makeInitrdNG: make stripping fully optional

Now the tool will only strip binaries if a strip executable is passed via the STRIP environment variable. This is exposed via the strip option for makeInitrdNG and the NixOS option boot.initrd.systemd.strip.
2022-07-30 15:42:22 +02:00 · 2022-07-30 15:42:22 +02:00 · 6fc909a1cc
commit 6fc909a1cc
parent daee67dae6
4 changed files with 33 additions and 19 deletions
--- a/nixos/modules/system/boot/systemd/initrd.nix
+++ b/nixos/modules/system/boot/systemd/initrd.nix
@ -129,6 +129,7 @@ let
  initialRamdisk = pkgs.makeInitrdNG {
    name = "initrd-${kernel-name}";
    inherit (config.boot.initrd) compressor compressorArgs prepend;
+    inherit (cfg) strip;

    contents = map (path: { object = path; symlink = ""; }) (subtractLists cfg.suppressedStorePaths cfg.storePaths)
      ++ mapAttrsToList (_: v: { object = v.source; symlink = v.target; }) (filterAttrs (_: v: v.enable) cfg.contents);
@ -169,6 +170,19 @@ in {
      default = [];
    };

+    strip = mkOption {
+      description = lib.mdDoc ''
+        Whether to completely strip executables and libraries copied to the initramfs.
+
+        Setting this to false may save on the order of 30MiB on the
+        machine building the system (by avoiding a binutils
+        reference), at the cost of ~1MiB of initramfs size. This puts
+        this option firmly in the territory of micro-optimisation.
+      '';
+      type = types.bool;
+      default = true;
+    };
+
    extraBin = mkOption {
      description = lib.mdDoc ''
        Tools to add to /bin
--- a/pkgs/build-support/kernel/make-initrd-ng-tool.nix
+++ b/pkgs/build-support/kernel/make-initrd-ng-tool.nix
@ -6,11 +6,4 @@ rustPlatform.buildRustPackage {

  src = ./make-initrd-ng;
  cargoLock.lockFile = ./make-initrd-ng/Cargo.lock;
-
-  nativeBuildInputs = [ makeWrapper ];
-
-  postInstall = ''
-    wrapProgram $out/bin/make-initrd-ng \
-      --prefix PATH : ${lib.makeBinPath [ patchelf glibc binutils ]}
-  '';
 }
--- a/pkgs/build-support/kernel/make-initrd-ng.nix
+++ b/pkgs/build-support/kernel/make-initrd-ng.nix
@ -8,10 +8,12 @@ let
  # compression type and filename extension.
  compressorName = fullCommand: builtins.elemAt (builtins.match "([^ ]*/)?([^ ]+).*" fullCommand) 1;
 in
-{ stdenvNoCC, perl, cpio, ubootTools, lib, pkgsBuildHost, makeInitrdNGTool, patchelf, runCommand
+{ stdenvNoCC, perl, cpio, ubootTools, lib, pkgsBuildHost, makeInitrdNGTool, patchelf, binutils, runCommand
 # Name of the derivation (not of the resulting file!)
 , name ? "initrd"

+, strip ? true
+
 # Program used to compress the cpio archive; use "cat" for no compression.
 # This can also be a function which takes a package set and returns the path to the compressor,
 # such as `pkgs: "${pkgs.lzop}/bin/lzop"`.
@ -59,7 +61,7 @@ in
 # If this isn't guessed, you may want to complete the metadata above and send a PR :)
 , uInitrdCompression ? _compressorMeta.ubootName or
    (throw "Unrecognised compressor ${_compressorName}, please specify uInitrdCompression")
-}: runCommand name {
+}: runCommand name ({
  compress = "${_compressorExecutable} ${lib.escapeShellArgs _compressorArgsReal}";
  passthru = {
    compressorExecutableFunction = _compressorFunction;
@ -72,8 +74,11 @@ in
  passAsFile = ["contents"];
  contents = lib.concatMapStringsSep "\n" ({ object, symlink, ... }: "${object}\n${if symlink == null then "" else symlink}") contents + "\n";

-  nativeBuildInputs = [makeInitrdNGTool patchelf cpio] ++ lib.optional makeUInitrd ubootTools;
-} ''
+  nativeBuildInputs = [makeInitrdNGTool patchelf cpio] ++ lib.optional makeUInitrd ubootTools ++ lib.optional strip binutils;
+
+} // lib.optionalAttrs strip {
+  STRIP = "${(binutils.nativeDrv or binutils).targetPrefix}strip";
+}) ''
  mkdir ./root
  make-initrd-ng "$contentsPath" ./root
  mkdir "$out"
--- a/pkgs/build-support/kernel/make-initrd-ng/src/main.rs
+++ b/pkgs/build-support/kernel/make-initrd-ng/src/main.rs
@ -104,14 +104,16 @@ fn copy_file<P: AsRef<Path> + AsRef<OsStr>, S: AsRef<Path> + AsRef<OsStr>>(
        fs::set_permissions(&target, permissions)?;

        // Strip further than normal
-        if !Command::new("strip")
-            .arg("--strip-all")
-            .arg(OsStr::new(&target))
-            .output()?
-            .status
-            .success()
-        {
-            println!("{:?} was not successfully stripped.", OsStr::new(&target));
+        if let Ok(strip) = env::var("STRIP") {
+            if !Command::new(strip)
+                .arg("--strip-all")
+                .arg(OsStr::new(&target))
+                .output()?
+                .status
+                .success()
+            {
+                println!("{:?} was not successfully stripped.", OsStr::new(&target));
+            }
        }
    };