From 67dee55d160e312b9d0db607630eacfaa3ce08e4 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 28 Nov 2024 17:58:54 +0100
Subject: [PATCH] find-debuginfo: Check files are writable before modifying
 them

Since commit dfe1f7ff3 ("find-debuginfo.sh: Exit with real exit status
in parallel jobs") there is a check whether gdb-add-index worked
correctly and find-debuginfo would fail (even in parallel mode) if an
error occured.

This turned out to show that gdb-add-index needs write permission to
add the gdb index to the file. This is also the case for a couple of
other things, like running objcopy --merge-notes. debugedit and
add_minidebug already made sure it had write permission.

To make sure find-debuginfo doesn't (partially) fail extend the
writable check to include the gdb-add-index and objcopy --merge-notes
invocation.
---
 scripts/find-debuginfo.in | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/scripts/find-debuginfo.in b/scripts/find-debuginfo.in
index a360bf0582dc..4e4ef5a64005 100755
--- a/scripts/find-debuginfo.in
+++ b/scripts/find-debuginfo.in
@@ -481,14 +481,29 @@ do_file()
     $strict && return 2
   fi
 
+  # debugedit makes sure to to get write permission to the file and
+  # restores original state after modifications. Other utilities
+  # might not.
+  f_writable="false"
+  if test -w "$f"; then f_writable="true"; fi
+
   # Add .gdb_index if requested.
   if $include_gdb_index; then
     if type gdb-add-index >/dev/null 2>&1; then
+      if test "$f_writable" = "false"; then
+        chmod u+w "$f"
+      fi
       gdb-add-index "$f" || {
         status=$?
         echo >&2 "*** ERROR:: GDB exited with exit status $status during index generation"
+        if test "$f_writable" = "false"; then
+          chmod u-w "$f"
+        fi
         return 2
       }
+      if test "$f_writable" = "false"; then
+        chmod u-w "$f"
+      fi
     else
       echo >&2 "*** ERROR: GDB index requested, but no gdb-add-index installed"
       return 2
@@ -497,7 +512,13 @@ do_file()
 
   # Compress any annobin notes in the original binary.
   # Ignore any errors, since older objcopy don't support --merge-notes.
+  if test "$f_writable" = "false"; then
+    chmod u+w "$f"
+  fi
   objcopy --merge-notes "$f" 2>/dev/null || true
+  if test "$f_writable" = "false"; then
+    chmod u-w "$f"
+  fi
 
   # A binary already copied into /usr/lib/debug doesn't get stripped,
   # just has its file names collected and adjusted.
@@ -507,7 +528,7 @@ do_file()
   esac
 
   mkdir -p "${debugdn}"
-  if test -w "$f"; then
+  if test "$f_writable" = "true"; then
     strip_to_debug "${debugfn}" "$f"
   else
     chmod u+w "$f"
@@ -529,7 +550,15 @@ do_file()
       application/x-executable*) skip_mini=false ;;
       application/x-pie-executable*) skip_mini=false ;;
     esac
-    $skip_mini || add_minidebug "${debugfn}" "$f"
+    if test "$skip_mini" = "true"; then
+      if test "$f_writable" = "false"; then
+        chmod u+w "$f"
+      fi
+      add_minidebug "${debugfn}" "$f"
+      if test "$f_writable" = "false"; then
+        chmod u-w "$f"
+      fi
+    fi
   fi
 
   echo "./${f#$RPM_BUILD_ROOT}" >> "$ELFBINSFILE"
-- 
2.47.0