]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/env bash | |
2 | ||
3 | paths=() | |
4 | excludes=() | |
5 | strip="strip" | |
6 | break_on_error="1" | |
7 | ||
8 | while [ $# -gt 0 ]; do | |
9 | case "${1}" in | |
10 | --strip=*) | |
11 | strip="${1#*=}" | |
12 | ;; | |
13 | --exclude=*) | |
14 | if [ -n "${1#*=}" ]; then | |
15 | excludes+=( "!" "-path" "${1#*=}" "!" "-path" "${1#*=}/*" ) | |
16 | fi | |
17 | ;; | |
18 | --ignore-errors) | |
19 | break_on_error="0" | |
20 | ;; | |
21 | *) | |
22 | paths+=( "${1}" ) | |
23 | ;; | |
24 | esac | |
25 | shift | |
26 | done | |
27 | ||
28 | function _strip() { | |
29 | local file="${1}" | |
30 | local args=() | |
31 | ||
32 | # Fetch the filetype | |
33 | local type="$(readelf -h "${file}" 2>/dev/null)" | |
34 | ||
35 | case "${type}" in | |
36 | # Libraries and Relocatable binaries | |
37 | *Type:*"DYN (Shared object file)"*) | |
38 | args+=( "--strip-all" ) | |
39 | ;; | |
40 | ||
41 | *Type:*"DYN (Position-Independent Executable file)"*) | |
42 | args+=( "--strip-all" ) | |
43 | ;; | |
44 | ||
45 | # Binaries | |
46 | *Type:*"EXEC (Executable file)"*) | |
47 | args+=( "--strip-all" ) | |
48 | ;; | |
49 | ||
50 | # Static libraries | |
51 | *Type:*"REL (Relocatable file)"*) | |
52 | args+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" ) | |
53 | ;; | |
54 | ||
55 | # Skip any unrecognised files | |
56 | *) | |
57 | return 0 | |
58 | ;; | |
59 | esac | |
60 | ||
61 | # Fetch any capabilities | |
62 | local capabilities="$(getfattr --no-dereference --name="security.capability" \ | |
63 | --absolute-names --dump "${file}" 2>/dev/null)" | |
64 | ||
65 | echo "Stripping ${file}..." | |
66 | if ! "${strip}" "${args[@]}" "${file}"; then | |
67 | return ${break_on_error} | |
68 | fi | |
69 | ||
70 | # Restore capabilities | |
71 | if [ -n "${capabilities}" ]; then | |
72 | setfattr --no-dereference --restore=<(echo "${capabilities}") | |
73 | fi | |
74 | } | |
75 | ||
76 | for path in ${paths[@]}; do | |
77 | for file in $(find -H "${path}" -xdev "${excludes[@]}" -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) 2>/dev/null); do | |
78 | _strip "${file}" || exit $? | |
79 | done | |
80 | done |