This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=67a1d582284c5ce22a46d68c45bc7410d33845d6 commit 67a1d582284c5ce22a46d68c45bc7410d33845d6 Author: Guillem Jover <[email protected]> AuthorDate: Mon Mar 11 23:00:29 2019 +0100 dpkg-buildpackage: Add option to sanitize environment This new option will apply vendor-specific sanitization to the environment so that the build is safer. We cannot enable this by default as that would let packages assume these settings are always in place, which would cause regressions when using the currently defined build entry point (debian/rules). Closes: #843776 --- debian/changelog | 1 + man/dpkg-buildpackage.man | 9 +++++++++ scripts/Dpkg/Vendor/Debian.pm | 5 +++++ scripts/Dpkg/Vendor/Default.pm | 7 +++++++ scripts/dpkg-buildpackage.pl | 10 ++++++++++ t/pod-spell.t | 1 + 6 files changed, 33 insertions(+) diff --git a/debian/changelog b/debian/changelog index 3445832af..869e7314f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -36,6 +36,7 @@ dpkg (1.20.0) UNRELEASED; urgency=medium * dpkg: Use DPKG_ADMINDIR to set the admindir. Closes: #900071 * dpkg-source: Remove backwards compatibility code for legacy build-profiles. * perl: Give more context on field parsing errors. Closes: #637060 + * dpkg-buildpackage: Add option to sanitize environment. Closes: #843776 * Perl modules: - Dpkg::Source::Package: Verify original tarball signatures at build time. - Dpkg::BuildFlags: Add new unset() method. diff --git a/man/dpkg-buildpackage.man b/man/dpkg-buildpackage.man index 9f7efa4d9..436524b17 100644 --- a/man/dpkg-buildpackage.man +++ b/man/dpkg-buildpackage.man @@ -303,6 +303,15 @@ Do not clean the source tree after the package has been built (since dpkg 1.19.1). This is the default behavior. .TP +.BR \-\-sanitize\-env +Sanitize the build environment (since dpkg 1.20.0). +This will reset or remove environment variables, umask, and any other process +attributes that might otherwise adversely affect the build of packages. +Because the official entry point to build packages is \fBdebian/rules\fP, +packages cannot rely on these settings being in place, and thus should work +even when they are not. +What to sanitize is vendor specific. +.TP .BR \-r ", " \-\-root\-command= \fIgain-root-command\fP When .B dpkg\-buildpackage diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index c3e580da7..142fb8ddc 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -80,6 +80,11 @@ sub run_hook { return qw(/build/); } elsif ($hook eq 'build-tainted-by') { return $self->_build_tainted_by(); + } elsif ($hook eq 'sanitize-environment') { + # Reset umask to a sane default. + umask 0022; + # Reset locale to a sane default. + $ENV{LC_COLLATE} = 'C.UTF-8'; } else { return $self->SUPER::run_hook($hook, @params); } diff --git a/scripts/Dpkg/Vendor/Default.pm b/scripts/Dpkg/Vendor/Default.pm index 42b0f0405..5b0ee9ba7 100644 --- a/scripts/Dpkg/Vendor/Default.pm +++ b/scripts/Dpkg/Vendor/Default.pm @@ -148,6 +148,11 @@ will be recorded in the B<Build-Tainted-By> field (since dpkg 1.19.5). It takes no parameters, but returns a (possibly empty) list of tainted reason tags (formed by alphanumeric and dash characters). +=item sanitize-environment () + +The hook is called by dpkg-buildpackage to sanitize its build environment +(since dpkg 1.20.0). + =back =cut @@ -179,6 +184,8 @@ sub run_hook { return (); } elsif ($hook eq 'build-tainted-by') { return (); + } elsif ($hook eq 'sanitize-environment') { + return; } # Default return value for unknown/unimplemented hooks diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl index 2c49738b5..6a59756c2 100755 --- a/scripts/dpkg-buildpackage.pl +++ b/scripts/dpkg-buildpackage.pl @@ -44,6 +44,7 @@ use Dpkg::Control::Info; use Dpkg::Changelog::Parse; use Dpkg::Path qw(find_command); use Dpkg::IPC; +use Dpkg::Vendor qw(run_vendor_hook); textdomain('dpkg-dev'); @@ -74,6 +75,7 @@ sub usage { --pre-clean pre clean source tree (default). --no-post-clean do not post clean source tree (default). -tc, --post-clean post clean source tree. + --sanitize-env sanitize the build environment. -D, --check-builddeps check build dependencies and conflicts (default). -d, --no-check-builddeps do not check build dependencies and conflicts. --ignore-builtin-builddeps @@ -149,6 +151,7 @@ my @rootcommand = (); my $signcommand; my $preclean = 1; my $postclean = 0; +my $sanitize_env = 0; my $parallel; my $parallel_force = 0; my $checkbuilddep = 1; @@ -296,6 +299,8 @@ while (@ARGV) { $postclean = 1; } elsif (/^--no-post-clean$/) { $postclean = 0; + } elsif (/^--sanitize-env$/) { + $sanitize_env = 1; } elsif (/^-t$/ or /^--host-type$/) { $host_type = shift; # Order DOES matter! } elsif (/^-t(.*)$/ or /^--host-type=(.*)$/) { @@ -504,6 +509,11 @@ if ($signsource && build_has_none(BUILD_SOURCE)) { $signsource = 0; } +# Sanitize build environment. +if ($sanitize_env) { + run_vendor_hook('sanitize-environment'); +} + # # Preparation of environment stops here # diff --git a/t/pod-spell.t b/t/pod-spell.t index 87b669d7e..13b5383b6 100644 --- a/t/pod-spell.t +++ b/t/pod-spell.t @@ -62,6 +62,7 @@ dep deps dpkg dpkg-buildflags +dpkg-buildpackage dpkg-checkbuilddeps dpkg-dev dpkg-genbuildinfo -- Dpkg.Org's dpkg
