# Don't need any keyboard maps.
@FEBOOTSTRAP_RUN@ initramfs -- rm -rf /lib/kbd
-# Modules take up nearly half of the image. It's a rough guess that
-# we don't need many drivers (which take up most of the space).
-(cd initramfs && find lib/modules/*/kernel \
- -name '*.ko' \
- -a ! -name 'virtio.ko' \
- -a ! -name 'virtio_net.ko' \
- -a ! -name 'virtio_pci.ko' \
- -a ! -name 'virtio_ring.ko' \
- -a ! -name 'ext2.ko' \
- -a ! -name 'ext3.ko' \
- -a ! -name 'ext4*.ko' \
- -a ! -name 'crc16.ko' \
- -a ! -name 'jbd.ko' \
- -a ! -name 'jbd2.ko' \
- -a ! -name 'fuse.ko' \
- -a ! -name 'vfat.ko' \
- -a ! -name 'fat.ko' \
- -a ! -name 'udf.ko' \
- -a ! -name 'crc_itu_t.ko' \
- -a ! -name 'nls_utf8.ko' \
- -a ! -name 'dm-*.ko' \
- -a ! -name 'cramfs.ko' \
- -a ! -name 'squashfs.ko' \
- -a ! -name 'hfsplus.ko' \
- -a ! -name 'ufs.ko' \
- -a ! -name 'exportfs.ko' \
- -a ! -name 'xfs.ko' \
- -a -print0 ) |
- xargs -0 @FEBOOTSTRAP_RUN@ initramfs -- rm
+# Remove anything in home directory. Because this is potentially
+# liable to monstrous fuck-ups, we don't put a slash before 'home'.
+(cd initramfs && echo home/*) |
+ xargs @FEBOOTSTRAP_RUN@ initramfs -- rm -rf
+
+# Remove /var/lib/yum stuff.
+@FEBOOTSTRAP_RUN@ initramfs -- rm -rf /var/lib/yum
+
+# Remove some unreadable binaries which are incompatible with
+# the supermin appliance. Since these binaries can't be read
+# from the host filesystem, they generate warnings like:
+# cpio: ./usr/bin/chfn: Cannot open: Permission denied
+# These binaries are not needed for operation of the appliance.
+@FEBOOTSTRAP_RUN@ initramfs -- rm -f \
+ /usr/bin/chfn \
+ /usr/bin/chsh \
+ /usr/libexec/pt_chown \
+ /usr/sbin/groupdel \
+ /usr/sbin/groupadd \
+ /usr/sbin/useradd \
+ /usr/sbin/tzdata-update \
+ /usr/sbin/userdel \
+ /usr/sbin/usermod \
+ /usr/sbin/groupmod \
+ /usr/sbin/groupmems \
+ /sbin/unix_update \
+ $(cd initramfs && echo usr/sbin/glibc_post_upgrade.*)
+
+# Kernel modules take up nearly half of the image. Only include ones
+# which are on the whitelist.
+exec 5<appliance/kmod.whitelist
+whitelist=
+while read kmod 0<&5; do
+ whitelist="$whitelist -a -not -name $kmod"
+done
+exec 5<&-
+
+(cd initramfs && \
+ find lib/modules/*/kernel -name '*.ko' $whitelist -a -print0 ) |
+ xargs -0 febootstrap-run initramfs -- rm
# Pull the kernel out into the current directory. We don't want it in
# the initramfs image.