From a5fbfc5bdb37709063b5edfdbec00d3eb1386244 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Sun, 27 Jul 2025 10:21:14 +0800 Subject: [PATCH] chore: remove unused packages from qemu build --- ansible/playbook.yml | 2 +- ansible/vars.yml | 6 ++--- qemu-arm64-nix.pkr.hcl | 8 ++++++- scripts/90-cleanup-qemu.sh | 47 ++++++++++++++++++++++++++++++++++++-- 4 files changed, 56 insertions(+), 7 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 794b69895..0991a813a 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -198,7 +198,7 @@ - collect-binaries when: debpkg_mode - - name: Install osquery from nixpkgs binary cache + - name: Purge snapd become: yes shell: | apt autoremove -y --purge snapd diff --git a/ansible/vars.yml b/ansible/vars.yml index 3ab3ab7a3..580959265 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.5.1.009-orioledb" - postgres17: "17.4.1.066" - postgres15: "15.8.1.123" + postgresorioledb-17: "17.5.1.010-orioledb" + postgres17: "17.4.1.067" + postgres15: "15.8.1.124" # Non Postgres Extensions pgbouncer_release: "1.19.0" diff --git a/qemu-arm64-nix.pkr.hcl b/qemu-arm64-nix.pkr.hcl index 352ae5c38..497871774 100644 --- a/qemu-arm64-nix.pkr.hcl +++ b/qemu-arm64-nix.pkr.hcl @@ -74,9 +74,15 @@ source "qemu" "cloudimg" { format = "qcow2" headless = true http_directory = "http" + # TODO (darora): switch to minimal images + # iso_checksum = "file:https://cloud-images.ubuntu.com/minimal/releases/noble/release/SHA256SUMS" + # iso_url = "https://cloud-images.ubuntu.com/minimal/releases/noble/release/ubuntu-24.04-minimal-cloudimg-arm64.img" iso_checksum = "file:https://cloud-images.ubuntu.com/noble/current/SHA256SUMS" iso_url = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-arm64.img" memory = 40000 + qemu_img_args { + convert = ["-o", "compression_type=zstd"] + } qemu_binary = "qemu-system-aarch64" qemuargs = [ ["-machine", "virt,gic-version=3"], @@ -84,7 +90,7 @@ source "qemu" "cloudimg" { ["-device", "virtio-gpu-pci"], ["-drive", "if=pflash,format=raw,id=ovmf_code,readonly=on,file=/usr/share/AAVMF/AAVMF_CODE.fd"], ["-drive", "if=pflash,format=raw,id=ovmf_vars,file=AAVMF_VARS.fd"], - ["-drive", "file=output-cloudimg/packer-cloudimg,format=qcow2"], + ["-drive", "file=output-cloudimg/packer-cloudimg,if=virtio,format=qcow2,discard=on,detect-zeroes=unmap"], ["-drive", "file=seeds-cloudimg.iso,format=raw"], ["--enable-kvm"] ] diff --git a/scripts/90-cleanup-qemu.sh b/scripts/90-cleanup-qemu.sh index c70c1d246..e6a585001 100644 --- a/scripts/90-cleanup-qemu.sh +++ b/scripts/90-cleanup-qemu.sh @@ -42,15 +42,47 @@ elif [ -n "$(command -v apt-get)" ]; then source /etc/os-release - apt-get -y update - apt-get -y upgrade + apt-mark manual libevent-2.1-7t64 + + apt-get remove -y --purge ansible-core apport appstream bash-completion bcache-tools bind9-dnsutils bind9-host bind9-libs bolt btrfs-progs byobu command-not-found console-setup distro-info eject fonts-ubuntu-console friendly-recovery ftp fwupd gawk gdisk keyboard-configuration libvolume-key1 libssl-dev lvm2 lxd-agent-loader man-db mdadm modemmanager mtd-utils nano netcat-openbsd nfs-common ntfs-3g parted pastebinit screen strace thin-provisioning-tools tmux usb-modeswitch vim vim-runtime wget whiptail xfsprogs + + apt remove -y --purge libc6-dev linux-libc-dev libevent-dev libpcre3-dev libsystemd-dev packagekit multipath-tools unattended-upgrades plymouth gnupg open-vm-tools xauth lxd-installer publicsuffix libclang-cpp18 python3-twisted python-babel-localedata libicu74 python3-pygments fonts-dejavu* python3-botocore + + apt-get remove -y --purge linux-headers* + + # remove old kernels + # CURRENT_KERNEL="$(uname -r | sed 's/-generic//')" + # INSTALLED_KERNELS=$(dpkg -l | awk '{print $2}' | grep -Eo 'linux-(image|headers|modules|tools)-[0-9]+' | sed -E 's/linux-(image|modules|tools)-//' | sort -Vu) + # REMOVE_KERNELS=$(echo "$INSTALLED_KERNELS" | grep -v -e "$CURRENT_KERNEL") + # for VER in $REMOVE_KERNELS; do + # for PREFIX in linux-image linux-modules linux-tools; do + # for PKG in $(dpkg -l | awk '{print $2}' | grep "^$PREFIX-$VER"); do + # apt-get purge -y "$PKG" + # done + # done + # done + # update-grub + apt-get -y autoremove apt-get -y autoclean + + apt-get -y update + apt-get -y upgrade + fi + +systemctl set-default multi-user.target +systemctl disable getty@tty1.service +systemctl mask getty@tty1.service +systemctl mask graphical.target + rm -rf /tmp/* /var/tmp/* history -c cat /dev/null > /root/.bash_history unset HISTFILE + +journalctl --rotate +journalctl --vacuum-time=1s find /var/log -mtime -1 -type f -exec truncate -s 0 {} \; rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-???????? rm -rf /var/lib/cloud/instances/* @@ -60,3 +92,14 @@ chmod 600 /etc/ssh/revoked_keys cat /dev/null > /var/log/lastlog cat /dev/null > /var/log/wtmp + +dd if=/dev/zero of=/zerofile & + PID=$! + while [ -d /proc/$PID ] + do + printf "." + sleep 5 + done +sync; rm /zerofile; sync + +fstrim /