From 667b24928a90dc506c3707229f1875bfe42cb6b6 Mon Sep 17 00:00:00 2001
From: Nianyu Shen <xiaoyu9964@gmail.com>
Date: Thu, 16 May 2024 15:43:16 -0700
Subject: [PATCH 1/2] add an option UKI_INSTALL_ALL_FW to purge extra firmwares
 from ubuntu-uki base image

Signed-off-by: Nianyu Shen <xiaoyu9964@gmail.com>
---
 .arg.template | 1 +
 Earthfile     | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/.arg.template b/.arg.template
index 32c8b9c..9d589a0 100644
--- a/.arg.template
+++ b/.arg.template
@@ -22,3 +22,4 @@ CIS_HARDENING=true
 # UKI_BRING_YOUR_OWN_KEYS=false         # See sb-private-ca/howto.md for instructions on bringing your own certiticates
 # INCLUDE_MS_SECUREBOOT_KEYS=true       # Adds Microsoft Secure Boot certificates; if you export existing keys from a device, you typically won't need this
 # AUTO_ENROLL_SECUREBOOT_KEYS=false     # Set to true to automatically enroll certificates on devices in Setup Mode, useful for flashing devices without user interaction
+# UKI_INSTALL_ALL_FW=false              # Set to false if you don't want to install extra firmware which would increase image size
\ No newline at end of file
diff --git a/Earthfile b/Earthfile
index eb8ad64..fe1c24b 100644
--- a/Earthfile
+++ b/Earthfile
@@ -54,6 +54,7 @@ ARG IS_UKI=false
 ARG INCLUDE_MS_SECUREBOOT_KEYS=true
 ARG AUTO_ENROLL_SECUREBOOT_KEYS=false
 ARG UKI_BRING_YOUR_OWN_KEYS=false
+ARG UKI_INSTALL_ALL_FW=true
 
 ARG CMDLINE="stylus.registration"
 ARG BRANDING="Palette eXtended Kubernetes Edge"
@@ -666,6 +667,12 @@ base-image:
 
             RUN rm -rf /var/cache/* && \
                 apt-get clean
+        ELSE
+            IF [ "$UKI_INSTALL_ALL_FW" = "false" ]
+                RUN modulesextra=$(dpkg-query -W -f='${Package}\n' | grep '^linux-modules-extra-' | head -n 1) && \
+                    linuximage=$(dpkg-query -W -f='${Package}\n' | grep '^linux-image-generic-hwe-' | head -n 1) && \
+                    apt-get purge -y --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra
+            END
         END
 
         IF [ "$CIS_HARDENING" = "true" ]

From a6ddd00818297b0659b457a84078b51fc1ab508a Mon Sep 17 00:00:00 2001
From: Nianyu Shen <xiaoyu9964@gmail.com>
Date: Thu, 16 May 2024 15:56:30 -0700
Subject: [PATCH 2/2] add autoremove

Signed-off-by: Nianyu Shen <xiaoyu9964@gmail.com>
---
 Earthfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Earthfile b/Earthfile
index fe1c24b..630b011 100644
--- a/Earthfile
+++ b/Earthfile
@@ -671,7 +671,7 @@ base-image:
             IF [ "$UKI_INSTALL_ALL_FW" = "false" ]
                 RUN modulesextra=$(dpkg-query -W -f='${Package}\n' | grep '^linux-modules-extra-' | head -n 1) && \
                     linuximage=$(dpkg-query -W -f='${Package}\n' | grep '^linux-image-generic-hwe-' | head -n 1) && \
-                    apt-get purge -y --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra
+                    apt-get purge -y --auto-remove --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra
             END
         END
 
@@ -750,6 +750,8 @@ base-image:
             if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi
     END
 
+    SAVE IMAGE palette-base-image:$IMAGE_TAG
+
 # Used to build the installer image.  The installer ISO will be created from this.
 iso-image:
     FROM --platform=linux/${ARCH} +base-image