diff --git a/debian/changelog b/debian/changelog
index 50080ac4..39681a63 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+livecd-rootfs (2.255) UNRELEASED; urgency=medium
+
+  [ Steve Langasek ]
+  * Add support to the ubuntu-touch target to generate a separate custom
+    tarball as part of the build, moving most click packages into it.
+
+  [ Colin Watson ]
+  * Temporarily install the to-be-moved click packages in both core and
+    custom databases, to simplify the landing process.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 09 Oct 2014 20:46:46 -0700
+
 livecd-rootfs (2.254) utopic; urgency=medium
 
   * force the right alternative when the libmir*-android packages are
diff --git a/live-build/auto/build b/live-build/auto/build
index 197e3113..0d79b5c7 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -298,6 +298,12 @@ elif [ -e binary-tar.tar.gz ]; then
 	cp -a binary-tar.tar.gz "$PREFIX.rootfs.tar.gz"
 fi
 
+if [ "$PROJECT" = "ubuntu-touch" ]; then
+	(cd "binary/$INITFS/custom.dir/" && tar -c *) | \
+		gzip -9 --rsyncable > "$PREFIX.custom.tar.gz"
+	chmod 644 "$PREFIX.custom.tar.gz"
+fi
+
 # '--initramfs none' produces different manifest names.
 if [ -e "binary/$INITFS/filesystem.packages" ]; then
 	ln "binary/$INITFS/filesystem.packages" "$PREFIX.manifest"
diff --git a/live-build/ubuntu-touch/hooks/60-install-click.binary b/live-build/ubuntu-touch/hooks/60-install-click.binary
new file mode 100755
index 00000000..c57b372e
--- /dev/null
+++ b/live-build/ubuntu-touch/hooks/60-install-click.binary
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+echo "Splitting out custom tarball"
+
+rm -f binary/boot/custom.dir
+mkdir binary/boot/custom.dir
+mv binary/boot/filesystem.dir/custom binary/boot/custom.dir/custom
diff --git a/live-build/ubuntu-touch/hooks/60-install-click.chroot b/live-build/ubuntu-touch/hooks/60-install-click.chroot
index 0b4b2b7d..d8be455b 100755
--- a/live-build/ubuntu-touch/hooks/60-install-click.chroot
+++ b/live-build/ubuntu-touch/hooks/60-install-click.chroot
@@ -7,10 +7,15 @@ echo "Setting up click packages"
 click_uri=http://archive-team.internal/click_packages
 click_list=$click_uri/click_list
 click_db=/usr/share/click/preinstalled
+click_db_custom=/custom/click
 
 mkdir -p -m 755 "$click_db"
 chown clickpkg:clickpkg "$click_db"
 
+# some of these get installed to /custom/click
+mkdir -p -m 755 "$click_db_custom"
+chown clickpkg:clickpkg "$click_db_custom"
+
 tmpdir="$(mktemp -d)"
 cleanup () { rm -rf "$tmpdir"; }
 trap cleanup EXIT
@@ -23,7 +28,40 @@ do
     if echo $package | egrep -q "_$CLICKARCH.click|_all.click|_unknown.click"; then
         echo "Setting up $package"
         wget --no-verbose -O "$tmpdir/$package" "$click_uri/$package"
-        click install --force-missing-framework --root="$click_db" --all-users \
-            "$tmpdir/$package"
+	# FIXME: first attempt, a hard-coded list of the packages that go to
+        # the custom tarball
+        case $package in
+            com.ubuntu.developer.webapps.webapp-amazon_*|\
+            com.ubuntu.developer.webapps.webapp-ebay_*|\
+            com.ubuntu.developer.webapps.webapp-facebook_*|\
+            com.ubuntu.developer.webapps.webapp-gmail_*|\
+            com.ubuntu.developer.webapps.webapp-twitter_*|\
+            com.ubuntu.dropping-letters_*|\
+            com.ubuntu.filemanager_*|\
+            com.ubuntu.reminders_*|\
+            com.ubuntu.sudoku_*|\
+            com.ubuntu.terminal_*)
+                roots="$click_db $click_db_custom"
+                ;;
+            *)
+                roots="$click_db"
+                ;;
+        esac
+        for root in $roots; do
+            if [ "$root" = "$click_db_custom" ]; then
+                # FIXME: there is no good way to stop click from
+                # deduplicating things when installing the same package in
+                # multiple databases; the best we can do is to temporarily
+                # pretend that the core database does not exist
+                mv /etc/click/databases/10_core.conf \
+                   /etc/click/databases/10_core.conf.tmp
+            fi
+            click install --force-missing-framework --root="$root" --all-users \
+                "$tmpdir/$package"
+            if [ "$root" = "$click_db_custom" ]; then
+                mv /etc/click/databases/10_core.conf.tmp \
+                   /etc/click/databases/10_core.conf
+            fi
+        done
     fi
 done
diff --git a/live-build/ubuntu-touch/hooks/90-precompile-apparmor-policies.chroot b/live-build/ubuntu-touch/hooks/90-precompile-apparmor-policies.chroot
index 36779203..664379b0 100755
--- a/live-build/ubuntu-touch/hooks/90-precompile-apparmor-policies.chroot
+++ b/live-build/ubuntu-touch/hooks/90-precompile-apparmor-policies.chroot
@@ -7,3 +7,45 @@ echo "I: precompiling click apparmor policies"
 
 echo "I: precompiling deb apparmor policies"
 /sbin/apparmor_parser -M ${FEATURES} -Q --write-cache --cache-loc=/etc/apparmor.d/cache/ `find /etc/apparmor.d/ -maxdepth 1 -type f -not -path '*/\.*'`
+
+echo "I: precompiling custom click apparmor policies"
+mkdir -p /custom/cache/apparmor
+/sbin/apparmor_parser -M ${FEATURES} -Q --write-cache --cache-loc=/custom/cache/apparmor/ `find /var/lib/apparmor/profiles/ -maxdepth 1 -type f -not -path '*/\.*'`
+
+
+#get the apparmor manifests and profiles
+mkdir -p /custom/lib/apparmor/clicks
+mkdir -p /custom/lib/apparmor/profiles
+
+for manifest in /var/lib/apparmor/clicks/*; do
+	# FIXME: if this code survives for very long, it should probably be
+	# rewritten using click's Python bindings
+	pkgdir="$(click pkgdir "$manifest")"
+	manifest_real="$(readlink -f "$manifest")"
+	manifest_tail="${manifest_real#$pkgdir}"
+	# Does this package exist in the custom tarball?  If so, move its
+	# profiles there (if it only exists in custom) or copy them (if it
+	# also exists in core).
+	version="${pkgdir##*/}"
+	pkgdir_noversion="${pkgdir%/*}"
+	name="${pkgdir_noversion##*/}"
+	profile="$(basename "$manifest" .json)"
+	if [ -d "/custom/click/$name/$version" ]; then
+		# Clone into custom.
+		ln -nsf "/custom/click/$name/$version$manifest_tail" "/custom/lib/apparmor/clicks/${manifest##*/}"
+		cp -a "/var/lib/apparmor/profiles/click_$profile" /custom/lib/apparmor/profiles/
+		if [ -d "/usr/share/click/preinstalled/$name/$version" ]; then
+			# Ensure that the version in the rootfs points to
+			# the core database.
+			ln -nsf "/usr/share/click/preinstalled/$name/$version$manifest_tail" "$manifest"
+		else
+			# Remove from the rootfs.
+			rm -f "$manifest"
+			rm -f "/var/lib/apparmor/profiles/click_$profile"
+			rm -f "/var/cache/apparmor/click_$profile"
+		fi
+	else
+		# Remove from custom.
+		rm -f "/custom/cache/apparmor/click_$profile"
+	fi
+done