Page MenuHomeVyOS Platform
Create Task
Maniphest T5589

Nonstripped binaries exists in VyOS
Open, Requires assessmentPublicBUG
Actions

Description

I tested using rmlint -p -T "nonstripped" /path on the extracted filesystem.squashfs (VyOS 1.5-rolling-202309151051) and detected following files who are not stripped:

./chroot/usr/bin/accel-cmd
./chroot/etc/hsflowd/modules/mod_json.so
./chroot/usr/lib/x86_64-linux-gnu/libusdm_drv_s.so
./chroot/usr/sbin/adf_ctl
./chroot/etc/hsflowd/modules/mod_dbus.so
./chroot/usr/sbin/accel-pppd
./chroot/usr/sbin/hsflowd
./chroot/etc/hsflowd/modules/mod_dropmon.so
./chroot/usr/sbin/udp-broadcast-relay
./chroot/usr/lib/openvpn/openvpn-otp.so
./chroot/etc/hsflowd/modules/mod_dnssd.so
./chroot/etc/hsflowd/modules/mod_pcap.so

I assume a quickfix would be to add a hooks/live-script to vyox-build that would do strip --strip-all on above files (along with installing "rmlint" package outside of the chroot)?

Doing so manually gave the following result:

Original-dir:
26728 sep 14 ./squashfs-root_orig/usr/bin/accel-cmd
137840 maj 26 ./squashfs-root_orig/etc/hsflowd/modules/mod_json.so
30008 sep 14 ./squashfs-root_orig/usr/lib/x86_64-linux-gnu/libusdm_drv_s.so
104344 sep 14 ./squashfs-root_orig/usr/sbin/adf_ctl
80072 maj 26 ./squashfs-root_orig/etc/hsflowd/modules/mod_dbus.so
275536 sep 14 ./squashfs-root_orig/usr/sbin/accel-pppd
710984 maj 26 ./squashfs-root_orig/usr/sbin/hsflowd
140784 maj 26 ./squashfs-root_orig/etc/hsflowd/modules/mod_dropmon.so
25576 jul 23 ./squashfs-root_orig/usr/sbin/udp-broadcast-relay
62144 maj 26 ./squashfs-root_orig/usr/lib/openvpn/openvpn-otp.so
57352 maj 26 ./squashfs-root_orig/etc/hsflowd/modules/mod_dnssd.so
70200 maj 26 ./squashfs-root_orig/etc/hsflowd/modules/mod_pcap.so

Stripped-dir:
22968 sep 16 ./squashfs-root_strip/usr/bin/accel-cmd
31128 sep 16 ./squashfs-root_strip/etc/hsflowd/modules/mod_json.so
26000 sep 16 ./squashfs-root_strip/usr/lib/x86_64-linux-gnu/libusdm_drv_s.so
80528 sep 16 ./squashfs-root_strip/usr/sbin/adf_ctl
22992 sep 16 ./squashfs-root_strip/etc/hsflowd/modules/mod_dbus.so
235200 sep 16 ./squashfs-root_strip/usr/sbin/accel-pppd
212424 sep 16 ./squashfs-root_strip/usr/sbin/hsflowd
56800 sep 16 ./squashfs-root_strip/etc/hsflowd/modules/mod_dropmon.so
22896 sep 16 ./squashfs-root_strip/usr/sbin/udp-broadcast-relay
26872 sep 16 ./squashfs-root_strip/usr/lib/openvpn/openvpn-otp.so
14400 sep 16 ./squashfs-root_strip/etc/hsflowd/modules/mod_dnssd.so
18656 sep 16 ./squashfs-root_strip/etc/hsflowd/modules/mod_pcap.so

That is:

Before: 1721568 bytes
After: 770864 bytes
Saved: 950704 bytes

Ref:

https://rmlint.readthedocs.io/en/master/

https://rmlint.readthedocs.io/en/latest/tutorial.html

https://manpages.debian.org/bookworm/rmlint/rmlint.1.en.html

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202309151051
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Performance optimization

Event Timeline

Apachez created this task.Sat, Sep 16, 11:04 AM
pasik added a subscriber: pasik.Sat, Sep 16, 11:07 AM
Apachez added a comment.EditedMon, Sep 25, 4:30 PM

Suggestion:

Implement hooks-script for livebuild that recursively go through following directories using "strip --strip-all" (syntax to be verified):

#!/bin/sh

#
# Discard symbols and other data from object files.
#

STRIPCMD="/usr/bin/strip --strip-all"

echo "Strip symbols..."

find /etc/hsflowd/modules/ | xargs ${STRIPCMD}
find /usr/bin/ | xargs ${STRIPCMD}
find /usr/lib/ | xargs ${STRIPCMD}
find /usr/sbin/ | xargs ${STRIPCMD}
Apachez claimed this task.Mon, Sep 25, 4:34 PM
Apachez added a comment.EditedMon, Sep 25, 7:05 PM

Have to add Debian package "binutils" to make "strip" work within the chroot of livebuild.

Apachez added a comment.EditedTue, Sep 26, 6:12 PM

Turned out to be little of a challenge do "just" strip all binaries (and libraries, modules etc).

So long story short (currently running a smoketest)...

  1. Added "binutils" to the vyos-build/data/live-build-config/package-lists/vyos-utils.list.chroot file.
  1. Added following file to the hooks/live-directory: vyos-build/data/live-build-config/hooks/live/99-strip-symbols.chroot
#!/bin/sh

#
# Discard symbols and other data from object files.
#
# Reference:
# https://www.linuxfromscratch.org/lfs/view/systemd/chapter08/stripping.html
# https://www.debian.org/doc/debian-policy/ch-files.html
#

# Set variables.
STRIPCMD_REGULAR="strip --remove-section=.comment --remove-section=.note --preserve-dates"
STRIPCMD_DEBUG="strip --strip-debug --remove-section=.comment --remove-section=.note --preserve-dates"
STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-section=.note --preserve-dates"
STRIPDIR_REGULAR="
"
STRIPDIR_DEBUG="
/usr/lib/modules
"
STRIPDIR_UNNEEDED="
/etc/hsflowd/modules
/usr/bin
/usr/lib/openvpn
/usr/lib/x86_64-linux-gnu
/usr/lib32
/usr/lib64
/usr/libx32
/usr/sbin
"

# Perform stuff.
echo "Stripping symbols..."

# CMD: strip
for DIR in ${STRIPDIR_REGULAR}; do
  echo "Parse dir (strip): ${DIR}"
  find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
    echo "Strip file (strip): ${FILE}"
    ${STRIPCMD_REGULAR} ${FILE}
  done
done

# CMD: strip --strip-debug
for DIR in ${STRIPDIR_DEBUG}; do
  echo "Parse dir (strip-debug): ${DIR}"
  find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
    echo "Strip file (strip-debug): ${FILE}"
    ${STRIPCMD_DEBUG} ${FILE}
  done
done

# CMD: strip --strip-unneeded
for DIR in ${STRIPDIR_UNNEEDED}; do
  echo "Parse dir (strip-unneeded: ${DIR}"
  find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
    echo "Strip file (strip-unneeded): ${FILE}"
    ${STRIPCMD_UNNEEDED} ${FILE}
  done
done

# Remove binutils package.
apt-get -y purge --autoremove binutils
Apachez added a comment.Tue, Sep 26, 8:58 PM

PR created: https://github.com/vyos/vyos-build/pull/426