@@ -14,6 +14,7 @@ Build-Depends:
default-jdk-headless <!stage1>,
dh-systemd,
dkms <!stage1>,
+ dwarfdump <!stage1>,
dwarves [amd64 arm64 armhf ppc64el s390x] <!stage1>,
flex <!stage1>,
gawk <!stage1>,
@@ -57,6 +57,13 @@ $(stampdir)/stamp-build-%: $(stampdir)/stamp-prepare-%
@echo Debug: $@ build_image $(build_image) bldimg $(bldimg)
$(build_cd) $(kmake) $(build_O) $(conc_level) $(bldimg) modules $(if $(filter true,$(do_dtbs)),dtbs)
+ # Collect the list of kernel source files used for this build. Need to do this early
+ # before modules are stripped. Fail if the resulting file is empty.
+ find $(builddir)/build-$* -name vmlinux -o -name \*.ko -exec dwarfdump -i {} \; | \
+ grep -E 'DW_AT_(call|decl)_file' | sed -n 's|.*\s/|/|p' | sort -u > \
+ $(builddir)/build-$*/sources.list
+ test -s $(builddir)/build-$*/sources.list
+
@touch $@
define build_dkms_sign =
@@ -511,6 +518,8 @@ endif
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
+ # List of source files used for this build
+ install -m644 $(builddir)/build-$*/sources.list $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/sources
headers_tmp := $(CURDIR)/debian/tmp-headers
headers_dir := $(CURDIR)/debian/linux-libc-dev
BugLink: https://bugs.launchpad.net/bugs/2086606 For CVE triaging, it's helpful to have a list of all the kernel source files used for a particular build. Generate the list and add it to the buildinfo package. Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com> --- debian.master/control.stub.in | 1 + debian/rules.d/2-binary-arch.mk | 9 +++++++++ 2 files changed, 10 insertions(+)