On 8/2/21 10:55 am, Eli Schwartz wrote: > It updates the stripped file by creating a temp file, chown/chmodding > it, and replacing the original file. But upstream binutils has > CVE-worthy issues with this if running strip as root, and some recent > versions of strip don't play nicely with fakeroot. > > Also, this has always destroyed xattrs. :/ > > Sidestep the issue by telling strip to write to a temporary file, and > manually dump the contents of that back into the original binary. Since > the original binary is intact, albeit with different contents, it > retains its correct attributes in fakeroot. >
This patch works when just stripping files, but fails to keep ownership correct when creating debug packages. We could apply it on top of my patch, so that we still maintain xattrs. Allan > Signed-off-by: Eli Schwartz <[email protected]> > --- > scripts/libmakepkg/tidy/strip.sh.in | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/scripts/libmakepkg/tidy/strip.sh.in > b/scripts/libmakepkg/tidy/strip.sh.in > index 4d50f4475..f7238f813 100644 > --- a/scripts/libmakepkg/tidy/strip.sh.in > +++ b/scripts/libmakepkg/tidy/strip.sh.in > @@ -93,7 +93,10 @@ strip_file() { > fi > fi > > - strip $@ "$binary" > + if strip "$@" "$binary" -o "$binary.stripped"; then > + cat "$binary.stripped" > "$binary" > + fi > + rm -f "$binary.stripped" > } > > >
