search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Dpkg::Vendor: Make the add_build_flags() a non-private method
[dpkg.git] / scripts / dpkg-buildpackage.pl
blob7b8181b487fb4cb9cbbd496f09ba0bf8b0db73b5
1 #!/usr/bin/perl
2 #
3 # dpkg-buildpackage
4 #
5 # Copyright © 1996 Ian Jackson
6 # Copyright © 2000 Wichert Akkerman
7 # Copyright © 2006-2010, 2012-2015 Guillem Jover <guillem@debian.org>
8 # Copyright © 2007 Frank Lichtenheld
9 #
10 # This program is free software; you can redistribute it and/or modify
11 # it under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 2 of the License, or
13 # (at your option) any later version.
14 #
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
19 #
20 # You should have received a copy of the GNU General Public License
21 # along with this program. If not, see <https://www.gnu.org/licenses/>.
22
23 use strict;
24 use warnings;
25
26 use File::Temp qw(tempdir);
27 use File::Basename;
28 use File::Copy;
29 use File::Glob qw(bsd_glob GLOB_TILDE GLOB_NOCHECK);
30 use POSIX qw(:sys_wait_h);
31
32 use Dpkg ();
33 use Dpkg::Gettext;
34 use Dpkg::ErrorHandling;
35 use Dpkg::BuildTypes;
36 use Dpkg::BuildAPI qw(get_build_api);
37 use Dpkg::BuildOptions;
38 use Dpkg::BuildProfiles qw(set_build_profiles);
39 use Dpkg::Conf;
40 use Dpkg::Compression;
41 use Dpkg::Checksums;
42 use Dpkg::Package;
43 use Dpkg::Version;
44 use Dpkg::Control;
45 use Dpkg::Control::Info;
46 use Dpkg::Changelog::Parse;
47 use Dpkg::OpenPGP;
48 use Dpkg::OpenPGP::ErrorCodes;
49 use Dpkg::OpenPGP::KeyHandle;
50 use Dpkg::Path qw(find_command);
51 use Dpkg::IPC;
52 use Dpkg::Vendor qw(run_vendor_hook);
53
54 textdomain('dpkg-dev');
55
56 sub showversion {
57 printf g_("Debian %s version %s.\n"), $Dpkg::PROGNAME, $Dpkg::PROGVERSION;
58
59 print g_('
60 This is free software; see the GNU General Public License version 2 or
61 later for copying conditions. There is NO warranty.
62 ');
63 }
64
65 sub usage {
66 printf g_(
67 'Usage: %s [<option>...]')
68 . "\n\n" . g_(
69 'Options:
70 --build=<type>[,...] specify the build <type>: full, source, binary,
71 any, all (default is \'full\').
72 -F, --build=full normal full build (source and binary; default).
73 -g, --build=source,all source and arch-indep build.
74 -G, --build=source,any source and arch-specific build.
75 -b, --build=binary binary-only, no source files.
76 -B, --build=any binary-only, only arch-specific files.
77 -A, --build=all binary-only, only arch-indep files.
78 -S, --build=source source-only, no binary files.
79 -nc, --no-pre-clean do not pre clean source tree (implies -b).
80 --pre-clean pre clean source tree (default).
81 --no-post-clean do not post clean source tree (default).
82 -tc, --post-clean post clean source tree.
83 --sanitize-env sanitize the build environment.
84 -D, --check-builddeps check build dependencies and conflicts (default).
85 -d, --no-check-builddeps do not check build dependencies and conflicts.
86 --ignore-builtin-builddeps
87 do not check builtin build dependencies.
88 -P, --build-profiles=<profiles>
89 assume comma-separated build <profiles> as active.
90 --rules-requires-root assume legacy Rules-Requires-Root field value.
91 -R, --rules-file=<rules> rules file to execute (default is debian/rules).
92 -T, --rules-target=<target> call debian/rules <target>.
93 --as-root ensure -T calls the target with root rights.
94 -j, --jobs[=<jobs>|auto] jobs to run simultaneously (passed to <rules>),
95 (default; default is auto, opt-in mode).
96 -J, --jobs-try[=<jobs>|auto]
97 alias for -j, --jobs.
98 --jobs-force[=<jobs>|auto]
99 jobs to run simultaneously (passed to <rules>),
100 (default is auto, forced mode).
101 -r, --root-command=<command>
102 command to gain root rights (default is fakeroot).
103 --check-command=<command>
104 command to check the .changes file (no default).
105 --check-option=<opt> pass <opt> to check <command>.
106 --hook-<name>=<command> set <command> as the hook <name>, known hooks:
107 preinit init preclean source build binary
108 buildinfo changes postclean check sign done
109 --buildinfo-file=<file> set the .buildinfo filename to generate.
110 --buildinfo-option=<opt>
111 pass option <opt> to dpkg-genbuildinfo.
112 --changes-file=<file> set the .changes filename to generate.
113 --sign-backend=<backend>
114 OpenPGP backend to use to sign
115 (default is auto).
116 -p, --sign-command=<command>
117 command to sign .dsc and/or .changes files
118 (default is gpg).
119 --sign-keyfile=<file> the key file to use for signing.
120 -k, --sign-keyid=<keyid> the key id to use for signing.
121 --sign-key=<keyid> alias for -k, --sign-keyid.
122 -ap, --sign-pause add pause before starting signature process.
123 -us, --unsigned-source unsigned source package.
124 -ui, --unsigned-buildinfo unsigned .buildinfo file.
125 -uc, --unsigned-changes unsigned .buildinfo and .changes file.
126 --no-sign do not sign any file.
127 --force-sign force signing the resulting files.
128 --admindir=<directory> change the administrative directory.
129 -?, --help show this help message.
130 --version show the version.')
131 . "\n\n" . g_(
132 'Options passed to dpkg-architecture:
133 -a, --host-arch <arch> set the host Debian architecture.
134 -t, --host-type <type> set the host GNU system type.
135 --target-arch <arch> set the target Debian architecture.
136 --target-type <type> set the target GNU system type.')
137 . "\n\n" . g_(
138 'Options passed to dpkg-genchanges:
139 -si source includes orig, if new upstream (default).
140 -sa source includes orig, always.
141 -sd source is diff and .dsc only.
142 -v<version> changes since version <version>.
143 -m, --source-by=<maint> maintainer for this source or build is <maint>.
144 --build-by=<maint> ditto.
145 -e, --release-by=<maint> maintainer for this change or release is <maint>.
146 --changed-by=<maint> ditto.
147 -C<descfile> changes are described in <descfile>.
148 --changes-option=<opt> pass option <opt> to dpkg-genchanges.')
149 . "\n\n" . g_(
150 'Options passed to dpkg-source:
151 -sn force Debian native source format.
152 -s[sAkurKUR] see dpkg-source for explanation.
153 -z, --compression-level=<level>
154 compression level to use for source.
155 -Z, --compression=<compressor>
156 compression to use for source (gz|xz|bzip2|lzma).
157 -i, --diff-ignore[=<regex>] ignore diffs of files matching <regex>.
158 -I, --tar-ignore[=<pattern>]
159 filter out files when building tarballs.
160 --source-option=<opt> pass option <opt> to dpkg-source.
161 '), $Dpkg::PROGNAME;
162 }
163
164 my $admindir;
165 my @debian_rules = ('debian/rules');
166 my @rootcommand = ();
167 my $signbackend;
168 my $signcommand;
169 my $preclean = 1;
170 my $postclean = 0;
171 my $sanitize_env = 0;
172 my $parallel;
173 my $parallel_force = 0;
174 my $checkbuilddep = 1;
175 my $check_builtin_builddep = 1;
176 my @source_opts;
177 my $check_command = $ENV{DEB_CHECK_COMMAND};
178 my @check_opts;
179 my $signpause;
180 my $signkeyfile = $ENV{DEB_SIGN_KEYFILE};
181 my $signkeyid = $ENV{DEB_SIGN_KEYID};
182 my $signforce = 0;
183 my $signreleased = 1;
184 my $signsource = 1;
185 my $signbuildinfo = 1;
186 my $signchanges = 1;
187 my $buildtarget = 'build';
188 my $binarytarget = 'binary';
189 my $host_arch = '';
190 my $host_type = '';
191 my $target_arch = '';
192 my $target_type = '';
193 my @build_profiles = ();
194 my $rrr_override;
195 my @call_target = ();
196 my $call_target_as_root = 0;
197 my $since;
198 my $maint;
199 my $changedby;
200 my $desc;
201 my $buildinfo_file;
202 my @buildinfo_opts;
203 my $changes_file;
204 my @changes_opts;
205 my %target_legacy_root = map { $_ => 1 } qw(
206 clean
207 binary
208 binary-arch
209 binary-indep
210 );
211 my %target_official = map { $_ => 1 } qw(
212 clean
213 build
214 build-arch
215 build-indep
216 binary
217 binary-arch
218 binary-indep
219 );
220 my @hook_names = qw(
221 preinit
222 init
223 preclean
224 source
225 build
226 binary
227 buildinfo
228 changes
229 postclean
230 check
231 sign
232 done
233 );
234 my %hook;
235 $hook{$_} = undef foreach @hook_names;
236
237
238 my $conf = Dpkg::Conf->new();
239 $conf->load_config('buildpackage.conf');
240
241 # Inject config options for command-line parser.
242 unshift @ARGV, @{$conf};
243
244 my $build_opts = Dpkg::BuildOptions->new();
245
246 if ($build_opts->has('nocheck')) {
247 $check_command = undef;
248 } elsif (not find_command($check_command)) {
249 $check_command = undef;
250 }
251
252 while (@ARGV) {
253 $_ = shift @ARGV;
254
255 if (/^(?:--help|-\?)$/) {
256 usage;
257 exit 0;
258 } elsif (/^--version$/) {
259 showversion;
260 exit 0;
261 } elsif (/^--admindir$/) {
262 $admindir = shift @ARGV;
263 } elsif (/^--admindir=(.*)$/) {
264 $admindir = $1;
265 } elsif (/^--source-option=(.*)$/) {
266 push @source_opts, $1;
267 } elsif (/^--buildinfo-file=(.*)$/) {
268 $buildinfo_file = $1;
269 usageerr(g_('missing .buildinfo filename')) if not length $buildinfo_file;
270 } elsif (/^--buildinfo-option=(.*)$/) {
271 my $buildinfo_opt = $1;
272 if ($buildinfo_opt =~ m/^-O(.*)/) {
273 warning(g_('passing %s via %s is not supported; please use %s instead'),
274 '-O', '--buildinfo-option', '--buildinfo-file');
275 $buildinfo_file = $1;
276 } else {
277 push @buildinfo_opts, $buildinfo_opt;
278 }
279 } elsif (/^--changes-file=(.*)$/) {
280 $changes_file = $1;
281 usageerr(g_('missing .changes filename')) if not length $changes_file;
282 } elsif (/^--changes-option=(.*)$/) {
283 my $changes_opt = $1;
284 if ($changes_opt =~ m/^-O(.*)/) {
285 warning(g_('passing %s via %s is not supported; please use %s instead'),
286 '-O', '--changes-option', '--changes-file');
287 $changes_file = $1;
288 } else {
289 push @changes_opts, $changes_opt;
290 }
291 } elsif (/^--jobs(?:-try)?$/) {
292 $parallel = '';
293 $parallel_force = 0;
294 } elsif (/^(?:-[jJ]|--jobs(?:-try)?=)(\d*|auto)$/) {
295 $parallel = $1 || '';
296 $parallel_force = 0;
297 } elsif (/^--jobs-force(?:=(\d*|auto))?$/) {
298 $parallel = $1 || '';
299 $parallel_force = 1;
300 } elsif (/^(?:-r|--root-command=)(.*)$/) {
301 my $arg = $1;
302 @rootcommand = split ' ', $arg;
303 } elsif (/^--check-command=(.*)$/) {
304 $check_command = $1;
305 } elsif (/^--check-option=(.*)$/) {
306 push @check_opts, $1;
307 } elsif (/^--hook-([^=]+)=(.*)$/) {
308 my ($hook_name, $hook_cmd) = ($1, $2);
309 usageerr(g_('unknown hook name %s'), $hook_name)
310 if not exists $hook{$hook_name};
311 usageerr(g_('missing hook %s command'), $hook_name)
312 if not defined $hook_cmd;
313 $hook{$hook_name} = $hook_cmd;
314 } elsif (/^(--buildinfo-id)=.*$/) {
315 # Deprecated option
316 warning(g_('%s is deprecated; it is without effect'), $1);
317 } elsif (/^--sign-backend=(.*)$/) {
318 $signbackend = $1;
319 } elsif (/^(?:-p|--sign-command=)(.*)$/) {
320 $signcommand = $1;
321 } elsif (/^--sign-keyfile=(.*)$/) {
322 $signkeyfile = $1;
323 } elsif (/^(?:-k|--sign-keyid=|--sign-key=)(.*)$/) {
324 $signkeyid = $1;
325 } elsif (/^--(no-)?check-builddeps$/) {
326 $checkbuilddep = !(defined $1 and $1 eq 'no-');
327 } elsif (/^-([dD])$/) {
328 $checkbuilddep = ($1 eq 'D');
329 } elsif (/^--ignore-builtin-builddeps$/) {
330 $check_builtin_builddep = 0;
331 } elsif (/^-s(gpg|pgp)$/) {
332 # Deprecated option
333 warning(g_('-s%s is deprecated; always using gpg style interface'), $1);
334 } elsif (/^--force-sign$/) {
335 $signforce = 1;
336 } elsif (/^--no-sign$/) {
337 $signforce = 0;
338 $signsource = 0;
339 $signbuildinfo = 0;
340 $signchanges = 0;
341 } elsif (/^-us$/ or /^--unsigned-source$/) {
342 $signsource = 0;
343 } elsif (/^-ui$/ or /^--unsigned-buildinfo$/) {
344 $signbuildinfo = 0;
345 } elsif (/^-uc$/ or /^--unsigned-changes$/) {
346 $signbuildinfo = 0;
347 $signchanges = 0;
348 } elsif (/^-ap$/ or /^--sign-pausa$/) {
349 $signpause = 1;
350 } elsif (/^-a$/ or /^--host-arch$/) {
351 $host_arch = shift;
352 } elsif (/^-a(.*)$/ or /^--host-arch=(.*)$/) {
353 $host_arch = $1;
354 } elsif (/^-P(.*)$/ or /^--build-profiles=(.*)$/) {
355 my $arg = $1;
356 @build_profiles = split /,/, $arg;
357 } elsif (/^-s[iad]$/) {
358 push @changes_opts, $_;
359 } elsif (/^--(?:compression-level|compression)=.+$/) {
360 push @source_opts, $_;
361 } elsif (/^--(?:diff-ignore|tar-ignore)(?:=.+)?$/) {
362 push @source_opts, $_;
363 } elsif (/^-(?:s[nsAkurKUR]|[zZ].*|i.*|I.*)$/) {
364 push @source_opts, $_; # passed to dpkg-source
365 } elsif (/^-tc$/ or /^--post-clean$/) {
366 $postclean = 1;
367 } elsif (/^--no-post-clean$/) {
368 $postclean = 0;
369 } elsif (/^--sanitize-env$/) {
370 $sanitize_env = 1;
371 } elsif (/^-t$/ or /^--host-type$/) {
372 $host_type = shift; # Order DOES matter!
373 } elsif (/^-t(.*)$/ or /^--host-type=(.*)$/) {
374 $host_type = $1; # Order DOES matter!
375 } elsif (/^--target-arch$/) {
376 $target_arch = shift;
377 } elsif (/^--target-arch=(.*)$/) {
378 $target_arch = $1;
379 } elsif (/^--target-type$/) {
380 $target_type = shift;
381 } elsif (/^--target-type=(.*)$/) {
382 $target_type = $1;
383 } elsif (/^(?:--target|--rules-target|-T)$/) {
384 push @call_target, split /,/, shift @ARGV;
385 } elsif (/^(?:--target=|--rules-target=|-T)(.+)$/) {
386 my $arg = $1;
387 push @call_target, split /,/, $arg;
388 } elsif (/^--rules-requires-root$/) {
389 $rrr_override = 'binary-targets';
390 } elsif (/^--as-root$/) {
391 $call_target_as_root = 1;
392 } elsif (/^--pre-clean$/) {
393 $preclean = 1;
394 } elsif (/^-nc$/ or /^--no-pre-clean$/) {
395 $preclean = 0;
396 } elsif (/^--build=(.*)$/) {
397 set_build_type_from_options($1, $_);
398 } elsif (/^-b$/) {
399 set_build_type(BUILD_BINARY, $_);
400 } elsif (/^-B$/) {
401 set_build_type(BUILD_ARCH_DEP, $_);
402 } elsif (/^-A$/) {
403 set_build_type(BUILD_ARCH_INDEP, $_);
404 } elsif (/^-S$/) {
405 set_build_type(BUILD_SOURCE, $_);
406 } elsif (/^-G$/) {
407 set_build_type(BUILD_SOURCE | BUILD_ARCH_DEP, $_);
408 } elsif (/^-g$/) {
409 set_build_type(BUILD_SOURCE | BUILD_ARCH_INDEP, $_);
410 } elsif (/^-F$/) {
411 set_build_type(BUILD_FULL, $_);
412 } elsif (/^-v(.*)$/) {
413 $since = $1;
414 } elsif (/^-m(.*)$/ or /^--(?:source|build)-by=(.*)$/) {
415 $maint = $1;
416 } elsif (/^-e(.*)$/ or /^--(?:changed|release)-by=(.*)$/) {
417 $changedby = $1;
418 } elsif (/^-C(.*)$/) {
419 $desc = $1;
420 } elsif (m/^-[EW]$/) {
421 # Deprecated option
422 warning(g_('%s is deprecated; it is without effect'), $_);
423 } elsif (/^-R(.*)$/ or /^--rules-file=(.*)$/) {
424 my $arg = $1;
425 @debian_rules = split ' ', $arg;
426 } else {
427 usageerr(g_('unknown option or argument %s'), $_);
428 }
429 }
430
431 if (@call_target) {
432 my $targets = join ',', @call_target;
433 set_build_type_from_targets($targets, '--rules-target', nocheck => 1);
434 }
435
436 if (build_has_all(BUILD_BINARY)) {
437 $buildtarget = 'build';
438 $binarytarget = 'binary';
439 } elsif (build_has_any(BUILD_ARCH_DEP)) {
440 $buildtarget = 'build-arch';
441 $binarytarget = 'binary-arch';
442 } elsif (build_has_any(BUILD_ARCH_INDEP)) {
443 $buildtarget = 'build-indep';
444 $binarytarget = 'binary-indep';
445 }
446
447 if (not $preclean) {
448 # -nc without -b/-B/-A/-S/-F implies -b
449 set_build_type(BUILD_BINARY) if build_has_any(BUILD_DEFAULT);
450 # -nc with -S implies no dependency checks
451 $checkbuilddep = 0 if build_is(BUILD_SOURCE);
452 }
453
454 if ($call_target_as_root and @call_target == 0) {
455 error(g_('option %s is only meaningful with option %s'),
456 '--as-root', '--rules-target');
457 }
458
459 if ($check_command and not find_command($check_command)) {
460 error(g_("check-command '%s' not found"), $check_command);
461 }
462
463 if ($signcommand and not find_command($signcommand)) {
464 error(g_("sign-command '%s' not found"), $signcommand);
465 }
466
467 # Default to auto if none of parallel=N, -J or -j have been specified.
468 if (not defined $parallel and not $build_opts->has('parallel')) {
469 $parallel = 'auto';
470 }
471
472 #
473 # Prepare the environment.
474 #
475
476 run_hook('preinit');
477
478 if (defined $parallel) {
479 if ($parallel eq 'auto') {
480 # Most Unices.
481 $parallel = qx(getconf _NPROCESSORS_ONLN 2>/dev/null);
482 # Fallback for at least Irix.
483 $parallel = qx(getconf _NPROC_ONLN 2>/dev/null) if $?;
484 # Fallback to serial execution if cannot infer the number of online
485 # processors.
486 $parallel = '1' if $?;
487 chomp $parallel;
488 }
489 if ($parallel_force) {
490 $ENV{MAKEFLAGS} //= '';
491 $ENV{MAKEFLAGS} .= " -j$parallel";
492 }
493 $build_opts->set('parallel', $parallel);
494 $build_opts->export();
495 }
496
497 if ($build_opts->has('terse')) {
498 $ENV{MAKEFLAGS} //= '';
499 $ENV{MAKEFLAGS} .= ' --no-print-directory';
500 }
501
502 set_build_profiles(@build_profiles) if @build_profiles;
503
504 my $changelog = changelog_parse();
505 my $ctrl = Dpkg::Control::Info->new();
506
507 # Check whether we are doing some kind of rootless build, and sanity check
508 # the fields values.
509 my %rules_requires_root = parse_rules_requires_root($ctrl);
510
511 my $pkg = mustsetvar($changelog->{source}, g_('source package'));
512 my $version = mustsetvar($changelog->{version}, g_('source version'));
513 my $v = Dpkg::Version->new($version);
514 my ($ok, $error) = version_check($v);
515 error($error) unless $ok;
516
517 my $sversion = $v->as_string(omit_epoch => 1);
518 my $uversion = $v->version();
519
520 my $distribution = mustsetvar($changelog->{distribution}, g_('source distribution'));
521
522 my $maintainer;
523 if ($changedby) {
524 $maintainer = $changedby;
525 } elsif ($maint) {
526 $maintainer = $maint;
527 } else {
528 $maintainer = mustsetvar($changelog->{maintainer}, g_('source changed by'));
529 }
530
531 # <https://reproducible-builds.org/specs/source-date-epoch/>
532 $ENV{SOURCE_DATE_EPOCH} ||= $changelog->{timestamp} || time;
533
534 my @arch_opts;
535 push @arch_opts, ('--host-arch', $host_arch) if $host_arch;
536 push @arch_opts, ('--host-type', $host_type) if $host_type;
537 push @arch_opts, ('--target-arch', $target_arch) if $target_arch;
538 push @arch_opts, ('--target-type', $target_type) if $target_type;
539
540 open my $arch_env, '-|', 'dpkg-architecture', '-f', @arch_opts
541 or subprocerr('dpkg-architecture');
542 while (<$arch_env>) {
543 chomp;
544 my ($key, $value) = split /=/, $_, 2;
545 $ENV{$key} = $value;
546 }
547 close $arch_env or subprocerr('dpkg-architecture');
548
549 my $arch;
550 if (build_has_any(BUILD_ARCH_DEP)) {
551 $arch = mustsetvar($ENV{DEB_HOST_ARCH}, g_('host architecture'));
552 } elsif (build_has_any(BUILD_ARCH_INDEP)) {
553 $arch = 'all';
554 } elsif (build_has_any(BUILD_SOURCE)) {
555 $arch = 'source';
556 }
557
558 my $pv = "${pkg}_$sversion";
559 my $pva = "${pkg}_${sversion}_$arch";
560
561 my $signkeytype;
562 my $signkeyhandle;
563 if (defined $signkeyfile) {
564 $signkeytype = 'keyfile';
565 $signkeyhandle = bsd_glob($signkeyfile, GLOB_TILDE | GLOB_NOCHECK);
566 } elsif (defined $signkeyid) {
567 $signkeytype = 'autoid';
568 $signkeyhandle = $signkeyid;
569 } else {
570 $signkeytype = 'userid';
571 $signkeyhandle = $maintainer;
572 }
573 my $signkey = Dpkg::OpenPGP::KeyHandle->new(
574 type => $signkeytype,
575 handle => $signkeyhandle,
576 );
577 signkey_validate();
578
579 my $openpgp = Dpkg::OpenPGP->new(
580 backend => $signbackend // 'auto',
581 cmd => $signcommand // 'auto',
582 needs => {
583 keystore => $signkey->needs_keystore(),
584 },
585 );
586
587 if (not $openpgp->can_use_secrets($signkey)) {
588 $signsource = 0;
589 $signbuildinfo = 0;
590 $signchanges = 0;
591 } elsif ($signforce) {
592 $signsource = 1;
593 $signbuildinfo = 1;
594 $signchanges = 1;
595 } elsif (($signsource or $signbuildinfo or $signchanges) and
596 $distribution eq 'UNRELEASED') {
597 $signreleased = 0;
598 $signsource = 0;
599 $signbuildinfo = 0;
600 $signchanges = 0;
601 }
602
603 if ($signsource && build_has_none(BUILD_SOURCE)) {
604 $signsource = 0;
605 }
606
607 # Sanitize build environment.
608 if ($sanitize_env) {
609 run_vendor_hook('sanitize-environment');
610 }
611
612 #
613 # Preparation of environment stops here
614 #
615
616 run_hook('init');
617
618 if (not -x 'debian/rules') {
619 warning(g_('debian/rules is not executable; fixing that'));
620 chmod(0755, 'debian/rules'); # No checks of failures, non fatal
621 }
622
623 if (scalar @call_target == 0) {
624 run_cmd('dpkg-source', @source_opts, '--before-build', '.');
625 }
626
627 if ($checkbuilddep) {
628 my @checkbuilddep_opts;
629
630 push @checkbuilddep_opts, '-A' if build_has_none(BUILD_ARCH_DEP);
631 push @checkbuilddep_opts, '-B' if build_has_none(BUILD_ARCH_INDEP);
632 push @checkbuilddep_opts, '-I' if not $check_builtin_builddep;
633 push @checkbuilddep_opts, "--admindir=$admindir" if $admindir;
634
635 system('dpkg-checkbuilddeps', @checkbuilddep_opts);
636 if (not WIFEXITED($?)) {
637 subprocerr('dpkg-checkbuilddeps');
638 } elsif (WEXITSTATUS($?)) {
639 warning(g_('build dependencies/conflicts unsatisfied; aborting'));
640 warning(g_('(Use -d flag to override.)'));
641 exit 3;
642 }
643 }
644
645 foreach my $call_target (@call_target) {
646 run_rules_cond_root($call_target);
647 }
648 exit 0 if scalar @call_target;
649
650 run_hook('preclean', {
651 enabled => $preclean,
652 });
653
654 if ($preclean) {
655 run_rules_cond_root('clean');
656 }
657
658 run_hook('source', {
659 enabled => build_has_any(BUILD_SOURCE),
660 env => {
661 DPKG_BUILDPACKAGE_HOOK_SOURCE_OPTIONS => join(' ', @source_opts),
662 },
663 });
664
665 if (build_has_any(BUILD_SOURCE)) {
666 warning(g_('building a source package without cleaning up as you asked; ' .
667 'it might contain undesired files')) if not $preclean;
668 run_cmd('dpkg-source', @source_opts, '-b', '.');
669 }
670
671 my $build_types = get_build_options_from_type();
672
673 if (build_has_any(BUILD_BINARY)) {
674 # XXX Use some heuristics to decide whether to use build-{arch,indep}
675 # targets. This is a temporary measure to not break too many packages
676 # on a flag day.
677 build_target_fallback($ctrl);
678 }
679
680 # If we are building rootless, there is no need to call the build target
681 # independently as non-root.
682 if (build_has_any(BUILD_BINARY) && rules_requires_root($binarytarget)) {
683 run_hook('build', {
684 env => {
685 DPKG_BUILDPACKAGE_HOOK_BUILD_TARGET => $buildtarget,
686 },
687 });
688 run_cmd(@debian_rules, $buildtarget);
689 } else {
690 run_hook('build', {
691 enabled => 0,
692 });
693 }
694
695 if (build_has_any(BUILD_BINARY)) {
696 run_hook('binary', {
697 env => {
698 DPKG_BUILDPACKAGE_HOOK_BINARY_TARGET => $binarytarget,
699 },
700 });
701 run_rules_cond_root($binarytarget);
702 }
703
704 $buildinfo_file //= "../$pva.buildinfo";
705
706 push @buildinfo_opts, "--build=$build_types" if build_has_none(BUILD_DEFAULT);
707 push @buildinfo_opts, "--admindir=$admindir" if $admindir;
708 push @buildinfo_opts, "-O$buildinfo_file" if $buildinfo_file;
709
710 run_hook('buildinfo', {
711 env => {
712 DPKG_BUILDPACKAGE_HOOK_BUILDINFO_OPTIONS => join(' ', @buildinfo_opts),
713 },
714 });
715 run_cmd('dpkg-genbuildinfo', @buildinfo_opts);
716
717 $changes_file //= "../$pva.changes";
718
719 push @changes_opts, "--build=$build_types" if build_has_none(BUILD_DEFAULT);
720 push @changes_opts, "-m$maint" if defined $maint;
721 push @changes_opts, "-e$changedby" if defined $changedby;
722 push @changes_opts, "-v$since" if defined $since;
723 push @changes_opts, "-C$desc" if defined $desc;
724 push @changes_opts, "-O$changes_file";
725
726 my $changes = Dpkg::Control->new(type => CTRL_FILE_CHANGES);
727
728 run_hook('changes', {
729 env => {
730 DPKG_BUILDPACKAGE_HOOK_CHANGES_OPTIONS => join(' ', @changes_opts),
731 },
732 });
733 run_cmd('dpkg-genchanges', @changes_opts);
734 $changes->load($changes_file);
735
736 run_hook('postclean', {
737 enabled => $postclean,
738 });
739
740 if ($postclean) {
741 run_rules_cond_root('clean');
742 }
743
744 run_cmd('dpkg-source', @source_opts, '--after-build', '.');
745
746 info(describe_build($changes->{'Files'}));
747
748 run_hook('check', {
749 enabled => $check_command,
750 env => {
751 DPKG_BUILDPACKAGE_HOOK_CHECK_OPTIONS => join(' ', @check_opts),
752 },
753 });
754
755 if ($check_command) {
756 run_cmd($check_command, @check_opts, $changes_file);
757 }
758
759 if ($signpause && ($signsource || $signbuildinfo || $signchanges)) {
760 print g_("Press <enter> to start the signing process.\n");
761 getc();
762 }
763
764 run_hook('sign', {
765 enabled => $signsource || $signbuildinfo || $signchanges,
766 });
767
768 if ($signsource) {
769 signfile("$pv.dsc");
770
771 # Recompute the checksums as the .dsc has changed now.
772 my $buildinfo = Dpkg::Control->new(type => CTRL_FILE_BUILDINFO);
773 $buildinfo->load($buildinfo_file);
774 my $checksums = Dpkg::Checksums->new();
775 $checksums->add_from_control($buildinfo);
776 $checksums->add_from_file("../$pv.dsc", update => 1, key => "$pv.dsc");
777 $checksums->export_to_control($buildinfo);
778 $buildinfo->save($buildinfo_file);
779 }
780 if ($signbuildinfo) {
781 signfile("$pva.buildinfo");
782 }
783 if ($signsource or $signbuildinfo) {
784 # Recompute the checksums as the .dsc and/or .buildinfo have changed.
785 my $checksums = Dpkg::Checksums->new();
786 $checksums->add_from_control($changes);
787 $checksums->add_from_file("../$pv.dsc", update => 1, key => "$pv.dsc")
788 if $signsource;
789 $checksums->add_from_file($buildinfo_file, update => 1, key => "$pva.buildinfo");
790 $checksums->export_to_control($changes);
791 delete $changes->{'Checksums-Md5'};
792 update_files_field($changes, $checksums, "$pv.dsc")
793 if $signsource;
794 update_files_field($changes, $checksums, "$pva.buildinfo");
795 $changes->save($changes_file);
796 }
797 if ($signchanges) {
798 signfile("$pva.changes");
799 }
800
801 if (not $signreleased) {
802 warning(g_('not signing UNRELEASED build; use --force-sign to override'));
803 }
804
805 run_hook('done');
806
807 sub mustsetvar {
808 my ($var, $text) = @_;
809
810 error(g_('unable to determine %s'), $text)
811 unless defined($var);
812
813 info("$text $var");
814 return $var;
815 }
816
817 sub setup_rootcommand {
818 if ($< == 0) {
819 warning(g_('using a gain-root-command while being root')) if @rootcommand;
820 } else {
821 push @rootcommand, 'fakeroot' unless @rootcommand;
822 }
823
824 if (@rootcommand and not find_command($rootcommand[0])) {
825 if ($rootcommand[0] eq 'fakeroot' and $< != 0) {
826 error(g_("fakeroot not found, either install the fakeroot\n" .
827 'package, specify a command with the -r option, ' .
828 'or run this as root'));
829 } else {
830 error(g_("gain-root-command '%s' not found"), $rootcommand[0]);
831 }
832 }
833 }
834
835 sub parse_rules_requires_root {
836 my $ctrl = shift;
837
838 my %rrr;
839 my $rrr;
840 my $rrr_default;
841 my $keywords_base;
842 my $keywords_impl;
843
844 if (get_build_api($ctrl) >= 1) {
845 $rrr_default = 'no';
846 } else {
847 $rrr_default = 'binary-targets';
848 }
849
850 my $ctrl_src = $ctrl->get_source();
851 $rrr = $rrr_override // $ctrl_src->{'Rules-Requires-Root'} // $rrr_default;
852
853 foreach my $keyword (split ' ', $rrr) {
854 if ($keyword =~ m{/}) {
855 if ($keyword =~ m{^dpkg/target/(.*)$}p and $target_official{$1}) {
856 error(g_('disallowed target in %s field keyword "%s"'),
857 'Rules-Requires-Root', $keyword);
858 } elsif ($keyword =~ m{^dpkg/(.*)$} and $1 ne 'target-subcommand') {
859 error(g_('%s field keyword "%s" is unknown in dpkg namespace'),
860 'Rules-Requires-Root', $keyword);
861 }
862 $keywords_impl++;
863 } else {
864 if ($keyword ne lc $keyword and
865 (lc $keyword eq 'no' or lc $keyword eq 'binary-targets')) {
866 error(g_('%s field keyword "%s" is uppercase; use "%s" instead'),
867 'Rules-Requires-Root', $keyword, lc $keyword);
868 } elsif (lc $keyword eq 'yes') {
869 error(g_('%s field keyword "%s" is invalid; use "%s" instead'),
870 'Rules-Requires-Root', $keyword, 'binary-targets');
871 } elsif ($keyword ne 'no' and $keyword ne 'binary-targets') {
872 warning(g_('%s field keyword "%s" is unknown'),
873 'Rules-Requires-Root', $keyword);
874 }
875 $keywords_base++;
876 }
877
878 if ($rrr{$keyword}++) {
879 error(g_('field %s contains duplicate keyword "%s"'),
880 'Rules-Requires-Root', $keyword);
881 }
882 }
883
884 if ($call_target_as_root or not exists $rrr{no}) {
885 setup_rootcommand();
886 }
887
888 # Notify the children we do support R³.
889 $ENV{DEB_RULES_REQUIRES_ROOT} = join ' ', sort keys %rrr;
890
891 if ($keywords_base > 1 or $keywords_base and $keywords_impl) {
892 error(g_('%s field contains both global and implementation specific keywords'),
893 'Rules-Requires-Root');
894 } elsif ($keywords_impl) {
895 # Set only on <implementations-keywords>.
896 $ENV{DEB_GAIN_ROOT_CMD} = join ' ', @rootcommand;
897 } else {
898 # We should not provide the variable otherwise.
899 delete $ENV{DEB_GAIN_ROOT_CMD};
900 }
901
902 return %rrr;
903 }
904
905 sub run_cmd {
906 my @cmd = @_;
907
908 printcmd(@cmd);
909 system @cmd and subprocerr("@cmd");
910 }
911
912 sub rules_requires_root {
913 my $target = shift;
914
915 return 1 if $call_target_as_root;
916 return 1 if $rules_requires_root{"dpkg/target/$target"};
917 return 1 if $rules_requires_root{'binary-targets'} and $target_legacy_root{$target};
918 return 0;
919 }
920
921 sub run_rules_cond_root {
922 my $target = shift;
923
924 my @cmd;
925 push @cmd, @rootcommand if rules_requires_root($target);
926 push @cmd, @debian_rules, $target;
927
928 run_cmd(@cmd);
929 }
930
931 sub run_hook {
932 my ($name, $opts) = @_;
933 my $cmd = $hook{$name};
934 $opts->{enabled} //= 1;
935
936 return if not $cmd;
937
938 info("running hook $name");
939
940 my %hook_vars = (
941 '%' => '%',
942 'a' => $opts->{enabled} ? 1 : 0,
943 'p' => $pkg // q{},
944 'v' => $version // q{},
945 's' => $sversion // q{},
946 'u' => $uversion // q{},
947 );
948
949 my $subst_hook_var = sub {
950 my $var = shift;
951
952 if (exists $hook_vars{$var}) {
953 return $hook_vars{$var};
954 } else {
955 warning(g_('unknown %% substitution in hook: %%%s'), $var);
956 return "\%$var";
957 }
958 };
959
960 $cmd =~ s/\%(.)/$subst_hook_var->($1)/eg;
961
962 $opts->{env}{DPKG_BUILDPACKAGE_HOOK_NAME} = $name;
963
964 # Set any environment variables for this hook invocation.
965 local @ENV{keys %{$opts->{env}}} = values %{$opts->{env}};
966
967 run_cmd($cmd);
968 }
969
970 sub update_files_field {
971 my ($ctrl, $checksums, $filename) = @_;
972
973 my $md5sum_regex = checksums_get_property('md5', 'regex');
974 my $md5sum = $checksums->get_checksum($filename, 'md5');
975 my $size = $checksums->get_size($filename);
976 my $file_regex = qr/$md5sum_regex\s+\d+\s+(\S+\s+\S+\s+\Q$filename\E)/;
977
978 $ctrl->{'Files'} =~ s/^$file_regex$/$md5sum $size $1/m;
979 }
980
981 sub signkey_validate {
982 return unless $signkey->type eq 'keyid';
983
984 if (length $signkey->handle <= 8) {
985 error(g_('short OpenPGP key IDs are broken; ' .
986 'please use key fingerprints in %s or %s instead'),
987 '-k', 'DEB_SIGN_KEYID');
988 } elsif (length $signkey->handle <= 16) {
989 warning(g_('long OpenPGP key IDs are strongly discouraged; ' .
990 'please use key fingerprints in %s or %s instead'),
991 '-k', 'DEB_SIGN_KEYID');
992 }
993 }
994
995 sub signfile {
996 my $file = shift;
997
998 printcmd("signfile $file");
999
1000 my $signdir = tempdir('dpkg-sign.XXXXXXXX', CLEANUP => 1);
1001 my $signfile = "$signdir/$file";
1002
1003 # Make sure the file to sign ends with a newline.
1004 copy("../$file", $signfile);
1005 open my $signfh, '>>', $signfile or syserr(g_('cannot open %s'), $signfile);
1006 print { $signfh } "\n";
1007 close $signfh or syserr(g_('cannot close %s'), $signfile);
1008
1009 my $status = $openpgp->inline_sign($signfile, "$signfile.asc", $signkey);
1010 if ($status == OPENPGP_OK) {
1011 move("$signfile.asc", "../$file")
1012 or syserror(g_('cannot move %s to %s'), "$signfile.asc", "../$file");
1013 } else {
1014 error(g_('failed to sign %s file: %s'), $file,
1015 openpgp_errorcode_to_string($status));
1016 }
1017
1018 return $status
1019 }
1020
1021 sub fileomitted {
1022 my ($files, $regex) = @_;
1023
1024 return $files !~ m/$regex$/m
1025 }
1026
1027 sub describe_build {
1028 my $files = shift;
1029 my $ext = compression_get_file_extension_regex();
1030
1031 if (fileomitted($files, qr/\.deb/)) {
1032 # source-only upload
1033 if (fileomitted($files, qr/\.diff\.$ext/) and
1034 fileomitted($files, qr/\.debian\.tar\.$ext/)) {
1035 return g_('source-only upload: Debian-native package');
1036 } elsif (fileomitted($files, qr/\.orig\.tar\.$ext/)) {
1037 return g_('source-only, diff-only upload (original source NOT included)');
1038 } else {
1039 return g_('source-only upload (original source is included)');
1040 }
1041 } elsif (fileomitted($files, qr/\.dsc/)) {
1042 return g_('binary-only upload (no source included)');
1043 } elsif (fileomitted($files, qr/\.diff\.$ext/) and
1044 fileomitted($files, qr/\.debian\.tar\.$ext/)) {
1045 return g_('full upload; Debian-native package (full source is included)');
1046 } elsif (fileomitted($files, qr/\.orig\.tar\.$ext/)) {
1047 return g_('binary and diff upload (original source NOT included)');
1048 } else {
1049 return g_('full upload (original source is included)');
1050 }
1051 }
1052
1053 sub build_target_fallback {
1054 my $ctrl = shift;
1055
1056 # If we are building rootless, there is no need to call the build target
1057 # independently as non-root.
1058 return if not rules_requires_root($binarytarget);
1059
1060 return if $buildtarget eq 'build';
1061 return if scalar @debian_rules != 1;
1062
1063 # Avoid further heuristics in newer dpkg-build-api levels.
1064 return if get_build_api($ctrl) >= 1;
1065
1066 # Check if we are building both arch:all and arch:any packages, in which
1067 # case we now require working build-indep and build-arch targets.
1068 my $pkg_arch = 0;
1069
1070 foreach my $bin ($ctrl->get_packages()) {
1071 if ($bin->{Architecture} eq 'all') {
1072 $pkg_arch |= BUILD_ARCH_INDEP;
1073 } else {
1074 $pkg_arch |= BUILD_ARCH_DEP;
1075 }
1076 }
1077
1078 return if $pkg_arch == BUILD_BINARY;
1079
1080 # Check if the build-{arch,indep} targets are supported. If not, fallback
1081 # to build.
1082 my $pid = spawn(exec => [ $Dpkg::PROGMAKE, '-f', @debian_rules, '-qn', $buildtarget ],
1083 from_file => '/dev/null', to_file => '/dev/null',
1084 error_to_file => '/dev/null');
1085 my $cmdline = "make -f @debian_rules -qn $buildtarget";
1086 wait_child($pid, nocheck => 1, cmdline => $cmdline);
1087 my $exitcode = WEXITSTATUS($?);
1088 subprocerr($cmdline) unless WIFEXITED($?);
1089 if ($exitcode == 2) {
1090 warning(g_("%s must be updated to support the 'build-arch' and " .
1091 "'build-indep' targets (at least '%s' seems to be " .
1092 'missing)'), "@debian_rules", $buildtarget);
1093 $buildtarget = 'build';
1094 }
1095 }
Debian package management system