On 2/7/21 7:55 PM, Eli Schwartz wrote:
It updates the stripped file by creating a temp file, chown/chmodding it, and replacing the original file. But upstream binutils has CVE-worthy issues with this if running strip as root, and some recent versions of strip don't play nicely with fakeroot.
Also, this has always destroyed xattrs. :/
Sidestep the issue by telling strip to write to a temporary file, and manually dump the contents of that back into the original binary. Since the original binary is intact, albeit with different contents, it retains its correct attributes in fakeroot.
Note: this is an alternative to Allan's patch "maintain file ownership while stripping". It does not rely on reintroducing @STATCMD@ and running chown, because that does not solve the xattr problem -- which is a problem that bothered me for a long time, but the binutils issue finally incentivized me sit down and implement this. Initially I wanted to use getfattr/setfattr, but this is not portable and does not solve the ownership issues either, at which point I realized retaining the original file is the simplest solution for both problems!
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- scripts/libmakepkg/tidy/strip.sh.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in index 4d50f4475..f7238f813 100644 --- a/scripts/libmakepkg/tidy/strip.sh.in +++ b/scripts/libmakepkg/tidy/strip.sh.in @@ -93,7 +93,10 @@ strip_file() { fi fi
- strip $@ "$binary" + if strip "$@" "$binary" -o "$binary.stripped"; then + cat "$binary.stripped" > "$binary" + fi + rm -f "$binary.stripped" }
-- Eli Schwartz Bug Wrangler and Trusted User