[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 37ef9fe4e07a97d3597b9d9e7895652fcfe79150
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 37ef9fe4e07a97d3597b9d9e7895652fcfe79150 (commit) from db7ef52a91e925a5097d064ebea6723d035e28e8 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 37ef9fe4e07a97d3597b9d9e7895652fcfe79150 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 9 16:17:43 2021 +0000
stripper: Handle capabilities
During the build process, we set capabilities to elevate privileges of certain progrems (e.g. ping). These have been removed during the build process because of strip.
This patch collects any capabilities from all files that are being stripped and restores them after calling strip.
Fixes: #12652 Reported-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: src/stripper | 9 +++++++++ 1 file changed, 9 insertions(+)
Difference in files: diff --git a/src/stripper b/src/stripper index ac5f58ca5..e51463c69 100755 --- a/src/stripper +++ b/src/stripper @@ -27,6 +27,10 @@ function _strip() { fi done
+ # Fetch any capabilities + local capabilities="$(getfattr --no-dereference --name="security.capability" \ + --absolute-names --dump "${file}")" + local cmd=( "${strip}" )
case "$(file -bi ${file})" in @@ -40,6 +44,11 @@ function _strip() {
echo "Stripping ${file}..." ${cmd[*]} ${file} + + # Restore capabilities + if [ -n "${capabilities}" ]; then + setfattr --no-dereference --restore=<(echo "${capabilities}") + fi }
for dir in ${dirs}; do
hooks/post-receive -- IPFire 2.x development tree
-
Michael Tremer