Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl: basic dbg package #30691

Merged
merged 1 commit into from
Oct 16, 2024
Merged

openssl: basic dbg package #30691

merged 1 commit into from
Oct 16, 2024

Conversation

xnox
Copy link
Member

@xnox xnox commented Oct 12, 2024
edited
Loading

Add a basic manual dbg package for openssl.

Install source code into /usr/src/${{package.name}} (maybe needs a
pipeline like that).

Use -g to create debug symbols and file-prefix-map to encode all
source code references in the debug symbols to that destination.

Use split/debug as the first subpackage to detach all debug.

Note build-ids are not set by split/debug pipeline, meaning these
debug symbols are not suitable to upload into debuginfod server. See
https://sourceware.org/elfutils/Debuginfod.html

But this will do for now, installing openssl-dbg allows gdb to just
work. This is needed to stream-line security lab assesments, but also
to debug OpenSSL features and bugs.

Sample gdb session:

Reading symbols from openssl...
Reading symbols from /usr/lib/debug//usr/bin/openssl.debug...
(gdb) break main
warning: could not convert 'main' from the host encoding (ISO-8859-1) to UTF-32.
This normally should not happen, please file a bug report.
Breakpoint 1 at 0x499a0: file apps/openssl.c, line 236.
(gdb) run
Starting program: /usr/bin/openssl 
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".

Breakpoint 1, main (argc=1, argv=0x7ffd74888238) at apps/openssl.c:236
236	{
(gdb) l
231	
232	static char *help_argv[] = { "help", NULL };
233	static char *version_argv[] = { "version", NULL };
234	
235	int main(int argc, char *argv[])
236	{
237	    FUNCTION f, *fp;
238	    LHASH_OF(FUNCTION) *prog = NULL;
239	    char *pname;
240	    const char *fname;
(gdb)

@xnox xnox force-pushed the openssl-dbg branch 2 times, most recently from be9c1ba to 538e9f5 Compare October 16, 2024 11:41
@xnox
openssl: basic dbg package
3d15ca9 
Add a basic manual dbg package for openssl.

Install source code into /usr/src/${{package.name}} (maybe needs a
pipeline like that).

Use -g to create debug symbols and file-prefix-map to encode all
source code references in the debug symbols to that destination.

Use split/debug as the first subpackage to detach all debug.

Note build-ids are not set by split/debug pipeline, meaning these
debug symbols are not suitable to upload into debuginfod server. See
https://sourceware.org/elfutils/Debuginfod.html

But this will do for now, installing openssl-dbg allows gdb to just
work. This is needed to stream-line security lab assesments, but also
to debug OpenSSL features and bugs.
@xnox xnox marked this pull request as ready for review October 16, 2024 13:02
smoser
smoser reviewed Oct 16, 2024
View reviewed changes
openssl.yaml Show resolved Hide resolved
smoser
smoser approved these changes Oct 16, 2024
View reviewed changes
Copy link
Member

@smoser smoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL about split/debug.

Thanks.

@smoser smoser merged commit 9385d8e into wolfi-dev:main Oct 16, 2024
10 checks passed
@xnox xnox mentioned this pull request Oct 17, 2024
Merged
smoser pushed a commit that referenced this pull request Oct 17, 2024
@xnox
Fix /usr/src permissions (#30998)
8c36eeb 
Once all of these teething issues are fixed, this should probably
become a reusable pipeline, as it is tricky.

Fix permissions on the /usr/src/${{package.name}} directory, as mktemp
creates it as 700, despite contents being 644 or 755 as
appropriate. Without this fixup gdb does not work with source code
access for non-root users. Discovered in testing a custom image, as
non-root, with openssl-dbg pre-installed.

Fixes:
- #30691
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smoser smoser smoser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xnox @smoser