Debuginfo packages

This page contains information about debuginfo packages and common pitfalls about them for packagers. For usage information and an explanation why debuginfo packages are important, see StackTraces.

Checking your debuginfo package for usefulness

A useful debuginfo package contains stripped symbols from ELF binaries (.debug in /usr/lib/debug) as well as the source code related to them (in /usr/src/debug). The script that generates the packages is /usr/lib/rpm/find-debuginfo.sh, read it through to get a basic understanding of how they’re generated. If your debuginfo package doesn’t contain any files, or is missing the sources or the size of the .debug files in it is unexpectedly small (typically *.debug are larger than the corresponding binary it was stripped from), it’s likely that there’s a flaw in your package. That’s not always the case though, read on.

Useless or incomplete debuginfo packages due to packaging issues

Useless or incomplete debuginfo packages are often a result of packaging flaws. Typical flaws that often manifest themselves as debuginfo packages containing no files:

  • The specfile or the package’s build routines explicitly strip symbols out of the binaries. Look for invocations of strip, install -s, ld -s, or gcc -s etc and get rid of them (or the -s flags). The method how to do that varies, some examples cases include patching, using %configure or a make target that prevents the strip from happening, and/or overriding a strip command like for example make install STRIP=/bin/true

  • The package is not marked as noarch, but does not contain any architecture dependent things (native binaries, architecture dependent paths etc). True noarch packages contain nothing rpmbuild could strip from them, so it’s expected that they’re empty if BuildArch: noarch is missing. If that’s the case, make the package noarch.

  • find-debuginfo.sh processes only files that are executable when it’s run; for practical purposes one can assume that happens under the hood after the %install section. Make sure that all ELF binaries (executables, shared libraries, DSO’s) are executable at end of %install.

  • find-debuginfo.sh does not process setuid or setgid binaries. There’s a bug filed against rpmbuild about that, but until it is fixed in the distros your package is targeted at, make sure that all your binaries do not have the setuid/setgid bits at end of %install, and restore them in the %files section using %attr(…​) /path/to/file

Flaws that manifest themselves as unexpectedly small *.debug in the debuginfo package and/or source files missing:

  • The package was built without passing -g to gcc or g++. Without -g, no or insufficient information for debuginfo packages is generated, make sure that it is being used.

  • Note that the default CFLAGS and CXXFLAGS of the distro already contain -g, so if those flags are being honored, it should be already in use. If not, suboptimal debuginfo packages are not the only problem; the package is probably also compiled without the security enhancing options of recent compiler versions. Make sure that $RPM_OPT_FLAGS is being honored and used.

  • strip -g was used on the binaries; see above for possible remedies.

Useless or incomplete debuginfo packages due to other reasons

Empty debuginfo packages may also be generated in situations where there are no obvious packaging flaws present. Sometimes these are because of limitations of find-debuginfo.sh, sometimes not. Some usual cases:

  • Packages whose only architecture dependent binary part is a static library or many of them

  • R and Mono packages TODO: people knowledgeable of R and/or Mono, verify these

If you wish to disable generation of the useless debuginfo package while waiting for improvements to find-debuginfo.sh or if it’s unlikely that it could be enhanced to produce a good debuginfo for your package (for example no architecture dependent files, but package is not noarch because of the installation paths it uses), use %global debug_package %{nil} in the specfile, and be sure to add a comment next to it explaining why it was done.

Missing debuginfo packages

It is normal for noarch package builds to not produce a debuginfo package. If it’s missing in other cases (where it has not been explicitly disabled), something’s wrong. One such case is a missing %build section with some rpmbuild versions.

Resources

  • debuginfo package listings for Fedora, sorted by size. Most debuginfo packages roughly up to 20kB in size are candidates that should be examined - however significantly larger -debuginfo packages may suffer from the same problems too, esp. in the "missing -g" case.

  • StackTraces

  • rpmlint >= 0.77