SBOM support for rust packages does not work in v2024pre

Affected images versions

v2024pre

Background

Rust packages are special since in order to build them sources of several other rust packages are used. For this reason, in order to properly support SBOM and report the binary license and copyright, this information needs to collected and processed. After the rebase on top of Debian Bookworm this support does not work properly.

This is probably (not confirmed) related to #360 (closed)

As reference, in v2024pre file bin2sources looks like

      {
        "comp_dir": "/usr/src/rustc-1.63.0/vendor/compiler_builtins",
        "comp_name": "/usr/src/rustc-1.63.0/vendor/compiler_builtins/src/lib.rs/@/compiler_builtins.8a76f262-cgu.58"
      }

but in v2023 it looks like

      {
        "comp_dir": "/usr/src/rustc-1.48.0/vendor/compiler_builtins",
        "comp_name": "/usr/src/rustc-1.48.0/vendor/compiler_builtins/src/lib.rs"
      }

see the addition of "/@/compiler_builtins.8a76f262-cgu.58" in v2024pre which seems to create noise.

Reproducibility

How often the issue is hit when repeating the test and changing nothing (same device, same image, etc.)?

Put the ✅ in the most appropriate entry:

1. ✅ always
2. often, but not always
3. rarely

Impact of bug

How severe is the bug? Does it render an image unbootable? Is it a security issue? Does it prevent specific applications from working? What is the impact? Does this bug affect a critical component? Does it cause something else to not work? How often is the bug likely to be found by a user? For example, every boot or once per year?

Attachments

Add further information about the environment in the form of attachments here. Attach plain text files from log output (from journalctl, systemctl, …) or long backtraces as attached files. If adding comments on the log is required create a new snippet and add the link to it here.

Screenshots and videos are usually useful for graphic issues.

Root cause

This is caused by an upstream change in https://gitlab.apertis.org/pkg/rustc 1.59.0 aimed to give each codegen unit a unique DWARF name. See https://github.com/rust-lang/rust/pull/92024

Outcomes

• pkg/debhelper!24 (closed)
• pkg/debhelper!26 (closed)
• pkg/debhelper!27 (merged)
• pkg/debhelper!28 (merged) Backport to v2024-updates

Management data

This section is for management only, it should be the last one in the description.

/cc @andrunko @em @Balasubramanian @sudarshan @wlozano

Phabricator link: https://phabricator.apertis.org/T10096