]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/stripper
suricata: Change midstream policy to "pass-flow"
[people/pmueller/ipfire-2.x.git] / src / stripper
index 199d17f6a0ced2d67695c87a478a596ab2d1d6cc..4014f03a4ff2cb4afa119020dfb169604555b08a 100755 (executable)
@@ -1,27 +1,80 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+paths=()
+excludes=()
+strip="strip"
+break_on_error="1"
+
+while [ $# -gt 0 ]; do
+       case "${1}" in
+               --strip=*)
+                       strip="${1#*=}"
+                       ;;
+               --exclude=*)
+                       if [ -n "${1#*=}" ]; then
+                               excludes+=( "!" "-path" "${1#*=}" "!" "-path" "${1#*=}/*" )
+                       fi
+                       ;;
+               --ignore-errors)
+                       break_on_error="0"
+                       ;;
+               *)
+                       paths+=( "${1}" )
+                       ;;
+       esac
+       shift
+done
 
 function _strip() {
-       local file=${1}
+       local file="${1}"
+       local args=()
 
-       local cmd="${STRIP-strip}"
+       # Fetch the filetype
+       local type="$(readelf -h "${file}" 2>/dev/null)"
 
-       case "$(file -bi ${file})" in
-               application/x-sharedlib*)
-                       cmd="${cmd} --strip-debug --remove-section=.comment --remove-section=.note"
+       case "${type}" in
+               # Libraries and Relocatable binaries
+               *Type:*"DYN (Shared object file)"*)
+                       args+=( "--strip-all" )
                        ;;
+
+               *Type:*"DYN (Position-Independent Executable file)"*)
+                       args+=( "--strip-all" )
+                       ;;
+
+               # Binaries
+               *Type:*"EXEC (Executable file)"*)
+                       args+=( "--strip-all" )
+                       ;;
+
+               # Static libraries
+               *Type:*"REL (Relocatable file)"*)
+                       args+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" )
+                       ;;
+
+               # Skip any unrecognised files
                *)
-                       cmd="${cmd} --strip-unneeded"
+                       return 0
                        ;;
        esac
 
+       # Fetch any capabilities
+       local capabilities="$(getfattr --no-dereference --name="security.capability" \
+               --absolute-names --dump "${file}" 2>/dev/null)"
+
        echo "Stripping ${file}..."
-       ${cmd} ${file}
+       if ! "${strip}" "${args[@]}" "${file}"; then
+               return ${break_on_error}
+       fi
+
+       # Restore capabilities
+       if [ -n "${capabilities}" ]; then
+               setfattr --no-dereference --restore=<(echo "${capabilities}")
+       fi
 }
 
-for dir in $@; do
-       find ${dir} -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
-               | file -N -f - | sed -n -e 's/^\(.*\):[   ]*.*ELF.*, not stripped/\1/p' |
-               while read file; do
-                       _strip ${file}
-               done
+for path in ${paths[@]}; do
+       for file in $(find -H "${path}" -xdev "${excludes[@]}" -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \) 2>/dev/null); do
+               _strip "${file}" || exit $?
+       done
 done