Dpkg::Build::Info: New module refactored from dpkg-genbuildinfo

This will allow other projects to use the same whitelist as dpkg does.

Requested-by: Johannes Schauer <josch@debian.org>

debian/changelog

@@ -16,6 +16,8 @@ dpkg (1.18.14) UNRELEASED; urgency=medium
     - Fix confusing date parse error message in Dpkg::Changelog::Entry::Debian
       when the date contains “May”. Closes: #843829
       Thanks to Nishanth Aravamudan <nish.aravamudan@canonical.com>.
+    - New module Dpkg::Build::Info module refactored from dpkg-genbuildinfo.
+      Requested by Johannes Schauer <josch@debian.org>.
   * Test suite:
     - Do not fail tests on missing fakeroot, just skip them.
   * Build system:

debian/control

@@ -151,6 +151,7 @@ Description: Dpkg perl modules
  .
   - Dpkg: core variables
   - Dpkg::Arch: architecture handling functions
+  - Dpkg::Build::Info: build information functions
   - Dpkg::BuildFlags: set, modify and query compilation build flags
   - Dpkg::BuildOptions: parse and manipulate DEB_BUILD_OPTIONS
   - Dpkg::BuildProfile: parse and manipulate build profiles

scripts/Dpkg/Build/Info.pm

@@ -0,0 +1,86 @@
+# Copyright © 2016 Guillem Jover <guillem@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package Dpkg::Build::Info;
+
+use strict;
+use warnings;
+
+our $VERSION = '1.00';
+our @EXPORT_OK = qw(
+    get_build_env_whitelist
+);
+
+use Exporter qw(import);
+
+=encoding utf8
+
+=head1 NAME
+
+Dpkg::Build::Info - handle build information
+
+=head1 DESCRIPTION
+
+The Dpkg::Build::Info module provides functions to handle the build
+information.
+
+=head1 FUNCTIONS
+
+=over 4
+
+=item @envvars = get_build_env_whitelist()
+
+Get an array with the whitelist of environment variables that can affect
+the build, but are still not privacy revealing.
+
+=cut
+
+my @env_whitelist = (
+    # Toolchain.
+    qw(CC CPP CXX OBJC OBJCXX PC FC M2C AS LD AR RANLIB MAKE AWK LEX YACC),
+    # Toolchain flags.
+    qw(CFLAGS CPPFLAGS CXXFLAGS OBJCFLAGS OBJCXXFLAGS GCJFLAGS FFLAGS
+       LDFLAGS ARFLAGS MAKEFLAGS),
+    # Dynamic linker, see ld(1).
+    qw(LD_LIBRARY_PATH),
+    # Locale, see locale(1).
+    qw(LANG LC_ALL LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
+       LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+       LC_IDENTIFICATION),
+    # Build flags, see dpkg-buildpackage(1).
+    qw(DEB_BUILD_OPTIONS DEB_BUILD_PROFILES),
+    # DEB_flag_{SET,STRIP,APPEND,PREPEND} will be recorded after being merged
+    # with system config and user config.
+    qw(DEB_VENDOR),           # See deb-vendor(1).
+    qw(DPKG_ORIGINS_DIR),     # See Dpkg::Vendor(3).
+    # See <https://reproducible-builds.org/specs/source-date-epoch>.
+    qw(SOURCE_DATE_EPOCH),
+);
+
+sub get_build_env_whitelist {
+    return @env_whitelist;
+}
+
+=back
+
+=head1 CHANGES
+
+=head2 Version 1.00 (dpkg 1.18.14)
+
+Mark the module as public.
+
+=cut
+
+1;

scripts/Makefile.am

@@ -56,6 +56,7 @@ nobase_dist_perllib_DATA = \
 	Dpkg/BuildOptions.pm \
 	Dpkg/BuildProfiles.pm \
 	Dpkg/Build/Env.pm \
+	Dpkg/Build/Info.pm \
 	Dpkg/Build/Types.pm \
 	Dpkg/Changelog.pm \
 	Dpkg/Changelog/Debian.pm \
@@ -209,6 +210,7 @@ test_scripts = \
 	t/Dpkg_BuildOptions.t \
 	t/Dpkg_BuildProfiles.t \
 	t/Dpkg_Build_Env.t \
+	t/Dpkg_Build_Info.t \
 	t/Dpkg_Build_Types.t \
 	t/Dpkg_Checksums.t \
 	t/Dpkg_ErrorHandling.t \

scripts/dpkg-genbuildinfo.pl

@@ -35,6 +35,7 @@ use Dpkg::Checksums;
 use Dpkg::ErrorHandling;
 use Dpkg::Arch qw(get_build_arch);
 use Dpkg::Build::Types;
+use Dpkg::Build::Info qw(get_build_env_whitelist);
 use Dpkg::BuildFlags;
 use Dpkg::BuildProfiles qw(get_build_profiles);
 use Dpkg::Control::Info;
@@ -230,32 +231,14 @@ sub collect_installed_builddeps {
     return $installed_deps;
 }
 
-my @env_whitelist = (
-    # Toolchain.
-    qw(CC CPP CXX OBJC OBJCXX PC FC M2C AS LD AR RANLIB MAKE AWK LEX YACC),
-    # Toolchain flags.
-    qw(CFLAGS CPPFLAGS CXXFLAGS OBJCFLAGS OBJCXXFLAGS GCJFLAGS FFLAGS
-       LDFLAGS ARFLAGS MAKEFLAGS),
-    # Dynamic linker, see ld(1).
-    qw(LD_LIBRARY_PATH),
-    # Locale, see locale(1).
-    qw(LANG LC_ALL LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
-       LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-       LC_IDENTIFICATION),
-    # Build flags, see dpkg-buildpackage(1).
-    qw(DEB_BUILD_OPTIONS DEB_BUILD_PROFILES),
-    # DEB_flag_{SET,STRIP,APPEND,PREPEND} will be recorded after being merged
-    # with system config and user config.
-    qw(DEB_VENDOR),           # See deb-vendor(1).
-    qw(DPKG_ORIGINS_DIR),     # See Dpkg::Vendor(3).
-    # See <https://reproducible-builds.org/specs/source-date-epoch>.
-    qw(SOURCE_DATE_EPOCH),
-);
-
 sub cleansed_environment {
     # Consider only whitelisted variables which are not supposed to leak
     # local user information.
-    my %env = map { $_ => $ENV{$_} } grep { exists $ENV{$_} } @env_whitelist;
+    my %env = map {
+        $_ => $ENV{$_}
+    } grep {
+        exists $ENV{$_}
+    } get_build_env_whitelist();
 
     # Record flags from dpkg-buildflags.
     my $bf = Dpkg::BuildFlags->new();

scripts/po/POTFILES.in

@@ -21,6 +21,7 @@ scripts/Dpkg/Arch.pm
 scripts/Dpkg/BuildFlags.pm
 scripts/Dpkg/BuildOptions.pm
 scripts/Dpkg/Build/Env.pm
+scripts/Dpkg/Build/Info.pm
 scripts/Dpkg/Build/Types.pm
 scripts/Dpkg/Changelog.pm
 scripts/Dpkg/Changelog/Debian.pm

scripts/t/Dpkg_Build_Info.t

@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+
+use Test::More tests => 2;
+
+BEGIN {
+    use_ok('Dpkg::Build::Info');
+}
+
+is(scalar Dpkg::Build::Info::get_build_env_whitelist(), 46,
+   'whitelisted environment variables array');
+
+1;