From 366c11c3240eac4dd20560da10b43bc1f521868f Mon Sep 17 00:00:00 2001
From: Juerg Haefliger <juerg.haefliger@canonical.com>
Date: Tue, 5 Nov 2024 08:15:00 +0100
Subject: [PATCH] UBUNTU: [Packaging] Add list of used source files to
 buildinfo package

BugLink: https://bugs.launchpad.net/bugs/2086606

For CVE triaging, it's helpful to have a list of all the kernel source
files used for a particular build. Generate the list and add it to
the buildinfo package.

Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Acked-by: Agathe Porte <agathe.porte@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 debian.master/control.stub.in   |  1 +
 debian/rules.d/2-binary-arch.mk | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/debian.master/control.stub.in b/debian.master/control.stub.in
index eb5bcc59bf3d..697fe93c0b41 100644
--- a/debian.master/control.stub.in
+++ b/debian.master/control.stub.in
@@ -16,6 +16,7 @@ Build-Depends:
  debhelper-compat (= 10),
  default-jdk-headless <!stage1>,
  dkms <!stage1>,
+ dwarfdump <!stage1>,
  flex <!stage1>,
  gawk <!stage1>,
  java-common <!stage1>,
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 9958f9bcfa22..6857a12a87e3 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -43,6 +43,14 @@ ifeq ($(do_dbgsym_package),true)
 		$(kmake) O=$(builddir)/build-$* $(conc_level) scripts_gdb ; \
 	fi
 endif
+
+	# Collect the list of kernel source files used for this build. Need to do this early before
+	# modules are stripped. Fail if the resulting file is empty.
+	find $(builddir)/build-$* -name vmlinux -o -name \*.ko -exec dwarfdump -i {} \; | \
+		grep -E 'DW_AT_(call|decl)_file' | sed -n 's|.*\s/|/|p' | sort -u > \
+		$(builddir)/build-$*/sources.list
+	test -s $(builddir)/build-$*/sources.list
+
 	$(stamp)
 
 define build_dkms_sign =
@@ -479,6 +487,8 @@ endif
 	fi
 	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
 	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
+	# List of source files used for this build
+	install -m644 $(builddir)/build-$*/sources.list $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/sources
 
 	# Get rid of .o and .cmd artifacts in headers
 	find $(hdrdir) -name \*.o -or -name \*.cmd -exec rm -f {} \;