From a1c3a1668a96abdef0e316c7ceadb71176b1b010 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Sat, 18 Jul 2020 13:53:59 -0700 Subject: [PATCH] Strip some excess from the centos dib image Strips postfix gcc make from Centos based builds in an attempt to reduce the overall sie of the ramdisk as C development utilties are not needed on a ramdisk and better to not have present on a machine as it complicates attacks to take over and launch to additional hosts. Postfix is also present in the ramdisk and is not needed as the ramdisk has no use for a mail transport agent. Also removes the GeoIP data files which are not needed by the ramdisk. Change-Id: I7627e8a3d4924a672af37a468870ba92604e2e66 --- dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create | 1 + .../post-install.d/99-remove-extra-packages | 1 + 2 files changed, 2 insertions(+) diff --git a/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create b/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create index a868d4d..393040d 100755 --- a/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create +++ b/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create @@ -38,6 +38,7 @@ sudo find . -xdev \ -path './usr/lib/locale/*' -prune -o \ -path './usr/share/doc/*' -prune -o \ -path './usr/share/man/*' -prune -o \ + -path './usr/share/GeoIP/*' -prune -o \ -path './usr/share/info/*' -prune -o \ -path './usr/share/licenses/*' -prune -o \ -path './usr/share/locale/*' -prune -o \ diff --git a/dib/ironic-python-agent-ramdisk/post-install.d/99-remove-extra-packages b/dib/ironic-python-agent-ramdisk/post-install.d/99-remove-extra-packages index 629b6c0..bc5f597 100755 --- a/dib/ironic-python-agent-ramdisk/post-install.d/99-remove-extra-packages +++ b/dib/ironic-python-agent-ramdisk/post-install.d/99-remove-extra-packages @@ -11,6 +11,7 @@ rm -rf /tmp/ironic-python-agent # TODO(dtantsur): implement the same for debian-based systems case "$DISTRO_NAME" in fedora|centos|centos7|rhel|rhel7) + ${YUM:-yum} remove -y postfix gcc make ${YUM:-yum} clean all # Rebuilding the rpm database after removing packages will reduce # its size