Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
+ *Type:*"DYN (Position-Independent Executable file)"*) + args+=( "--strip-all" ) + ;; + # Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
*Type:*"DYN (Position-Independent Executable file)"*)args+=( "--strip-all" );;- # Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Hello Michael,
just a short follow-up question on this: Do we need to re-ship all affected packages again? Or is it fine to let users benefit from stripped PIE executables when we update affected components anyway?
Thanks, and best regards, Peter Müller
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;; + *Type:*"DYN (Position-Independent Executable file)"*) + args+=( "--strip-all" ) + ;;
# Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Good question. I did not even think about this.
I could not find many executables that fell into this category. Maybe about 10. Out of those, dnsdist was the largest one - by far.
So I would say, it isn’t worth it except for dnsdist.
-Michael
On 6 Jul 2022, at 10:56, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
just a short follow-up question on this: Do we need to re-ship all affected packages again? Or is it fine to let users benefit from stripped PIE executables when we update affected components anyway?
Thanks, and best regards, Peter Müller
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
*Type:*"DYN (Position-Independent Executable file)"*)args+=( "--strip-all" );;# Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Hello Michael,
thanks for your swift response.
Okay, I will then just bump the version number of dnsdist.
All the best, Peter Müller
Good question. I did not even think about this.
I could not find many executables that fell into this category. Maybe about 10. Out of those, dnsdist was the largest one - by far.
So I would say, it isn’t worth it except for dnsdist.
-Michael
On 6 Jul 2022, at 10:56, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
just a short follow-up question on this: Do we need to re-ship all affected packages again? Or is it fine to let users benefit from stripped PIE executables when we update affected components anyway?
Thanks, and best regards, Peter Müller
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
*Type:*"DYN (Position-Independent Executable file)"*)args+=( "--strip-all" );;# Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Did I not submit an update to that somewhere anyways?
On 6 Jul 2022, at 11:00, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
thanks for your swift response.
Okay, I will then just bump the version number of dnsdist.
All the best, Peter Müller
Good question. I did not even think about this.
I could not find many executables that fell into this category. Maybe about 10. Out of those, dnsdist was the largest one - by far.
So I would say, it isn’t worth it except for dnsdist.
-Michael
On 6 Jul 2022, at 10:56, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
just a short follow-up question on this: Do we need to re-ship all affected packages again? Or is it fine to let users benefit from stripped PIE executables when we update affected components anyway?
Thanks, and best regards, Peter Müller
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
*Type:*"DYN (Position-Independent Executable file)"*)args+=( "--strip-all" );;# Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
Hello Michael,
Did I not submit an update to that somewhere anyways?
yes, you did: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=bf7bfc3df6a3fc4e55908a9b...
This fell through the cracks when compiling the changelog for C169 - thanks for bringing this up. As for C170, bumping the package version is required nevertheless.
All the best, Peter Müller
On 6 Jul 2022, at 11:00, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
thanks for your swift response.
Okay, I will then just bump the version number of dnsdist.
All the best, Peter Müller
Good question. I did not even think about this.
I could not find many executables that fell into this category. Maybe about 10. Out of those, dnsdist was the largest one - by far.
So I would say, it isn’t worth it except for dnsdist.
-Michael
On 6 Jul 2022, at 10:56, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
just a short follow-up question on this: Do we need to re-ship all affected packages again? Or is it fine to let users benefit from stripped PIE executables when we update affected components anyway?
Thanks, and best regards, Peter Müller
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
*Type:*"DYN (Position-Independent Executable file)"*)args+=( "--strip-all" );;# Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
-
Michael Tremer -
Peter Müller