#!/bin/bash - # @configure_input@ # Copyright (C) 2009 Red Hat Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # This is called from the Makefile to build the initramfs. unset CDPATH set -e set -x if [ "@DIST@" = "REDHAT" ]; then cd @top_builddir@ # Decide on names for the final output. These have to match Makefile.am. output=appliance/initramfs.@host_cpu@.img koutput=appliance/vmlinuz.@host_cpu@ rm -f $output rm -f $koutput # Create the basic initramfs. exec 5= 11, it pulls in all of Perl from somewhere. Nuke from orbit. @FEBOOTSTRAP_RUN@ initramfs -- rm -rf /usr/lib/perl5 /usr/lib64/perl5 # Anaconda? JPEG images? @FEBOOTSTRAP_RUN@ initramfs -- rm -rf /usr/lib/anaconda-runtime # Don't need any firmware. @FEBOOTSTRAP_RUN@ initramfs -- rm -rf /lib/firmware # Don't need any keyboard maps. @FEBOOTSTRAP_RUN@ initramfs -- rm -rf /lib/kbd # Remove anything in home directory. Because of the potential for disaster # we don't put a slash before 'home'. (cd initramfs && echo home/*) | xargs @FEBOOTSTRAP_RUN@ initramfs -- rm -rf # Remove /var/lib/yum stuff. @FEBOOTSTRAP_RUN@ initramfs -- rm -rf /var/lib/yum # Remove some unreadable binaries which are incompatible with # the supermin appliance. Since these binaries can't be read # from the host filesystem, they cannot be added to the supermin # appliance at run time. XXX Need a better fix for this. # Probably we should change febootstrap-supermin-helper to just # ignore such files. @FEBOOTSTRAP_RUN@ initramfs -- rm -f \ /usr/bin/chfn \ /usr/bin/chsh \ /usr/libexec/pt_chown \ /usr/libexec/utempter/utempter \ /usr/sbin/groupdel \ /usr/sbin/groupadd \ /usr/sbin/useradd \ /usr/sbin/tzdata-update \ /usr/sbin/userdel \ /usr/sbin/usermod \ /usr/sbin/groupmod \ /usr/sbin/groupmems \ /sbin/unix_update \ /usr/sbin/tcpd \ /usr/share/dbus-1/services/org.selinux.Restorecond.service \ /lib/dbus-1/dbus-daemon-launch-helper \ /lib64/dbus-1/dbus-daemon-launch-helper \ /etc/passwd- \ /etc/group- \ /etc/gshadow \ /etc/gshadow- \ /etc/shadow \ /etc/shadow- \ /etc/securetty \ /etc/sysconfig/iptables-config \ /etc/default/useradd \ /etc/security/opasswd \ /etc/libaudit.conf \ /var/log/tallylog \ /var/log/maillog \ /var/log/secure \ /var/log/spooler \ /var/log/messages \ /var/log/btmp \ /var/log/yum.log \ $(cd initramfs && echo usr/sbin/glibc_post_upgrade.*) # Remove all .*.hmac files (RHBZ#654638). These are not used unless # you are using FIPS, and they cause hard dependencies on files # which change whenever a library version is bumped. @FEBOOTSTRAP_RUN@ initramfs -- rm -f $(cd initramfs && find -name '.*.hmac') # Kernel modules take up nearly half of the image. Only include ones # which are on the whitelist. exec 5 hosts.new <<'__EOF__' 127.0.0.1 guestfs localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 __EOF__ @FEBOOTSTRAP_INSTALL@ initramfs hosts.new /etc/hosts 0644 root.root rm hosts.new fi if [ ! -f initramfs/etc/fstab ]; then @FEBOOTSTRAP_RUN@ initramfs -- touch /etc/fstab fi echo nameserver 169.254.2.3 > resolv.conf.new @FEBOOTSTRAP_INSTALL@ initramfs resolv.conf.new /etc/resolv.conf 0644 root.root rm resolv.conf.new ls -lh $koutput elif [ "@DIST@" = "DEBIAN" ]; then cd @top_builddir@/appliance debirf make -n debian mkdir -p @top_builddir@/initramfs touch @top_builddir@/initramfs/fakeroot.log fi