[Reproducible-commits] [dpkg] 22/37: dpkg-buildpackage: Use a more privacy-preserving default buildinfo identifier

[Jérémy Bobbio]

This is an automated email from the git hooks/post-receive script.

lunar pushed a commit to branch pu/buildinfo
in repository dpkg.

commit 7fb43352df20b32b16842553ad24e33dfa5df689
Author: Jérémy Bobbio <lunar at debian.org>
Date:   Fri Jan 29 15:47:30 2016 +0000

    dpkg-buildpackage: Use a more privacy-preserving default buildinfo identifier
    
    We now use the timestamp first and then the eight first characterss of the md5
    hash of the buildinfo content as the default buildinfo identifier.
---
 scripts/dpkg-buildpackage.pl | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl
index ef62297..102558a 100755
--- a/scripts/dpkg-buildpackage.pl
+++ b/scripts/dpkg-buildpackage.pl
@@ -29,7 +29,6 @@ use File::Temp qw(tempdir);
 use File::Basename;
 use File::Copy;
 use POSIX qw(:sys_wait_h strftime);
-use Sys::Hostname;
 
 use Dpkg ();
 use Dpkg::Control::Info;
@@ -431,10 +430,6 @@ if (defined $parallel) {
 if (defined $buildinfo_identifier) {
     error(g_('buildinfo identifiers must not be empty and only contain alphanumeric characters and hyphens'))
         unless $buildinfo_identifier =~ /\A[A-Za-z0-9-]+\z/;
-} else {
-    my $hostname = hostname;
-    my $timestamp = strftime('%Y%m%dT%H%M%SZ', gmtime());
-    $buildinfo_identifier = "$hostname-$timestamp";
 }
 
 set_build_profiles(@build_profiles) if @build_profiles;
@@ -600,8 +595,25 @@ if ($include & BUILD_BINARY) {
 
         push @buildinfo_opts, "--admindir=$admindir" if $admindir;
 
+        open my $genbuildinfo_fh, '-|', 'dpkg-genbuildinfo', @buildinfo_opts
+            or subprocerr('dpkg-genbuildinfo');
+        my @buildinfo_content = <$genbuildinfo_fh>;
+        close $genbuildinfo_fh;
+
+        if (!defined $buildinfo_identifier) {
+            require Digest::MD5;
+
+            my $timestamp = strftime('%Y%m%dT%H%M%SZ', gmtime());
+            my $buildinfo_md5 = Digest::MD5::md5_hex(@buildinfo_content);
+            $buildinfo_identifier = "$timestamp-" . substr($buildinfo_md5, 0, 8);
+        }
+
         my $buildinfo = "${pv}_${buildinfo_identifier}.buildinfo";
-        withecho("dpkg-genbuildinfo @buildinfo_opts >../$buildinfo");
+
+        open my $buildinfo_fh, ">../$buildinfo"
+            or syserr(g_('cannot open %s', "../$buildinfo"));
+        print $buildinfo_fh, @buildinfo_content;
+        close $buildinfo_fh;
 
         my $control = Dpkg::Control::Info->new('debian/control');
         my $sec = $control->get_source->{'Section'} // '-';

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git