On 8/2/21 2:09 pm, Eli Schwartz wrote:
> It updates the stripped/objcopied file by creating a temp file,
> chown/chmodding it, and replacing the original file. But upstream
> binutils has CVE-worthy issues with this if running strip as root, and
> some recent versions of strip don't play nicely with fakeroot.
>
> Also, this has always destroyed xattrs. :/
>
> Sidestep the issue by telling strip/objcopy to write to a temporary
> file, and manually dump the contents of that back into the original
> binary. Since the original binary is intact, albeit with different
> contents, it retains its correct attributes in fakeroot.
>
> Signed-off-by: Eli Schwartz <[email protected]>
> ---
>
> v3: use mktemp to prevent clobbering mysterious packaged *.temp files
>
Thanks - this version is good.
> scripts/libmakepkg/tidy/strip.sh.in | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/libmakepkg/tidy/strip.sh.in
> b/scripts/libmakepkg/tidy/strip.sh.in
> index 868b96f3b..9cb0fd8d0 100644
> --- a/scripts/libmakepkg/tidy/strip.sh.in
> +++ b/scripts/libmakepkg/tidy/strip.sh.in
> @@ -69,7 +69,10 @@ strip_file() {
> # copy debug symbols to debug directory
> mkdir -p "$dbgdir/${binary%/*}"
> objcopy --only-keep-debug "$binary" "$dbgdir/$binary.debug"
> - objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug"
> "$binary"
> + local tempfile=$(mktemp "$binary.XXXXXX")
> + objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug"
> "$binary" "$tempfile"
> + cat "$tempfile" > "$binary"
> + rm "$tempfile"
>
> # create any needed hardlinks
> while IFS= read -rd '' file ; do
> @@ -93,7 +96,11 @@ strip_file() {
> fi
> fi
>
> - strip $@ "$binary"
> + local tempfile=$(mktemp "$binary.XXXXXX")
> + if strip "$@" "$binary" -o "$tempfile"; then
> + cat "$tempfile" > "$binary"
> + fi
> + rm -f "$tempfile"
> }
>
>
> --
> 2.30.0
> .
>
