Santi Saez
2013-Jun-09 20:03 UTC
[CentOS] Force to strip all symbols from ELFs when using rpmbuild on CentOS
Hello.
What's the proper way to remove *all symbols* from ELF binaries when
building packages with rpmbuild on CentOS? Seems that an out of the box
rpmbuild install only discards debugging symbols (strip -g).
That's the default configuration for %__os_install_post on CentOS, the
step in charge on stripping binaries:
$ rpmbuild --showrc
(..)
-14: __os_install_post
%{_rpmconfigdir}/brp-compress
%{_rpmconfigdir}/brp-strip
%{_rpmconfigdir}/brp-strip-static-archive
%{_rpmconfigdir}/brp-strip-comment-note
ELF binaries are stripped with /usr/lib/rpm/brp-strip, this script
explicitly calls to /usr/bin/strip with "-g" flag and discards only
debugging symbols.
Seems that the people usually installs "redhat-rpm-config" package to
achieve this. Indeed it builds RPMs with all symbols removed, but it
also installs some helper scripts and macros that change other
behaviors, for example SRPMs are signed with SHA-256.
When "redhat-rpm-config" package is installed, %__os_install_post
variable is modified and find-debuginfo.sh is executed, this script will
remove all symbols, but it will *also* build "-debug" packages, and
that's not what I'm looking for.
For the moment, I have have added another script to %__os_install_post
step that removes all symbols using "strip --strip-all", but I wonder
if
this is the most straightforward method, thanks.
Santi Saez
Bob Marcan
2013-Jun-09 21:47 UTC
[CentOS] Force to strip all symbols from ELFs when using rpmbuild on CentOS
On Sun, 09 Jun 2013 22:03:40 +0200 Santi Saez <santi at woop.es> wrote: ...> When "redhat-rpm-config" package is installed, %__os_install_post > variable is modified and find-debuginfo.sh is executed, this script will > remove all symbols, but it will *also* build "-debug" packages, and > that's not what I'm looking for. >... You can avoid generating "-debug" packages with: %define debug_package %{nil} BR, Bob