1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
#!/usr/bin/make -f
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE
export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
include /usr/share/dpkg/default.mk
DEB_REVISION = $(call dpkg_late_eval,DEB_REVISION,echo '$(DEB_VERSION)' | sed -e 's/^.*-/-/')
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
COMMA = ,
ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
NJOBS := -j $(subst parallel=,,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
endif
export arch = $(DEB_HOST_ARCH)
ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
EXTRA_FEATURES=--disable-linux-caps
endif
SED_NATIVE_PKCS11 := \
sed -e 's,libisc\.,libisc-pkcs11.,g' \
-e 's,libisc-nosymtbl\.,libisc-pkcs11-nosymtbl.,g' \
-e 's,libdns\.,libdns-pkcs11.,g' \
-e 's,@CRYPTO@,@CRYPTO_PK11@,g' \
-e 's,ISC_INCLUDES,ISC_PKCS11_INCLUDES,g' \
-e 's,DNS_INCLUDES,DNS_PKCS11_INCLUDES,g' \
-e 's,\(dnssec-[^ ]*\)@EXEEXT@,\1-pkcs11@EXEEXT@,g' \
-e 's,/lib/isc/,/lib/isc-pkcs11/,g' \
-e 's,/lib/dns/,/lib/dns-pkcs11/,g' \
-e 's,named@EXEEXT@,named-pkcs11@EXEEXT@,g' \
-e 's,@CONTRIB_DLZ@,,g' \
-e 's,$${DLZDRIVER_INCLUDES} $${DBDRIVER_INCLUDES},,g' \
-e 's,$${DLZDRIVER_LIBS} $${DBDRIVER_LIBS},,g' \
-e 's,$${DLZDRIVER_OBJS} $${DBDRIVER_OBJS},,g' \
-e 's,$${DLZDRIVER_SRCS} $${DBDRIVER_SRCS},,g' \
-e 's,@DNS_CRYPTO_LIBS@,@DNS_CRYPTO_PK11_LIBS@,g'
%:
dh $@ --with python3 --fail-missing --exclude=.la --exclude=lwresd --exclude=__pycache__
prepare_native_pkcs11:
rm -rf bin/named-pkcs11 && cp -r bin/named bin/named-pkcs11
rm -rf bin/dnssec-pkcs11 && cp -r bin/dnssec bin/dnssec-pkcs11
rm -rf lib/isc-pkcs11 && cp -r lib/isc lib/isc-pkcs11
rm -rf lib/dns-pkcs11 && cp -r lib/dns lib/dns-pkcs11
$(SED_NATIVE_PKCS11) < bin/named/Makefile.in > bin/named-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < bin/dnssec/Makefile.in > bin/dnssec-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < lib/isc/Makefile.in > lib/isc-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < lib/dns/Makefile.in > lib/dns-pkcs11/Makefile.in
clean_native_pkcs11:
rm -rf bin/named-pkcs11
rm -rf bin/dnssec-pkcs11
rm -rf lib/isc-pkcs11
rm -rf lib/dns-pkcs11
prepare_version:
if [ ! -f version.bak ]; then cp version version.bak; fi
sed -i 's,^EXTENSIONS=.*$$,EXTENSIONS=$(DEB_REVISION)-$(DEB_VENDOR),' version
clean_version:
if [ -f version.bak ]; then cp version.bak version; fi
override_dh_autoreconf: prepare_native_pkcs11 prepare_version
dh_autoreconf
override_dh_auto_configure:
debian/checkapi
dh_auto_configure -B build -- \
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--sysconfdir=/etc/bind \
--with-python=python3 \
--localstatedir=/ \
--enable-threads \
--enable-largefile \
--with-libtool \
--enable-shared \
--enable-static \
--with-gost=no \
--with-openssl=/usr \
--with-gssapi=/usr \
--disable-isc-spnego \
--with-libidn2 \
--with-libjson=/usr \
--with-lmdb=/usr \
--with-gnu-ld \
--with-geoip=/usr \
--with-atf=no \
--enable-ipv6 \
--enable-rrl \
--enable-filter-aaaa \
--enable-native-pkcs11 \
--with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
--with-randomdev=/dev/urandom \
--enable-dnstap \
$(EXTRA_FEATURES)
dh_auto_configure -B build-udeb -- \
--sysconfdir=/etc/bind \
--with-python=python3 \
--localstatedir=/ \
--disable-epoll \
--disable-kqueue \
--disable-devpoll \
--disable-threads \
--disable-linux-caps \
--with-openssl=/usr \
--without-libxml2 \
--without-libjson \
--without-lmdb \
--enable-ipv6 \
--enable-shared \
--with-libtool \
--with-gssapi=no \
--disable-isc-spnego \
--libdir=/lib/$(DEB_HOST_MULTIARCH) \
--includedir=/usr/include/bind-export
sh debian/apply-export-patch
# no need to build these targets here
sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
cp lib/dns/dnstap.proto build/lib/dns
cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11
override_dh_auto_build:
dh_auto_build -B build
dh_auto_build -B build-udeb
override_dh_auto_clean: clean_native_pkcs11 clean_version
dh_auto_clean -B build
dh_auto_clean -B build-udeb
override_dh_auto_install:
dh_auto_install -B build --destdir=$(CURDIR)/debian/tmp
dh_auto_install -B build-udeb --destdir=$(CURDIR)/debian/tmp-udeb
override_dh_install:
dh_install --exclude=.la --exclude=lwresd --exclude=__pycache__ --fail-missing
# Fix symlink for export libs to be absolute
for lib in `find debian/tmp-udeb/lib/$(DEB_HOST_MULTIARCH)/ -type l -name 'lib*-export.so.*'`; do \
lib=$$(basename $$lib); \
dev=$$(echo $$lib | sed 's/\.so\..*/.so/'); \
echo /lib/$(DEB_HOST_MULTIARCH)/$$lib /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
dh_link -plibbind-export-dev /lib/$(DEB_HOST_MULTIARCH)/$$lib \
/usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
done
dh_apparmor -pbind9 --profile-name=usr.sbin.named
override_dh_systemd_enable:
dh_systemd_enable -pbind9 --no-enable --name=bind9-resolvconf bind9-resolvconf.service
dh_systemd_enable -pbind9 --no-enable --name=bind9-pkcs11 bind9-pkcs11.service
dh_systemd_enable -pbind9 bind9.service
override_dh_makeshlibs: DNS_SOVER=$(shell debian/getapi dns)
override_dh_makeshlibs: IRS_SOVER=$(shell debian/getapi irs)
override_dh_makeshlibs: ISCCC_SOVER=$(shell debian/getapi isccc)
override_dh_makeshlibs: ISCCFG_SOVER=$(shell debian/getapi isccfg)
override_dh_makeshlibs: ISC_SOVER=$(shell debian/getapi isc)
override_dh_makeshlibs:
dh_makeshlibs -plibdns-export$(DNS_SOVER) --add-udeb=libdns-export$(DNS_SOVER)-udeb
dh_makeshlibs -plibirs-export$(IRS_SOVER) --add-udeb=libirs-export$(IRS_SOVER)-udeb
dh_makeshlibs -plibisccc-export$(ISCCC_SOVER) --add-udeb=libisccc-export$(ISCCC_SOVER)-udeb
dh_makeshlibs -plibisccfg-export$(ISCCFG_SOVER) --add-udeb=libisccfg-export$(ISCCFG_SOVER)-udeb
dh_makeshlibs -plibisc-export$(ISC_SOVER) --add-udeb=libisc-export$(ISC_SOVER)-udeb
dh_makeshlibs --remaining-packages
override_dh_shlibdeps:
dh_shlibdeps
# Downgrade libcrypto1.1-udeb dependency from 1.1.1 to 1.1.0
# The udebs don't use any newer symbols, but due to them using
# shlibs the dependency is generated anyway. This blocks migration
# to testing until OpenSSL 1.1.1 is sorted out
sed -i 's:libcrypto1.1-udeb (>= 1.1.1):libcrypto1.1-udeb (>= 1.1.0):' debian/*-udeb.substvars
.PHONY: prepare_native_pkcs11 clean_native_pkcs11
|
