[SRU][J][PATCH 2/2] UBUNTU: [Packaging] Add list of used source files to buildinfo package

Juerg Haefliger juerg.haefliger at canonical.com
Tue Nov 5 07:15:05 UTC 2024 

BugLink: https://bugs.launchpad.net/bugs/2086606

For CVE triaging, it's helpful to have a list of all the kernel source
files used for a particular build. Generate the list and add it to
the buildinfo package.

Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
---
 debian.master/control.stub.in   | 1 +
 debian/rules.d/2-binary-arch.mk | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/debian.master/control.stub.in b/debian.master/control.stub.in
index f6c1db0f098e..cf57ba9be5ca 100644
--- a/debian.master/control.stub.in
+++ b/debian.master/control.stub.in
@@ -13,6 +13,7 @@ Build-Depends:
  debhelper-compat (= 10),
  default-jdk-headless <!stage1>,
  dkms <!stage1>,
+ dwarfdump <!stage1>,
  flex <!stage1>,
  gawk <!stage1>,
  java-common <!stage1>,
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 02e65da7b604..ff6a26e91599 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -64,6 +64,13 @@ ifneq ($(skipdbg),true)
 	fi
 endif
 
+	# Collect the list of kernel source files used for this build. Need to do this early
+	# before modules are stripped. Fail if the resulting file is empty.
+	find $(builddir)/build-$* -name vmlinux -o -name \*.ko -exec dwarfdump -i {} \; | \
+		grep -E 'DW_AT_(call|decl)_file' | sed -n 's|.*\s/|/|p' | sort -u > \
+		$(builddir)/build-$*/sources.list
+	test -s $(builddir)/build-$*/sources.list
+
 	@touch $@
 
 define build_dkms_sign =
@@ -540,6 +547,8 @@ endif
 	fi
 	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
 	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
+	# List of source files used for this build
+	install -m644 $(builddir)/build-$*/sources.list $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/sources
 
 ifneq ($(full_build),false)
 	# Clean out this flavours build directory.
-- 
2.43.0

More information about the kernel-team mailing list