On 2/7/21 7:55 PM, Eli Schwartz wrote: > It updates the stripped file by creating a temp file, chown/chmodding > it, and replacing the original file. But upstream binutils has > CVE-worthy issues with this if running strip as root, and some recent > versions of strip don't play nicely with fakeroot. > > Also, this has always destroyed xattrs. :/ > > Sidestep the issue by telling strip to write to a temporary file, and > manually dump the contents of that back into the original binary. Since > the original binary is intact, albeit with different contents, it > retains its correct attributes in fakeroot.
Note: this is an alternative to Allan's patch "maintain file ownership while stripping". It does not rely on reintroducing @STATCMD@ and running chown, because that does not solve the xattr problem -- which is a problem that bothered me for a long time, but the binutils issue finally incentivized me sit down and implement this. Initially I wanted to use getfattr/setfattr, but this is not portable and does not solve the ownership issues either, at which point I realized retaining the original file is the simplest solution for both problems! > Signed-off-by: Eli Schwartz <[email protected]> > --- > scripts/libmakepkg/tidy/strip.sh.in | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/scripts/libmakepkg/tidy/strip.sh.in > b/scripts/libmakepkg/tidy/strip.sh.in > index 4d50f4475..f7238f813 100644 > --- a/scripts/libmakepkg/tidy/strip.sh.in > +++ b/scripts/libmakepkg/tidy/strip.sh.in > @@ -93,7 +93,10 @@ strip_file() { > fi > fi > > - strip $@ "$binary" > + if strip "$@" "$binary" -o "$binary.stripped"; then > + cat "$binary.stripped" > "$binary" > + fi > + rm -f "$binary.stripped" > } > > > -- Eli Schwartz Bug Wrangler and Trusted User
OpenPGP_signature
Description: OpenPGP digital signature
