[pacman-dev] [PATCH] makepkg: add tool details to buildinfo to aid determining flags

Eli Schwartz eschwartz at archlinux.org
Fri Apr 23 18:26:53 UTC 2021


On 4/22/21 3:46 PM, anthraxx at archlinux.org wrote:
> From: Levente Polyak <anthraxx at archlinux.org>
> 
> If a makepkg consumer uses a build wrapper to override compiler
> flags this may lead to unreproducible packages as there is no way to
> know which exact files were used for tooling that tries to reproduce
> said package.
> 
> Instead of vendoring the whole used makepkg.conf file into buildinfo,
> this patch adds two new properties to the .BUILDINFO file named
> BUILDTOOL and BUILDTOOLVER which by default are simply makepkg's own
> values. Downstream consumers may override those values: For example in
> Arch Linux the devtools package can set those values and allow
> reproducible builds tooling to fetch the appropriate makepkg.conf.
> 
> Signed-off-by: Levente Polyak <anthraxx at archlinux.org>
> ---
>  scripts/makepkg.sh.in | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 92cb6398..e58edfa1 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -651,6 +651,8 @@ write_buildinfo() {
>  	write_kv_pair "builddate" "${SOURCE_DATE_EPOCH}"
>  	write_kv_pair "builddir"  "${BUILDDIR}"
>  	write_kv_pair "startdir"  "${startdir}"
> +	write_kv_pair "buildtool" "${BUILDTOOL:-makepkg}"
> +	write_kv_pair "buildtoolver" "${BUILDTOOLVER:-$makepkg_version}"

This is not documented in makepkg(8), so there is no way for "Downstream
consumers may override those values" without having the pacman patch
submitter bring it to their attention. Using the variable in devtools
would be a special case of this...

The boat has sailed on adding documentation in the same commit that adds
the feature...

>  	write_kv_pair "buildenv" "${BUILDENV[@]}"
>  	write_kv_pair "options" "${OPTIONS[@]}"
>  
> 


-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20210423/3de733b3/attachment.sig>


More information about the pacman-dev mailing list