Samba smaller: 11.1mb smbd

Andrew Bartlett abartlet at
Fri Nov 15 01:34:16 UTC 2019

For some reason I had another go at this, and have things down to

This is NOT FOR PRODUCTION USE, because I have to cut out some
important things, but the idea is to prove that by reducing the linkage
to the ndr-table subsystem, we can avoid bringing in unused code to eg
parse drsuapi.

Anyone wanting to take this further will need to work out how to get
the appropriate interface tables for the specific pipes we need to use
internally.  It would also be very worthwhile working to understand why
we depend on what is left, and seeing if we can trim that some more. 

I used:

CFLAGS="-DSAMBA_SMALLER -O2 -flto -fwhole-program " LDFLAGS="-O2 -flto
-fwhole-program " ./configure --bundled-
libraries=talloc,tdb,pytdb,ldb,pyldb,tevent,pytevent --with-static-
modules=ALL --nonshared-binary=smbtorture,smbd/smbd --with-system-
mitkrb5 --without-ad-dc --without-ads --without-python &&
./buildtools/bin/waf --targets=smbd/smbd

Andrew Bartlett

On Mon, 2017-01-30 at 23:51 +1300, Andrew Bartlett wrote:
> Thinking about the 'without python' use case and the cries from folks
> for a smaller smbd, I tried some gcc options.
> (original)
> du -m bin/default/source3/smbd/smbd
> 19	bin/default/source3/smbd/smbd
> (new)
> du -m bin/default/source3/smbd/smbd
> 13	bin/default/source3/smbd/smbd
> The options I set were:
> CFLAGS="-O2 -flto -fwhole-program " LDFLAGS="-O2 -flto -fwhole-
> program "
> The rest of the command remains the same:
>  ./configure --bundled-
> libraries=talloc,tdb,pytdb,ldb,pyldb,tevent,pytevent --with-static-
> modules=ALL --nonshared-binary=smbtorture,smbd/smbd --with-system-
> mitkrb5 --without-ad-dc && make -j
> Now, the build fails, but not before spitting out the smaller smbd.
> I don't claim it even works (I just tried smbd -b and smbd -V), but I
> figured those who are passionate about this stuff won't be too far
> behind.  A tweak to waf to only specify "-flto -fwhole-program" when
> building and linking the non-shared binaries would help a lot. 
> The next step would be a bare fileserver build without spoolss,
> netlogon and any other pipes we don't strictly need, as the PIDL
> generated code from the extra idl is probably a fair chunk of what we
> removed and what we still could eliminate.
> To make this build, I needed the attached patch (please review/push)
> to
> not initialise vfs_posix_eadb without the AD DC.
> Thanks,
> Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team
Samba Development and Support, Catalyst IT

-------------- next part --------------
A non-text attachment was scrubbed...
Name: making-samba-small-again.patch
Type: text/x-patch
Size: 11987 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list