2 # Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/98-clean-chroot
3 # Purpose: clean up chroot system
4 # Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
5 # Bug-Reports: see http://grml.org/bugs/
6 # License: This file is licensed under the GPL v2.
7 ################################################################################
12 if ! ls $target/boot/config-* &>/dev/null ; then
13 echo "No kernel config files (/boot/config-*) found. No kernel-image package installed?" >&2
17 echo "Creating ~/.zshrc"
18 touch $target/root/.zshrc
20 $ROOTCMD rm -f /etc/apt/apt.conf.d/90grml-apt-proxy.conf
22 if [ -x $target/usr/sbin/localepurge ] ; then
23 echo "Running localepurge"
26 echo "Warning: localepurge not installed"
29 # revert dpkg-divert of hooks/instsoft.GRMLBASE, which is
30 # used to work around /etc/kernel/postinst.d/zz-update-grub failing
31 # inside openvz environment, see #597084
32 if $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/update-grub' ; then
33 echo "Undoing dpkg-divert of update-grub executable"
34 $ROOTCMD rm -f /usr/sbin/update-grub
35 $ROOTCMD dpkg-divert --rename --remove /usr/sbin/update-grub
38 # revert udev workaround of hooks/updatebase.GRMLBASE
39 if grep -q 'updatebase.GRMLBASE' ${target}/etc/udev/kernel-upgrade 2>/dev/null ; then
40 echo "Removing /etc/udev/kernel-upgrade created by updatebase.GRMLBASE"
41 $ROOTCMD rm -f /etc/udev/kernel-upgrade
44 echo "Updating package list"
45 $ROOTCMD apt-get update
47 echo "Cleaning apt places"
48 $ROOTCMD apt-get check 2>/dev/null
49 $ROOTCMD dpkg --clear-avail
50 $ROOTCMD apt-cache gencaches 2>/dev/null
51 $ROOTCMD apt-get clean
53 rm -f $target/var/lib/dpkg/status-old $target/var/lib/dpkg/available-old
55 if ! [ -x $target/usr/bin/grep-dctrl ] ; then
56 echo "Warning: grep-dctrl not installed"
58 echo "Cleaning up /var/lib/dpkg/status"
59 if $ROOTCMD grep-dctrl -v -F Status "purge ok not-installed" \
60 /var/lib/dpkg/status > $target/var/lib/dpkg/status.new ; then
61 mv $target/var/lib/dpkg/status.new $target/var/lib/dpkg/status
62 chmod 644 $target/var/lib/dpkg/status
63 chown root:root $target/var/lib/dpkg/status
67 echo "Removing host ssh-keys"
68 rm -f $target/etc/ssh/*key*
70 echo "Removing dbus machine-id"
71 rm -f $target/var/lib/dbus/machine-id
73 if [ -d $target/var/spool/squid/ ] ; then
74 echo "Cleaning /var/spool/squid/0*"
75 rm -rf $target/var/spool/squid/0*
78 echo "Cleaning and removing some misc files and directories"
79 find $target/etc -type f -name *.pre_fcopy -delete
80 find $target/etc -type l -name *.pre_fcopy -delete
81 rm -rf --one-file-system $target/etc/sysconfig/* \
82 $target/etc/motd.dpkg-* $target/etc/auto.master.*dpkg* \
83 $target/etc/samba/*.SID $target/etc/samba/*.tdb \
84 $target/var/log/ksymoops/* \
85 $target/var/state/* $target/var/log/nessus/* \
86 $target/halt $target/reboot $target/ash.static \
87 $target/etc/dhcpc/*.info $target/etc/dhcpc/resolv* \
88 $target/etc/*passwd- $target/etc/*shadow- \
89 $target/etc/*group- $target/var/spool/postfix/maildrop/* \
90 $target/etc/*.old $target/etc/*.original \
91 $target/etc/lvm/.cache $target/etc/lvm/cache/.cache \
92 $target/etc/lvm/backup/* $target/tmp/* \
93 $target/var/tmp/* $target/var/backups/* \
94 $target/var/lib/mysql $target/var/log/lilo_log.* $target/core* \
97 # avoid data leakage into target system
98 if ! [ -f "$target/etc/mtab" ]; then
99 echo "/etc/mtab does not exist or is not a regular file, not touching."
101 echo "Removing /etc/mtab"
102 rm -f "$target/etc/mtab"
105 # remove only "temporary" or saved files in the given directories
107 for i in $(find "$@" -name \*.gz -o -name \*.bz2 -o -name \*.0 2>/dev/null); do
108 rm -f --one-file-system "$i"
112 # set all files in the given directories to a length of zero
114 for i in $(find "$@" -type f -size +0 -not -name \*.ini -not -path '*/fai/*' -not -name install_packages.list 2>/dev/null); do
119 echo "Cleaning log and cache directories"
120 nuke ${target}/var/log ${target}/var/cache
121 zero ${target}/var/account/pacct \
122 ${target}/var/cache/man \
123 ${target}/var/lib/games \
124 ${target}/var/lib/nfs \
125 ${target}/var/lib/xkb \
126 ${target}/var/local \
128 ${target}/var/mail/grml
130 # on /run we don't have to create it
131 if [ -d ${target}/var/run ] ; then
132 echo "Recreate empty utmp and wtmp"
133 :>${target}/var/run/utmp
134 :>${target}/var/run/wtmp
137 if ! [ -x $target/usr/sbin/update-ca-certificates ] ; then
138 echo "Warning: update-ca-certificates not installed"
140 echo "Updating ca-certificates"
141 $ROOTCMD update-ca-certificates
144 # regenerate ls.so.cache
145 if ! [ -x $target/sbin/ldconfig ] ; then
146 echo "Warning: ldconfig not installed"
148 echo "Updating ld.so.cache"
152 if ! [ -x $target/usr/bin/update-menus ] ; then
153 echo "Warning: update-menus not installed"
155 echo "Updating windowmanager menus"
156 $ROOTCMD update-menus -v
159 if ! [ -x $target/usr/bin/mandb ] ; then
160 echo "Warning: mandb not installed"
162 echo "Updating mandb"
164 $ROOTCMD man doesnotexist >/dev/null 2>&1 || true
167 if ! [ -d $target/var/lib/clamav/ ] ; then
168 echo "Warning: clamav[-freshclam] not installed"
170 echo "Cleaning /var/lib/clamav/"
171 $ROOTCMD rm -rf /var/lib/clamav/clamav-*
173 echo "Setting up daily.cvd and main.cvd symlinks"
174 if [ -f $target/var/lib/clamav/daily.cvd ] ; then
175 mkdir -p $target/usr/share/doc/clamav-freshclam/examples/
176 ln -sf /var/lib/clamav/daily.cvd $target/usr/share/doc/clamav-freshclam/examples/
177 ln -sf /var/lib/clamav/main.cvd $target/usr/share/doc/clamav-freshclam/examples/
181 if ! [ -r $target/etc/ld.so.nohwcap ] ; then
182 echo "Creating /etc/ld.so.nohwcap"
183 touch $target/etc/ld.so.nohwcap
186 # installation of resolvconf in chroot *with* /proc
187 # is different from an installation without /proc,
188 # so make sure it is OK in any case
189 if ! [ -d $target/etc/resolvconf ] ; then
190 echo "Warning: resolvconf not installed"
192 echo "Setting up resolvconf"
193 if [ ! -L $target/etc/resolvconf/run ] ; then # resolvconf without symlink?!
194 RESOLV_CONF=/etc/resolvconf/run
195 rm -rf ${target}/${RESOLV_CONF}
196 mkdir -p ${target}/${RESOLV_CONF}
198 touch ${target}/${RESOLV_CONF}/enable-updates
199 mkdir ${target}/${RESOLV_CONF}/interface
201 cat > ${target}/${RESOLV_CONF}/resolv.conf << EOF
202 # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
203 # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
206 rm -f ${target}/etc/resolv.conf
207 $ROOTCMD ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
210 if ! $ROOTCMD test -x /usr/bin/updatedb ; then
211 echo "Warning: updatedb not installed"
213 echo "Updating locate-database"
214 $ROOTCMD updatedb --prunepaths='/tmp /usr/tmp /var/tmp /grml /root /proc /sys'
217 ## END OF FILE #################################################################
218 # vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2