Debuginfo packages
This page contains information about debuginfo packages and common pitfalls about them for packagers. For usage information and an explanation why debuginfo packages are important, see StackTraces.
Checking your debuginfo package for usefulness
A useful debuginfo package contains stripped symbols from ELF binaries (*.debug
in /usr/lib/debug
) as well as the source code related to them (in /usr/src/debug
). The script that generates the packages is /usr/lib/rpm/find-debuginfo.sh
, read it through to get a basic understanding of how they're generated. If your debuginfo package doesn't contain any files, or is missing the sources or the size of the *.debug
files in it is unexpectedly small (typically *.debug
are larger than the corresponding binary it was stripped from), it's likely that there's a flaw in your package. That's not always the case though, read on.
Useless or incomplete debuginfo packages due to packaging issues
Useless or incomplete debuginfo packages are often a result of packaging flaws. Typical flaws that often manifest themselves as debuginfo packages containing no files:
- The specfile or the package's build routines explicitly strip symbols out of the binaries. Look for invocations of
strip
,install -s
,ld -s
, orgcc -s
etc and get rid of them (or the-s
flags). The method how to do that varies, some examples cases include patching, using%configure
or amake
target that prevents the strip from happening, and/or overriding a strip command like for examplemake install STRIP=/bin/true
- The package is not marked as
noarch
, but does not contain any architecture dependent things (native binaries, architecture dependent paths etc). Truenoarch
packages contain nothing rpmbuild could strip from them, so it's expected that they're empty ifBuildArch: noarch
is missing. If that's the case, make the packagenoarch
. find-debuginfo.sh
processes only files that are executable when it's run; for practical purposes one can assume that happens under the hood after the%install
section. Make sure that all ELF binaries (executables, shared libraries, DSO's) are executable at end of%install
.find-debuginfo.sh
does not process setuid or setgid binaries. There's a bug filed against rpmbuild about that, but until it is fixed in the distros your package is targeted at, make sure that all your binaries do _not_ have the setuid/setgid bits at end of%install
, and restore them in the%files
section using%attr(...) /path/to/file
Flaws that manifest themselves as unexpectedly small *.debug
in the debuginfo package and/or source files missing:
- The package was built without passing
-g
togcc
org++
. Without-g
, no or insufficient information for debuginfo packages is generated, make sure that it is being used. - Note that the default
CFLAGS
andCXXFLAGS
of the distro already contain-g
, so if those flags are being honored, it should be already in use. If not, suboptimal debuginfo packages are not the only problem; the package is probably also compiled without the security enhancing options of recent compiler versions. Make sure that$RPM_OPT_FLAGS
is being honored and used. strip -g
was used on the binaries; see above for possible remedies.
Useless or incomplete debuginfo packages due to other reasons
Empty debuginfo packages may also be generated in situations where there are no obvious packaging flaws present. Sometimes these are because of limitations of find-debuginfo.sh
, sometimes not. Some usual cases:
- Packages whose only architecture dependent binary part is a static library or many of them
- R and Mono packages TODO: people knowledgeable of R and/or Mono, verify these
If you wish to disable generation of the useless debuginfo package while waiting for improvements to find-debuginfo.sh
or if it's unlikely that it could be enhanced to produce a good debuginfo for your package (for example no architecture dependent files, but package is not noarch because of the installation paths it uses), use %global debug_package %{nil}
in the specfile, and be sure to add a comment next to it explaining why it was done.
Missing debuginfo packages
It is normal for noarch package builds to not produce a debuginfo package. If it's missing in other cases (where it has not been explicitly disabled), something's wrong. One such case is a missing %build section with some rpmbuild versions.
Resources
- debuginfo package listings for Fedora, sorted by size. Most debuginfo packages roughly up to 20kB in size are candidates that should be examined - however significantly larger -debuginfo packages may suffer from the same problems too, esp. in the "missing -g" case.
- Note that due to the split repository, each directory must be examined separately.
- http://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/debug/a/?C=S;O=A
- StackTraces
- rpmlint >= 0.77