From patchwork Tue Mar 6 08:48:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Angelo Compagnucci X-Patchwork-Id: 881963 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amarulasolutions.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amarulasolutions.com header.i=@amarulasolutions.com header.b="FuPU7mju"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zwVqk4nrrz9sgl for ; Tue, 6 Mar 2018 19:51:14 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D306386BB7; Tue, 6 Mar 2018 08:51:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFgwpPrx79V6; Tue, 6 Mar 2018 08:51:10 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 172FF86891; Tue, 6 Mar 2018 08:51:10 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 2B8401C0353 for ; Tue, 6 Mar 2018 08:51:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 27AA721F72 for ; Tue, 6 Mar 2018 08:51:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDE2ywMkeYrB for ; Tue, 6 Mar 2018 08:51:06 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by silver.osuosl.org (Postfix) with ESMTPS id 599F722073 for ; Tue, 6 Mar 2018 08:51:05 +0000 (UTC) Received: by mail-wr0-f195.google.com with SMTP id z12so20045353wrg.4 for ; Tue, 06 Mar 2018 00:51:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=81+/Z/8Lj212ZslNO1j1gJ27usF8ctTUanKTG53GooI=; b=FuPU7mjuQhkkESP4Tkfuvnsu7ylXqTP/gQFHUxNjPTKljvdomW6leQ5lFXczdXvXdj ASgdJFjbOvVbYmzespO3NiOEFC/9LKnK9gHVKfK+ur2zy6df5kRVJKwEThykUkTdylBS SQnKMqkmEzj+FCwqina9rgkHSVBeBtJSMDYjM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=81+/Z/8Lj212ZslNO1j1gJ27usF8ctTUanKTG53GooI=; b=XbR97DnnU+aJj2gLHTbFGoGoMcFMI8x08ZD3Z7g6V6pnQjkDfWPAjBznDRTyvgG3V9 uBOopuKoPSMgUTRbfcunpuXtfXHbDK5/v36yYHNs8AGrSA/QkbQaOqgD30VoArj3RdjW ws1Z21wuZFnUNs0ipwoidB47SlMfc8ujSWtJ8xQywkTPCgQuG0Lzd7GNb2lz80iuRH+u dIy4bsw41eAxsb80M+/bNZ3v6CbKC57woAc3ZPwYMJ+kWeZekVjcCJqXDe1WcIccJPCl +aOJATqBUHImtqWnHniS/ivp8cp/upGxHVuC391+uAc1yoUZSxxvoXQvMrpbJe8uiuA/ IGIg== X-Gm-Message-State: APf1xPB5eJu3j8sKz/Jq7N6YLQLScoATHuQl/0LN8QbTw6UVNaoDnjXy xOYAebxba0AyM/kwN+zMy7BADYOPlBg= X-Google-Smtp-Source: AG47ELvqhPptMkfDqDcJtJ454qz9PfM0/VORtKi2gd+QNFTndtL6Uda3CD9NCr/jM0q5ed8xaNd7OQ== X-Received: by 10.223.209.65 with SMTP id b1mr14256487wri.277.1520326263990; Tue, 06 Mar 2018 00:51:03 -0800 (PST) Received: from localhost.localdomain ([89.202.204.147]) by smtp.gmail.com with ESMTPSA id o16sm11716748wmi.38.2018.03.06.00.51.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Mar 2018 00:51:03 -0800 (PST) From: Angelo Compagnucci To: buildroot@buildroot.org Date: Tue, 6 Mar 2018 09:48:04 +0100 Message-Id: <1520326085-18337-2-git-send-email-angelo@amarulasolutions.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520326085-18337-1-git-send-email-angelo@amarulasolutions.com> References: <1520326085-18337-1-git-send-email-angelo@amarulasolutions.com> Subject: [Buildroot] [PATCH 1/2] Makefile: add tainting support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Angelo Compagnucci MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Angelo Compagnucci Packages who harms the build reproducibility can declare FOO_TAINTS variable. If a package taints the build it will be added to a list of tainting packages. The build ends with an error when the BR2_REPRODUCIBLE is enabled and the tainting packages list is not empty. Moreover, legal info will show a warning in presence of a tainting package. Signed-off-by: Angelo Compagnucci --- Makefile | 14 +++++++++++++- package/pkg-generic.mk | 9 +++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1b34818..afa5f29 100644 --- a/Makefile +++ b/Makefile @@ -761,8 +761,19 @@ endif $(call MESSAGE,"Executing post-build script $(s)"); \ $(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep)) +# Check here if there are packages declaring they harm +# the reproducibility of the build +.PHONY: check-tainted +check-tainted: +ifneq ($(BR2_REPRODUCIBLE),) +ifneq ($(BR2_TAINTED_BY),) + $(error Buildroot is tainted (by: $(BR2_TAINTED_BY)). Cannot do a reproducible build.) + @exit 1 +endif +endif + .PHONY: target-post-image -target-post-image: $(TARGETS_ROOTFS) target-finalize +target-post-image: check-tainted $(TARGETS_ROOTFS) target-finalize @$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_IMAGE_SCRIPT)), \ $(call MESSAGE,"Executing post-image script $(s)"); \ $(EXTRA_ENV) $(s) $(BINARIES_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep)) @@ -1063,6 +1074,7 @@ help: @echo ' source - download all sources needed for offline-build' @echo ' external-deps - list external packages used' @echo ' legal-info - generate info about license compliance' + @echo ' check-tainted - check if any selected package harms build reproducibility' @echo ' printvars - dump all the internal variables' @echo @echo ' make V=0|1 - 0 => quiet build (default), 1 => verbose build' diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index a2a12e7..e643ecf 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -556,6 +556,10 @@ ifndef $(2)_REDISTRIBUTE endif endif +ifdef $(2)_TAINTS + BR2_TAINTED_BY+=$$($(2)_RAWNAME) +endif + $(2)_REDISTRIBUTE ?= YES $(2)_REDIST_SOURCES_DIR = $$(REDIST_SOURCES_DIR_$$(call UPPERCASE,$(4)))/$$($(2)_RAW_BASE_NAME) @@ -869,6 +873,11 @@ else $(Q)$$(foreach F,$$($(2)_LICENSE_FILES),$$(call legal-license-file,$$($(2)_RAWNAME),$$($(2)_RAW_BASE_NAME),$$($(2)_PKGDIR),$$(F),$$($(2)_DIR)/$$(F),$$(call UPPERCASE,$(4)))$$(sep)) endif # license files +# Save a legal warning if tainted +ifneq ($$(call qstrip,$$($(2)_TAINTS)),) + $(Q)$$(call legal-warning-pkg,$$($(2)_RAWNAME),unknown license for additional modules or dependencies) +endif + ifeq ($$($(2)_SITE_METHOD),local) # Packages without a tarball: don't save and warn @$$(call legal-warning-nosource,$$($(2)_RAWNAME),local)