Created attachment 427242 [details]
added nis and sunrpc useflag
Glibc builds and installs by default the obsolete RPC code, which is superseeded by libtirpc and the rarely used NIS nss modules.
This increases the size of libc and, even worse, some programs link against libnsl (NIS), without being asked to do so (potential security implications).
For an embedded project I created an ebuild which has the mentioned use flags, so these features can be disabled. The size of libc.so.6 itself was reduced by about 70KiB (6%) on ARM.
I tested the ebuild on my desktop system, the following packages linked against libnsl and after merging @preserved-rebuild were fine without it.
libtirpc won't build anymore, but it looks like all problems have already been solved by buildroot.
How are the prospects of getting these useflags included in future glibc ebuilds? Other nis modules like hesiod could be made optional as well, but these are just unused files without any influence on libc.6.so.
The changes to glibc are:
if ! use sunrpc ; then
sed -i 's:sunrpc::' sysdeps/unix/inet/Subdirs
if ! use nis ; then
sed -i 's:nis::' sysdeps/unix/inet/Subdirs
disable nis rpc sunrpc
we're not going to add USE flags that change the ABI
the rpc code can have its exported API disabled by passing --disable-obsolete-rpc but it would still carry the internal code for old linked apps
libtirpc also is not a full replacement (yet) sadly. see bug 381391 for more.
I tried the ebuild on another machine and the the transition wasn't as smooth as on the first one. On some applications I got:
relocation error: /lib64/libnsl.so.1: symbol xdr_void, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference
re-merging glibc was still possible.
i've added USE=rpc to glibc-2.23+ and labeled it experimental. any other requests should go through upstream.