[pacman-dev] [PATCH 1/2] makepkg: don't let the strip program mess up file attributes

Eli Schwartz eschwartz at archlinux.org
Mon Feb 8 00:55:16 UTC 2021

It updates the stripped file by creating a temp file, chown/chmodding
it, and replacing the original file. But upstream binutils has
CVE-worthy issues with this if running strip as root, and some recent
versions of strip don't play nicely with fakeroot.

Also, this has always destroyed xattrs. :/

Sidestep the issue by telling strip to write to a temporary file, and
manually dump the contents of that back into the original binary. Since
the original binary is intact, albeit with different contents, it
retains its correct attributes in fakeroot.

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
 scripts/libmakepkg/tidy/strip.sh.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
index 4d50f4475..f7238f813 100644
--- a/scripts/libmakepkg/tidy/strip.sh.in
+++ b/scripts/libmakepkg/tidy/strip.sh.in
@@ -93,7 +93,10 @@ strip_file() {
-	strip $@ "$binary"
+	if strip "$@" "$binary" -o "$binary.stripped"; then
+		cat "$binary.stripped" > "$binary"
+	fi
+	rm -f "$binary.stripped"

More information about the pacman-dev mailing list