[pacman-dev] [PATCH v3] makepkg: record build information in .BUILDINFO

Sun Dec 6 00:18:27 UTC 2015

This information can be used to reproduce build conditions, which can then be
used to determine if a package builds reproducibly.

Signed-off-by: Allan McRae <allan at archlinux.org>
---

v3: Remove recording of environmental variables - that was a failure.

This should not be controversial now. It records:
 - buildpath
 - PKGBUILD hash
 - installed package list

The buildenv and options arrays are moved from .PKGINFO to .BUILDINFO


 scripts/makepkg.sh.in | 42 ++++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 43584c3..42ec297 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -223,7 +223,7 @@ run_pacman() {
 	else
 		cmd=("$PACMAN_PATH" "$@")
 	fi
-	if [[ $1 != -@(T|Qq) ]]; then
+	if [[ $1 != -@(T|Qq|Q) ]]; then
 		if type -p sudo >/dev/null; then
 			cmd=(sudo "${cmd[@]}")
 		else
@@ -1147,19 +1147,23 @@ write_pkginfo() {
 	[[ $optdepends ]]   && printf "optdepend = %s\n"   "${optdepends[@]//+([[:space:]])/ }"
 	[[ $makedepends ]]  && printf "makedepend = %s\n"  "${makedepends[@]}"
 	[[ $checkdepends ]] && printf "checkdepend = %s\n" "${checkdepends[@]}"
+}
 
-	local it
-	for it in "${packaging_options[@]}"; do
-		check_option "$it" "y"
-		case $? in
-			0)
-				printf "makepkgopt = %s\n" "$it"
-				;;
-			1)
-				printf "makepkgopt = %s\n" "!$it"
-				;;
-		esac
-	done
+write_buildinfo() {
+	msg2 "$(gettext "Generating %s file...")" ".BUILDINFO"
+
+	printf "builddir = %s\n"  "${BUILDDIR}"
+
+	local sum="$(openssl dgst -sha256 "${BUILDFILE}")"
+	sum=${sum##* }
+
+	printf "pkgbuild_sha256sum = %s\n" $sum
+
+	printf "buildenv = %s\n" "${BUILDENV[@]}"
+	printf "options = %s\n" "${OPTIONS[@]}"
+
+	local pkglist=($(run_pacman -Q | sed "s# #-#"))
+	printf "installed = %s\n" "${pkglist[@]}"
 }
 
 create_package() {
@@ -1176,8 +1180,9 @@ create_package() {
 
 	pkgarch=$(get_pkg_arch)
 	write_pkginfo > .PKGINFO
+	write_buildinfo > .BUILDINFO
 
-	local comp_files=('.PKGINFO')
+	local comp_files=('.PKGINFO' '.BUILDINFO')
 
 	# check for changelog/install files
 	for i in 'changelog/.CHANGELOG' 'install/.INSTALL'; do
@@ -1962,6 +1967,15 @@ GPGKEY=${_GPGKEY:-$GPGKEY}
 PACKAGER=${_PACKAGER:-$PACKAGER}
 CARCH=${_CARCH:-$CARCH}
 
+# record initial build environment
+cppflags="$CPPFLAGS"
+cflags="$CFLAGS"
+cxxflags="$CXXFLAGS"
+ldflags="$LDFLAGS"
+debug_cflags="$DEBUG_CFLAGS"
+debug_cxxflags="$DEBUG_CXXFLAGS"
+
+
 if (( ! INFAKEROOT )); then
 	if (( EUID == 0 )); then
 		error "$(gettext "Running %s as root is not allowed as it can cause permanent,\n\
-- 
2.6.3
