[Reproducible-builds] dpkg-dev: please add support for .buildinfo files

Jérémy Bobbio lunar at debian.org
Tue Jan 5 13:32:51 UTC 2016 

Control: retitle -1 dpkg-dev: please add support for .buildinfo files
Control: tag -1 + patch

Hi!

The attached patch will enable dpkg-buildpackage to create .buildinfo
files as specified on the Debian wiki [1]. They have two main purposes:

 * recording information about the system environment used during a
   particular build—versions of the build dependencies installed, system
   architecture, etc. for easier forensics/debugging;
 * describe how to recreate (partially or in full) the original
   environment when trying to reproduce a particular build.

Since Guillem's preliminary review in February 2015 [2], the
specification has slightly elvolved to be a bit more relaxed and the
code have been improved.

One of the main change is that `.buildinfo` should now be named with an
arbitrary identifier. By default this defaults to $HOSTNAME-$TIMESTAMP
but can be set to an arbitrary value by the `--buildinfo-identifier`
command line flag.

To address privacy concerns, the Build-Path field is now only included
when either the build path starts by `/build/` or
`--always-include-path` has been specified on the command line of
`dpkg-genbuildinfo`.

.buildinfo files are now accepted (although discarded) by the Debian
archive [3]. This change should thus not affect Debian developpers in
their daily work.

 [1]: https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
 [2]: https://lists.debian.org/debian-dpkg/2015/02/msg00000.html
 [3]: dak commit: https://lists.debian.org/debian-dak/2015/12/msg00079.html
      example ACCEPTED upload: https://tracker.debian.org/news/737293

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-support-for-.buildinfo-files.patch
Type: text/x-diff
Size: 31983 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160105/613be940/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160105/613be940/attachment.sig>

More information about the Reproducible-builds mailing list