Bug#848705: dpkg-dev: have dpkg-genbuildinfo add extra information based on DEB_BUILD_OPTIONS=buildinfo=xxx

Ximin Luo infinity0 at debian.org
Mon Dec 19 17:56:24 UTC 2016 

Package: dpkg-dev
Version: 1.18.15
Severity: wishlist

Dear Maintainer,

One of the purposes of buildinfo files is to aid in debugging, e.g. to be able
to see what particular build-environment variation (between two builds) may
have caused a failure to reproduce some binary hashes. This goal suggests that
we should increase or maximise the amount of information in a buildinfo file.

However, on the other side there are privacy concerns; developers doing uploads
may not want to reveal particular information about their own computer.

This ticket proposes to have dpkg-genbuildinfo generate extra information when
DEB_BUILD_OPTIONS contains buildinfo=xxx flags. This would be the case for e.g.
the Debian buildds which are semi-public machines that don't need to hide their
system details, so increasing the amount of debugging information is useful.

dpkg-genbuildinfo already has a --always-include-path flag, but this would
typically have to be included in d/rules, thereby changing the source code of
the package. Providing the equivalent functionality via DEB_BUILD_OPTIONS would
allow different builders to reveal different pieces of information, whilst all
building the same source package (and hopefully the same binary packages).

For example, the Debian buildds could set DEB_BUILD_OPTIONS=buildinfo=all, but
ordinary DDs doing manual builds and uploads could use the "default" set of
information which would be more privacy-respecting.

For example, extra things that could be added are:

- filesystem types
- CPU type and number
- kernel name, version
- hostname
- umask
- etc, see https://tests.reproducible-builds.org/debian/index_variations.html for more

X

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg-dev depends on:
ii  binutils      2.27.51.20161201-1
ii  bzip2         1.0.6-8
ii  libdpkg-perl  1.18.15
ii  make          4.1-9
ii  patch         2.7.5-1
pn  perl:any      <none>
ii  tar           1.29b-1.1
ii  xz-utils      5.2.2-1.2

Versions of packages dpkg-dev recommends:
ii  build-essential          12.2
ii  fakeroot                 1.21-2
ii  gcc [c-compiler]         4:6.2.1-1
ii  gcc-6 [c-compiler]       6.2.1-5
ii  gnupg                    2.1.16-2
ii  gnupg2                   2.1.16-2
ii  gpgv                     2.1.16-2
ii  libalgorithm-merge-perl  0.08-3

Versions of packages dpkg-dev suggests:
ii  debian-keyring  2016.09.04

-- no debconf information

More information about the Reproducible-builds mailing list