1#!/bin/bash
2
3set -ex
4
5if [ $DEBIAN_ARCH = arm64 ]; then
6    ARCH_PACKAGES="firmware-qcom-media"
7elif [ $DEBIAN_ARCH = amd64 ]; then
8    # Upstream LLVM package repository
9    apt-get -y install --no-install-recommends gnupg ca-certificates
10    apt-key add /llvm-snapshot.gpg.key
11    echo "deb https://apt.llvm.org/buster/ llvm-toolchain-buster-10 main" >/etc/apt/sources.list.d/llvm10.list
12    apt-get update
13
14    ARCH_PACKAGES="libelf1
15                   libllvm10
16                   libxcb-dri2-0
17                   libxcb-dri3-0
18                   libxcb-present0
19                   libxcb-sync1
20                   libxcb-xfixes0
21                   libxshmfence1
22                   firmware-amd-graphics
23                  "
24fi
25
26apt-get -y install --no-install-recommends \
27    ca-certificates \
28    curl \
29    initramfs-tools \
30    libpng16-16 \
31    strace \
32    libsensors5 \
33    libexpat1 \
34    libx11-6 \
35    libx11-xcb1 \
36    $ARCH_PACKAGES \
37    netcat-openbsd \
38    python3 \
39    libpython3.7 \
40    python3-pil \
41    python3-pytest \
42    python3-requests \
43    python3-yaml \
44    sntp \
45    wget \
46    xz-utils
47
48if [ -n "$INCLUDE_VK_CTS" ]; then
49    apt-get install -y libvulkan1
50fi
51
52passwd root -d
53chsh -s /bin/sh
54
55cat > /init <<EOF
56#!/bin/sh
57export PS1=lava-shell:
58exec sh
59EOF
60chmod +x  /init
61
62mkdir -p /lib/firmware/rtl_nic
63wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/rtl_nic/rtl8153a-3.fw -O /lib/firmware/rtl_nic/rtl8153a-3.fw
64
65#######################################################################
66# Strip the image to a small minimal system without removing the debian
67# toolchain.
68
69# xz compress firmware so it doesn't waste RAM at runtime.  Except db820c's
70# GPU firmware, due to using a precompiled kernel without compression support.
71find /lib/firmware -type f -print0 | \
72    grep -vz a530 | \
73    xargs -0r -P4 -n4 xz -T1 -C crc32
74ln -s /lib/firmware/qcom/a530* /lib/firmware/
75
76# Copy timezone file and remove tzdata package
77rm -rf /etc/localtime
78cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
79
80UNNEEDED_PACKAGES="libfdisk1
81                   tzdata
82                   diffutils
83                   gnupg"
84
85export DEBIAN_FRONTEND=noninteractive
86
87# Removing unused packages
88for PACKAGE in ${UNNEEDED_PACKAGES}
89do
90	echo ${PACKAGE}
91	if ! apt-get remove --purge --yes "${PACKAGE}"
92	then
93		echo "WARNING: ${PACKAGE} isn't installed"
94	fi
95done
96
97apt-get autoremove --yes || true
98
99# Dropping logs
100rm -rf /var/log/*
101
102# Dropping documentation, localization, i18n files, etc
103rm -rf /usr/share/doc/*
104rm -rf /usr/share/locale/*
105rm -rf /usr/share/X11/locale/*
106rm -rf /usr/share/man
107rm -rf /usr/share/i18n/*
108rm -rf /usr/share/info/*
109rm -rf /usr/share/lintian/*
110rm -rf /usr/share/common-licenses/*
111rm -rf /usr/share/mime/*
112
113# Dropping reportbug scripts
114rm -rf /usr/share/bug
115
116# Drop udev hwdb not required on a stripped system
117rm -rf /lib/udev/hwdb.bin /lib/udev/hwdb.d/*
118
119# Drop all gconv conversions && binaries
120rm -rf usr/bin/iconv
121rm -rf usr/sbin/iconvconfig
122rm -rf usr/lib/*/gconv/
123
124# Remove libusb database
125rm -rf usr/sbin/update-usbids
126rm -rf var/lib/usbutils/usb.ids
127rm -rf usr/share/misc/usb.ids
128
129#######################################################################
130# Crush into a minimal production image to be deployed via some type of image
131# updating system.
132# IMPORTANT: The Debian system is not longer functional at this point,
133# for example, apt and dpkg will stop working
134
135UNNEEDED_PACKAGES="apt libapt-pkg6.0 "\
136"ncurses-bin ncurses-base libncursesw6 libncurses6 "\
137"perl-base "\
138"debconf libdebconfclient0 "\
139"e2fsprogs e2fslibs libfdisk1 "\
140"insserv "\
141"udev "\
142"init-system-helpers "\
143"bash "\
144"cpio "\
145"xz-utils "\
146"passwd "\
147"libsemanage1 libsemanage-common "\
148"libsepol1 "\
149"gpgv "\
150"hostname "\
151"adduser "\
152"debian-archive-keyring "\
153"libegl1-mesa-dev "\
154"libegl-mesa0 "\
155"libgl1-mesa-dev "\
156"libgl1-mesa-dri "\
157"libglapi-mesa "\
158"libgles2-mesa-dev "\
159"libglx-mesa0 "\
160"mesa-common-dev "\
161"libz3-4 "\
162
163# Removing unneeded packages
164for PACKAGE in ${UNNEEDED_PACKAGES}
165do
166	echo "Forcing removal of ${PACKAGE}"
167	if ! dpkg --purge --force-remove-essential --force-depends "${PACKAGE}"
168	then
169		echo "WARNING: ${PACKAGE} isn't installed"
170	fi
171done
172
173# Show what's left package-wise before dropping dpkg itself
174COLUMNS=300 dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n
175
176# Drop dpkg
177dpkg --purge --force-remove-essential --force-depends  dpkg
178
179# No apt or dpkg, no need for its configuration archives
180rm -rf etc/apt
181rm -rf etc/dpkg
182
183# Drop directories not part of ostree
184# Note that /var needs to exist as ostree bind mounts the deployment /var over
185# it
186rm -rf var/* opt srv share
187
188# ca-certificates are in /etc drop the source
189rm -rf usr/share/ca-certificates
190
191# No bash, no need for completions
192rm -rf usr/share/bash-completion
193
194# No zsh, no need for comletions
195rm -rf usr/share/zsh/vendor-completions
196
197# drop gcc-6 python helpers
198rm -rf usr/share/gcc-6
199
200# Drop sysvinit leftovers
201rm -rf etc/init.d
202rm -rf etc/rc[0-6S].d
203
204# Drop upstart helpers
205rm -rf etc/init
206
207# Various xtables helpers
208rm -rf usr/lib/xtables
209
210# Drop all locales
211# TODO: only remaining locale is actually "C". Should we really remove it?
212rm -rf usr/lib/locale/*
213
214# partition helpers
215rm -rf usr/sbin/*fdisk
216
217# local compiler
218rm -rf usr/bin/localedef
219
220# Systemd dns resolver
221find usr etc -name '*systemd-resolve*' -prune -exec rm -r {} \;
222
223# Systemd network configuration
224find usr etc -name '*networkd*' -prune -exec rm -r {} \;
225
226# systemd ntp client
227find usr etc -name '*timesyncd*' -prune -exec rm -r {} \;
228
229# systemd hw database manager
230find usr etc -name '*systemd-hwdb*' -prune -exec rm -r {} \;
231
232# No need for fuse
233find usr etc -name '*fuse*' -prune -exec rm -r {} \;
234
235# lsb init function leftovers
236rm -rf usr/lib/lsb
237
238# Only needed when adding libraries
239rm -rf usr/sbin/ldconfig*
240
241# Games, unused
242rmdir usr/games
243
244# Remove pam module to authenticate against a DB
245# plus libdb-5.3.so that is only used by this pam module
246rm -rf usr/lib/*/security/pam_userdb.so
247rm -rf usr/lib/*/libdb-5.3.so
248
249# remove NSS support for nis, nisplus and hesiod
250rm -rf usr/lib/*/libnss_hesiod*
251rm -rf usr/lib/*/libnss_nis*
252