Ovirt devel - Nov 2008 - [PATCH node-image] Fix RPMs to be forcefully removed individually instead of in blocks

Some dependencies changed in F10 so some of the $RPM blocks in the
blacklist were failing.  To ensure that a missing RPM doesn't stop
the uninstalling of other RPMs we remove each RPM individually.

In addition, cronie now brings in exim so remove that forcefully

On F10-x86_64 node-image RPM size is at 50MB with this patch.

NOTE: I've tested building this as an F10 Node, someone should try an F9
Node.  My smoketest
consisted of booting a physical node using this image via PXE.  It came up,
contacted the
server and showed up as available in the UI.  Further testing should probably be
done before
committing, but I figured I would get the patch out for people to evaluate.

Signed-off-by: Perry Myers <pmyers at redhat.com>
---
 common-blacklist.ks |   39 +++++++++++++++++++++++++--------------
 1 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/common-blacklist.ks b/common-blacklist.ks
index b045129..94dd90e 100644
--- a/common-blacklist.ks
+++ b/common-blacklist.ks
@@ -6,33 +6,40 @@ sed -i -e '/pam_cracklib/d' -e
's/use_authtok//' /etc/pam.d/system-auth
 
 echo "Removing excess RPMs"
 
-RPM="rpm -v -e --nodeps"
-
 # kernel pulls in mkinitrd which pulls in isomd5sum which pulls in python,
 # and livecd-tools needs lokkit to configure SELinux.
 # However, this is just an install-time dependency; we can remove
 # it afterwards, which we do here
-$RPM -e system-config-firewall-tui system-config-network-tui rhpl \
-    rpm-python dbus-python kudzu newt-python newt
+RPMS="system-config-firewall-tui system-config-network-tui rhpl \
+    rpm-python dbus-python kudzu newt-python newt"
 
-$RPM -e kpartx mkinitrd isomd5sum dmraid python python-libs
-$RPM -e checkpolicy
+RPMS="$RPMS kpartx mkinitrd isomd5sum dmraid python python-libs
checkpolicy"
 
 # Remove additional RPMs forcefully
-$RPM gamin pm-utils kbd usermode \
-    vbetool ConsoleKit hdparm \
+RPMS="$RPMS gamin pm-utils kbd usermode vbetool ConsoleKit hdparm \
     efibootmgr krb5-workstation linux-atm-libs fedora-release-notes \
     slang psmisc gdbm cryptsetup-luks pciutils mtools syslinux db4 \
-    wireless-tools radeontool cracklib-dicts cracklib libicu
+    wireless-tools radeontool cracklib-dicts cracklib libicu"
+
+# cronie pulls in exim (sendmail) which pulls in all kinds of perl deps
+RPMS="$RPMS exim perl-version perl-Pod-Simple perl-libs
perl-Module-Pluggable \
+    perl-Pod-Escapes perl"
+
+# Fedora 10 includes plymouth by default
+RPMS="$RPMS plymouth fedora-logos"
 
 # Things we could probably remove if libvirt didn't link against them
-#$RPM avahi PolicyKit xen-libs
+#RPMS="$RPMS avahi PolicyKit xen-libs"
 
 # Things we could probably remove if qemu-kvm didn't link against them
-#$RPM SDL alsa-lib
+#RPMS="$RPMS SDL alsa-lib"
 
 # Pam complains when this is missing
-#$RPM ConsoleKit-libs
+#RPMS="$RPM ConsoleKit-libs"
+
+for rpm in $RPMS; do
+    rpm -v -e --nodeps $rpm 2> /dev/null
+done
 
 # the following are lists of kernel modules we are pretty sure we won't
need;
 # note that these can be single files or whole directories.  They are specified
@@ -63,7 +70,6 @@ misc_mods="drivers/bluetooth drivers/firewire drivers/i2c
drivers/isdn \
        drivers/media drivers/misc drivers/leds drivers/mtd drivers/w1 sound \
        drivers/input drivers/pcmcia drivers/scsi/pcmcia"
 
-
 echo "Removing excess kernel modules"
 MODULES="/lib/modules/*/kernel"
 RM="rm -rf"
@@ -79,7 +85,8 @@ find /usr/share/zoneinfo -regextype egrep -type f \
 echo "Removing blacklisted files and directories"
 blacklist="/boot /etc/alsa /etc/pki /usr/share/hwdata/MonitorsDB \
     /usr/share/hwdata/oui.txt /usr/share/hwdata/videoaliases \
-    /usr/share/hwdata/videodrivers /usr/share/fedora-release \
+    /usr/share/firstboot /usr/share/lua /usr/share/kde4 /usr/share/pixmaps \
+    /usr/share/hwdata/videodrivers /usr/share/icons /usr/share/fedora-release \
     /usr/share/tabset /usr/share/libvirt /usr/share/augeas/lenses/tests \
     /usr/share/tc /usr/share/emacs /usr/share/info /usr/kerberos \
     /usr/src /usr/etc /usr/games /usr/include /usr/local \
@@ -109,6 +116,10 @@ eval $RM $blacklist $blacklist_lib $blacklist_pango
$blacklist_hal \
 echo "Cleanup empty directory structures in /usr/share"
 find /usr/share -type d -exec rmdir {} \; > /dev/null 2>&1
 
+echo "Cleanup excess selinux modules"
+$RM /usr/share/selinux
+$RM /etc/selinux/targeted/modules/active/modules/*
+
 echo "Running image-minimizer..."
 %end
 
-- 
1.6.0.3

Perry Myers <pmyers at redhat.com> wrote:
> Some dependencies changed in F10 so some of the $RPM blocks in the
> blacklist were failing.  To ensure that a missing RPM doesn't stop
> the uninstalling of other RPMs we remove each RPM individually.
>
> In addition, cronie now brings in exim so remove that forcefully
>
> On F10-x86_64 node-image RPM size is at 50MB with this patch.
>
> NOTE: I've tested building this as an F10 Node, someone should try an
F9 Node.  My smoketest
> consisted of booting a physical node using this image via PXE.  It came up,
contacted the
> server and showed up as available in the UI.  Further testing should
probably be done before
> committing, but I figured I would get the patch out for people to evaluate.
ACK.
Worked for me on F10.
I confirmed that appliance and node3 started and poked around on both.

If nothing requires gpg on the node, we can save 1.4MB by
removing the /usr/bin/{gpg2,gpgv2,gpg-agent} binaries alone.
There might be a few associated libraries, too...