-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mkosi.finalize.chroot
executable file
·90 lines (76 loc) · 3 KB
/
mkosi.finalize.chroot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <[email protected]>
set -ex
userdel --remove --force builder || true
passwd --delete root
passwd --lock root
if [ -f "$SRCDIR/.secure_files/gpg.public.key" ]; then # only useful and available for publishing branches
# Put our key into the systemd keyring
export GNUPGHOME="$SRCDIR/.secure_files/gpg"
KEYRING=/usr/lib/systemd/import-pubring.gpg
rm -rf "$GNUPGHOME"
mkdir "$GNUPGHOME"
rm -f "$KEYRING"
gpg --no-options --no-default-keyring --keyring="$KEYRING" --homedir="$GNUPGHOME" --import "$SRCDIR/.secure_files/gpg.public.key"
fi
# De-initialize pacman
rm -rf \
/etc/pacman.d/gnupg \
/var/cache/pacman \
/var/lib/pacman
# Remove all excess things we don't want in the final image
## locale-gen doesn't work because /usr is read-only. Removing it means calamares won't attempt to use it.
rm -rf \
/etc/locale.gen \
/usr/bin/locale-gen
## Multimedia players we only want for their libraries
rm -rf \
/usr/share/applications/vlc.desktop \
/usr/bin/vlc \
/usr/share/applications/mpv.desktop \
/usr/bin/mpv
## Development tools that aren't useful even for the development edition
rm -rf \
/usr/bin/assistant \
/usr/bin/assistant-qt5 \
/usr/share/applications/assistant.desktop \
/usr/bin/designer \
/usr/bin/designer-qt5 \
/usr/share/applications/designer.desktop \
/usr/bin/linguist \
/usr/bin/linguist-qt5 \
/usr/share/applications/linguist.desktop \
/usr/bin/qdbusviewer \
/usr/bin/qdbusviewer-qt5 \
/usr/share/applications/qdbusviewer.desktop \
/usr/share/applications/qv4l2.desktop \
/usr/bin/qvidcap \
/usr/share/applications/qvidcap.desktop \
## HP device management apps that are useless even for 99% of HP device owners, and we have our own better stuff
rm -rf \
/usr/share/applications/hp-uiscan.desktop \
/usr/bin/hp-uiscan \
/usr/share/applications/hplip.desktop \
/usr/bin/hp-toolbox
## Miscellaneous application entries that have zero value because we either have better stuff or they're for terminal applications
rm -rf \
/usr/share/applications/avahi-discover.desktop \
/usr/share/applications/vim.desktop \
/usr/share/applications/htop.desktop \
/usr/share/applications/lstopo.desktop \
/usr/share/applications/bssh.desktop \
/usr/share/applications/bvnc.desktop \
/usr/share/applications/cups.desktop \
/usr/share/applications/system-config-printer.desktop \
## Remove documentation cruft. Offline documentation while neat is really not that useful in this day and age.
## Do not be verbose here, we'd blow right through the log limit.
rm -rf \
/usr/share/doc/
## /boot is not necessary. We've already created our initrd.
# shellcheck disable=SC2114
rm -rf /boot
## Not sure where this comes from, but it's not useful.
rm -rf /.cache
## Don't expose any X11 sessions; we're all-in on Wayland.
rm -rf /usr/share/xsessions/