4b1825859f
Since we're leaving pipewire-libs in, it'll still pull in liblilv from 0.3.41 onwards. Currently liblilv is in the same package as some binaries which we don't need, and one actually requires the removed libsndfile, so we need to trim it. Signed-off-by: Adam Williamson <awilliam@redhat.com>
369 lines
17 KiB
Cheetah
369 lines
17 KiB
Cheetah
## lorax template file: cleanup for the ramdisk (runtime image)
|
|
<%page args="libdir, branding, root"/>
|
|
|
|
## remove the sources
|
|
remove usr/share/i18n
|
|
|
|
## not required packages installed as dependencies
|
|
## perl is needed on s390x
|
|
## perl needed for powerpc-utils
|
|
## perl is needed by /usr/bin/rxe_cfg from libibverbs
|
|
|
|
## no sound support, thanks
|
|
removepkg flac-libs libsndfile pipewire pulseaudio* rtkit sound-theme-freedesktop wireplumber*
|
|
## lv2appy requires removed libsndfile, we don't need the rest either
|
|
removefrom lilv /usr/bin/*
|
|
## we don't create new initramfs/bootloader conf inside anaconda
|
|
## (that happens inside the target system after we install dracut/grubby)
|
|
removepkg dracut-network grubby anaconda-dracut
|
|
## In order to execute the /usr move on upgrades we need convertfs from dracut
|
|
## We also need dracut-shutdown.service and dracut-initramfs-restore to reboot
|
|
removefrom dracut --allbut /usr/lib/dracut/modules.d/30convertfs/convertfs.sh \
|
|
/usr/lib/dracut/modules.d/99base/dracut-lib.sh \
|
|
/usr/lib/systemd/* /usr/lib/dracut/modules.d/98dracut-systemd/*.service \
|
|
/usr/lib/dracut/dracut-initramfs-restore
|
|
## we don't run SELinux (not in enforcing, anyway)
|
|
removepkg selinux-policy libselinux-utils
|
|
|
|
## selinux checks for the /etc/selinux/config file's existance
|
|
## The removepkg above removes it, create an empty one. See rhbz#1243168
|
|
append etc/selinux/config ""
|
|
|
|
removepkg fedora-release-rawhide
|
|
|
|
## keep enough of shadow-utils to create accounts
|
|
removefrom shadow-utils --allbut /usr/bin/chage /usr/sbin/chpasswd \
|
|
/usr/sbin/groupadd /usr/sbin/useradd
|
|
|
|
## no services to turn on/off (keep the /etc/init.d link though)
|
|
removefrom initscripts /usr/sbin/* /usr/share/locale/* /usr/share/doc/* /usr/share/man/*
|
|
|
|
## no storage device monitoring
|
|
removepkg device-mapper-event dmraid-events sgpio
|
|
## logrotate isn't useful in anaconda
|
|
removepkg logrotate
|
|
remove /etc/logrotate.d
|
|
## anaconda needs this to do media check
|
|
removefrom isomd5sum --allbut /usr/bin/checkisomd5
|
|
|
|
## systemd-nspawn isn't very useful and doesn't link anyway without iptables,
|
|
## and there's no need for a bunch of zsh files without zsh
|
|
removefrom systemd /usr/share/zsh/site-functions/*
|
|
|
|
## various other things we remove to save space
|
|
removepkg diffutils file
|
|
removepkg jasper-libs
|
|
removepkg libasyncns
|
|
removepkg libmcpp libtiff
|
|
removepkg lvm2-libs mcpp
|
|
removepkg mobile-broadband-provider-info
|
|
removepkg pkgconf pkgconf-m4 pkgconf-pkg-config ppp pth
|
|
removepkg rmt rpcbind squashfs-tools system-config-firewall-base
|
|
removepkg tigervnc-license xml-common
|
|
removepkg xorg-x11-font-utils bdftopcf mkfontscale fonttosfnt
|
|
removepkg xorg-x11-server-common
|
|
removepkg ncurses
|
|
|
|
## other removals
|
|
remove /home /media /opt /srv /tmp/*
|
|
remove /usr/etc /usr/games /usr/local /usr/tmp
|
|
remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome
|
|
remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image
|
|
remove /usr/share/mime/inode /usr/share/mime/message /usr/share/mime/model
|
|
remove /usr/share/mime/multipart /usr/share/mime/packages /usr/share/mime/text
|
|
remove /usr/share/mime/video /usr/share/mime/x-content /usr/share/mime/x-epoc
|
|
remove /var/db /var/games /var/tmp /var/yp /var/nis /var/opt /var/local
|
|
remove /var/mail /var/spool /var/preserve /var/report
|
|
remove /var/lib/rpm/* /var/lib/yum /var/lib/dnf
|
|
## clean up the files created by various '> /dev/null's
|
|
remove /dev/*
|
|
|
|
## icons cache
|
|
remove /usr/share/icons/*/icon-theme.cache
|
|
|
|
## clean up kernel modules
|
|
removekmod sound drivers/media drivers/hwmon \
|
|
net/atm net/bluetooth net/sched net/sctp \
|
|
net/rds net/l2tp net/decnet net/netfilter net/ipv4 net/ipv6 \
|
|
drivers/watchdog drivers/rtc drivers/input/joystick \
|
|
drivers/bluetooth drivers/edac drivers/staging \
|
|
drivers/usb/serial drivers/usb/host drivers/usb/misc \
|
|
fs/ocfs2 fs/ceph fs/nfsd fs/ubifs fs/nilfs2 \
|
|
arch/x86/kvm
|
|
## Need to keep virtio_console.ko and ipmi stuff in drivers/char
|
|
## Also keep virtio-rng so that the installer can get sufficient randomness for
|
|
## LUKS setup. As of 2020-09 this is not built as a module, but keep it in here
|
|
## in case that changes again
|
|
removekmod drivers/char --allbut virtio_console hw_random \
|
|
virtio-rng ipmi hmcdrv
|
|
removekmod drivers/hid --allbut hid-logitech-dj hid-logitech-hidpp
|
|
|
|
## As of 2020-09 most of this are built-in too, but again, keep them listed
|
|
removekmod drivers/video --allbut hyperv_fb syscopyarea sysfillrect sysimgblt fb_sys_fops
|
|
remove lib/modules/*/{build,source,*.map}
|
|
## NOTE: depmod gets re-run after cleanup finishes
|
|
|
|
## remove unused themes, theme engines, icons, etc.
|
|
removefrom gtk2 /usr/${libdir}/gtk-2.0/*/{engines,printbackends}/*
|
|
removefrom gtk2 /usr/share/themes/*
|
|
removefrom gtk3 /usr/${libdir}/gtk-3.0/*/printbackends/*
|
|
removefrom gtk3 /usr/share/themes/*
|
|
removefrom metacity --allbut /usr/bin/* /usr/${libdir}/*
|
|
|
|
## filesystem tools
|
|
removefrom e2fsprogs /usr/share/locale/*
|
|
removefrom xfsprogs /usr/share/locale/* /usr/share/doc/* /usr/share/man/*
|
|
removefrom xfsdump --allbut /usr/sbin/*
|
|
|
|
## other package specific removals
|
|
removefrom gsettings-desktop-schemas /usr/share/locale/*
|
|
removefrom NetworkManager-libnm /usr/share/locale/*/NetworkManager.mo
|
|
removefrom nm-connection-editor /usr/share/applications/*
|
|
removefrom atk /usr/share/locale/*
|
|
removefrom audit /etc/* /sbin/auditctl /sbin/aureport
|
|
removefrom audit /sbin/ausearch /sbin/autrace /usr/bin/*
|
|
removefrom audit-libs /etc/* /${libdir}/libauparse*
|
|
removefrom bash /etc/* /usr/bin/bashbug* /usr/share/*
|
|
removefrom bind-utils /usr/bin/host /usr/bin/nsupdate
|
|
removefrom bitmap-fangsongti-fonts /usr/share/fonts/*
|
|
removefrom ca-certificates /etc/pki/java/*
|
|
removefrom ca-certificates /etc/pki/tls/certs/ca-bundle.trust.crt
|
|
removefrom cairo /usr/${libdir}/libcairo-script* /usr/bin/cairo-sphinx
|
|
removefrom coreutils /usr/bin/link /usr/bin/nice /usr/bin/stty /usr/bin/unlink
|
|
removefrom coreutils /usr/bin/[ /usr/bin/base64 /usr/bin/chcon
|
|
removefrom coreutils /usr/bin/cksum /usr/bin/csplit
|
|
removefrom coreutils /usr/bin/dir /usr/bin/dircolors
|
|
removefrom coreutils /usr/bin/expand /usr/bin/factor
|
|
removefrom coreutils /usr/bin/fold /usr/bin/groups /usr/bin/hostid
|
|
removefrom coreutils /usr/bin/install /usr/bin/join /usr/bin/logname
|
|
removefrom coreutils /usr/bin/mkfifo /usr/bin/nl /usr/bin/nohup /usr/bin/nproc
|
|
removefrom coreutils /usr/bin/pathchk
|
|
removefrom coreutils /usr/bin/pinky /usr/bin/pr /usr/bin/printenv
|
|
removefrom coreutils /usr/bin/printf /usr/bin/ptx /usr/bin/runcon
|
|
removefrom coreutils /usr/bin/sha224sum /usr/bin/sha384sum
|
|
removefrom coreutils /usr/bin/sha512sum /usr/bin/shuf /usr/bin/stat
|
|
removefrom coreutils /usr/bin/stdbuf /usr/bin/sum /usr/bin/test
|
|
removefrom coreutils /usr/bin/timeout /usr/bin/truncate /usr/bin/tsort
|
|
removefrom coreutils /usr/bin/unexpand /usr/bin/users /usr/bin/vdir
|
|
removefrom coreutils /usr/bin/who /usr/bin/whoami /usr/bin/yes
|
|
removefrom coreutils-common /etc/* /usr/share/*
|
|
removefrom cpio /usr/share/*
|
|
removefrom cracklib /usr/sbin/*
|
|
removefrom cracklib-dicts /usr/${libdir}/* /usr/sbin/*
|
|
removefrom cryptsetup /usr/share/*
|
|
removefrom cryptsetup-libs /usr/share/locale/*
|
|
removefrom cyrus-sasl-lib /usr/sbin/*
|
|
removefrom dbus-x11 /etc/X11/*
|
|
removefrom dejavu-sans-fonts --allbut *.conf */DejaVuSans{,-Bold}.ttf
|
|
removefrom dejavu-sans-mono-fonts --allbut *.conf */DejaVuSansMono.ttf
|
|
removefrom dnf /usr/share/locale/*
|
|
removefrom dump /etc/*
|
|
removefrom elfutils-libelf /usr/share/locale/*
|
|
removefrom expat /usr/bin/*
|
|
removefrom fcoe-utils /usr/libexec/fcoe/dcbcheck.sh
|
|
removefrom fcoe-utils /usr/libexec/fcoe/fcc.sh /usr/libexec/fcoe/fcoe-setup.sh
|
|
removefrom fcoe-utils /usr/libexec/fcoe/fcoedump.sh /usr/sbin/fcnsq
|
|
removefrom fcoe-utils /usr/sbin/fcoeadm /usr/sbin/fcping /usr/sbin/fcrls
|
|
removefrom file-libs /usr/share/*
|
|
removefrom findutils /usr/share/*
|
|
removefrom fontconfig /usr/bin/*
|
|
removefrom gawk /usr/libexec/* /usr/share/*
|
|
removefrom gdb /usr/share/* /usr/include/*
|
|
removefrom gdb-headless /usr/share/* /etc/gdbinit*
|
|
removefrom gdisk /usr/share/*
|
|
removefrom gdk-pixbuf2 /usr/share/locale*
|
|
removefrom glib2 /usr/bin/* /usr/share/locale/*
|
|
removefrom glibc /etc/gai.conf /etc/rpc
|
|
removefrom glibc /${libdir}/libBrokenLocale*
|
|
removefrom glibc /${libdir}/libSegFault* /${libdir}/libanl*
|
|
removefrom glibc /${libdir}/libnss_compat*
|
|
# python-pyudev uses ctypes.util.find_library, which uses /sbin/ldconfig
|
|
removefrom glibc /usr/libexec/* /usr/sbin/*
|
|
removefrom glibc-common /usr/bin/catchsegv /usr/bin/gencat
|
|
removefrom glibc-common /usr/bin/getent
|
|
removefrom glibc-common /usr/bin/locale /usr/bin/sprof
|
|
# NB: we keep /usr/bin/localedef so anaconda can inspect payload locale info
|
|
removefrom glibc-common /usr/bin/tzselect
|
|
removefrom glibc-common /usr/sbin/*
|
|
removefrom gnutls /usr/share/locale/*
|
|
removefrom google-noto-sans-cjk-ttc-fonts /usr/share/fonts/google-noto-cjk/NotoSansCJK-{Black,Bold,*Light,Medium,Thin}.ttc
|
|
removefrom grep /etc/* /usr/share/locale/*
|
|
removefrom gtk2 /usr/bin/update-gtk-immodules
|
|
removefrom gtk3 /usr/${libdir}/gtk-3.0/*
|
|
removefrom gzip /usr/bin/{gzexe,zcmp,zdiff,zegrep,zfgrep,zforce,zgrep,zless,zmore,znew}
|
|
removefrom hwdata /usr/share/hwdata/oui.txt /usr/share/hwdata/pnp.ids
|
|
removefrom iproute --allbut /usr/sbin/{ip,routef,routel,rtpr}
|
|
removefrom kbd --allbut */bin/{dumpkeys,kbd_mode,loadkeys,setfont,unicode_*,chvt}
|
|
removefrom kmod /usr/sbin/weak-modules
|
|
removefrom less /etc/*
|
|
removefrom libX11-common /usr/share/X11/XErrorDB
|
|
removefrom libcanberra /usr/${libdir}/libcanberra-*
|
|
removefrom libcanberra-gtk3 /usr/bin/*
|
|
removefrom libcap /usr/sbin/*
|
|
removefrom libconfig /usr/${libdir}/libconfig++*
|
|
removefrom libgpg-error /usr/bin/* /usr/share/locale/*
|
|
removefrom libibverbs /usr/${libdir}/libmlx4*
|
|
removefrom libidn2 /usr/share/locale/*
|
|
removefrom libnotify /usr/bin/*
|
|
removefrom libsemanage /etc/selinux/*
|
|
removefrom libstdc++ /usr/share/*
|
|
removefrom libvorbis /usr/${libdir}/libvorbisenc.*
|
|
removefrom libxml2 /usr/bin/*
|
|
removefrom linux-firmware /usr/lib/firmware/dvb*
|
|
removefrom linux-firmware /usr/lib/firmware/*_12mhz*
|
|
removefrom linux-firmware /usr/lib/firmware/v4l*
|
|
removefrom linux-firmware /usr/lib/firmware/brcm/BCM-*
|
|
removefrom linux-firmware /usr/lib/firmware/ttusb-budget/dspbootcode.bin
|
|
removefrom linux-firmware /usr/lib/firmware/emi26/*
|
|
removefrom linux-firmware /usr/lib/firmware/emi62/*
|
|
removefrom linux-firmware /usr/lib/firmware/cpia2/*
|
|
removefrom linux-firmware /usr/lib/firmware/dabusb/*
|
|
removefrom linux-firmware /usr/lib/firmware/vicam/*
|
|
removefrom linux-firmware /usr/lib/firmware/dsp56k/*
|
|
removefrom linux-firmware /usr/lib/firmware/sun/*
|
|
removefrom linux-firmware /usr/lib/firmware/av7110/*
|
|
removefrom linux-firmware /usr/lib/firmware/usbdux/*
|
|
removefrom linux-firmware /usr/lib/firmware/f2255usb.bin
|
|
removefrom linux-firmware /usr/lib/firmware/lgs8g75.fw
|
|
removefrom linux-firmware /usr/lib/firmware/TDA7706*
|
|
removefrom linux-firmware /usr/lib/firmware/tlg2300_firmware.bin
|
|
removefrom linux-firmware /usr/lib/firmware/s5p-mfc*
|
|
removefrom linux-firmware /usr/lib/firmware/go7007/*
|
|
removefrom linux-firmware /usr/lib/firmware/intel/IntcSST2.bin
|
|
removefrom linux-firmware /usr/lib/firmware/intel/fw_sst*
|
|
removefrom linux-firmware /usr/lib/firmware/intel/dsp*
|
|
removefrom linux-firmware /usr/lib/firmware/as102*
|
|
removefrom linux-firmware /usr/lib/firmware/qcom/sdm845/*
|
|
removefrom linux-firmware /usr/lib/firmware/qcom/sm8250/*
|
|
removefrom linux-firmware /usr/lib/firmware/qcom/venus*/*
|
|
removefrom linux-firmware /usr/lib/firmware/meson/vdec/*
|
|
removefrom linux-firmware /usr/lib/firmware/mellanox/mlxsw_spectrum*
|
|
%if basearch != "aarch64":
|
|
removefrom linux-firmware /usr/lib/firmware/dpaa2/*
|
|
%endif
|
|
removefrom lldpad /etc/*
|
|
removefrom mdadm /etc/* /usr/lib/systemd/system/mdmonitor*
|
|
removefrom mesa-dri-drivers /usr/${libdir}/dri/*_video.so
|
|
removefrom mt-st /usr/sbin/*
|
|
removefrom mtools /etc/*
|
|
removefrom ncurses-libs /usr/${libdir}/libform*
|
|
## libmenu.so is needed by lp_diag binary from ppc64-diag which is a PowerPC specific package
|
|
%if basearch != "ppc64le":
|
|
removefrom ncurses-libs /usr/${libdir}/libmenu*
|
|
%endif
|
|
removefrom ncurses-libs /usr/${libdir}/libpanel.* /usr/${libdir}/libtic*
|
|
removefrom net-tools */bin/netstat */sbin/ether-wake */sbin/ipmaddr
|
|
removefrom net-tools */sbin/iptunnel */sbin/mii-diag */sbin/mii-tool
|
|
removefrom net-tools */sbin/nameif */sbin/plipconfig */sbin/slattach
|
|
removefrom net-tools /usr/share/locale/*
|
|
removefrom nfs-utils /etc/nfsmount.conf
|
|
removefrom nfs-utils /usr/lib/systemd/system/*
|
|
removefrom nfs-utils /sbin/rpc.statd /usr/sbin/exportfs
|
|
removefrom nfs-utils /usr/sbin/mountstats /usr/sbin/nfsiostat
|
|
removefrom nfs-utils /usr/sbin/nfsstat /usr/sbin/rpc.gssd /usr/sbin/rpc.idmapd
|
|
removefrom nfs-utils /usr/sbin/rpc.mountd /usr/sbin/rpc.nfsd
|
|
removefrom nfs-utils /usr/sbin/rpcdebug
|
|
removefrom nfs-utils /usr/sbin/showmount /usr/sbin/sm-notify
|
|
removefrom nfs-utils /usr/sbin/start-statd /var/lib/nfs/etab
|
|
removefrom nfs-utils /var/lib/nfs/rmtab /var/lib/nfs/statd/state
|
|
removefrom nss-softokn /usr/${libdir}/nss/*
|
|
removefrom openldap /etc/openldap/*
|
|
removefrom openssh /usr/libexec/*
|
|
removefrom openssh-clients /etc/ssh/* /usr/bin/ssh-*
|
|
removefrom openssh-clients /usr/libexec/*
|
|
removefrom openssh-server /etc/ssh/* /usr/libexec/openssh/sftp-server
|
|
removefrom openssl /usr/bin/*
|
|
removefrom pam /usr/sbin/* /usr/share/locale/*
|
|
removefrom policycoreutils /etc/* /usr/bin/* /usr/share/locale/*
|
|
removefrom polkit /usr/bin/*
|
|
removefrom popt /usr/share/locale/*
|
|
removefrom procps-ng /usr/bin/free /usr/bin/pgrep /usr/bin/pkill
|
|
removefrom procps-ng /usr/bin/pmap /usr/bin/pwdx /usr/bin/skill /usr/bin/slabtop
|
|
removefrom procps-ng /usr/bin/snice /usr/bin/tload /usr/bin/uptime
|
|
removefrom procps-ng /usr/bin/vmstat /usr/bin/w /usr/bin/watch
|
|
removefrom psmisc /usr/share/locale/*
|
|
removefrom python3-kickstart /usr/lib/python*/site-packages/pykickstart/locale/*
|
|
removefrom readline /usr/${libdir}/libhistory*
|
|
removefrom libreport /usr/share/locale/*
|
|
removefrom rdma-core /etc/rdma/mlx4.conf
|
|
removefrom rpm /usr/bin/* /usr/share/locale/*
|
|
removefrom rsync /etc/*
|
|
removefrom sed /usr/share/locale/*
|
|
removefrom smartmontools /etc/* /usr/sbin/smartd
|
|
removefrom smartmontools /usr/sbin/update-smart-drivedb
|
|
removefrom smartmontools /usr/share/smartmontools/*
|
|
removefrom tar /usr/share/locale/*
|
|
removefrom usbutils /usr/bin/*
|
|
removefrom util-linux --allbut \
|
|
/usr/bin/{dmesg,eject,getopt,kill,login,lsblk,more,mount,umount,mountpoint,findmnt} \
|
|
/etc/mtab /etc/pam.d/login /etc/pam.d/remote \
|
|
/usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup,zramctl} \
|
|
/usr/sbin/{mkswap,swaplabel,nologin,sfdisk,swapoff,swapon,wipefs,partx,fsfreeze} \
|
|
/usr/bin/{logger,hexdump,flock,chmem,lsmem,lscpu}
|
|
removefrom volume_key-libs /usr/share/locale/*
|
|
removefrom wget /etc/* /usr/share/locale/*
|
|
removefrom xorg-x11-drv-intel /usr/${libdir}/libI*
|
|
removefrom xorg-x11-drv-openchrome /usr/${libdir}/libchrome*
|
|
removefrom xorg-x11-drv-wacom /usr/bin/*
|
|
removefrom xorg-x11-fonts-misc --allbut /usr/share/X11/fonts/misc/{6x13,encodings,fonts,*cursor}*
|
|
|
|
%if branding.release:
|
|
removefrom ${branding.logos} /usr/share/plymouth/*
|
|
removefrom ${branding.logos} /etc/*
|
|
removefrom ${branding.logos} /usr/share/icons/{Bluecurve,oxygen}/*
|
|
removefrom ${branding.logos} /usr/share/{firstboot,kde4,pixmaps}/*
|
|
%endif
|
|
|
|
## cleanup /boot/ leaving vmlinuz, and .*hmac files
|
|
runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
|
|
-and \! -name ".vmlinuz*" \
|
|
-and \! -name boot -delete
|
|
|
|
## remove any broken links in /etc or /usr
|
|
## (broken systemd service links lead to confusing noise at boot)
|
|
## NOTE: not checking /var because we want to keep /var/run
|
|
## NOTE: Excluding /etc/mtab which links to /proc/self/mounts for systemd
|
|
runcmd chroot ${root} find -L /etc /usr -xdev -type l -and \! -name "mtab" \
|
|
-printf "removing broken symbolic link %p -> %l\n" -delete
|
|
|
|
## Remove compiled python files, they are recreated as needed anyway
|
|
runcmd find ${root} -name "*.pyo" -type f -delete
|
|
runcmd find ${root} -name "*.pyc" -type f -delete
|
|
|
|
## Clean up some of the mess pulled in by webkitgtk via yelp
|
|
## libwebkit2gtk links to a handful of libraries in gstreamer and
|
|
## gstreamer-plugins-base. Remove the rest of them.
|
|
removefrom gstreamer1 --allbut /usr/${libdir}/libgstbase-1.0.* \
|
|
/usr/${libdir}/libgstreamer-1.0.*
|
|
removefrom gstreamer1-plugins-base --allbut \
|
|
/usr/${libdir}/libgst{allocators,app,audio,fft,gl,pbutils,tag,video}-1.0.*
|
|
|
|
## We have enough geoip libraries, thanks
|
|
removepkg geoclue2
|
|
|
|
## And remove the packages that those extra libraries pulled in
|
|
removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avahi-libs \
|
|
ModemManager-glib
|
|
|
|
## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed
|
|
removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.*
|
|
|
|
## Remove build-id links, they are used with debuginfo
|
|
remove /usr/lib/.build-id
|
|
|
|
## make the image more reproducible
|
|
|
|
## make machine-id empty but present to avoid systemd populating /etc with
|
|
## preset settings
|
|
remove /etc/machine-id
|
|
append /etc/machine-id ""
|
|
## journalctl message catalog, non-deterministic
|
|
remove /var/lib/systemd/catalog/database
|
|
## non-reproducible caches
|
|
remove /var/cache/ldconfig/aux-cache
|
|
remove /etc/pki/ca-trust/extracted/java/cacerts
|
|
|
|
## sort groups
|
|
runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/group > /etc/group- && mv /etc/group- /etc/group"
|
|
runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/gshadow > /etc/gshadow- && mv /etc/gshadow- /etc/gschadow"
|