Package: dpkg-dev
Version: 1.19.0.4
Severity: wishlist
Tags: patch
Dear Maintainer,
dpkg-buildpackage currently does not automatically list the source .dsc nor
its hash in the call to dpkg-genbuildinfo when doing a binary-only build. This
is understandable because in a binary-only build, dpkg-buildpackage does not
have any concept of a source package and therefore does not know (and cannot
verify) if the working tree was actually generated from any .dsc or not.
However, the caller knows this information, and it is useful for reproducible
builds to track exactly which (i.e. hash-wise) source code generates which
binary packages. So it should be possible for the caller to tell
dpkg-buildpackage, "yes please do include the .dsc hash in the buildinfo, I am
telling you it is correct, you can assume this safely".
Tools like sbuild/pbuilder could then do this, as well as users or rebuilders.
The attached patch implements this in the simplest way possible. It allows the
caller to run something like:
$ dpkg-buildpackage --no-sign -b --buildinfo-option=--build=full
The resulting $pkg_$ver_$arch.buildinfo then contains the .dsc and its hash.
However this requires the caller to know which option to pass, which would
either be
--buildinfo-option=--build=full
--buildinfo-option=--build=any,source
--buildinfo-option=--build=all,source
depending on whether the original build request (to dpkg-buildpackage) was a
-b, -B, or -A.
For this reason, it may be better (more usable) to add a
--force-source-in-buildinfo
flag (or similar name) and when this is switched on, do this instead:
-push @buildinfo_opts, "--build=$build_types" if build_has_none(BUILD_DEFAULT);
+push @buildinfo_opts, "--build=$build_types,source" if
build_has_none(BUILD_DEFAULT);
Let me know if you like this idea and I'll be happy to implement that instead of
the attached patch.
X
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1,
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dpkg-dev depends on:
ii binutils 2.29.1-8
ii bzip2 1.0.6-8.1
ii libdpkg-perl 1.19.0.4
ii make 4.1-9.1
ii patch 2.7.5-1+b2
ii perl 5.26.1-2
ii tar 1.29b-2
ii xz-utils 5.2.2-1.3
Versions of packages dpkg-dev recommends:
ii build-essential 12.4
ii clang-4.0 [c-compiler] 1:4.0.1-8
ii fakeroot 1.22-2
ii gcc [c-compiler] 4:7.2.0-1d1
ii gcc-7 [c-compiler] 7.2.0-16
ii gnupg 2.2.2-1
ii gnupg2 2.2.2-1
ii gpgv 2.2.2-1
ii libalgorithm-merge-perl 0.08-3
Versions of packages dpkg-dev suggests:
ii debian-keyring 2017.08.28
-- no debconf information
-- debsums errors found:
debsums: changed file /usr/bin/dpkg-buildpackage (from dpkg-dev package)
diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl
index f759ba4a6..2250403db 100755
--- a/scripts/dpkg-buildpackage.pl
+++ b/scripts/dpkg-buildpackage.pl
@@ -27,6 +27,7 @@ use Cwd;
use File::Temp qw(tempdir);
use File::Basename;
use File::Copy;
+use List::Util qw(none);
use POSIX qw(:sys_wait_h);
use Dpkg ();
@@ -574,7 +575,9 @@ if (build_has_any(BUILD_BINARY)) {
run_hook('buildinfo', 1);
-push @buildinfo_opts, "--build=$build_types" if build_has_none(BUILD_DEFAULT);
+if (none { index($_, '--build=') == 0 } @buildinfo_opts) {
+ push @buildinfo_opts, "--build=$build_types" if
build_has_none(BUILD_DEFAULT);
+}
push @buildinfo_opts, "--admindir=$admindir" if $admindir;
run_cmd('dpkg-genbuildinfo', @buildinfo_opts);
