Daniel P. Berrangé wrote on Fri, Oct 13, 2023 at 08:41:17AM +0100:
> What's the "right" way to extract the NEVR list from a standalone core
> dump ?
I'd probably not call this the "right" way, and it took me way longer
than I'd like to admit, but I found notes readelf could read in various
loadXXXa sections in dumps I looked at:
------------
$ objdump -h dump | grep load1a
27 load1a 00001000 000055d6d3101000 0000000000000000 0001b000 2**12
$ dd if=dump of=dump.t bs=4k count=1 iflag=skip_bytes skip=$((0x0001b000)) status=none
$ eu-readelf --notes dump.t
[...]
Note segment of 204 bytes at offset 0x3c0:
Owner Data size Type
GNU 20 GNU_BUILD_ID
Build ID: 1113de7347150ea48ff1c5bd555cdb09a5422f62
GNU 16 GNU_ABI_TAG
OS: Linux, ABI: 3.2.0
FDO 120 FDO_PACKAGING_METADATA
Packaging Metadata: {"type":"rpm","name":"qemu","version":"8.1.1-1.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
-----------
Or looping all of them:
-----------
$ objdump -h dump \
| sed -ne 's/.*load[0-9]*a .*0000000000000000 \([0-9a-f]*\).*/\1/p' \
| while read offset; do
dd if=dump bs=4k iflag=skip_bytes skip=$((0x$offset)) \
count=1 of=dump.t status=none \
&& eu-readelf --notes dump.t;
done
...
Note segment of 176 bytes at offset 0x320:
Owner Data size Type
GNU 20 GNU_BUILD_ID
Build ID: 0ee9ccb38a6afaecb63d5fd382c83ad9c1dce9be
FDO 124 FDO_PACKAGING_METADATA
Packaging Metadata: {"type":"rpm","name":"pixman","version":"0.42.2-2.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
...
-----------
(grmbl something about readelf and eu-readelf both being unable to read
from stdin; I guess parsing elf files isn't trivial enough on a stream)
Long story short, I think strings | grep is probably the best you're
going to get here?
I'm sure gdb/lldb or others could be made to display this, but doesn't
seem to be the case at this point (at least glancing at gdb sources);
and tools like systemd-analyze inspect-elf can get package metadata of a
binary or individual notes sections extracted from the dump but don't
seem to be able to parse the elf either...
If someone can prove me wrong here, please share!
Oh, and you can also just feed it to systemd-coredump to have it do the
work for you, then get infos out of it:
sudo /usr/lib/systemd/systemd-coredump 1234 1000 1000 11 $(date +%s) $((2**31)) test < dump
(in order: pid, uid, gid, signal (11=SEGV on x86_64), timestamp of dump,
ulimit -c but I didn't take time to figure out unlimited, hostname)
I'll let you decide if that's better...
Happy hunting,
--
Dominique Martinet | Asmadeus
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
