Auditing builds

Updated: April 19, 2023

QNX provides tools that you can use to gather information about build artifacts, including which shared libraries a binary needs, the package it belongs to, and the command line options that were used to build it.

What am I running?

You can run the use command to display information about build artifacts such as a library or binary. You can run it on either a host or target (if use is installed on your target image).

use -i binary

Example command and output:

$ use -i ./libbz2.so 

QNX_BUILDID=(GNU)b5aa59f5823c5d06ffcf1f84d28de841 

NAME=libbz2.so.1 

DESCRIPTION=bzip2 library 

DATE=2020/01/17-13:09:14-EST 

STATE=lookup 

HOST=sdp710-node1 

USER=builder 

TAGID=710-SDP-186 

VERSION=7.1.0 

PACKAGE=com.qnx.qnx710.target.base.compression/0.0.2.00186T202001171352A 

You can extract this information for prebuilt QNX binaries.

To inject your own information, see the usemsg entry in the Utilities Reference.

For more information, see the use entry in the Utilities Reference.

Displaying the options that were used when an executable binary was compiled

When the -frecord-gcc-switches option is specified during the build, the compiler records all the command line arguments it was invoked with into an ELF section named .GCC.command.line. To display the .GCC.command.line section, run the readelf utility with the following parameters on the executable, library, or symbol file:

readelf_variant  -p .GCC.command.line  elffile
where:
  • readelf_variant is the readelf command for the specific target platform in the format ntotarget-readelf (for example, ntox86_64-readelf)
  • elffile is the executable or library to inspect

QNX has chosen to enable the -frecord-gcc-switches option. For stripped executables and shared objects that ship with QNX Neutrino, the .GCC.command.line section is only found in the symbols file (.sym file).

Example command and output:

ntox86_64-readelf -p .GCC.command.line librcheck.so.1.sym 

String dump of section '.GCC.command.line': 

  [     0]  -g2 

  [     4]  -D_FILE_OFFSET_BITS=64 

  [    1b]  -DMALLOC_WRAPPER 

  [    2c]  -D_LIBMALLOC 

  [    39]  -UMALLOC_WRAPPER 

  [    4a]  -DMALLOC_DEBUG 

...

For more information, see the readelf entry in the Utilities Reference.

Required libraries and other binary information

The readelf utility can also provide additional information about the binary and parse the output. For example:

ntoaaarch64-readelf  -d  libbz2.so.1  | grep NEEDED

0x0000000000000001 ( NEEDED)              Shared library: [libc.so.5]

For more information, see the readelf entry in the Utilities Reference.

Depending on the system, you can also use ldd to list required libraries. See the ldd entry in the Utilities Reference.

Generate a manifest for the QNX OS image on your target system

The Qscan tool (qscan.sh) allows you generate a manifest for the QNX OS image on your target system.

For more information, see “Using Qscan to generate a target manifest” in the QNX Software Center User's Guide.