import re, sys, os, collections buildroot = sys.argv[1] no_bootloader = '--no-bootloader' in sys.argv known_files = ''' %ghost %config(noreplace) /etc/crypttab %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user # This directory is owned by openssh-server, but we don't want to introduce # a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf %ghost %attr(0664,root,root) %verify(not group) /run/utmp %ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp %ghost %attr(0660,root,root) %verify(not group) /var/log/btmp %ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog %ghost %config(noreplace) /etc/hostname %ghost %config(noreplace) /etc/localtime %ghost %config(noreplace) /etc/locale.conf %ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id %ghost %config(noreplace) /etc/machine-info %ghost %attr(0700,root,root) %dir /var/cache/private %ghost %attr(0700,root,root) %dir /var/lib/private %ghost %dir /var/lib/private/systemd %ghost %dir /var/lib/private/systemd/journal-upload %ghost /var/lib/private/systemd/journal-upload/state %ghost %dir /var/lib/systemd/timesync %ghost /var/lib/systemd/timesync/clock %ghost %dir /var/lib/systemd/backlight %ghost /var/lib/systemd/catalog/database %ghost %dir /var/lib/systemd/coredump %ghost /var/lib/systemd/journal-upload %ghost %dir /var/lib/systemd/linger %ghost %attr(0600,root,root) /var/lib/systemd/random-seed %ghost %dir /var/lib/systemd/rfkill %ghost %dir %verify(not mode group) /var/log/journal %ghost %dir /var/log/journal/remote %ghost %attr(0700,root,root) %dir /var/log/private ''' known_files = {line.split()[-1]:line for line in known_files.splitlines() if line and not line.startswith('#')} def files(root): os.chdir(root) todo = collections.deque(['.']) while todo: n = todo.pop() files = os.scandir(n) for file in files: yield file if file.is_dir() and not file.is_symlink(): todo.append(file) outputs = {suffix: open(f'.file-list-{suffix}', 'w') for suffix in ( 'libs', 'udev', 'ukify', 'boot', 'pam', 'rpm-macros', 'devel', 'container', 'oomd', 'remote', 'resolve', 'main', )} for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| /usr/share/man(/man.|)$| /usr/share/zsh(/site-functions|)$| /usr/share/dbus-1$| /usr/share/dbus-1/system.d$| /usr/share/dbus-1/(system-|)services$| /usr/share/polkit-1(/actions|/rules.d|)$| /usr/share/pkgconfig$| /usr/share/bash-completion(/completions|)$| /usr(/lib|/lib64|/bin|/sbin|)$| /usr/lib.*/(security|pkgconfig)$| /usr/lib/rpm(/macros.d|)$| /usr/lib/firewalld(/services|)$| /usr/share/(locale|licenses|doc)| # no $ /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| /etc/(dnf|dnf/protected.d)$| /usr/(src|lib/debug)| # no $ /run$| /var(/cache|/log|/lib|/run|)$ ''', n, re.X): continue if '/security/pam_' in n or '/man8/pam_' in n: o = outputs['pam'] elif '/rpm/' in n: o = outputs['rpm-macros'] elif 'ukify' in n: o = outputs['ukify'] elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): o = outputs['main'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| /usr/share/systemd/gatewayd| /var/log/journal/remote ''', n, re.X): o = outputs['remote'] elif re.search(r'''mymachines| machinectl| systemd-nspawn| systemd-vmspawn| import-pubring.gpg| systemd-(machined|import|pull)| /machine.slice| /machines.target| var-lib-machines.mount| org.freedesktop.(import|machine)1 ''', n, re.X): o = outputs['container'] elif '.so.' in n: o = outputs['libs'] elif re.search(r'''10-oomd-.*defaults\.conf| oomd\.conf| oomctl| org.freedesktop.oom1| systemd-oomd| systemd-oom\.conf ''', n, re.X): o = outputs['oomd'] elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| boot-update| bless-boot| boot-system-token| bsod| kernel-install| installkernel| vconsole| backlight| rfkill| random-seed| modules-load| timesync| crypttab| cryptenroll| cryptsetup| kmod| quota| pstore| sleep|suspend|hibernate| systemd-tmpfiles-setup-dev| network/98-default-mac-none.link| network/99-default.link| growfs|makefs|makeswap|mkswap| fsck| repart| gpt-auto| volatile-root| veritysetup| integritysetup| integritytab| remount-fs| /initrd| systemd-pcr| systemd-measure| /boot$| /kernel/| /kernel$| /modprobe.d| binfmt| sysctl| coredump| homed|home1| oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be # confused if those user-facing binaries are not available. o = outputs['udev'] elif re.search(r'''/boot/efi| /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): o = outputs['boot'] elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| systemd\.(positive|negative) ''', n, re.X): # resolvectl and nss-resolve are in the main package. o = outputs['resolve'] else: o = outputs['main'] if n in known_files: prefix = known_files[n].split()[:-1] elif file.is_dir() and not file.is_symlink(): prefix = ['%dir'] elif 'README' in n: prefix = ['%doc'] elif n.startswith('/etc'): prefix = ['%config(noreplace)'] if file.stat().st_size == 0: prefix += ['%ghost'] else: prefix = [] prefix = ' '.join(prefix + ['']) if prefix else '' suffix = '*' if '/man/' in n else '' print(f'{prefix}{n}{suffix}', file=o) if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and not (no_bootloader and name in ('ukify', 'boot'))) ]: sys.exit(1)