josch
/
findunusedbd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
findunusedbd/README.md

3.0 KiB
Raw Permalink Blame History

Standalone

Use fatrace to record all file access during an sbuild run and find those build dependencies which have their files never needed. You need superuser privileges to run this script because of fatrace. You need to copy findunusedbd.sh into /home so best run all of this inside a chroot to prevent a mess (in case you use a chroot, don't forget to mount /proc and install fatrace).

Run it like follows:

$ ./run.sh foo.dsc bar.dsc [...]

This will call sbuild like this for each dsc given:

$ sbuild \
	--chroot-setup-commands='/home/findunusedbd.sh chroot-setup' \
	--starting-build-commands='/home/findunusedbd.sh starting-build' \
	--finished-build-commands='/home/findunusedbd.sh finished-build'

The first pass will use fatrace to find build dependencies on packages with files that are never used during the whole build. Since many of these are gonna be meta packages, a second pass replaces the candidate package with a fake equivs package of same name and version but without dependencies and tries to rebuild.

Both passes are done for --arch-all and --no-arch-all. Any unused dependencies can then be found by investigating the *.arch-all.unusedbd.real and *.no-arch-all.unusedbd.real. The result from the former can permanently be dropped from the Build-Depends. The result from the latter can be moved to Build-Depends-Indep.

Schroot setup

Create the schroot:

$ sudo sbuild-createchroot --make-sbuild-tarball=/var/lib/sbuild/sid-amd64.tar.gz sid `mktemp -d` http://127.0.0.1:3142/snapshot.debian.org/archive/debian/20140601T000000Z

Enter the schroot:

$ sbuild-shell source:sid-amd64-sbuild

Make apt ignore the Valid-Until header:

$ echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/80-nocheckvaliduntil

Install equivs and dctrl-tools:

$ apt-get install equivs dctrl-tools --no-install-recommends

The last action will also install file, gettext-base, gettext and debhelper so these cannot be found as unused anymore.

Bugs

  • maybe add list of packages whose files are never used but modify the build nevertheless (like hardening-wrapper)
  • use reproducible builds to check that the output is the same
  • when investigating which build dependencies are unused, virtual packages are not taken into account
  • maybe the fake equivs package can be built outside the schroot to avoid the additional dependencies for installing equivs
  • fatrace suffers from bug#722901 which can be seen when trying to compile lsof
  • if sbuild fails somehow (for example by the mirror becoming unavailable and sbuild failing with E: apt-get update failed) then the finished-build-commands are not run and the started processes never quit

Feature Requests

  • build with DEB_BUILD_OPTIONS=nocheck once it is possible to add <!profile.nocheck>

License

Consider everything in this repository in the public domain. It is a gross hack and I do not care what you do with it.