Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient

To: Sean Whitton <spwhitton@spwhitton.name>, 188731@bugs.debian.org
Subject: Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
From: Niels Thykier <niels@thykier.net>
Date: Sun, 28 Oct 2018 15:51:00 +0000
Message-id: <[🔎] 74842106-0c8b-e5c8-232e-ff7dc53c8ad2@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 188731@bugs.debian.org
In-reply-to: <[🔎] 87d0rvjoq6.fsf@iris.silentflame.com>
References: <20030412172412.GA13439@play.smurf.noris.de> <20150511083943.GA3581@belkar.wrar.name> <20150511091829.GA7260@yellowpig> <20150511091829.GA7260@yellowpig> <20030412172412.GA13439@play.smurf.noris.de> <25f0ec54-b65f-2900-4df2-ea750f8f977f@thykier.net> <[🔎] 87d0rvjoq6.fsf@iris.silentflame.com> <20030412172412.GA13439@play.smurf.noris.de>

Sean Whitton:
> control: tag -1 +patch
> 
> Hello,
> 
> On Fri 28 Sep 2018 at 05:38AM GMT, Niels Thykier wrote:
> 
>>  * We now have auto-generated dbgsym packages by dh_strip (which were
>>    just an idea when Bill wrote that answer).
>>
>>  * Policy mentions "--remove-section=.comment --remove-section=.note" in
>>    a footnote as a "You might also want to use ...".
>>
>>  * Policy section 10.1 implies that "INSTALL = install -s" is a useful
>>    way of stripping binaries (both in text and examples).  Besides not
>>    covering the .comment + .note sections it also neuters dh_strip's
>>    ability to create dbgsym packages.
>>
>>
>> I think we should update the policy to say that you should use
>> "--strip-unneeded --remove-section=.comment --remove-section=.note" and
>> maybe recommend delegating that task (where possible) to dh_strip as it
>> provide dbgsym packages.
> 
> Thank you for following up.
> 
> Here is a minimal patch, for which I am seeking seconds.  [...]
> 

Hi,

Seconded with one remark.

> diff --git a/policy/ch-files.rst b/policy/ch-files.rst
> index 21c4c37..7106afe 100644
> --- a/policy/ch-files.rst
> +++ b/policy/ch-files.rst
> @@ -48,12 +48,20 @@ used:
>      CC = gcc
>      CFLAGS = -O2 -g -Wall # sane warning options vary between programs
>      LDFLAGS = # none
> -    INSTALL = install -s # (or use strip on the files in debian/tmp)
> 
> -Note that by default all installed binaries should be stripped, either
> -by using the ``-s`` flag to ``install``, or by calling ``strip`` on the
> -binaries after they have been copied into ``debian/tmp`` but before the
> -tree is made into a package.
> +By default all installed binaries should be stripped by calling
> +
> +::
> +
> +    strip --strip-unneeded --remove-section=.comment --remove-section=.note binaries
> +
> +on the binaries after they have been copied into ``debian/tmp`` but
> +before the tree is made into a package.
> +
> +It is not recommended to strip binaries by passing the ``-s`` flag to
> +``install``, because this fails to remove .comment and .note sections,
> +and also prevents the automatic creation of dbgsym binary packages by
> +tools like ``dh_strip``.
> 
>  Although binaries in the build tree should be compiled with debugging
>  information by default, it can often be difficult to debug programs if
> @@ -114,7 +122,7 @@ All installed shared libraries should be stripped with
> 
>  ::
> 
> -    strip --strip-unneeded your-lib
> +    strip --strip-unneeded --remove-section=.comment --remove-section=.note your-lib
> 
>  (The option ``--strip-unneeded`` makes ``strip`` remove only the symbols
>  which aren't needed for relocation processing.) Shared libraries can
> @@ -123,7 +131,8 @@ linking are in a separate part of the ELF object file.  [#]_
> 
>  Note that under some circumstances it may be useful to install a shared
>  library unstripped, for example when building a separate package to
> -support debugging.
> +support debugging.  The debhelper `dh_strip`` tool can create such
> +packages automatically.
> 
>  Shared object files (often ``.so`` files) that are not public
>  libraries, that is, they are not meant to be linked to by third party
> @@ -741,9 +750,8 @@ restricted to ASCII when it is possible to do so.
>     shared library, like ``mklibs`` does in the Debian installer project.
> 
>  .. [#]
> -   You might also want to use the options ``--remove-section=.comment``
> -   and ``--remove-section=.note`` on both shared libraries and
> -   executables, and ``--strip-debug`` on static libraries.
> +   You might also want to use the option ``--strip-debug`` on static
> +   libraries.
> 

For static libraries, you want to use --strip-debug *instead* of
--strip-unneeded (as opposed to "also" as the text implies) AFAICT.  At
least, debhelper always used --strip-debug without --strip-unneeded on
static libraries.

Note that for static libraries, it might be prudent to remind people to
use "-D" / "--enable-deterministic-archives" to ensure a deterministic
result (and thereby comply with the policy's recommendation to support
reproducible builds).

>  .. [#]
>     A common example are the so-called "plug-ins", internal shared
> 
> =====
> 
> To obtain a side-by-side diff:
> 
>     % git clone salsa.debian.org:dbnpolicy/policy.git debian-policy
>     % cd debian-policy
>     % git difftool -y -x icdiff master..origin/bug188731-spwhitton
> 
> Alternatively, visit
> 
> https://salsa.debian.org/dbnpolicy/policy/commit/3cc86484767ac0aead9b7466c074ade5021ef225?view=parallel
> 

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
  - From: Sean Whitton <spwhitton@spwhitton.name>

References:
- Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
Next by Date: Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
Previous by thread: Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
Next by thread: Bug#188731: debian-policy: "strip --strip-unneeded" is insufficient
Index(es):
- Date
- Thread