Hi All, Here is a bit of an update on some of the system integration tasks I have been working on. 1. I have created a new utility ulp_buildid (open to suggestions on the name), this solves the problem of when we have multiple choices for which live patch to apply how do we choose. This utility takes a pid and libname and returns the NT_GNU_BUILD_ID. It is a long time since I have written more then a few lines of C at a time and back then I was working on a pretty old C compiler so any feedback and constructive criticism is more then welcome. https://github.com/SUSE/libpulp/pull/34 2. I also created a tool called ulp_apply which does a similar role to the dispatcher lua script, currently it takes a lib name and .ulp file and applies the patch to all running programs. Now that I have ulp_buildid I can drop the need for passing in the .ulp file ./ulp-apply "/usr/lib64/libcrypto.so.1.1" "/usr/lib64/openssl-1_1-livepatches/libcrypto_livepatch1.ulp" A work in progress version can be found here https://github.com/simotek/libpulp/blob/tools/tools/ulp_apply At some point we need to decide whether we move forward with this bash script or the dispatcher lua script. 3. As a debugging script I created a very simple script ulp_pids which will give you the pid and executable name of each process with libpulp loaded. 4. I created an experimental package using multibuild to try and build live patches in the simplest way possible. Using this approach all you would need to do is add the respective versions to the _multibuild file. However currently it doesn't work as obs only finds the latest version, I will chase this up with the obs team to see if what i'm trying to do is possible. Other things to note here is the use of Supplements: (libopenssl1_1 and libpulp-tools) which means if you have the repository with this package enabled it will automatically be installed if openssl and libpulp-tools are on the system. It also calls ulp_apply in the %posttrans section with a temporary file as a guard to ensure that live patches are only applied once per library. ## Whats Next ## Currently ulp_reverse takes a .ulp file as a parameter but the "ulp" program only provides us with the .so file that has been patched. So I either need to modify ulp_reverse to take the .so file as a parameter or modify "ulp" to also list metadata files or do something like ulp_buildid to get such info. Another thing I need to decide is whether to add a parameter to ulp_dump to just return the build_id or whether I just parse the full output in whichever script we end up using. I will probably also consider doing something similar for "ulp" just to return the list of live patches as thats all my script will need, primarily to assess whether I need to reverse an existing live patch at the start of the update. Once this is done we should have a fully functioning system. Cheers -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B