source: chapter08/stripping.xml@ b595526

11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 12.2 12.2-rc1 bdubbs/gcc13 multilib renodr/libudev-from-systemd trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/loongarch-12.2 xry111/mips64el xry111/multilib xry111/update-glibc
Last change on this file since b595526 was b595526, checked in by Xi Ruoyao <xry111@…>, 20 months ago

stripping: Add an <important> about updated packages

We've received enough reports for systems with zlib security update
broken by stripping :(.

  • Property mode set to 100644
File size: 5.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-stripping">
9 <?dbhtml filename="stripping.html"?>
10
11 <title>Stripping</title>
12
13 <para>This section is optional. If the intended user is not a
14 programmer and does not plan to do
15 any debugging of the system software, the system's size can be decreased
16 by some 2 GB by removing the debugging symbols, and some unnecessary symbol table
17 entries, from binaries and libraries. This causes no real inconvenience for
18 a typical Linux user.</para>
19
20 <para>Most people who use the commands mentioned below do not
21 experience any difficulties. However, it is easy to make a mistake and
22 render the new system unusable. So before running the
23 <command>strip</command> commands, it is a good idea to make a
24 backup of the LFS system in its current state.</para>
25
26 <para>A <command>strip</command> command with the
27 <parameter>--strip-unneeded</parameter> option removes all debug symbols
28 from a binary or library. It also removes all symbol table entries not
29 needed by the linker (for static libraries) or dynamic linker (for
30 dynamically linked binaries and shared libraries).</para>
31
32 <para>The debugging symbols from selected libraries are preserved
33 in separate files. That debugging information is needed to run
34 regression tests with <ulink
35 url='&blfs-book;/general/valgrind.html'>valgrind</ulink> or <ulink
36 url='&blfs-book;/general/gdb.html'>gdb</ulink> later, in BLFS.
37 </para>
38
39 <para>Note that <command>strip</command> will overwrite the binary or library
40 file it is processing. This can crash the processes using code or data from
41 the file. If the process running <command>strip</command> is
42 affected, the binary or library being stripped can be destroyed; this can
43 make the system completely unusable. To avoid this problem we copy some libraries
44 and binaries into <filename class="directory">/tmp</filename>, strip them
45 there, then reinstall them with the <command>install</command> command.
46 (The related entry in <xref linkend="pkgmgmt-upgrade-issues"/> gives the
47 rationale for using the <command>install</command> command here.)</para>
48
49 <note><para>The ELF loader's name is ld-linux-x86-64.so.2 on 64-bit systems
50 and ld-linux.so.2 on 32-bit systems. The construct below selects the
51 correct name for the current architecture, excluding anything ending
52 with <quote>g</quote>, in case the commands below have already been
53 run.</para></note>
54
55 <important>
56 <para>
57 If any package of which the version is different from the version
58 specified by the book (either following a security advisory or
59 satisfying personal preference), it may be necessary to update the
60 the library file name in <envar>save_usrlib</envar> or
61 <envar>online_usrlib</envar>.
62 <emphasis role='bold'>Failing to do so may render the system
63 completely unusable.</emphasis>
64 </para>
65 </important>
66
67<!-- also of interest are libgfortan, libgo, libgomp, and libobjc from GCC -->
68
69<!--<screen><userinput>save_lib="ld-2.25.so libc-2.25.so libpthread-2.25.so libthread_db-1.0.so"-->
70<screen><userinput>save_usrlib="$(cd /usr/lib; ls ld-linux*[^g])
71 libc.so.6
72 libthread_db.so.1
73 libquadmath.so.&libquadmath-version;
74 libstdc++.so.&libstdcpp-version;
75 libitm.so.&libitm-version;
76 libatomic.so.&libatomic-version;"
77
78cd /usr/lib
79
80for LIB in $save_usrlib; do
81 objcopy --only-keep-debug $LIB $LIB.dbg
82 cp $LIB /tmp/$LIB
83 strip --strip-unneeded /tmp/$LIB
84 objcopy --add-gnu-debuglink=$LIB.dbg /tmp/$LIB
85 install -vm755 /tmp/$LIB /usr/lib
86 rm /tmp/$LIB
87done
88
89online_usrbin="bash find strip"
90online_usrlib="libbfd-&binutils-version;.so
91 libsframe.so.0.0.0
92 libhistory.so.&readline-soversion;
93 libncursesw.so.&ncurses-version;
94 libm.so.6
95 libreadline.so.&readline-soversion;
96 libz.so.&zlib-version;
97 $(cd /usr/lib; find libnss*.so* -type f)"
98
99for BIN in $online_usrbin; do
100 cp /usr/bin/$BIN /tmp/$BIN
101 strip --strip-unneeded /tmp/$BIN
102 install -vm755 /tmp/$BIN /usr/bin
103 rm /tmp/$BIN
104done
105
106for LIB in $online_usrlib; do
107 cp /usr/lib/$LIB /tmp/$LIB
108 strip --strip-unneeded /tmp/$LIB
109 install -vm755 /tmp/$LIB /usr/lib
110 rm /tmp/$LIB
111done
112
113for i in $(find /usr/lib -type f -name \*.so* ! -name \*dbg) \
114 $(find /usr/lib -type f -name \*.a) \
115 $(find /usr/{bin,sbin,libexec} -type f); do
116 case "$online_usrbin $online_usrlib $save_usrlib" in
117 *$(basename $i)* )
118 ;;
119 * ) strip --strip-unneeded $i
120 ;;
121 esac
122done
123
124unset BIN LIB save_usrlib online_usrbin online_usrlib
125</userinput></screen>
126
127 <para>A large number of files will be flagged as errors because their file
128 format is not recognized. These warnings can be safely ignored. They
129 indicate that those files are scripts, not binaries.</para>
130
131</sect1>
Note: See TracBrowser for help on using the repository browser.