[pacman-dev] [PATCH v3] makepkg: record build information in .BUILDINFO
This information can be used to reproduce build conditions, which can then be used to determine if a package builds reproducibly. Signed-off-by: Allan McRae <allan@archlinux.org> --- v3: Remove recording of environmental variables - that was a failure. This should not be controversial now. It records: - buildpath - PKGBUILD hash - installed package list The buildenv and options arrays are moved from .PKGINFO to .BUILDINFO scripts/makepkg.sh.in | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 43584c3..42ec297 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -223,7 +223,7 @@ run_pacman() { else cmd=("$PACMAN_PATH" "$@") fi - if [[ $1 != -@(T|Qq) ]]; then + if [[ $1 != -@(T|Qq|Q) ]]; then if type -p sudo >/dev/null; then cmd=(sudo "${cmd[@]}") else @@ -1147,19 +1147,23 @@ write_pkginfo() { [[ $optdepends ]] && printf "optdepend = %s\n" "${optdepends[@]//+([[:space:]])/ }" [[ $makedepends ]] && printf "makedepend = %s\n" "${makedepends[@]}" [[ $checkdepends ]] && printf "checkdepend = %s\n" "${checkdepends[@]}" +} - local it - for it in "${packaging_options[@]}"; do - check_option "$it" "y" - case $? in - 0) - printf "makepkgopt = %s\n" "$it" - ;; - 1) - printf "makepkgopt = %s\n" "!$it" - ;; - esac - done +write_buildinfo() { + msg2 "$(gettext "Generating %s file...")" ".BUILDINFO" + + printf "builddir = %s\n" "${BUILDDIR}" + + local sum="$(openssl dgst -sha256 "${BUILDFILE}")" + sum=${sum##* } + + printf "pkgbuild_sha256sum = %s\n" $sum + + printf "buildenv = %s\n" "${BUILDENV[@]}" + printf "options = %s\n" "${OPTIONS[@]}" + + local pkglist=($(run_pacman -Q | sed "s# #-#")) + printf "installed = %s\n" "${pkglist[@]}" } create_package() { @@ -1176,8 +1180,9 @@ create_package() { pkgarch=$(get_pkg_arch) write_pkginfo > .PKGINFO + write_buildinfo > .BUILDINFO - local comp_files=('.PKGINFO') + local comp_files=('.PKGINFO' '.BUILDINFO') # check for changelog/install files for i in 'changelog/.CHANGELOG' 'install/.INSTALL'; do @@ -1962,6 +1967,15 @@ GPGKEY=${_GPGKEY:-$GPGKEY} PACKAGER=${_PACKAGER:-$PACKAGER} CARCH=${_CARCH:-$CARCH} +# record initial build environment +cppflags="$CPPFLAGS" +cflags="$CFLAGS" +cxxflags="$CXXFLAGS" +ldflags="$LDFLAGS" +debug_cflags="$DEBUG_CFLAGS" +debug_cxxflags="$DEBUG_CXXFLAGS" + + if (( ! INFAKEROOT )); then if (( EUID == 0 )); then error "$(gettext "Running %s as root is not allowed as it can cause permanent,\n\ -- 2.6.3
On 06/12/15 10:18, Allan McRae wrote:
This information can be used to reproduce build conditions, which can then be used to determine if a package builds reproducibly.
Signed-off-by: Allan McRae <allan@archlinux.org> ---
v3: Remove recording of environmental variables - that was a failure.
This should not be controversial now. It records: - buildpath - PKGBUILD hash - installed package list
The buildenv and options arrays are moved from .PKGINFO to .BUILDINFO
scripts/makepkg.sh.in | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-)
And this bit is now deleted...
+# record initial build environment +cppflags="$CPPFLAGS" +cflags="$CFLAGS" +cxxflags="$CXXFLAGS" +ldflags="$LDFLAGS" +debug_cflags="$DEBUG_CFLAGS" +debug_cxxflags="$DEBUG_CXXFLAGS" + + if (( ! INFAKEROOT )); then if (( EUID == 0 )); then error "$(gettext "Running %s as root is not allowed as it can cause permanent,\n\
participants (1)
-
Allan McRae