[pacman-dev] [PATCH v2] makepkg: record build information in .BUILDINFO

Allan McRae allan at archlinux.org
Sat Oct 17 13:10:53 UTC 2015 

On 17/10/15 22:38, Dave Reisner wrote:
> On Sat, Oct 17, 2015 at 10:57:12AM +1000, Allan McRae wrote:
>> This information can be used to reproduce build conditions, which can then be
>> used to determine if a package builds reproducibly.
>>
>> Signed-off-by: Allan McRae <allan at archlinux.org>
>> ---
>>
>> v2:
>> Add build directory, PKGBUILD sha256sum and debug packaging flags.
>>
>>  scripts/makepkg.sh.in | 49 +++++++++++++++++++++++++++++++++++--------------
>>  1 file changed, 35 insertions(+), 14 deletions(-)
>>
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index 6ededa3..db96a30 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -223,7 +223,7 @@ run_pacman() {
>>  	else
>>  		cmd=("$PACMAN_PATH" "$@")
>>  	fi
>> -	if [[ $1 != -@(T|Qq) ]]; then
>> +	if [[ $1 != -@(T|Qq|Q) ]]; then
>>  		if type -p sudo >/dev/null; then
>>  			cmd=(sudo "${cmd[@]}")
>>  		else
>> @@ -1143,19 +1143,30 @@ write_pkginfo() {
>>  	[[ $optdepends ]]   && printf "optdepend = %s\n"   "${optdepends[@]//+([[:space:]])/ }"
>>  	[[ $makedepends ]]  && printf "makedepend = %s\n"  "${makedepends[@]}"
>>  	[[ $checkdepends ]] && printf "checkdepend = %s\n" "${checkdepends[@]}"
>> +}
>>  
>> -	local it
>> -	for it in "${packaging_options[@]}"; do
>> -		check_option "$it" "y"
>> -		case $? in
>> -			0)
>> -				printf "makepkgopt = %s\n" "$it"
>> -				;;
>> -			1)
>> -				printf "makepkgopt = %s\n" "!$it"
>> -				;;
>> -		esac
>> -	done
>> +write_buildinfo() {
>> +	msg2 "$(gettext "Generating %s file...")" ".BUILDINFO"
>> +
>> +	printf "builddir = %s\n"  "${BUILDDIR}"
>> +
>> +	local sum="$(openssl dgst -sha256 "${BUILDFILE}")"
>> +	sum=${sum##* }
>> +
>> +	printf "pkgbuild_sha256sum = %s\n" $sum
>> +
>> +	printf "buildenv = %s\n" "${BUILDENV[@]}"
>> +	printf "options = %s\n" "${OPTIONS[@]}"
>> +
>> +	printf "cppflags = %s\n" "$cppflags"
>> +	printf "cflags = %s\n" "$cflags"
>> +	printf "cxxflags = %s\n" "$cxxflags"
>> +	printf "ldflags = %s\n" "$ldflags"
>> +	printf "debug_cflags = %s\n" "$debug_cflags"
>> +	printf "debug_cxxflags = %s\n" "$debug_cxxflags"
> 
> I'm still confused about why we only list these specific vars... why not
> dump the entire environment? Off the top of my head, other vars like CC,
> AS, LD, and PYTHON could all have a huge effect on the resulting
> build...
> 

This is about recording variables for a reproducible build. All these
need to be specified within the PKGBUILD for a package to be reproducible.

Allan

More information about the pacman-dev mailing list