msys2-runtime: avoid stripping to allow code-signing again

Third parties commonly code-sign the MSYS2 runtime when ingesting
MinGit, as a way to attest the integrity (_not_ to testify that they
have vetted all the supply chain!).

This is currently broken, failing with:

  SignTool Error: SignedCode::Sign returned error: 0x800700C1

    %1 is not a valid Win32 application.

  SignTool Error: An error occurred while attempting to sign: msys-2.0.dll

The reason is that the MSYS toolchain's version of `strip.exe` somehow
changes the structure of the output files that are incompatible with
`signtool.exe`, as had been identified in ffd1140 (bash: avoid
stripping after code-signing, 2022-05-02).

Therefore, as of 667799c (msys2-runtime: strip it, 2022-12-19), the
`msys-2.0.dll` file (and all of the Cygwin utilities like
`cygwin-console-helper.exe`) can no longer be signed.

So let's revert that change.

However, we _must_ be _very_ careful not to regress on the cause for
that commit: It was triggered by Cygwin's build process all of a sudden
including all the debug information in the `msys-2.0.dll` file, which
makes it roughly 10x larger (and it already weighs ~3MB to begin with).

The saving grace is that we can put `-g0` into the `CFLAGS`/`CXXFLAGS`
variables that are hard-coded in the `PKGBUILD` file. This prevents
debug information from being generated in th first place, hence avoiding
the need to strip the executables.

Signed-off-by: Johannes Schindelin <[email protected]>

Author: dscho

msys2-runtime/PKGBUILD

@@ -4,7 +4,7 @@
 pkgbase=msys2-runtime
 pkgname=('msys2-runtime' 'msys2-runtime-devel')
 pkgver=3.6.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Cygwin POSIX emulation engine"
 arch=('x86_64')
 url="https://www.cygwin.com/"
@@ -237,8 +237,10 @@ build() {
     OPTIM="-O2"
   fi
 
-  CFLAGS="$OPTIM -pipe -ggdb"
-  CXXFLAGS="$OPTIM -pipe -ggdb"
+  # We use `-g0` here to suppress debug symbols, to avoid having to call `strip.exe`
+  # on the binary files (which would break code-signing those files).
+  CFLAGS="$OPTIM -pipe -g0"
+  CXXFLAGS="$OPTIM -pipe -g0"
 
   # otherwise it asks git which appends "-dirty" because of our uncommited patches
   CFLAGS+=" -DCYGPORT_RELEASE_INFO=${pkgver}"
@@ -265,6 +267,7 @@ build() {
 
 package_msys2-runtime() {
   pkgdesc="Posix emulation engine for Windows"
+  options=('!strip')
   conflicts=('catgets' 'libcatgets' 'msys2-runtime-3.6')
   replaces=('catgets' 'libcatgets' 'msys2-runtime-3.6')