makepkg: don't let the strip routine mess up file attributes

It updates the stripped/objcopied file by creating a temp file,
chown/chmodding it, and replacing the original file. But upstream
binutils has CVE-worthy issues with this if running strip as root, and
some recent versions of strip don't play nicely with fakeroot.

Also, this has always destroyed xattrs. :/

Sidestep the issue by telling strip/objcopy to write to a temporary
file, and manually dump the contents of that back into the original
binary. Since the original binary is intact, albeit with different
contents, it retains its correct attributes in fakeroot.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>

1 files changed, 9 insertions, 2 deletions

diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
index 868b96f3..9cb0fd8d 100644
--- a/scripts/libmakepkg/tidy/strip.sh.in
+++ b/scripts/libmakepkg/tidy/strip.sh.in
@@ -69,7 +69,10 @@ strip_file() {
 		# copy debug symbols to debug directory
 		mkdir -p "$dbgdir/${binary%/*}"
 		objcopy --only-keep-debug "$binary" "$dbgdir/$binary.debug"
-		objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary"
+		local tempfile=$(mktemp "$binary.XXXXXX")
+		objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" "$tempfile"
+		cat "$tempfile" > "$binary"
+		rm "$tempfile"
 
 		# create any needed hardlinks
 		while IFS= read -rd '' file ; do
@@ -93,7 +96,11 @@ strip_file() {
 		fi
 	fi
 
-	strip $@ "$binary"
+	local tempfile=$(mktemp "$binary.XXXXXX")
+	if strip "$@" "$binary" -o "$tempfile"; then
+		cat "$tempfile" > "$binary"
+	fi
+	rm -f "$tempfile"
 }