deb パッケージがどんな configure オプションでビルドされたかを調べる

hiboma.hatenadiary.jp

このエントリの続きです。 deb パッケージの configure オプションはどうやって確かめるんだったかな? と調べた次第

環境

Ubuntu jammy の docker で作業した

1. deb の source パッケージを取得、ファイルシステムで展開する

いろいろ調べたところ apt source で source パッケージをダウンロードできると知りました。

apt source を使うには /etc/apt/sources.list で deb-src の URL を記述する必要があります。ftp.riken.jp のミラーをお借りします。

deb-src http://ftp.riken.jp/Linux/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://ftp.riken.jp/Linux/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://ftp.riken.jp/Linux/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://ftp.riken.jp/Linux/ubuntu/ jammy partner

curl で試してみます

root@7073a24a73ad:/workspace# apt source curl
Reading package lists... Done
NOTICE: 'curl' packaging is maintained in the 'Git' version control system at:
https://salsa.debian.org/debian/curl.git
Please use:
git clone https://salsa.debian.org/debian/curl.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 4257 kB of source archives.
Get:1 http://ftp.riken.jp/Linux/ubuntu jammy-updates/main curl 7.81.0-1ubuntu1.10 (dsc) [3143 B]
Get:2 http://ftp.riken.jp/Linux/ubuntu jammy-updates/main curl 7.81.0-1ubuntu1.10 (tar) [4188 kB]
Get:3 http://ftp.riken.jp/Linux/ubuntu jammy-updates/main curl 7.81.0-1ubuntu1.10 (asc) [488 B]
Get:4 http://ftp.riken.jp/Linux/ubuntu jammy-updates/main curl 7.81.0-1ubuntu1.10 (diff) [65.2 kB]
Fetched 4257 kB in 1s (4613 kB/s)
dpkg-source: info: extracting curl in curl-7.81.0
dpkg-source: info: unpacking curl_7.81.0.orig.tar.gz
dpkg-source: info: unpacking curl_7.81.0-1ubuntu1.10.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 04_workaround_as_needed_bug.patch
dpkg-source: info: applying 06_always-disable-valgrind.patch
dpkg-source: info: applying 08_enable-zsh.patch
dpkg-source: info: applying 11_omit-directories-from-config.patch
dpkg-source: info: applying 13_fix-man-formatting.patch
dpkg-source: info: applying CVE-2022-22576.patch
dpkg-source: info: applying CVE-2022-27774-1.patch
dpkg-source: info: applying CVE-2022-27774-2.patch
dpkg-source: info: applying CVE-2022-27774-3.patch
dpkg-source: info: applying CVE-2022-27775.patch
dpkg-source: info: applying CVE-2022-27776.patch
dpkg-source: info: applying CVE-2022-27780.patch
dpkg-source: info: applying CVE-2022-27781.patch
dpkg-source: info: applying CVE-2022-27782.patch
dpkg-source: info: applying CVE-2022-32205.patch
dpkg-source: info: applying CVE-2022-32206.patch
dpkg-source: info: applying CVE-2022-32207.patch
dpkg-source: info: applying CVE-2022-32208.patch
dpkg-source: info: applying CVE-2022-35252.patch
dpkg-source: info: applying CVE-2022-32221.patch
dpkg-source: info: applying CVE-2022-42915.patch
dpkg-source: info: applying CVE-2022-42916.patch
dpkg-source: info: applying CVE-2022-43551.patch
dpkg-source: info: applying CVE-2022-43552.patch
dpkg-source: info: applying CVE-2023-23914_5-1.patch
dpkg-source: info: applying CVE-2023-23914_5-2.patch
dpkg-source: info: applying CVE-2023-23914_5-3.patch
dpkg-source: info: applying CVE-2023-23914_5-4.patch
dpkg-source: info: applying CVE-2023-23914_5-5.patch
dpkg-source: info: applying CVE-2023-23916-pre1.patch
dpkg-source: info: applying CVE-2023-23916.patch
dpkg-source: info: applying CVE-2023-27533.patch
dpkg-source: info: applying CVE-2023-27534-pre1.patch
dpkg-source: info: applying CVE-2023-27534.patch
dpkg-source: info: applying CVE-2023-27538.patch
dpkg-source: info: applying CVE-2023-27535-pre1.patch
dpkg-source: info: applying CVE-2023-27536.patch
dpkg-source: info: applying CVE-2023-27535.patch
dpkg-source: info: applying 90_gnutls.patch
dpkg-source: info: applying 99_nss.patch

2. debian/rules をみる

展開されたディレクトリの debian/rules に configure 設定が書いてあります

root@7073a24a73ad:/workspace# ls -hal curl-7.81.0/debian/rules 
-rwxr-xr-x 1 root root 5.1K Jan  5  2022 curl-7.81.0/debian/rules

curl-7.81.0/debian/rules の中身

CONFIGURE_ARGS = -- --disable-dependency-tracking        \
    --disable-symbol-hiding --enable-versioned-symbols  \
    --enable-threaded-resolver --with-lber-lib=lber     \
    --with-gssapi=/usr --with-nghttp2   \
    --includedir=/usr/include/$(DEB_HOST_MULTIARCH)     \
    --with-zsh-functions-dir=/usr/share/zsh/vendor-completions

# disable libssh2 on Ubuntu (see #888449)
ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
    CONFIGURE_ARGS += --with-libssh --without-libssh2
else
    CONFIGURE_ARGS += --without-libssh --with-libssh2
endif

%:
    dh $@

override_dh_auto_configure:
    mkdir -p debian/build debian/build-gnutls debian/build-nss
    # pop the last patch (nss)
    quilt pop
    # pop the second last patch (gnutls)
    quilt pop
    # get the source without nss and gnutls patches
    tar -cf - --exclude=debian/build* --exclude=.pc . \
        | tar -xf - -C debian/build
    # push the second last patch which must be gnutls
    quilt push
    # get the source with gnutls patch applied
    tar -cf - --exclude=debian/build* --exclude=.pc . \
        | tar -xf - -C debian/build-gnutls
    # push the last patch which must be nss
    quilt push
    # get the source with nss patch applied
    tar -cf - --exclude=debian/build* --exclude=.pc . \
        | tar -xf - -C debian/build-nss
    # run buildconf and make sure to copy the patched ltmain.sh
    for flavour in build build-gnutls build-nss; do \
        (cd debian/$$flavour && ./buildconf && cp ../../ltmain.sh .) \
    done
    cd debian/build && dh_auto_configure ${CONFIGURE_ARGS} --with-openssl \
        --with-ca-path=/etc/ssl/certs \
        --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
    cd debian/build-gnutls &&  dh_auto_configure ${CONFIGURE_ARGS} --with-gnutls  \
        --with-ca-path=/etc/ssl/certs               \
        --without-ssl --with-gnutls
    cd debian/build-nss && dh_auto_configure ${CONFIGURE_ARGS} --with-nss \
        --without-ssl --with-nss