-
Notifications
You must be signed in to change notification settings - Fork 39
/
98-clean-chroot
executable file
·209 lines (179 loc) · 6.85 KB
/
98-clean-chroot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
#!/bin/bash
# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/98-clean-chroot
# Purpose: clean up chroot system
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
################################################################################
set -u
set -e
if ! [ $(ls $target/boot/config-* 2>/dev/null) ] ; then
echo "No kernel config files (/boot/config-*) found. No kernel-image package installed?" >&2
exit 1
fi
echo "Creating ~/.zshrc"
touch $target/root/.zshrc
if [ -x $target/usr/sbin/localepurge ] ; then
echo "Running localepurge"
$ROOTCMD localepurge
else
echo "Warning: localepurg not installed"
fi
# revert dpkg-divert of hooks/instsoft.GRMLBASE, which is
# used to work around /etc/kernel/postinst.d/zz-update-grub failing
# inside openvz environment, see #597084
if $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/update-grub' ; then
echo "Undoing dpkg-divert of update-grub executable"
$ROOTCMD rm -f /usr/sbin/update-grub
$ROOTCMD dpkg-divert --rename --remove /usr/sbin/update-grub
fi
# revert udev workaround of hooks/updatebase.GRMLBASE
if grep -q 'updatebase.GRMLBASE' ${target}/etc/udev/kernel-upgrade 2>/dev/null ; then
echo "Removing /etc/udev/kernel-upgrade created by updatebase.GRMLBASE"
$ROOTCMD rm -f /etc/udev/kernel-upgrade
fi
echo "Removing /var/lib/apt/lists/*-stuff, dpkg-status-old and pkgcache.bin"
rm -f $target/var/lib/apt/lists/*Packages \
$target/var/lib/apt/lists/*Release \
$target/var/lib/apt/lists/*Sources \
$target/var/lib/apt/lists/*IndexDiff \
$target/var/lib/apt/lists/*.gpg \
$target/var/cache/apt-show-versions/* \
$target/var/cache/debconf/templates.dat-old \
$target/var/cache/apt/*.bin
echo "Cleaning apt places"
$ROOTCMD apt-get check 2>/dev/null
$ROOTCMD dpkg --clear-avail
$ROOTCMD apt-cache gencaches 2>/dev/null
$ROOTCMD apt-get clean
rm -f $target/var/lib/dpkg/status-old $target/var/lib/dpkg/available-old
if ! [ -x $target/usr/bin/grep-dctrl ] ; then
echo "Warning: grep-dctrl not installed"
else
echo "Cleaning up /var/lib/dpkg/status"
if $ROOTCMD grep-dctrl -v -F Status "purge ok not-installed" \
/var/lib/dpkg/status > $target/var/lib/dpkg/status.new ; then
mv $target/var/lib/dpkg/status.new $target/var/lib/dpkg/status
chmod 644 $target/var/lib/dpkg/status
chown root:root $target/var/lib/dpkg/status
fi
fi
echo "Removing host ssh-keys"
rm -f $target/etc/ssh/*key*
if [ -d $target/var/spool/squid/ ] ; then
echo "Cleaning /var/spool/squid/0*"
rm -rf $target/var/spool/squid/0*
fi
echo "Cleaning and removing some misc files and directories"
find $target/etc -type f -name *.pre_fcopy -delete
rm -rf --one-file-system $target/etc/sysconfig/* \
$target/etc/motd.dpkg-* $target/etc/auto.master.*dpkg* \
$target/etc/samba/*.SID $target/etc/samba/*.tdb \
$target/var/log/ksymoops/* \
$target/var/state/* $target/var/log/nessus/* \
$target/halt $target/reboot $target/ash.static \
$target/etc/dhcpc/*.info $target/etc/dhcpc/resolv* \
$target/etc/*passwd- $target/etc/*shadow- \
$target/etc/*group- $target/var/spool/postfix/maildrop/* \
$target/etc/*.old $target/etc/*.original \
$target/etc/lvm/.cache $target/etc/lvm/cache/.cache \
$target/etc/lvm/backup/main $target/tmp/* \
$target/var/tmp/* $target/var/backups/* \
$target/var/lib/mysql $target/var/log/lilo_log.* $target/core*
# remove only "temporary" or saved files in the given directories
nuke(){
for i in $(find "$@" -name \*.gz -o -name \*.bz2 -o -name \*.0 2>/dev/null); do
rm -f --one-file-system "$i"
done
}
# set all files in the given directories to a length of zero
zero(){
for i in $(find "$@" -type f -size +0 -not -name \*.ini 2>/dev/null); do
:> "$i"
done
}
echo "Cleaning log and cache directories"
nuke ${target}/var/log ${target}/var/cache
zero ${target}/var/local ${target}/var/log \
${target}/var/spool ${target}/var/lib/games \
${target}/var/cache/man ${target}/var/lib/nfs \
${target}/var/lib/xkb ${target}/var/mail/grml \
${target}/var/account/pacct
# on /run we don't have to create it
if [ -d ${target}/var/run ] ; then
echo "Recreate empty utmp and wtmp"
:>${target}/var/run/utmp
:>${target}/var/run/wtmp
fi
if ! [ -x $target/usr/sbin/update-ca-certificates ] ; then
echo "Warning: update-ca-certificates not installed"
else
echo "Updating ca-certificates"
$ROOTCMD update-ca-certificates
fi
# regenerate ls.so.cache
if ! [ -x $target/sbin/ldconfig ] ; then
echo "Warning: ldconfig not installed"
else
echo "Updating ld.so.cache"
$ROOTCMD ldconfig
fi
if ! [ -x $target/usr/bin/update-menus ] ; then
echo "Warning: update-menus not installed"
else
echo "Updating windowmanager menus"
$ROOTCMD update-menus -v
fi
if ! [ -x $target/usr/bin/mandb ] ; then
echo "Warning: mandb not installed"
else
echo "Updating mandb"
$ROOTCMD mandb -c
$ROOTCMD man doesnotexist >/dev/null 2>&1 || true
fi
if ! [ -d $target/var/lib/clamav/ ] ; then
echo "Warning: clamav[-freshclam] not installed"
else
echo "Cleaning /var/lib/clamav/"
$ROOTCMD rm -rf /var/lib/clamav/clamav-*
echo "Setting up daily.cvd and main.cvd symlinks"
if [ -f $target/var/lib/clamav/daily.cvd ] ; then
mkdir -p $target/usr/share/doc/clamav-freshclam/examples/
ln -sf /var/lib/clamav/daily.cvd $target/usr/share/doc/clamav-freshclam/examples/
ln -sf /var/lib/clamav/main.cvd $target/usr/share/doc/clamav-freshclam/examples/
fi
fi
if ! [ -r $target/etc/ld.so.nohwcap ] ; then
echo "Creating /etc/ld.so.nohwcap"
touch $target/etc/ld.so.nohwcap
fi
# installation of resolvconf in chroot *with* /proc
# is different from an installation without /proc,
# so make sure it is OK in any case
if ! [ -d $target/etc/resolvconf ] ; then
echo "Warning: resolvconf not installed"
else
echo "Setting up resolvconf"
if [ -L $target/etc/resolvconf/run ] ; then # resolvconf with /run
# /etc/resolvconf/run symlinks to /run/resolvconf
RESOLV_CONF=/run/resolvconf/
else # no /run present
RESOLV_CONF=/etc/resolvconf/run/
fi
rm -rf ${target}/${RESOLV_CONF}
mkdir -p ${target}/${RESOLV_CONF}
touch ${target}/${RESOLV_CONF}/enable-updates
mkdir ${target}/${RESOLV_CONF}/interface
cat > ${target}/${RESOLV_CONF}/resolv.conf << EOF
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
EOF
fi
if ! $ROOTCMD test -x /usr/bin/updatedb ; then
echo "Warning: updatedb not installed"
else
echo "Updating locate-database"
$ROOTCMD updatedb --prunepaths='/tmp /usr/tmp /var/tmp /grml /root /proc /sys'
fi
## END OF FILE #################################################################
# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2