The debuginfod system uses buildids to identify debuginfo-related data. These are stored as binary notes in ELF/DWARF files, and are represented as lowercase hexadecimal. For example, for a program /bin/ls, look at the ELF note GNU_BUILD_ID:
% readelf -n /bin/ls | grep -A4 build.id Note section [ 4] '.note.gnu.buildid' of 36 bytes at offset 0x340: Owner Data size Type GNU 20 GNU_BUILD_ID Build ID: 8713b9c3fb8a720137a4a08b325905c7aaf8429d
Then the hexadecimal BUILDID is simply:
8713b9c3fb8a720137a4a08b325905c7aaf8429d
In place of the hexadecimal BUILDID, debuginfod-find also accepts a path name to to an ELF binary, from which it extracts the buildid. In this case, ensure the file name has some character other than [0-9a-f]. Files ambiguously named files like "deadbeef" can be passed with a ./deadbeef extra path component.
If the given buildid is known to a server, this request will result in a binary object that contains the customary .*debug_* sections. This may be a split debuginfo file as created by strip, or it may be an original unstripped executable.
If the given buildid is known to the server, this request will result in a binary object that contains the normal executable segments. This may be a executable stripped by strip, or it may be an original unstripped executable. ET_DYN shared libraries are considered to be a type of executable.
If the given buildid is known to the server, this request will result in a binary object that contains the source file mentioned. The path should be absolute. Relative path names commonly appear in the DWARF file's source directory, but these paths are relative to individual compilation unit AT_comp_dir paths, and yet an executable is made up of multiple CUs. Therefore, to disambiguate, debuginfod expects source queries to prefix relative path names with the CU compilation-directory, followed by a mandatory "/".
Note: the caller may or may not elide ../ or /./ or extraneous /// sorts of path components in the directory names. debuginfod accepts both forms. Specifically, debuginfod canonicalizes path names according to RFC3986 section 5.2.4 (Remove Dot Segments), plus reducing any // to / in the path.
For example:
| #include <stdio.h> | source BUILDID /usr/include/stdio.h |
| /path/to/foo.c | source BUILDID /path/to/foo.c |
| ../bar/foo.c AT_comp_dir=/zoo/ | source BUILDID /zoo//../bar/foo.c |
debuginfod-find does not include any particular security features. It trusts that the binaries returned by the debuginfod(s) are accurate. Therefore, the list of servers should include only trustworthy ones. If accessed across HTTP rather than HTTPS, the network should be trustworthy. Authentication information through the internal libcurl library is not currently enabled, except for the basic plaintext http[s]://userid:password@hostname/ style. (The debuginfod server does not perform authentication, but a front-end proxy server could.)