Re: Getting package NEVR list from core dump ?

František Šumšal <frantisek@xxxxxxxxx> · Fri, 13 Oct 2023 15:10:45 +0200

Hey

On 10/13/23 09:41, Daniel P. Berrangé wrote:
Not too long ago Fedora added a new ELF note with the NEVR information for
a package, to all shared libraries

   https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects

For cores dumped by processes on my local system, coredumpctl extracts the
package info which is great.

Along with the ELF notes, systemd-analyze gained a new verb - inspect-elf - that can be used to retrieve them:

$ systemd-analyze inspect-elf core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.1697116492000000
           path: /home/mrc0mmand/tmp/core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.1697116492000000
        elfType: coredump
elfArchitecture: AMD x86-64

    module name: libnl-3.so.200
           type: rpm
           name: libnl3
        version: 3.7.0-3.fc38
   architecture: x86_64
          osCpe: cpe:/o:fedoraproject:fedora:38
        buildId: c9b97577bfc99992cc4651143f597ded2b3e1bd2
...

Also in JSON:

$ systemd-analyze inspect-elf --json=pretty core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.1697116492000000
{
        "elfType" : "coredump",
        "elfArchitecture" : "AMD x86-64",
        "libnl-3.so.200" : {
                "type" : "rpm",
                "name" : "libnl3",
                "version" : "3.7.0-3.fc38",
                "architecture" : "x86_64",
                "osCpe" : "cpe:/o:fedoraproject:fedora:38",
                "buildId" : "c9b97577bfc99992cc4651143f597ded2b3e1bd2"
        },
        "libnl-route-3.so.200" : {
                "type" : "rpm",
                "name" : "libnl3",
                "version" : "3.7.0-3.fc38",
                "architecture" : "x86_64",
                "osCpe" : "cpe:/o:fedoraproject:fedora:38",
                "buildId" : "e71fe7f76f1c4bff5d935f0d19c5498c8505c61a"
        },
...

Lets say, however, that I receive a coredump from an end user, and thus it
isn't known to coredumpctl.

What's the "right" way to extract the NEVR list from a standalone core
dump ?

Presumably there's a better way than just running 'strings' over the binary...

$ strings core | grep osCpe:
     {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
     {"type":"rpm","name":"librsvg2","version":"2.56.3-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
     {"type":"rpm","name":"libogg","version":"1.3.5-5.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
     ..snip...
     {"type":"rpm","name":"pixman","version":"0.42.2-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
     {"type":"rpm","name":"libXau","version":"1.0.11-2.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
     {"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}

With regards,
Daniel
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue