From patchwork Fri May 4 21:04:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Angelo Compagnucci X-Patchwork-Id: 909043 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amarulasolutions.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amarulasolutions.com header.i=@amarulasolutions.com header.b="VVBYJMF5"; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40d4K03sMTz9s37 for ; Sat, 5 May 2018 07:04:52 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D66C822797; Fri, 4 May 2018 21:04:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kjk-v9OfFPaA; Fri, 4 May 2018 21:04:45 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 301E42FEDB; Fri, 4 May 2018 21:04:44 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 599921CF03D for ; Fri, 4 May 2018 21:04:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 568D088250 for ; Fri, 4 May 2018 21:04:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BoisuJAdNOGd for ; Fri, 4 May 2018 21:04:40 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f196.google.com (mail-wr0-f196.google.com [209.85.128.196]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 1F89D88241 for ; Fri, 4 May 2018 21:04:39 +0000 (UTC) Received: by mail-wr0-f196.google.com with SMTP id f2-v6so10527965wrm.3 for ; Fri, 04 May 2018 14:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; h=from:to:cc:subject:date:message-id; bh=9UrPplMb10b7ZZr/FJNXD82OoIJDJP9BDRIfBPIKypE=; b=VVBYJMF5/+oYtqRU9dhYfyHOGn9/yzz2Aja2HyYZF/wlx1IsHvsH9fTH89rJKw7Iln x+QMsE0LRBbO7RHZYM0Xw1KppZdXQwDnyVS1uqi/gaEwzEbHgRf2z4HeP5Ti2pmupPNC zGjkX0wXCF1A51SAXRxxkK5NTLJHa0/0gcuB4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=9UrPplMb10b7ZZr/FJNXD82OoIJDJP9BDRIfBPIKypE=; b=mbne5erllIlSsUAHHskhzbkYiHW+CSSMFrhU08v6j8s5QuxVwol2nw+7WCQL3Fxr70 WgBT+FTNzGsMtkoGm7QeWnmBdt2GHqUGMQOlRbsqH07C3v60ojvfhgBRMuJ4fLpunJea ScNbm77MLCFmMzDey63d1LyrQhVTZMUuIQz26jXCMp5AmNOoVKBHTbT1sbvGADYPSrNN fHtUTPR8kKsmuV6aUg/HbQ35TaR9jQGz2Oweq58CI7VUejWGwaw8NLUKJy11OoZ4FcaC /JfPhvNkw1gYfu9hNAwPilppBNgOQj3MKTKc7ofCRDw3p0eBZkqNPCFDYsvZYZT2c6xc sFdg== X-Gm-Message-State: ALQs6tDfptJH68UVNo+2CoQN9/CboKCGW2dnYnsGQSUSrm76meYnOvom cOcf/k8iQy7RrOKUCYVku65QGT0rv2U= X-Google-Smtp-Source: AB8JxZo4i1yX1p3aYuTv+eUHIok0ZiNcULmgb9qPPF3Oc071vNTR9rGxHd6CgdUBsLI8tChK54vsFg== X-Received: by 2002:adf:b722:: with SMTP id l34-v6mr24626942wre.85.1525467877579; Fri, 04 May 2018 14:04:37 -0700 (PDT) Received: from localhost.localdomain ([89.202.204.147]) by smtp.gmail.com with ESMTPSA id x73-v6sm2111680wmf.21.2018.05.04.14.04.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 04 May 2018 14:04:36 -0700 (PDT) From: Angelo Compagnucci To: buildroot@buildroot.org Date: Fri, 4 May 2018 23:04:32 +0200 Message-Id: <1525467873-30332-1-git-send-email-angelo@amarulasolutions.com> X-Mailer: git-send-email 2.7.4 Subject: [Buildroot] [PATCH v2 1/2] Makefile: add tainting support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Angelo Compagnucci MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Angelo Compagnucci Packages who harms the build reproducibility can declare FOO_TAINTS variable. If a package taints the build it will be added to a list of tainting packages. The build ends with a warning if the tainting packages list is not empty. Moreover, legal info will show a warning in presence of a tainting package. Signed-off-by: Angelo Compagnucci --- Changelog: v1->v2: Doing all the fixings suggested by Arnout Makefile | 8 ++++++++ package/pkg-generic.mk | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/Makefile b/Makefile index c024c65..52120bf 100644 --- a/Makefile +++ b/Makefile @@ -758,12 +758,19 @@ endif touch $(TARGET_DIR)/usr +.PHONY: check-tainted +check-tainted: +ifneq ($(BR2_TAINTED_BY),) + $(error Your buildroot configuration is tainted by: $(BR2_TAINTED_BY)) +endif + .PHONY: target-post-image target-post-image: $(TARGETS_ROOTFS) target-finalize @rm -f $(ROOTFS_COMMON_TAR) @$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_IMAGE_SCRIPT)), \ $(call MESSAGE,"Executing post-image script $(s)"); \ $(EXTRA_ENV) $(s) $(BINARIES_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep)) + $(if $(BR2_TAINTED_BY),@echo "WARNING: Your buildroot configuration is tainted by: $(BR2_TAINTED_BY).") .PHONY: source source: $(foreach p,$(PACKAGES),$(p)-all-source) @@ -1070,6 +1077,7 @@ help: @echo ' source - download all sources needed for offline-build' @echo ' external-deps - list external packages used' @echo ' legal-info - generate info about license compliance' + @echo ' check-tainted - check if any selected package harms build reproducibility' @echo ' printvars - dump all the internal variables' @echo @echo ' make V=0|1 - 0 => quiet build (default), 1 => verbose build' diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 8a3b5f9..99f9908 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -542,6 +542,10 @@ ifndef $(2)_REDISTRIBUTE endif endif +ifdef $(2)_TAINTS +BR2_TAINTED_BY+=$$($(2)_RAWNAME) +endif + $(2)_REDISTRIBUTE ?= YES $(2)_REDIST_SOURCES_DIR = $$(REDIST_SOURCES_DIR_$$(call UPPERCASE,$(4)))/$$($(2)_BASENAME_RAW) @@ -900,6 +904,10 @@ else $(Q)$$(foreach F,$$($(2)_LICENSE_FILES),$$(call legal-license-file,$$($(2)_RAWNAME),$$($(2)_BASENAME_RAW),$$($(2)_PKGDIR),$$(F),$$($(2)_DIR)/$$(F),$$(call UPPERCASE,$(4)))$$(sep)) endif # license files +ifeq ($$(call qstrip,$$($(2)_TAINTS)),YES) + $(Q)$$(call legal-warning-pkg,$$($(2)_RAWNAME),unknown license for additional modules or dependencies) +endif + ifeq ($$($(2)_SITE_METHOD),local) # Packages without a tarball: don't save and warn @$$(call legal-warning-nosource,$$($(2)_RAWNAME),local)