From patchwork Fri Feb  4 16:47:38 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 5069
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Jr1gw293Qz3wsl
	for <patchwork@web04.haj.ipfire.org>; Fri,  4 Feb 2022 16:48:28 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Jr1gS5jQbz2Yw;
	Fri,  4 Feb 2022 16:48:04 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Jr1gR2xdTz32KP;
	Fri,  4 Feb 2022 16:48:03 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Jr1gM0BvBz32KM
 for <development@lists.ipfire.org>; Fri,  4 Feb 2022 16:47:59 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4Jr1gL24B2z80;
 Fri,  4 Feb 2022 16:47:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1643993278;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=gL1tc0PNS0LNrprv455XTT+PDOF6S2LDu9jFECDuuBI=;
 b=uWdgBB/oNHh4Im0lQlLXIyGn1Er3uz/IIMlDuIVX3ABLfg7F/fvV/JjbrFCjcUMkMb6KFD
 VWewoAZuVfnliq3/lECc1JyFJn0AbK1pucV25lJ7+f6MtDDr1w/rjfZOyqnDp9KqDvEPa0
 qYXoCPw6vzuLSNrDCsZlRTDl/8lVk/TyJz3/DMAgFG+0RDu95FVgs36TWaFwQeMy0d0Fe9
 uYfX0JPKveR250UI+X66zgUThCPz0IsrUz32ttpzOvef86PDfaZXaeRQCjTVhC4lUHBwjF
 U89Q1ZI7f8/Ez3q4h4qSrgicrIbBit3O2kc+BqASWUKqyy3KAkXmg/kpPJ5UoQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1643993278;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=gL1tc0PNS0LNrprv455XTT+PDOF6S2LDu9jFECDuuBI=;
 b=udwJ+rrfah7XZPuKaoQzS2Sq/I/gSCFNyoj57LRN1vzKZoGX9CuktDusZ5HMiiwkQvxGhk
 mOi7+ozyP91awrCQ==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 18/28] make.sh: Refactor stripper
Date: Fri,  4 Feb 2022 16:47:38 +0000
Message-Id: <20220204164748.315559-18-michael.tremer@ipfire.org>
In-Reply-To: <20220204164748.315559-1-michael.tremer@ipfire.org>
References: <20220204164748.315559-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

This should *actually* exclude everything we want to exclude and
*actually* strip everything to the maximum.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/strip    | 21 +++++-----------
 make.sh      |  9 +++++--
 src/stripper | 71 ++++++++++++++++++++++++++--------------------------
 3 files changed, 48 insertions(+), 53 deletions(-)

diff --git a/lfs/strip b/lfs/strip
index 48e698a7c..466dfd9d5 100644
--- a/lfs/strip
+++ b/lfs/strip
@@ -29,16 +29,6 @@ VER = ipfire
 THISAPP    = strip
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
-ifeq "$(TOOLCHAIN)" "1"
-	SHELL = /bin/bash
-	STRIP = /usr/bin/strip
-	ROOT = $(TOOLS_DIR)
-else
-	SHELL = $(TOOLS_DIR)/bin/bash
-	STRIP = $(TOOLS_DIR)/bin/strip
-	ROOT = /
-endif
-
 ###############################################################################
 # Top-level Rules
 ###############################################################################
@@ -56,18 +46,19 @@ md5 :
 ###############################################################################
 
 $(TARGET) :
+ifeq "$(TOOLCHAIN)" "1"
+	# Strip everything in the toolchain
+	$(DIR_SRC)/src/stripper $(TOOLS_DIR)
+else
 	# Don't strip VDR binaries, because they use a weird plugin system
 	# which does not work when unneeded symbols get stripped from
 	# /usr/sbin/vdr.
-	STRIP=$(STRIP) $(SHELL) $(DIR_SRC)/src/stripper \
-		$(ROOT) \
+	$(DIR_SRC)/src/stripper / \
 		--exclude=$(TOOLS_DIR) \
-		--exclude=/dev \
-		--exclude=/proc \
-		--exclude=/sys \
 		--exclude=/tmp \
 		--exclude=/usr/src \
 		--exclude=/usr/lib/vdr \
 		--exclude=/usr/sbin/vdr \
 		--exclude=/var/tmp \
 		--exclude=/usr/lib/go
+endif
diff --git a/make.sh b/make.sh
index 57e185312..356173065 100755
--- a/make.sh
+++ b/make.sh
@@ -556,6 +556,11 @@ enterchroot() {
 
 	local PATH="${TOOLS_DIR}/ccache/bin:/bin:/usr/bin:/sbin:/usr/sbin:${TOOLS_DIR}/bin"
 
+	# Prepend any custom changes to PATH
+	if [ -n "${CUSTOM_PATH}" ]; then
+		PATH="${CUSTOM_PATH}:${PATH}"
+	fi
+
 	PATH="${PATH}" chroot ${LFS} env -i \
 		HOME="/root" \
 		TERM="${TERM}" \
@@ -695,7 +700,7 @@ lfsmake2() {
 	local PS1='\u:\w$ '
 
 	enterchroot \
-		${EXTRA_PATH}bash -x -c "cd /usr/src/lfs && \
+		bash -x -c "cd /usr/src/lfs && \
 			make -f $* \
 			LFS_BASEDIR=/usr/src install" \
 		>> ${LOGFILE} 2>&1 &
@@ -1693,7 +1698,7 @@ buildinstaller() {
   lfsmake2 memtest
   lfsmake2 installer
   # use toolchain bash for chroot to strip
-  EXTRA_PATH=${TOOLS_DIR}/bin/ lfsmake2 strip
+  CUSTOM_PATH="${TOOLS_DIR}/bin" lfsmake2 strip
 }
 
 buildpackages() {
diff --git a/src/stripper b/src/stripper
index 6f449bb39..d1739b28c 100755
--- a/src/stripper
+++ b/src/stripper
@@ -1,49 +1,58 @@
 #!/usr/bin/env bash
 
-dirs=""
-excludes="/dev /proc /sys /run"
+paths=()
+excludes=()
 
 while [ $# -gt 0 ]; do
 	case "${1}" in
 		--exclude=*)
-			excludes="${excludes} ${1#*=}"
+			excludes+=( "!" "-path" "${1#*=}/*" )
 			;;
 		*)
-			dirs="${dirs} ${1}"
+			paths+=( "${1}" )
 			;;
 	esac
 	shift
 done
 
 function _strip() {
-	local file=${1}
-	local strip="${STRIP-strip}"
+	local file="${1}"
+	local args=()
 
-	local exclude l
-	for exclude in ${excludes}; do
-		l=${#exclude}
-		if [ "${file:0:${l}}" = "${exclude}" ]; then
-			return 0
-		fi
-	done
+	# Fetch the filetype
+	local type="$(readelf -h "${file}" 2>/dev/null)"
 
-	# Fetch any capabilities
-	local capabilities="$(getfattr --no-dereference --name="security.capability" \
-		--absolute-names --dump "${file}" 2>/dev/null)"
+	case "${type}" in
+		# Libraries and Relocatable binaries
+		*Type:*"DYN (Shared object file)"*)
+			args+=( "--strip-all" )
+			;;
 
-	local cmd=( "${strip}" )
+		# Binaries
+		*Type:*"EXEC (Executable file)"*)
+			args+=( "--strip-all" )
+			;;
 
-	case "$(file -bi ${file})" in
-		application/x-archive*)
-			cmd+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" )
+		# Static libraries
+		*Type:*"REL (Relocatable file)"*)
+			args+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" )
 			;;
+
+		# Skip any unrecognised files
 		*)
-			cmd+=( "--strip-all" )
+			return 0
 			;;
 	esac
 
+	# Fetch any capabilities
+	local capabilities="$(getfattr --no-dereference --name="security.capability" \
+		--absolute-names --dump "${file}" 2>/dev/null)"
+
 	echo "Stripping ${file}..."
-	${cmd[*]} ${file}
+	if ! strip "${args[@]}" "${file}"; then
+		return 1
+	fi
+
 
 	# Restore capabilities
 	if [ -n "${capabilities}" ]; then
@@ -51,18 +60,8 @@ function _strip() {
 	fi
 }
 
-for dir in ${dirs}; do
-	# Strip shared objects.
-	find ${dir} -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
-		| file -N -f - | sed -n -e 's/^\(.*\):[   ]*.*ELF.*, not stripped.*/\1/p' |
-		while read file; do
-			_strip ${file} || exit $?
-		done || exit $?
-
-	# Strip static archives.
-	find ${dir} -name \*.a -a -exec file {} \; \
-		| grep 'current ar archive' | sed -n -e 's/^\(.*\):[ 	]*current ar archive/\1/p' |
-		while read file; do
-			_strip ${file} || exit $?
-		done || exit $?
+for path in ${paths[@]}; do
+	for file in $(find / -xdev "${excludes[@]}" -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) 2>/dev/null); do
+		_strip "${file}" || exit $?
+	done
 done