/bin/iconv # gconv conversions && binaries |
| /usr/sbin/iconvconfig |
| /usr/lib/*/gconv/ |
| /usr/sbin/update-usbids # libusb db |
| /usr/share/misc/usb.ids |
| /var/lib/usbutils/usb.ids |
| /root/.pip # pip cache |
| /root/.cache |
| /etc/apt # configuration archives of apt and dpkg |
| /etc/dpkg |
| /var/* # drop non-ostree directories |
| /srv |
| /share |
| /usr/share/ca-certificates # certificates are in /etc |
| /usr/share/bash-completion # completions |
| /usr/share/zsh/vendor-completions |
| /usr/share/gcc # gcc python helpers |
| /etc/inid.d # sysvinit leftovers |
| /etc/rc[0-6S].d |
| /etc/init |
| /usr/lib/lsb |
| /usr/lib/xtables # xtrables helpers |
| /usr/lib/locale/* # should we keep C locale? |
| /usr/sbin/*fdisk # partitioning |
| /usr/bin/localedef # local compiler |
| /usr/sbin/ldconfig* # only needed when adding libs |
| /usr/games |
| /usr/lib/*/security/pam_userdb.so # Remove pam module to authenticate against a DB |
| /usr/lib/*/libdb-5.3.so # libdb-5.3.so that is only used by this pam module ^ |
| /usr/lib/*/libnss_hesiod* # remove NSS support for nis, nisplus and hesiod |
| /usr/lib/*/libnss_nis* |
| ) |
| |
| for directory in "${directories[@]}"; do |
| rm -rf "$directory" || echo "Failed to remove $directory! Update scripts!" |
| done |
| |
| files=( |
| '*systemd-resolve*' # systemd dns resolver |
| '*networkd*' # systemd network configuration |
| '*timesyncd*' # systemd ntp |
| 'systemd-hwdb*' # systemd hw database |
| '*fuse*' # FUSE |
| ) |
| |
| for files in "${files[@]}"; do |
| find /usr /etc -name "$files" -prune -exec rm -r {} \; |
| done |