Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
Sean Whitton:
> control: tag -1 +patch
>
> Hello,
>
> On Fri 28 Sep 2018 at 05:38AM GMT, Niels Thykier wrote:
>
>> * We now have auto-generated dbgsym packages by dh_strip (which were
>> just an idea when Bill wrote that answer).
>>
>> * Policy mentions "--remove-section=.comment --remove-section=.note" in
>> a footnote as a "You might also want to use ...".
>>
>> * Policy section 10.1 implies that "INSTALL = install -s" is a useful
>> way of stripping binaries (both in text and examples). Besides not
>> covering the .comment + .note sections it also neuters dh_strip's
>> ability to create dbgsym packages.
>>
>>
>> I think we should update the policy to say that you should use
>> "--strip-unneeded --remove-section=.comment --remove-section=.note" and
>> maybe recommend delegating that task (where possible) to dh_strip as it
>> provide dbgsym packages.
>
> Thank you for following up.
>
> Here is a minimal patch, for which I am seeking seconds. [...]
>
Hi,
Seconded with one remark.
> diff --git a/policy/ch-files.rst b/policy/ch-files.rst
> index 21c4c37..7106afe 100644
> --- a/policy/ch-files.rst
> +++ b/policy/ch-files.rst
> @@ -48,12 +48,20 @@ used:
> CC = gcc
> CFLAGS = -O2 -g -Wall # sane warning options vary between programs
> LDFLAGS = # none
> - INSTALL = install -s # (or use strip on the files in debian/tmp)
>
> -Note that by default all installed binaries should be stripped, either
> -by using the ``-s`` flag to ``install``, or by calling ``strip`` on the
> -binaries after they have been copied into ``debian/tmp`` but before the
> -tree is made into a package.
> +By default all installed binaries should be stripped by calling
> +
> +::
> +
> + strip --strip-unneeded --remove-section=.comment --remove-section=.note binaries
> +
> +on the binaries after they have been copied into ``debian/tmp`` but
> +before the tree is made into a package.
> +
> +It is not recommended to strip binaries by passing the ``-s`` flag to
> +``install``, because this fails to remove .comment and .note sections,
> +and also prevents the automatic creation of dbgsym binary packages by
> +tools like ``dh_strip``.
>
> Although binaries in the build tree should be compiled with debugging
> information by default, it can often be difficult to debug programs if
> @@ -114,7 +122,7 @@ All installed shared libraries should be stripped with
>
> ::
>
> - strip --strip-unneeded your-lib
> + strip --strip-unneeded --remove-section=.comment --remove-section=.note your-lib
>
> (The option ``--strip-unneeded`` makes ``strip`` remove only the symbols
> which aren't needed for relocation processing.) Shared libraries can
> @@ -123,7 +131,8 @@ linking are in a separate part of the ELF object file. [#]_
>
> Note that under some circumstances it may be useful to install a shared
> library unstripped, for example when building a separate package to
> -support debugging.
> +support debugging. The debhelper `dh_strip`` tool can create such
> +packages automatically.
>
> Shared object files (often ``.so`` files) that are not public
> libraries, that is, they are not meant to be linked to by third party
> @@ -741,9 +750,8 @@ restricted to ASCII when it is possible to do so.
> shared library, like ``mklibs`` does in the Debian installer project.
>
> .. [#]
> - You might also want to use the options ``--remove-section=.comment``
> - and ``--remove-section=.note`` on both shared libraries and
> - executables, and ``--strip-debug`` on static libraries.
> + You might also want to use the option ``--strip-debug`` on static
> + libraries.
>
For static libraries, you want to use --strip-debug *instead* of
--strip-unneeded (as opposed to "also" as the text implies) AFAICT. At
least, debhelper always used --strip-debug without --strip-unneeded on
static libraries.
Note that for static libraries, it might be prudent to remind people to
use "-D" / "--enable-deterministic-archives" to ensure a deterministic
result (and thereby comply with the policy's recommendation to support
reproducible builds).
> .. [#]
> A common example are the so-called "plug-ins", internal shared
>
> =====
>
> To obtain a side-by-side diff:
>
> % git clone salsa.debian.org:dbnpolicy/policy.git debian-policy
> % cd debian-policy
> % git difftool -y -x icdiff master..origin/bug188731-spwhitton
>
> Alternatively, visit
>
> https://salsa.debian.org/dbnpolicy/policy/commit/3cc86484767ac0aead9b7466c074ade5021ef225?view=parallel
>
Thanks,
~Niels
Reply to: