It updates the stripped/objcopied file by creating a temp file, chown/chmodding it, and replacing the original file. But upstream binutils has CVE-worthy issues with this if running strip as root, and some recent versions of strip don't play nicely with fakeroot. Also, this has always destroyed xattrs. :/ Sidestep the issue by telling strip/objcopy to write to a temporary file, and manually dump the contents of that back into the original binary. Since the original binary is intact, albeit with different contents, it retains its correct attributes in fakeroot. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- v2: also use the `cat foo > bar` workaround for the second call site destroying file permissions. Yes, we need to do it this way and not with stat/chown, or objcopy will destroy both ownership and xattrs and we'll only restore the former. scripts/libmakepkg/tidy/strip.sh.in | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in index 868b96f3b..2212b8ec4 100644 --- a/scripts/libmakepkg/tidy/strip.sh.in +++ b/scripts/libmakepkg/tidy/strip.sh.in @@ -69,7 +69,9 @@ strip_file() { # copy debug symbols to debug directory mkdir -p "$dbgdir/${binary%/*}" objcopy --only-keep-debug "$binary" "$dbgdir/$binary.debug" - objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" + objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" "$binary.temp" + cat "$binary.temp" > "$binary" + rm -f "$binary.temp" # create any needed hardlinks while IFS= read -rd '' file ; do @@ -93,7 +95,10 @@ strip_file() { fi fi - strip $@ "$binary" + if strip "$@" "$binary" -o "$binary.stripped"; then + cat "$binary.stripped" > "$binary" + fi + rm -f "$binary.stripped" } -- 2.30.0