Modify

Opened 7 years ago

Closed 7 years ago

#9374 closed enhancement (fixed)

unbound package larger than it needs to be

Reported by: Cybjit <Cybjit@…> Owned by: developers
Priority: normal Milestone: Backfire 10.03.1
Component: packages Version: Backfire 10.03.1 RC4
Keywords: Cc:

Description

The binaries in unbound links statically to ldns (due to it not existing in OpenWrt) and strangely libunbound. This makes the package too large to install in root for me.

Attaching a patch that mitigates this by splitting out libunbound and utilities, only leaving the core server. It also upgrades to 1.4.9.

Attachments (5)

unbound-1.4.9.diff (2.2 KB) - added by Cybjit <Cybjit@…> 7 years ago.
upgrade and split unbound
unbound-1.4.9+ldns.diff (7.9 KB) - added by Cybjit <Cybjit@…> 7 years ago.
add ldns-package, upgrade to 1.4.9, link to libunbound and libldns
unbound-1.4.10+ldns.diff (7.9 KB) - added by Cybjit <cybjit@…> 7 years ago.
add ldns-package, upgrade to 1.4.10, link to libunbound and libldns
unbound-1.4.11+ldns.diff (4.7 KB) - added by Cybjit <cybjit@…> 7 years ago.
add ldns-package, upgrade to 1.4.11, link to libunbound and libldns, reduce mem
unbound-1.4.11+ldns-2.diff (5.3 KB) - added by Cybjit <cybjit@…> 7 years ago.
add ldns-package, upgrade to 1.4.11, link to libunbound and libldns, reduce mem, parallel build

Download all attachments as: .zip

Change History (11)

Changed 7 years ago by Cybjit <Cybjit@…>

upgrade and split unbound

Changed 7 years ago by Cybjit <Cybjit@…>

add ldns-package, upgrade to 1.4.9, link to libunbound and libldns

comment:1 Changed 7 years ago by Cybjit <Cybjit@…>

This patch is a bit better.

New package libldns, as unbound otherwise builds and statically links it to every binary.

Removes the symbol restriction from libunbound so that all binaries can be linked to it (patch is in upstream trunk).

No longer splits package, as total install size has gone from 3268 to 984.

Changed 7 years ago by Cybjit <cybjit@…>

add ldns-package, upgrade to 1.4.10, link to libunbound and libldns

comment:2 Changed 7 years ago by Cybjit <cybjit@…>

I do not think OpenWrt is vulnerable to CVE-2011-1922, but might as well update the patch.

Changed 7 years ago by Cybjit <cybjit@…>

add ldns-package, upgrade to 1.4.11, link to libunbound and libldns, reduce mem

comment:3 Changed 7 years ago by Cybjit <cybjit@…>

New upstream version that includes symbol restriction patch. Also use the settings from man page to reduce memory consumption (15MB -> 6MB after use on my system).

comment:4 Changed 7 years ago by Stefan Hellermann <stefan@…>

I tried the patch but it doesn't build for me. Somehow expat is mission. I tried enabling it manually in, but the unbound build is unable to find it. The last lines from building unbound:

checking for HMAC_CTX_init in -lcrypto... yes
checking for library containing dlopen... none required
checking for openssl/ssl.h... yes
checking for openssl/err.h... yes
checking for openssl/rand.h... yes
checking if libssl needs libdl... no
checking for openssl/conf.h... yes
checking for openssl/engine.h... yes
checking for OPENSSL_config... yes
checking for EVP_sha1... yes
checking for EVP_sha256... yes
checking for EVP_sha512... yes
checking whether SSL_COMP_get_compression_methods is declared... yes
checking whether sk_SSL_COMP_pop_free is declared... yes
checking for libexpat... configure: error: Could not find libexpat, expat.h
make[2]: *** [/home/stefan/devel/openwrt/build_dir/target-mips_r2_uClibc-0.9.32/unbound-1.4.11/.configured_] Error 1
make[2]: Leaving directory `/home/stefan/devel/openwrt/feeds/packages/net/unbound'
make[1]: *** [package/feeds/packages/unbound/compile] Error 2
make[1]: Leaving directory `/home/stefan/devel/openwrt'
make: *** [package/feeds/packages/unbound/compile] Fehler 2

comment:5 Changed 7 years ago by Cybjit <cybjit@…>

Expat was already built by my python build, so I did not notice that 1.4.7 introduced a new utility with a dependency on it.

When you added expat manually it was most likely scheduled to be built after unbound.

Changed 7 years ago by Cybjit <cybjit@…>

add ldns-package, upgrade to 1.4.11, link to libunbound and libldns, reduce mem, parallel build

comment:6 Changed 7 years ago by swalker

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in the trunk in r27602 & r27603, thank you Cybjit.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.