From patchwork Tue Nov  5 07:15:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 2006737
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4XjKP74Z9hz1xyD
	for <incoming@patchwork.ozlabs.org>; Tue,  5 Nov 2024 18:15:39 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1t8Dmj-0006OA-Ba; Tue, 05 Nov 2024 07:15:29 +0000
Received: from smtp-relay-internal-1.internal ([10.131.114.114]
 helo=smtp-relay-internal-1.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
 id 1t8Dmh-0006Hq-MY
 for kernel-team@lists.ubuntu.com; Tue, 05 Nov 2024 07:15:27 +0000
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id F108B3F0BE
 for <kernel-team@lists.ubuntu.com>; Tue,  5 Nov 2024 07:15:26 +0000 (UTC)
Received: by mail-wm1-f69.google.com with SMTP id
 5b1f17b1804b1-431518e6d8fso33897655e9.0
 for <kernel-team@lists.ubuntu.com>; Mon, 04 Nov 2024 23:15:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1730790926; x=1731395726;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=aKz8Qgl9BOYgtCbyc5UFH9qTBUnaSYhNgluKpA8dnxs=;
 b=GUnoaMT8D++IpHEmNRNwfPwTjDjS1gAiMG4yKTiPy/BCoN6KSoMBQRDdCjtORjxa4t
 +kjn581l8S6m+bEVlsKT9YU7TUmlkcv3WJypD/RK8mdG0HUoTU0dLkMnLqjSaoILCEn4
 XSb1fZ8+dRCYMOfx7GYJmgSEMgtsLsSG5yeTSBVpc7NvcnNr2NMVqpO8Hb+tJW+GyTOP
 FZ6dwyj3vnd/6CnEFKLBLa8tJdZjrpzrLsFtxANXXmYhhwalsMSdSx0c2vPotf+OLRY+
 BjVBfuJG4kx2JbhKs09gfd/ItKO/QbEik3rQ01f4hGi9YEU29sdcBPmek6D4HBNjy87M
 uTcA==
X-Gm-Message-State: AOJu0Yzt/YBA8sa8PU2QZqIH7aFS/TKby+PxSbctaGxlYztF7oKz4yIe
 E8wZXJ3wuEQc7OhzIS5WZjflktUeg3gY+6IjobSlKZgR4SLK8oXiRgQT3sI4xsENS7uPh2uvhDH
 EFhqgtflZIIA/1ELNE6Ccp9ekCDc88SEkG9cfAh0ht8g0EoWLMMaVJzeHXVFZ+SYjlvMCPE73PE
 Gbk/61Ui+Epw==
X-Received: by 2002:a05:600c:35cf:b0:431:3b53:105e with SMTP id
 5b1f17b1804b1-43283244e02mr132135025e9.9.1730790926578;
 Mon, 04 Nov 2024 23:15:26 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHBLCe24J/yIt+bxIrb27en0SCFvIBBGv1TlWEvhqEUoh/HMImAvharTOIJii763iwr8Nsynw==
X-Received: by 2002:a05:600c:35cf:b0:431:3b53:105e with SMTP id
 5b1f17b1804b1-43283244e02mr132134865e9.9.1730790926160;
 Mon, 04 Nov 2024 23:15:26 -0800 (PST)
Received: from localhost ([81.221.247.52]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4327d5c65absm174228015e9.16.2024.11.04.23.15.25
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 04 Nov 2024 23:15:25 -0800 (PST)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][O][PATCH 2/2] UBUNTU: [Packaging] Add list of used source files
 to buildinfo package
Date: Tue,  5 Nov 2024 08:15:07 +0100
Message-ID: 
 <8e08dcfccbaa3440edd066db33ad122e2fd361cc.1730725509.git.juerg.haefliger@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <oracular.cover.1730725509.git.juerg.haefliger@canonical.com>
References: 
 <4bc7ee1854ca4c9a58068e98fb14670270f7d9a0.1730725508.git.juerg.haefliger@canonical.com>
 <oracular.cover.1730725509.git.juerg.haefliger@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/2086606

For CVE triaging, it's helpful to have a list of all the kernel source
files used for a particular build. Generate the list and add it to
the buildinfo package.

Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
---
 debian.master/control.stub.in   |  1 +
 debian/rules.d/2-binary-arch.mk | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/debian.master/control.stub.in b/debian.master/control.stub.in
index 81730f7a22a4..744dce7bb70e 100644
--- a/debian.master/control.stub.in
+++ b/debian.master/control.stub.in
@@ -16,6 +16,7 @@ Build-Depends:
  debhelper-compat (= 10),
  default-jdk-headless <!stage1>,
  dkms <!stage1>,
+ dwarfdump <!stage1>,
  flex <!stage1>,
  gawk <!stage1>,
  java-common <!stage1>,
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 137d975f0424..7864f764d76a 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -43,6 +43,14 @@ ifeq ($(do_dbgsym_package),true)
 		$(kmake) O=$(builddir)/build-$* $(conc_level) scripts_gdb ; \
 	fi
 endif
+
+	# Collect the list of kernel source files used for this build. Need to do this early
+	# before modules are stripped. Fail if the resulting file is empty.
+	find $(builddir)/build-$* -name vmlinux -o -name \*.ko -exec dwarfdump -i {} \; | \
+		grep -E 'DW_AT_(call|decl)_file' | sed -n 's|.*\s/|/|p' | sort -u > \
+		$(builddir)/build-$*/sources.list
+	test -s $(builddir)/build-$*/sources.list
+
 	$(stamp)
 
 define build_dkms_sign =
@@ -479,6 +487,8 @@ endif
 	fi
 	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
 	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
+	# List of source files used for this build
+	install -m644 $(builddir)/build-$*/sources.list $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/sources
 
 	# Get rid of .o and .cmd artifacts in headers
 	find $(hdrdir) -name \*.o -or -name \*.cmd -exec rm -f {} \;