Add SecureDrop-specific metadata to buildinfo files #434
+50
−37
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
dpkg will only export specific known environment variables into the
buildinfo file[1], but we want to track at least two more things:
the bootstrap and wheels used affect the package output.
We can track those by capturing the values before the build process and
then manually adding them to the end of the buildinfo file. This also
means that builds must be done from a Git checkout, and cannot be from a
tarball, so that path now errors out.
While we're at it, look up the package filename by "parsing"
debian/files instead of trying to find it via find.
[1] https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/scripts/Dpkg/BuildInfo.pm
I am also renaming
PKG_GITREF
toSD_PKG_GITREF
, as this will be exported in the.buildinfo
file so let's prefix it with "SD" to make it abundantly clear this is our environment variable and reduce the risk of collision.There don't appear to be any other users of this besides humans, so I have not added in any backwards-compatibility support for the old name.
Test plan
SD_PKG_GITREF=main make securedrop-proxy
, verify the buildinfo file contains SD_BUILDER_GITREF and SD_PKG_GITREF with commits that correspond to this builder PR you just checked out and the current main branch of sd-proxy.SD_PKG_GITREF=main make securedrop-proxy
, verify SD_BUILDER_GITREF changed to correspond to the new commit you just added.git -C /tmp/securedrop-proxy checkout HEAD~1
, note which commit you're now on. RunPKG_PATH=/tmp/securedrop-proxy make securedrop-proxy
, verify SD_PKG_GITREF changed to the new commit you switched to.PKG_VERSION=1 make securedrop-keyring
, verify the buildinfo file contains SD_BUILDER_GITREF but not SD_PKG_GITREF.