summaryrefslogtreecommitdiffstats
path: root/debian/rules
blob: bada446a749788f64aa64a962508d96b8e9d1029 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/usr/bin/make -f
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.

export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1

export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE

export DPKG_GENSYMBOLS_CHECK_LEVEL := 4

include /usr/share/dpkg/default.mk

DEB_REVISION = $(call dpkg_late_eval,DEB_REVISION,echo '$(DEB_VERSION)' | sed -e 's/^.*-/-/')

# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1

COMMA = ,
ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
  NJOBS := -j $(subst parallel=,,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
endif

export arch = $(DEB_HOST_ARCH)

ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
EXTRA_FEATURES=--disable-linux-caps
endif

SED_NATIVE_PKCS11 := \
	sed -e 's,libisc\.,libisc-pkcs11.,g' \
	    -e 's,libisc-nosymtbl\.,libisc-pkcs11-nosymtbl.,g' \
	    -e 's,libdns\.,libdns-pkcs11.,g' \
	    -e 's,@CRYPTO@,@CRYPTO_PK11@,g' \
	    -e 's,ISC_INCLUDES,ISC_PKCS11_INCLUDES,g' \
	    -e 's,DNS_INCLUDES,DNS_PKCS11_INCLUDES,g' \
	    -e 's,\(dnssec-[^ ]*\)@EXEEXT@,\1-pkcs11@EXEEXT@,g' \
	    -e 's,/lib/isc/,/lib/isc-pkcs11/,g' \
	    -e 's,/lib/dns/,/lib/dns-pkcs11/,g' \
	    -e 's,named@EXEEXT@,named-pkcs11@EXEEXT@,g' \
	    -e 's,@CONTRIB_DLZ@,,g' \
	    -e 's,$${DLZDRIVER_INCLUDES} $${DBDRIVER_INCLUDES},,g' \
	    -e 's,$${DLZDRIVER_LIBS} $${DBDRIVER_LIBS},,g' \
	    -e 's,$${DLZDRIVER_OBJS} $${DBDRIVER_OBJS},,g' \
	    -e 's,$${DLZDRIVER_SRCS} $${DBDRIVER_SRCS},,g' \
	    -e 's,@DNS_CRYPTO_LIBS@,@DNS_CRYPTO_PK11_LIBS@,g'

%:
	dh $@ --with python3 --fail-missing --exclude=.la --exclude=lwresd --exclude=__pycache__

prepare_native_pkcs11:
	rm -rf bin/named-pkcs11 && cp -r bin/named bin/named-pkcs11
	rm -rf bin/dnssec-pkcs11 && cp -r bin/dnssec bin/dnssec-pkcs11
	rm -rf lib/isc-pkcs11 && cp -r lib/isc lib/isc-pkcs11
	rm -rf lib/dns-pkcs11 && cp -r lib/dns lib/dns-pkcs11
	$(SED_NATIVE_PKCS11) < bin/named/Makefile.in > bin/named-pkcs11/Makefile.in
	$(SED_NATIVE_PKCS11) < bin/dnssec/Makefile.in > bin/dnssec-pkcs11/Makefile.in
	$(SED_NATIVE_PKCS11) < lib/isc/Makefile.in > lib/isc-pkcs11/Makefile.in
	$(SED_NATIVE_PKCS11) < lib/dns/Makefile.in > lib/dns-pkcs11/Makefile.in

clean_native_pkcs11:
	rm -rf bin/named-pkcs11
	rm -rf bin/dnssec-pkcs11
	rm -rf lib/isc-pkcs11
	rm -rf lib/dns-pkcs11

prepare_version:
	if [ ! -f version.bak ]; then cp version version.bak; fi
	sed -i 's,^EXTENSIONS=.*$$,EXTENSIONS=$(DEB_REVISION)-$(DEB_VENDOR),' version

clean_version:
	if [ -f version.bak ]; then cp version.bak version; fi

override_dh_auto_test:
	dh_auto_test
	-make check
	-make test
	-make unit

override_dh_autoreconf: prepare_native_pkcs11 prepare_version
	dh_autoreconf

override_dh_auto_configure:
	debian/checkapi
	dh_auto_configure -B build -- \
		--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
		--sysconfdir=/etc/bind \
		--with-python=python3 \
		--localstatedir=/ \
		--enable-threads \
		--enable-largefile \
		--with-libtool \
		--enable-shared \
		--enable-static \
		--with-gost=no \
		--with-openssl=/usr \
		--with-gssapi=/usr \
		--disable-isc-spnego \
		--with-libidn2 \
		--with-libjson=/usr \
		--with-lmdb=/usr \
		--with-gnu-ld \
		--with-geoip=/usr \
		--with-atf=no \
		--enable-ipv6 \
		--enable-rrl \
		--enable-filter-aaaa \
		--enable-native-pkcs11 \
		--with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
		--with-randomdev=/dev/urandom \
		--enable-dnstap \
		--with-cmocka
		$(EXTRA_FEATURES)
	dh_auto_configure -B build-udeb -- \
		--sysconfdir=/etc/bind \
		--with-python=python3 \
		--localstatedir=/ \
		--disable-epoll \
		--disable-kqueue \
		--disable-devpoll \
		--disable-threads \
		--disable-linux-caps \
		--with-openssl=/usr \
		--without-libxml2 \
		--without-libjson \
		--without-lmdb \
		--enable-ipv6 \
		--enable-shared \
		--with-libtool \
		--with-gssapi=no \
		--disable-isc-spnego \
		--libdir=/lib/$(DEB_HOST_MULTIARCH) \
		--includedir=/usr/include/bind-export
	sh debian/apply-export-patch
	# no need to build these targets here
	sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
	sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
	cp lib/dns/dnstap.proto build/lib/dns
	cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11

override_dh_auto_build:
	dh_auto_build -B build
	dh_auto_build -B build-udeb

override_dh_auto_clean: clean_native_pkcs11 clean_version
	dh_auto_clean -B build
	dh_auto_clean -B build-udeb

override_dh_auto_install:
	dh_auto_install -B build      --destdir=$(CURDIR)/debian/tmp
	dh_auto_install -B build-udeb --destdir=$(CURDIR)/debian/tmp-udeb

override_dh_install:
	dh_install --exclude=.la --exclude=lwresd --exclude=__pycache__ --fail-missing

	# Fix symlink for export libs to be absolute
	for lib in `find debian/tmp-udeb/lib/$(DEB_HOST_MULTIARCH)/ -type l -name 'lib*-export.so.*'`; do \
	  lib=$$(basename $$lib); \
	  dev=$$(echo $$lib | sed 's/\.so\..*/.so/'); \
	  echo /lib/$(DEB_HOST_MULTIARCH)/$$lib /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
	  dh_link -plibbind-export-dev /lib/$(DEB_HOST_MULTIARCH)/$$lib \
	    /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
	done

	dh_apparmor -pbind9 --profile-name=usr.sbin.named

override_dh_systemd_enable:
	dh_systemd_enable -pbind9 --no-enable --name=bind9-resolvconf bind9-resolvconf.service
	dh_systemd_enable -pbind9 --no-enable --name=bind9-pkcs11 bind9-pkcs11.service
	dh_systemd_enable -pbind9 bind9.service

override_dh_makeshlibs: DNS_SOVER=$(shell debian/getapi dns)
override_dh_makeshlibs: IRS_SOVER=$(shell debian/getapi irs)
override_dh_makeshlibs: ISCCC_SOVER=$(shell debian/getapi isccc)
override_dh_makeshlibs: ISCCFG_SOVER=$(shell debian/getapi isccfg)
override_dh_makeshlibs: ISC_SOVER=$(shell debian/getapi isc)
override_dh_makeshlibs:
	dh_makeshlibs -plibdns-export$(DNS_SOVER) --add-udeb=libdns-export$(DNS_SOVER)-udeb
	dh_makeshlibs -plibirs-export$(IRS_SOVER) --add-udeb=libirs-export$(IRS_SOVER)-udeb
	dh_makeshlibs -plibisccc-export$(ISCCC_SOVER) --add-udeb=libisccc-export$(ISCCC_SOVER)-udeb
	dh_makeshlibs -plibisccfg-export$(ISCCFG_SOVER) --add-udeb=libisccfg-export$(ISCCFG_SOVER)-udeb
	dh_makeshlibs -plibisc-export$(ISC_SOVER) --add-udeb=libisc-export$(ISC_SOVER)-udeb
	dh_makeshlibs --remaining-packages

override_dh_shlibdeps:
	dh_shlibdeps
	# Downgrade libcrypto1.1-udeb dependency from 1.1.1 to 1.1.0
	# The udebs don't use any newer symbols, but due to them using
	# shlibs the dependency is generated anyway. This blocks migration
	# to testing until OpenSSL 1.1.1 is sorted out
	sed -i 's:libcrypto1.1-udeb (>= 1.1.1):libcrypto1.1-udeb (>= 1.1.0):' debian/*-udeb.substvars

.PHONY: prepare_native_pkcs11 clean_native_pkcs11