Wind River Support Network


LIN5-19311 : lsof package pulls info from build machine

Created: Aug 25, 2014    Updated: Dec 19, 2017
Resolved Date: Sep 8, 2014
Found In Version:
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Build & Config


The lsof package creates a file called version.h that includes these macros that are set based on the development machine’s (in my case Ubuntu) environment:
LSOF_CCV - version of Ubuntu’s GCC
LSOF_CCFLAGS - flags to Ubuntu GCC
LSOF_HOST - build machine hostname
LSOF_LOGNAME - builder’s login name
LSOF_SYSINFO - build machine’s info
LSOF_USER - builder’s user name

This is invasive since it could build an executable with usernames and/or build machine names in them. At the very least, it makes an unreproducible binary unless the same user on the same host
builds it every time.

Steps to Reproduce

cat bitbake_build/tmp/work/atom-wrs-linux/lsof-4.85-r1/lsof_4.85_src/version.h

#define LSOF_CCV        "4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) "
#define LSOF_HOST       "ala-cvl1-lx1"
#define LSOF_LOGNAME    "username"
#define LSOF_SYSINFO    "Linux ala-cvl1-lx1 3.2.0-45-generic #70-Ubuntu SMP Wed May 29 20:12:06 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux"
#define LSOF_VERSION    "4.85"

Other Downloads

Live chat