diff --git a/tools/packaging/static-build/qemu-virtiofs/Dockerfile b/tools/packaging/static-build/qemu-virtiofs/Dockerfile
index 15d94dcfe9..380e9eb855 100644
--- a/tools/packaging/static-build/qemu-virtiofs/Dockerfile
+++ b/tools/packaging/static-build/qemu-virtiofs/Dockerfile
@@ -55,6 +55,8 @@ RUN git checkout "${QEMU_VIRTIOFS_TAG}"
 
 ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh
 ADD qemu /root/kata_qemu
+ADD scripts/apply_patches.sh /root/apply_patches.sh
+ADD static-build /root/static-build
 
 # Apply experimental specific patches
 # Patches to quick fix virtiofs fork
@@ -75,4 +77,4 @@ RUN make install DESTDIR="${QEMU_DESTDIR}"
 RUN cd "${QEMU_DESTDIR}/${PREFIX}" && \
 	mv bin/qemu-system-x86_64 bin/qemu-virtiofs-system-x86_64 && \
 	mv libexec/kata-qemu/virtiofsd bin/virtiofsd-dax
-RUN cd "${QEMU_DESTDIR}" && tar -czvf "${QEMU_TARBALL}"  *
+RUN /root/static-build/scripts/qemu-build-post.sh
diff --git a/tools/packaging/static-build/qemu-virtiofs/build-static-qemu-virtiofs.sh b/tools/packaging/static-build/qemu-virtiofs/build-static-qemu-virtiofs.sh
index 9e5b808610..419719151f 100755
--- a/tools/packaging/static-build/qemu-virtiofs/build-static-qemu-virtiofs.sh
+++ b/tools/packaging/static-build/qemu-virtiofs/build-static-qemu-virtiofs.sh
@@ -53,7 +53,3 @@ sudo "${DOCKER_CLI}" run \
 	mv "${qemu_destdir}/${qemu_virtiofs_tar}" /share/
 
 sudo chown ${USER}:${USER} "${PWD}/${qemu_virtiofs_tar}"
-
-# Remove blacklisted binaries
-gzip -d < "${qemu_virtiofs_tar}" | tar --delete --wildcards -f - ${qemu_black_list[*]} | gzip > "${qemu_tmp_tar}"
-mv -f "${qemu_tmp_tar}" "${qemu_virtiofs_tar}"
diff --git a/tools/packaging/static-build/qemu.blacklist b/tools/packaging/static-build/qemu.blacklist
index e52c54dc9f..77ce3a28a3 100644
--- a/tools/packaging/static-build/qemu.blacklist
+++ b/tools/packaging/static-build/qemu.blacklist
@@ -6,7 +6,7 @@ qemu_black_list=(
 */bin/qemu-pr-helper
 */bin/virtfs-proxy-helper
 */libexec/kata-qemu/qemu*
-*/share/*/applications/
+*/share/*/applications
 */share/*/*.dtb
 */share/*/efi-e1000e.rom
 */share/*/efi-e1000.rom
@@ -15,9 +15,9 @@ qemu_black_list=(
 */share/*/efi-pcnet.rom
 */share/*/efi-rtl8139.rom
 */share/*/efi-vmxnet3.rom
-*/share/*/icons/
+*/share/*/icons
 */share/*/*.img
-*/share/*/keymaps/
+*/share/*/keymaps
 */share/*/multiboot.bin
 */share/*/openbios-ppc
 */share/*/openbios-sparc32
diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile
index 1043eee96a..26fc6c811c 100644
--- a/tools/packaging/static-build/qemu/Dockerfile
+++ b/tools/packaging/static-build/qemu/Dockerfile
@@ -55,6 +55,8 @@ RUN git clone https://github.com/qemu/keycodemapdb.git ui/keycodemapdb
 
 ADD scripts/configure-hypervisor.sh /root/configure-hypervisor.sh
 ADD qemu /root/kata_qemu
+ADD scripts/apply_patches.sh /root/apply_patches.sh
+ADD static-build /root/static-build
 
 RUN  /root/kata_qemu/apply_patches.sh
 
@@ -64,4 +66,4 @@ RUN PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s kata-qemu | xargs ./conf
 RUN make -j$(nproc)
 RUN make -j$(nproc) virtiofsd
 RUN make install DESTDIR="${QEMU_DESTDIR}"
-RUN cd "${QEMU_DESTDIR}" && tar -czvf "${QEMU_TARBALL}" *
+RUN /root/static-build/scripts/qemu-build-post.sh
diff --git a/tools/packaging/static-build/qemu/build-static-qemu.sh b/tools/packaging/static-build/qemu/build-static-qemu.sh
index 4872f33a33..d91d722c9b 100755
--- a/tools/packaging/static-build/qemu/build-static-qemu.sh
+++ b/tools/packaging/static-build/qemu/build-static-qemu.sh
@@ -61,7 +61,3 @@ sudo docker run \
 	mv "${qemu_destdir}/${qemu_tar}" /share/
 
 sudo chown ${USER}:${USER} "${PWD}/${qemu_tar}"
-
-# Remove blacklisted binaries
-gzip -d < "${qemu_tar}" | tar --delete --wildcards -f - ${qemu_black_list[*]} | gzip > "${qemu_tmp_tar}"
-mv -f "${qemu_tmp_tar}" "${qemu_tar}"
diff --git a/tools/packaging/static-build/scripts/qemu-build-post.sh b/tools/packaging/static-build/scripts/qemu-build-post.sh
new file mode 100755
index 0000000000..fbb8f931c4
--- /dev/null
+++ b/tools/packaging/static-build/scripts/qemu-build-post.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Copyright (c) 2020 Red Hat, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# This script process QEMU post-build.
+#
+set -e
+
+script_dir="$(realpath $(dirname $0))"
+source "${script_dir}/../qemu.blacklist"
+
+if [[ -z "${QEMU_TARBALL}" || -z "${QEMU_DESTDIR}" ]]; then
+	echo "$0: needs QEMU_TARBALL and QEMU_DESTDIR exported"
+	exit 1
+fi
+
+pushd "${QEMU_DESTDIR}"
+# Remove files to reduce the surface.
+echo "INFO: remove uneeded files"
+for pattern in ${qemu_black_list[@]}; do
+	find . -path "$pattern" | xargs rm -rfv
+done
+
+echo "INFO: create the tarball"
+tar -czvf "${QEMU_TARBALL}" *
+popd