[dpkg] 153/192: dpkg-genbuildinfo: Add support for new Build-Kernel-Version field
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:04:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit d920305d9deb52fa7c1fb8b0f01bfc31cf517e41
Author: Guillem Jover <guillem at debian.org>
Date: Sun Sep 10 16:18:15 2017 +0200
dpkg-genbuildinfo: Add support for new Build-Kernel-Version field
Packages intended to be built in a generic way must never rely on the
currently running kernel on the build system (an exception could be an
optimization rebuild using the current system as the reference baseline).
But to be able to detect when a package might not be reproducible due to
varying kernel information it is still useful to be able to record this
information. Although that information can be very sensitive.
When the builder has explicitly enabled the Build-Kernel-Version field
with the new dpkg-genbuildinfo --always-include-kernel option, it will
get included in the generated .buildinfo file.
Closes: #873937
---
debian/changelog | 3 +++
man/deb-buildinfo.man | 6 ++++++
man/dpkg-genbuildinfo.man | 6 ++++++
scripts/Dpkg/Control/FieldsCore.pm | 8 ++++++--
scripts/dpkg-genbuildinfo.pl | 9 +++++++++
scripts/t/Dpkg_Control_Fields.t | 6 +++---
6 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3628281..53a13c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -27,6 +27,9 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
deb822 format.
* Remove long obsolete dselect floppy method.
* Remove traces of non-US support from dselect methods.
+ * Add support for a new Build-Kernel-Version field in .buildinfo files,
+ that can be emitted with a new dpkg-genbuildinfo --always-include-kernel
+ option. Closes: #873937
* Perl modules:
- Switch from Dpkg::Util to List::Util, now that the module in the
new required Perl contains the needed functions.
diff --git a/man/deb-buildinfo.man b/man/deb-buildinfo.man
index 3b18424..5013aa0 100644
--- a/man/deb-buildinfo.man
+++ b/man/deb-buildinfo.man
@@ -135,6 +135,12 @@ The date the package was built.
It must be in the same format as the date in a \fBdeb\-changelog\fP(5)
entry.
.TP
+.BR Build\-Kernel\-Version: " \fIbuild-kernel-version\fP"
+The release and version (in an unspecified format) of the kernel running
+on the build system.
+This field is only going to be present if the builder has explicitly
+requested it, to avoid leaking possibly sensitive information.
+.TP
.BR Build\-Path: " \fIbuild-path\fP"
The absolute build path, which correspond to the unpacked source tree.
This field is only going to be present if the vendor has whitelisted it
diff --git a/man/dpkg-genbuildinfo.man b/man/dpkg-genbuildinfo.man
index aaf54a3..ad5e614 100644
--- a/man/dpkg-genbuildinfo.man
+++ b/man/dpkg-genbuildinfo.man
@@ -104,6 +104,12 @@ rather than
(\fBdpkg\-genbuildinfo\fP needs to find these files so that it can include
their sizes and checksums in the \fB.buildinfo\fP file).
.TP
+.BI \-\-always\-include\-kernel
+By default, the \fBBuild\-Kernel-Version\fR field will not be written out.
+
+Specify this option (since dpkg 1.19.0) to always write a
+\fBBuild\-Kernel\-Version\fR field when generating the \fB.buildinfo\fR.
+.TP
.BI \-\-always\-include\-path
By default, the \fBBuild\-Path\fR field will only be written if the current
directory starts with a whitelisted pattern.
diff --git a/scripts/Dpkg/Control/FieldsCore.pm b/scripts/Dpkg/Control/FieldsCore.pm
index 8f5d7f3..74c54e6 100644
--- a/scripts/Dpkg/Control/FieldsCore.pm
+++ b/scripts/Dpkg/Control/FieldsCore.pm
@@ -159,6 +159,10 @@ our %FIELDS = (
name => 'Build-Essential',
allowed => ALL_PKG,
},
+ 'build-kernel-version' => {
+ name => 'Build-Kernel-Version',
+ allowed => CTRL_FILE_BUILDINFO,
+ },
'build-origin' => {
name => 'Build-Origin',
allowed => CTRL_FILE_BUILDINFO,
@@ -629,8 +633,8 @@ our %FIELD_ORDER = (
CTRL_FILE_BUILDINFO() => [
qw(format source binary architecture version binary-only-changes),
@src_checksums_fields,
- qw(build-origin build-architecture build-date build-path
- installed-build-depends environment),
+ qw(build-origin build-architecture build-kernel-version build-date
+ build-path installed-build-depends environment),
],
CTRL_FILE_CHANGES() => [
qw(format date source binary binary-only built-for-profiles architecture
diff --git a/scripts/dpkg-genbuildinfo.pl b/scripts/dpkg-genbuildinfo.pl
index 3682f2f..45c4508 100755
--- a/scripts/dpkg-genbuildinfo.pl
+++ b/scripts/dpkg-genbuildinfo.pl
@@ -61,6 +61,7 @@ my $outputfile;
my $stdout = 0;
my $admindir = $Dpkg::ADMINDIR;
my %use_feature = (
+ kernel => 0,
path => 0,
);
my @build_profiles = get_build_profiles();
@@ -294,6 +295,7 @@ sub usage {
-F<changelog-format> force changelog format.
-O[<buildinfo-file>] write to stdout (or <buildinfo-file>).
-u<upload-files-dir> directory with files (default is '..').
+ --always-include-kernel always include Build-Kernel-Version.
--always-include-path always include Build-Path.
--admindir=<directory> change the administrative directory.
-?, --help show this help message.
@@ -325,6 +327,8 @@ while (@ARGV) {
} elsif (m/^--buildinfo-id=.*$/) {
# Deprecated option
warning('--buildinfo-id is deprecated, it is without effect');
+ } elsif (m/^--always-include-kernel$/) {
+ $use_feature{kernel} = 1;
} elsif (m/^--always-include-path$/) {
$use_feature{path} = 1;
} elsif (m/^--admindir=(.*)$/) {
@@ -415,6 +419,11 @@ $fields->{'Build-Origin'} = get_current_vendor();
$fields->{'Build-Architecture'} = get_build_arch();
$fields->{'Build-Date'} = get_build_date();
+if ($use_feature{kernel}) {
+ my (undef, undef, $kern_rel, $kern_ver, undef) = POSIX::uname();
+ $fields->{'Build-Kernel-Version'} = "$kern_rel $kern_ver";
+}
+
my $cwd = cwd();
if ($use_feature{path}) {
$fields->{'Build-Path'} = $cwd;
diff --git a/scripts/t/Dpkg_Control_Fields.t b/scripts/t/Dpkg_Control_Fields.t
index 74d1739..e096c54 100644
--- a/scripts/t/Dpkg_Control_Fields.t
+++ b/scripts/t/Dpkg_Control_Fields.t
@@ -20,7 +20,7 @@ use Test::More;
use Test::Dpkg qw(:paths);
BEGIN {
- plan tests => 2394;
+ plan tests => 2416;
use_ok('Dpkg::Control::Types');
use_ok('Dpkg::Control::FieldsCore');
@@ -162,8 +162,8 @@ my %fields = (
fields => [
qw(Format Source Binary Architecture Version Binary-Only-Changes),
@src_checksums,
- qw(Build-Origin Build-Architecture Build-Date Build-Path
- Installed-Build-Depends Environment)
+ qw(Build-Origin Build-Architecture Build-Kernel-Version
+ Build-Date Build-Path Installed-Build-Depends Environment)
],
},
CTRL_FILE_CHANGES() => {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list