From bd8a86214f984e59e4937881d4d1ba60f3f0e2cb Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@fedoraproject.org>
Date: Thu, 28 Nov 2024 18:18:26 +0100
Subject: [PATCH] 5.1-2 - Add
 0001-find-debuginfo-Check-files-are-writable-before-modif.patch

Resolves: RHEL-69474
debugedit 5.1 regression with read-only exe/lib files and gdb-add-index
error reporting
---
 ...heck-files-are-writable-before-modif.patch | 100 ++++++++++++++++++
 debugedit.spec                                |   7 +-
 2 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 0001-find-debuginfo-Check-files-are-writable-before-modif.patch

diff --git a/0001-find-debuginfo-Check-files-are-writable-before-modif.patch b/0001-find-debuginfo-Check-files-are-writable-before-modif.patch
new file mode 100644
index 0000000..ab4db5d
--- /dev/null
+++ b/0001-find-debuginfo-Check-files-are-writable-before-modif.patch
@@ -0,0 +1,100 @@
+From 67dee55d160e312b9d0db607630eacfaa3ce08e4 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 28 Nov 2024 17:58:54 +0100
+Subject: [PATCH] find-debuginfo: Check files are writable before modifying
+ them
+
+Since commit dfe1f7ff3 ("find-debuginfo.sh: Exit with real exit status
+in parallel jobs") there is a check whether gdb-add-index worked
+correctly and find-debuginfo would fail (even in parallel mode) if an
+error occured.
+
+This turned out to show that gdb-add-index needs write permission to
+add the gdb index to the file. This is also the case for a couple of
+other things, like running objcopy --merge-notes. debugedit and
+add_minidebug already made sure it had write permission.
+
+To make sure find-debuginfo doesn't (partially) fail extend the
+writable check to include the gdb-add-index and objcopy --merge-notes
+invocation.
+---
+ scripts/find-debuginfo.in | 33 +++++++++++++++++++++++++++++++--
+ 1 file changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/find-debuginfo.in b/scripts/find-debuginfo.in
+index a360bf0582dc..4e4ef5a64005 100755
+--- a/scripts/find-debuginfo.in
++++ b/scripts/find-debuginfo.in
+@@ -481,14 +481,29 @@ do_file()
+     $strict && return 2
+   fi
+ 
++  # debugedit makes sure to to get write permission to the file and
++  # restores original state after modifications. Other utilities
++  # might not.
++  f_writable="false"
++  if test -w "$f"; then f_writable="true"; fi
++
+   # Add .gdb_index if requested.
+   if $include_gdb_index; then
+     if type gdb-add-index >/dev/null 2>&1; then
++      if test "$f_writable" = "false"; then
++        chmod u+w "$f"
++      fi
+       gdb-add-index "$f" || {
+         status=$?
+         echo >&2 "*** ERROR:: GDB exited with exit status $status during index generation"
++        if test "$f_writable" = "false"; then
++          chmod u-w "$f"
++        fi
+         return 2
+       }
++      if test "$f_writable" = "false"; then
++        chmod u-w "$f"
++      fi
+     else
+       echo >&2 "*** ERROR: GDB index requested, but no gdb-add-index installed"
+       return 2
+@@ -497,7 +512,13 @@ do_file()
+ 
+   # Compress any annobin notes in the original binary.
+   # Ignore any errors, since older objcopy don't support --merge-notes.
++  if test "$f_writable" = "false"; then
++    chmod u+w "$f"
++  fi
+   objcopy --merge-notes "$f" 2>/dev/null || true
++  if test "$f_writable" = "false"; then
++    chmod u-w "$f"
++  fi
+ 
+   # A binary already copied into /usr/lib/debug doesn't get stripped,
+   # just has its file names collected and adjusted.
+@@ -507,7 +528,7 @@ do_file()
+   esac
+ 
+   mkdir -p "${debugdn}"
+-  if test -w "$f"; then
++  if test "$f_writable" = "true"; then
+     strip_to_debug "${debugfn}" "$f"
+   else
+     chmod u+w "$f"
+@@ -529,7 +550,15 @@ do_file()
+       application/x-executable*) skip_mini=false ;;
+       application/x-pie-executable*) skip_mini=false ;;
+     esac
+-    $skip_mini || add_minidebug "${debugfn}" "$f"
++    if test "$skip_mini" = "true"; then
++      if test "$f_writable" = "false"; then
++        chmod u+w "$f"
++      fi
++      add_minidebug "${debugfn}" "$f"
++      if test "$f_writable" = "false"; then
++        chmod u-w "$f"
++      fi
++    fi
+   fi
+ 
+   echo "./${f#$RPM_BUILD_ROOT}" >> "$ELFBINSFILE"
+-- 
+2.47.0
+
diff --git a/debugedit.spec b/debugedit.spec
index 8293a29..79643b2 100644
--- a/debugedit.spec
+++ b/debugedit.spec
@@ -1,6 +1,6 @@
 Name: debugedit
 Version: 5.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Tools and scripts for creating debuginfo and source file distributions, collect build-ids and rewrite source paths in DWARF data for debugging, tracing and profiling.
 License: GPL-3.0-or-later AND GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/debugedit/
@@ -44,6 +44,8 @@ Requires: grep
 
 %global _hardened_build 1
 
+Patch1: 0001-find-debuginfo-Check-files-are-writable-before-modif.patch
+
 %description
 The debugedit project provides programs and scripts for creating
 debuginfo and source file distributions, collect build-ids and rewrite
@@ -84,6 +86,9 @@ make check %{?_smp_mflags}
 %{_mandir}/man1/find-debuginfo.1*
 
 %changelog
+* Thu Nov 28 2024 Mark Wielaard <mjw@redhat.com> - 5.1-2
+- Add 0001-find-debuginfo-Check-files-are-writable-before-modif.patch
+
 * Tue Oct 29 2024 Mark Wielaard <mjw@redhat.com> - 5.1-1
 - New upstream 5.1 release
 - Drop all local patches