Re: Getting package NEVR list from core dump ?
On Fri, Oct 13, 2023 at 03:10:45PM +0200, František Šumšal wrote: > Hey > > On 10/13/23 09:41, Daniel P. Berrangé wrote: > > Not too long ago Fedora added a new ELF note with the NEVR information for > > a package, to all shared libraries > > > >https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects > > > > For cores dumped by processes on my local system, coredumpctl extracts the > > package info which is great. > > Along with the ELF notes, systemd-analyze gained a new verb - inspect-elf - > that can be used to retrieve them: Excellent, that is perfect, thank you With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Getting package NEVR list from core dump ?
Hey On 10/13/23 09:41, Daniel P. Berrangé wrote: Not too long ago Fedora added a new ELF note with the NEVR information for a package, to all shared libraries https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects For cores dumped by processes on my local system, coredumpctl extracts the package info which is great. Along with the ELF notes, systemd-analyze gained a new verb - inspect-elf - that can be used to retrieve them: $ systemd-analyze inspect-elf core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200 path: /home/mrc0mmand/tmp/core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200 elfType: coredump elfArchitecture: AMD x86-64 module name: libnl-3.so.200 type: rpm name: libnl3 version: 3.7.0-3.fc38 architecture: x86_64 osCpe: cpe:/o:fedoraproject:fedora:38 buildId: c9b97577bfc2cc4651143f597ded2b3e1bd2 ... Also in JSON: $ systemd-analyze inspect-elf --json=pretty core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200 { "elfType" : "coredump", "elfArchitecture" : "AMD x86-64", "libnl-3.so.200" : { "type" : "rpm", "name" : "libnl3", "version" : "3.7.0-3.fc38", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:38", "buildId" : "c9b97577bfc2cc4651143f597ded2b3e1bd2" }, "libnl-route-3.so.200" : { "type" : "rpm", "name" : "libnl3", "version" : "3.7.0-3.fc38", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:38", "buildId" : "e71fe7f76f1c4bff5d935f0d19c5498c8505c61a" }, ... Lets say, however, that I receive a coredump from an end user, and thus it isn't known to coredumpctl. What's the "right" way to extract the NEVR list from a standalone core dump ? Presumably there's a better way than just running 'strings' over the binary... $ strings core | grep osCpe: {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"librsvg2","version":"2.56.3-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"libogg","version":"1.3.5-5.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} ..snip... {"type":"rpm","name":"pixman","version":"0.42.2-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"libXau","version":"1.0.11-2.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} With regards, Daniel ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Getting package NEVR list from core dump ?
Daniel P. Berrangé wrote on Fri, Oct 13, 2023 at 08:41:17AM +0100: > What's the "right" way to extract the NEVR list from a standalone core > dump ? I'd probably not call this the "right" way, and it took me way longer than I'd like to admit, but I found notes readelf could read in various loadXXXa sections in dumps I looked at: $ objdump -h dump | grep load1a 27 load1a1000 55d6d3101000 0001b000 2**12 $ dd if=dump of=dump.t bs=4k count=1 iflag=skip_bytes skip=$((0x0001b000)) status=none $ eu-readelf --notes dump.t [...] Note segment of 204 bytes at offset 0x3c0: Owner Data size Type GNU 20 GNU_BUILD_ID Build ID: 1113de7347150ea48ff1c5bd555cdb09a5422f62 GNU 16 GNU_ABI_TAG OS: Linux, ABI: 3.2.0 FDO 120 FDO_PACKAGING_METADATA Packaging Metadata: {"type":"rpm","name":"qemu","version":"8.1.1-1.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"} --- Or looping all of them: --- $ objdump -h dump \ | sed -ne 's/.*load[0-9]*a .* \([0-9a-f]*\).*/\1/p' \ | while read offset; do dd if=dump bs=4k iflag=skip_bytes skip=$((0x$offset)) \ count=1 of=dump.t status=none \ && eu-readelf --notes dump.t; done ... Note segment of 176 bytes at offset 0x320: Owner Data size Type GNU 20 GNU_BUILD_ID Build ID: 0ee9ccb38a6afaecb63d5fd382c83ad9c1dce9be FDO 124 FDO_PACKAGING_METADATA Packaging Metadata: {"type":"rpm","name":"pixman","version":"0.42.2-2.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"} ... --- (grmbl something about readelf and eu-readelf both being unable to read from stdin; I guess parsing elf files isn't trivial enough on a stream) Long story short, I think strings | grep is probably the best you're going to get here? I'm sure gdb/lldb or others could be made to display this, but doesn't seem to be the case at this point (at least glancing at gdb sources); and tools like systemd-analyze inspect-elf can get package metadata of a binary or individual notes sections extracted from the dump but don't seem to be able to parse the elf either... If someone can prove me wrong here, please share! Oh, and you can also just feed it to systemd-coredump to have it do the work for you, then get infos out of it: sudo /usr/lib/systemd/systemd-coredump 1234 1000 1000 11 $(date +%s) $((2**31)) test < dump (in order: pid, uid, gid, signal (11=SEGV on x86_64), timestamp of dump, ulimit -c but I didn't take time to figure out unlimited, hostname) I'll let you decide if that's better... Happy hunting, -- Dominique Martinet | Asmadeus ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Getting package NEVR list from core dump ?
Not too long ago Fedora added a new ELF note with the NEVR information for a package, to all shared libraries https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects For cores dumped by processes on my local system, coredumpctl extracts the package info which is great. Lets say, however, that I receive a coredump from an end user, and thus it isn't known to coredumpctl. What's the "right" way to extract the NEVR list from a standalone core dump ? Presumably there's a better way than just running 'strings' over the binary... $ strings core | grep osCpe: {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"librsvg2","version":"2.56.3-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"libogg","version":"1.3.5-5.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} ..snip... {"type":"rpm","name":"pixman","version":"0.42.2-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"libXau","version":"1.0.11-2.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"} With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue