]> git.ipfire.org Git - ipfire-2.x.git/blob - src/stripper
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
suricata: Change midstream policy to "pass-flow"
[ipfire-2.x.git] / src / stripper
1 #!/usr/bin/env bash
2
3 paths=()
4 excludes=()
5 strip="strip"
6 break_on_error="1"
7
8 while [ $# -gt 0 ]; do
9 case "${1}" in
10 --strip=*)
11 strip="${1#*=}"
12 ;;
13 --exclude=*)
14 if [ -n "${1#*=}" ]; then
15 excludes+=( "!" "-path" "${1#*=}" "!" "-path" "${1#*=}/*" )
16 fi
17 ;;
18 --ignore-errors)
19 break_on_error="0"
20 ;;
21 *)
22 paths+=( "${1}" )
23 ;;
24 esac
25 shift
26 done
27
28 function _strip() {
29 local file="${1}"
30 local args=()
31
32 # Fetch the filetype
33 local type="$(readelf -h "${file}" 2>/dev/null)"
34
35 case "${type}" in
36 # Libraries and Relocatable binaries
37 *Type:*"DYN (Shared object file)"*)
38 args+=( "--strip-all" )
39 ;;
40
41 *Type:*"DYN (Position-Independent Executable file)"*)
42 args+=( "--strip-all" )
43 ;;
44
45 # Binaries
46 *Type:*"EXEC (Executable file)"*)
47 args+=( "--strip-all" )
48 ;;
49
50 # Static libraries
51 *Type:*"REL (Relocatable file)"*)
52 args+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" )
53 ;;
54
55 # Skip any unrecognised files
56 *)
57 return 0
58 ;;
59 esac
60
61 # Fetch any capabilities
62 local capabilities="$(getfattr --no-dereference --name="security.capability" \
63 --absolute-names --dump "${file}" 2>/dev/null)"
64
65 echo "Stripping ${file}..."
66 if ! "${strip}" "${args[@]}" "${file}"; then
67 return ${break_on_error}
68 fi
69
70 # Restore capabilities
71 if [ -n "${capabilities}" ]; then
72 setfattr --no-dereference --restore=<(echo "${capabilities}")
73 fi
74 }
75
76 for path in ${paths[@]}; do
77 for file in $(find -H "${path}" -xdev "${excludes[@]}" -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) 2>/dev/null); do
78 _strip "${file}" || exit $?
79 done
80 done
IPFire 2.x development tree