build: pass -fno-ident in Windows gitian descriptor #17948
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
|
Concept ACK In addition to binary bloat reduction I assume this can't hurt from a deterministic builds perspective too. FWIW: Chromium builds with |
|
ACK on passing this for the gitian / distributed binaries. I'm less sure this is something that always needs to be passed by the build system, even for builds from sources and distro packages (which will have their own policy in regard to this). |
What could be the drawback? Just curious :) |
Gitian builds
|
What if someone is building from source for some platform and wants these idents in the binary for some reason? There's no way to enable them. Having done embedded development where the intent is to compile all the software with the same set of compiler flags, I (personally) dislike it if projects provide unnecessary (it doesn't fix a bug or otherwise) gcc or linker flags when building from source. If you think there's no reason at all to include these kind of "what compiled me" signifiers, please look at annobin, which goes even further and stores the command line options too for every compilation unit in the binary, it can be used for auditing post-compilation that the expected compiler/settings were used (such as security/hardening options)—it's impossible to rule these things out as "useful for noone". So while I'm okay for leaving this out of the distributed binaries (we don't care), I don't want to decide this for everyone building the software hardwired in the build system. |
True, this is worthwhile addition, but let's do that thru gitian descriptors.
If we're just doing this for release, then perhaps this is not necessary. |
|
It's unclear to me what the goal is. Do we care about the 100 bytes or so this adds to our binary, or is this intended to improve some form of privacy? |
|
Agree with @sipa. I don't see the danger of having these strings in the gitian/guix binary. Especially if this is going to be conditionally applied to only gitian builds, it might lead to further issues and build file code complexity. |
This currently adds > 3600 bytes to the Windows binaries.
I don't see a reason for us to be shipping around 1000s of bytes of useless data. Can you elaborate on the build system issues / complexity you foresee? We are already applying certain flags conditionally during gitian builds. Given the 3 concept ACK above I'll adjust these changes as suggested. |
|
I think even 3600 bytes compared to a multi-megabyte binary is negligible. |
fanquake
force-pushed
the
pass_fno_ident
branch
from
2c64371 to
5299933
Compare
|
Agree with @laanwj: Fine for the gitian binaries, but leave normal builds alone. If the user wants |
| Needs rebase |
This prevents compilers from emitting compiler name and version number info that can needlessly bloat binaries. Accepted by Clang and GCC. See: https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident
fanquake
force-pushed
the
pass_fno_ident
branch
from
5299933 to
530d02a
Compare
fanquake
changed the title
|
Rebased, updated to just pass |
|
ACK 530d02a |
Gitian builds
|
|
ACK 530d02a |
laanwj
added a commit
that referenced
this pull request
Feb 17, 2020
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
MarkLTZ
added a commit
to litecoinz-core/litecoinz
that referenced
this pull request
Apr 10, 2020
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 27, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 28, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 29, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jul 1, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jul 1, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jul 14, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jul 14, 2021
530d02a build: pass -fno-ident in Windows gitian descriptor (fanquake) Pull request description: `-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries. For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded: ```bash # GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415....... strings bitcoind.exe | rg GCC | wc -l 1021 ``` They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e: ```bash objdump --section=.rdata --full-contents bitcoind.exe ... cfcc00 00000000 00000000 00000000 00000000 ................ cfcc10 00000000 00000000 00000000 00000000 ................ cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0 cfcc30 20323031 37303431 35000000 00000000 20170415....... cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc50 6f736978 20323031 38303331 32000000 osix 20180312... cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p cfcc70 6f736978 20323031 38303331 32000000 osix 20180312... ``` The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident). Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578): ```c /* Attach a special .ident directive to the end of the file to identify the version of GCC which compiled this code. The format of the .ident string is patterned after the ones produced by native SVR4 compilers. */ if (!flag_no_ident) { const char *pkg_version = "(GNU) "; char *ident_str; if (strcmp ("(GCC) ", pkgversion_string)) pkg_version = pkgversion_string; ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL)); targetm.asm_out.output_ident (ident_str); } ``` ACKs for top commit: practicalswift: ACK 530d02a laanwj: ACK 530d02a Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
-fno-identprevents compilers from emitting compiler name and version number information that can needlessly bloat binaries.For example, in the
v0.19.0.1Windows release binaries, there are > 1000 GCC compiler version strings embedded:They end up collected in the end of the
.rdatasection, and cannot be removed bystrip. i.e:The flag is available for Clang and GCC.
Relevant code in GCC: