On Wed, Oct 27, 2021 at 12:47:03PM +0200, Florian Weimer wrote: > * Zbigniew Jędrzejewski-Szmek: > > > On Wed, Oct 27, 2021 at 09:38:35AM +0200, Florian Weimer wrote: > >> * Ben Cotton: > >> > >> > https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects > >> > > >> > == Summary == > >> > All binaries (executables and shared libraries) are annotated with an > >> > ELF note that identifies the rpm for which this file was built. This > >> > allows binaries to be identified when they are distributed without any > >> > of the rpm metadata. `systemd-coredump` uses this to log package > >> > versions when reporting crashes. > >> > >> Can we enhance this to collect the package versions of all code that is > >> linked statically? > > > > Hmm, do you mean the general case of any library linked statically, or > > the special case where have an rpm with a static version of the library > > (libfoo-static) and build another rpm with this? > > The general case of any statically linked code. It could be libgcc, > startup files, the non-shared bits of glibc, static-only libraries, or > header-only C++ libraries. The format is extensible, so in principle it would be possible to do this (as described in Luca's reply and the follow-up from Neal), but I don't think we would want to. Right now we have a single item of information ("this binary was built for foo-nnn-m.arch.rpm part of fedora 39"). With statically linked code and other bits we get into an open-ended list of source inputs… and we have better solutions for this. People talk about SBOMs, and design formats to represent this and query in scalable ways. The goal of the small embedded metadata is to unambiguously identify the binary, but for complex and exhaustive information about the build tools, environment, configuration, logs, etc, one has to go online. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
