Package: sbuild
Version: 0.73.0-4
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: infrastructure
Hello,
dpkg-buildpackage typically generates a .changes and .buildinfo file,
and signs both (since at least dpkg 1.18.19).
But when using sbuild, dpkg-buildpackage inside of the build chroot does
not do the signing, but rather sbuild signs the .changes file afterward.
Please could that code be updated to also sign the .buildinfo (if one
was created).
I have not tested the attached patch (yet?) but it explains the issue at
least. Here is typical output where only the .changes file gets signed:
> ────────────────────────────────────────────────────────────────────────────────
> Finished at 20170314-2338
> Build needed 00:00:43, 5660k disc space
> Signature with key 'F2F4A5FC' requested:
> signfile /home/buildd/build/hello_2.10-1+b1_amd64.changes F2F4A5FC
>
> Successfully signed changes file
The relevance/importance of this is that official Debian package builds
produce .buildinfo files now, and dak archives them, but they are not
being signed yet.
Thanks!
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff --git a/lib/Sbuild/Build.pm b/lib/Sbuild/Build.pm
index 9a767a2..b196812 100644
--- a/lib/Sbuild/Build.pm
+++ b/lib/Sbuild/Build.pm
@@ -2668,6 +2668,21 @@ sub get_changes {
return $changes;
}
+sub get_buildinfo {
+ my $self=shift;
+ my $buildinfo;
+
+ if ($self->get_conf('BUILD_ARCH_ANY')) {
+ $buildinfo = $self->get('Package_SVersion') . '_' . $self->get('Host Arch') . '.buildinfo';
+ } elsif ($self->get_conf('BUILD_ARCH_ALL')) {
+ $buildinfo = $self->get('Package_SVersion') . "_all.buildinfo";
+ } elsif ($self->get_conf('BUILD_SOURCE')) {
+ $buildinfo = $self->get('Package_SVersion') . "_source.buildinfo";
+ }
+
+ return $buildinfo;
+}
+
sub check_space {
my $self = shift;
my @files = @_;
@@ -3169,6 +3184,7 @@ sub close_build_log {
my $key_id = $self->get_conf('KEY_ID');
my $build_dir = $self->get_conf('BUILD_DIR');
my $changes;
+ my $buildinfo;
$self->log(sprintf("Signature with key '%s' requested:\n", $key_id));
$changes = $self->get_changes();
if (!defined($changes)) {
@@ -3176,6 +3192,10 @@ sub close_build_log {
} else {
system('debsign', '--re-sign', "-k$key_id", '--', "$build_dir/$changes");
}
+ $buildinfo = $self->get_buildinfo();
+ if (defined($buildinfo) && stat($buildinfo)) {
+ system('debsign', '--re-sign', "-k$key_id", '--', "$build_dir/$buildinfo");
+ }
if ($self->get_conf('SOURCE_ONLY_CHANGES')) {
my $so_changes = $build_dir . '/' . $self->get('Package_SVersion') . "_source.changes";
if (-r $so_changes) {
