UBUNTU: [Packaging] Add list of used source files to buildinfo package

BugLink: https://bugs.launchpad.net/bugs/2086606 For CVE triaging, it's helpful to have a list of all the kernel source files used for a particular build. Generate the list and add it to the buildinfo package. Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com> Acked-by: Agathe Porte <agathe.porte@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2024-11-05 08:15:00 +01:00
parent 6b86533cc3
commit 366c11c324
2 changed files with 11 additions and 0 deletions
@@ -16,6 +16,7 @@ Build-Depends:
 debhelper-compat (= 10),
 default-jdk-headless <!stage1>,
 dkms <!stage1>,
+ dwarfdump <!stage1>,
 flex <!stage1>,
 gawk <!stage1>,
 java-common <!stage1>,
@@ -43,6 +43,14 @@ ifeq ($(do_dbgsym_package),true)
 		$(kmake) O=$(builddir)/build-$* $(conc_level) scripts_gdb ; \
 	fi
 endif
+
+	# Collect the list of kernel source files used for this build. Need to do this early before
+	# modules are stripped. Fail if the resulting file is empty.
+	find $(builddir)/build-$* -name vmlinux -o -name \*.ko -exec dwarfdump -i {} \; | \
+		grep -E 'DW_AT_(call|decl)_file' | sed -n 's|.*\s/|/|p' | sort -u > \
+		$(builddir)/build-$*/sources.list
+	test -s $(builddir)/build-$*/sources.list
+
 	$(stamp)

 define build_dkms_sign =
@@ -479,6 +487,8 @@ endif
 	fi
 	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
 	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
+	# List of source files used for this build
+	install -m644 $(builddir)/build-$*/sources.list $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/sources

 	# Get rid of .o and .cmd artifacts in headers
 	find $(hdrdir) -name \*.o -or -name \*.cmd -exec rm -f {} \;