This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
commit d920305d9deb52fa7c1fb8b0f01bfc31cf517e41 Author: Guillem Jover <guil...@debian.org> Date: Sun Sep 10 16:18:15 2017 +0200 dpkg-genbuildinfo: Add support for new Build-Kernel-Version field Packages intended to be built in a generic way must never rely on the currently running kernel on the build system (an exception could be an optimization rebuild using the current system as the reference baseline). But to be able to detect when a package might not be reproducible due to varying kernel information it is still useful to be able to record this information. Although that information can be very sensitive. When the builder has explicitly enabled the Build-Kernel-Version field with the new dpkg-genbuildinfo --always-include-kernel option, it will get included in the generated .buildinfo file. Closes: #873937 --- debian/changelog | 3 +++ man/deb-buildinfo.man | 6 ++++++ man/dpkg-genbuildinfo.man | 6 ++++++ scripts/Dpkg/Control/FieldsCore.pm | 8 ++++++-- scripts/dpkg-genbuildinfo.pl | 9 +++++++++ scripts/t/Dpkg_Control_Fields.t | 6 +++--- 6 files changed, 33 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3628281..53a13c3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -27,6 +27,9 @@ dpkg (1.19.0) UNRELEASED; urgency=medium deb822 format. * Remove long obsolete dselect floppy method. * Remove traces of non-US support from dselect methods. + * Add support for a new Build-Kernel-Version field in .buildinfo files, + that can be emitted with a new dpkg-genbuildinfo --always-include-kernel + option. Closes: #873937 * Perl modules: - Switch from Dpkg::Util to List::Util, now that the module in the new required Perl contains the needed functions. diff --git a/man/deb-buildinfo.man b/man/deb-buildinfo.man index 3b18424..5013aa0 100644 --- a/man/deb-buildinfo.man +++ b/man/deb-buildinfo.man @@ -135,6 +135,12 @@ The date the package was built. It must be in the same format as the date in a \fBdeb\-changelog\fP(5) entry. .TP +.BR Build\-Kernel\-Version: " \fIbuild-kernel-version\fP" +The release and version (in an unspecified format) of the kernel running +on the build system. +This field is only going to be present if the builder has explicitly +requested it, to avoid leaking possibly sensitive information. +.TP .BR Build\-Path: " \fIbuild-path\fP" The absolute build path, which correspond to the unpacked source tree. This field is only going to be present if the vendor has whitelisted it diff --git a/man/dpkg-genbuildinfo.man b/man/dpkg-genbuildinfo.man index aaf54a3..ad5e614 100644 --- a/man/dpkg-genbuildinfo.man +++ b/man/dpkg-genbuildinfo.man @@ -104,6 +104,12 @@ rather than (\fBdpkg\-genbuildinfo\fP needs to find these files so that it can include their sizes and checksums in the \fB.buildinfo\fP file). .TP +.BI \-\-always\-include\-kernel +By default, the \fBBuild\-Kernel-Version\fR field will not be written out. + +Specify this option (since dpkg 1.19.0) to always write a +\fBBuild\-Kernel\-Version\fR field when generating the \fB.buildinfo\fR. +.TP .BI \-\-always\-include\-path By default, the \fBBuild\-Path\fR field will only be written if the current directory starts with a whitelisted pattern. diff --git a/scripts/Dpkg/Control/FieldsCore.pm b/scripts/Dpkg/Control/FieldsCore.pm index 8f5d7f3..74c54e6 100644 --- a/scripts/Dpkg/Control/FieldsCore.pm +++ b/scripts/Dpkg/Control/FieldsCore.pm @@ -159,6 +159,10 @@ our %FIELDS = ( name => 'Build-Essential', allowed => ALL_PKG, }, + 'build-kernel-version' => { + name => 'Build-Kernel-Version', + allowed => CTRL_FILE_BUILDINFO, + }, 'build-origin' => { name => 'Build-Origin', allowed => CTRL_FILE_BUILDINFO, @@ -629,8 +633,8 @@ our %FIELD_ORDER = ( CTRL_FILE_BUILDINFO() => [ qw(format source binary architecture version binary-only-changes), @src_checksums_fields, - qw(build-origin build-architecture build-date build-path - installed-build-depends environment), + qw(build-origin build-architecture build-kernel-version build-date + build-path installed-build-depends environment), ], CTRL_FILE_CHANGES() => [ qw(format date source binary binary-only built-for-profiles architecture diff --git a/scripts/dpkg-genbuildinfo.pl b/scripts/dpkg-genbuildinfo.pl index 3682f2f..45c4508 100755 --- a/scripts/dpkg-genbuildinfo.pl +++ b/scripts/dpkg-genbuildinfo.pl @@ -61,6 +61,7 @@ my $outputfile; my $stdout = 0; my $admindir = $Dpkg::ADMINDIR; my %use_feature = ( + kernel => 0, path => 0, ); my @build_profiles = get_build_profiles(); @@ -294,6 +295,7 @@ sub usage { -F<changelog-format> force changelog format. -O[<buildinfo-file>] write to stdout (or <buildinfo-file>). -u<upload-files-dir> directory with files (default is '..'). + --always-include-kernel always include Build-Kernel-Version. --always-include-path always include Build-Path. --admindir=<directory> change the administrative directory. -?, --help show this help message. @@ -325,6 +327,8 @@ while (@ARGV) { } elsif (m/^--buildinfo-id=.*$/) { # Deprecated option warning('--buildinfo-id is deprecated, it is without effect'); + } elsif (m/^--always-include-kernel$/) { + $use_feature{kernel} = 1; } elsif (m/^--always-include-path$/) { $use_feature{path} = 1; } elsif (m/^--admindir=(.*)$/) { @@ -415,6 +419,11 @@ $fields->{'Build-Origin'} = get_current_vendor(); $fields->{'Build-Architecture'} = get_build_arch(); $fields->{'Build-Date'} = get_build_date(); +if ($use_feature{kernel}) { + my (undef, undef, $kern_rel, $kern_ver, undef) = POSIX::uname(); + $fields->{'Build-Kernel-Version'} = "$kern_rel $kern_ver"; +} + my $cwd = cwd(); if ($use_feature{path}) { $fields->{'Build-Path'} = $cwd; diff --git a/scripts/t/Dpkg_Control_Fields.t b/scripts/t/Dpkg_Control_Fields.t index 74d1739..e096c54 100644 --- a/scripts/t/Dpkg_Control_Fields.t +++ b/scripts/t/Dpkg_Control_Fields.t @@ -20,7 +20,7 @@ use Test::More; use Test::Dpkg qw(:paths); BEGIN { - plan tests => 2394; + plan tests => 2416; use_ok('Dpkg::Control::Types'); use_ok('Dpkg::Control::FieldsCore'); @@ -162,8 +162,8 @@ my %fields = ( fields => [ qw(Format Source Binary Architecture Version Binary-Only-Changes), @src_checksums, - qw(Build-Origin Build-Architecture Build-Date Build-Path - Installed-Build-Depends Environment) + qw(Build-Origin Build-Architecture Build-Kernel-Version + Build-Date Build-Path Installed-Build-Depends Environment) ], }, CTRL_FILE_CHANGES() => { -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/dpkg/dpkg.git