diff --git a/.arg.template b/.arg.template index 32c8b9c6..9d589a01 100644 --- a/.arg.template +++ b/.arg.template @@ -22,3 +22,4 @@ CIS_HARDENING=true # UKI_BRING_YOUR_OWN_KEYS=false # See sb-private-ca/howto.md for instructions on bringing your own certiticates # INCLUDE_MS_SECUREBOOT_KEYS=true # Adds Microsoft Secure Boot certificates; if you export existing keys from a device, you typically won't need this # AUTO_ENROLL_SECUREBOOT_KEYS=false # Set to true to automatically enroll certificates on devices in Setup Mode, useful for flashing devices without user interaction +# UKI_INSTALL_ALL_FW=false # Set to false if you don't want to install extra firmware which would increase image size \ No newline at end of file diff --git a/Earthfile b/Earthfile index eb8ad64c..630b0115 100644 --- a/Earthfile +++ b/Earthfile @@ -54,6 +54,7 @@ ARG IS_UKI=false ARG INCLUDE_MS_SECUREBOOT_KEYS=true ARG AUTO_ENROLL_SECUREBOOT_KEYS=false ARG UKI_BRING_YOUR_OWN_KEYS=false +ARG UKI_INSTALL_ALL_FW=true ARG CMDLINE="stylus.registration" ARG BRANDING="Palette eXtended Kubernetes Edge" @@ -666,6 +667,12 @@ base-image: RUN rm -rf /var/cache/* && \ apt-get clean + ELSE + IF [ "$UKI_INSTALL_ALL_FW" = "false" ] + RUN modulesextra=$(dpkg-query -W -f='${Package}\n' | grep '^linux-modules-extra-' | head -n 1) && \ + linuximage=$(dpkg-query -W -f='${Package}\n' | grep '^linux-image-generic-hwe-' | head -n 1) && \ + apt-get purge -y --auto-remove --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra + END END IF [ "$CIS_HARDENING" = "true" ] @@ -743,6 +750,8 @@ base-image: if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi END + SAVE IMAGE palette-base-image:$IMAGE_TAG + # Used to build the installer image. The installer ISO will be created from this. iso-image: FROM --platform=linux/${ARCH} +base-image