summaryrefslogtreecommitdiffstats
path: root/debian/rules
diff options
context:
space:
mode:
Diffstat (limited to 'debian/rules')
-rwxr-xr-xdebian/rules415
1 files changed, 415 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..412ff76
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,415 @@
+#!/usr/bin/make -f
+SHELL = /bin/sh -e
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+# Fast version of dpkg/architecture.mk defining all vars in one go
+ifeq (${DEB_HOST_MULTIARCH},)
+ $(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d))
+endif
+include /usr/share/dpkg/buildtools.mk
+include /usr/share/dpkg/buildflags.mk
+include /usr/share/dpkg/pkg-info.mk
+include /usr/share/dpkg/vendor.mk
+V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1)
+WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \
+ $(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
+
+ifeq (linux,${DEB_HOST_ARCH_OS})
+# for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd)
+export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}
+endif
+
+DESTDIR = ${CURDIR}/debian/tmp
+
+LDB_EPOCH = 2:
+LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2)
+LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION}
+LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION})
+LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev
+
+# #1021371: we only need the single "version" symbol LDB_2.4.4 in the library
+# should be removed for bookworm+. Also LDB_2.4.4 in d/libldb2.symbols
+EXTRA_ABI_VERSION_FILES = lib/ldb/ABI/ldb-2.4.4.sigs
+
+omit-pkgs =
+with-glusterfs =
+with-ceph =
+with-snapper =
+
+config-args = \
+ --prefix=/usr \
+ --enable-fhs \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/libexec \
+ --libdir=/usr/lib/${DEB_HOST_MULTIARCH} \
+ --datadir=/usr/share \
+ --with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \
+ --with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \
+ --with-privatedir=/var/lib/samba/private \
+ --with-smbpasswd-file=/etc/samba/smbpasswd \
+ --with-piddir=/run/samba \
+ --with-lockdir=/run/samba \
+ --with-sockets-dir=/run/samba \
+ --with-statedir=/var/lib/samba \
+ --with-cachedir=/var/cache/samba \
+ --with-pam \
+ --with-syslog \
+ --with-utmp \
+ --with-winbind \
+ --with-automount \
+ --with-ldap \
+ --with-ads \
+ --with-gpgme \
+ --enable-avahi \
+ --enable-spotlight \
+ --with-profiling-data \
+ --disable-rpath --disable-rpath-install \
+ --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \
+ --bundled-libraries=NONE,pytevent,ldb \
+ \
+ --with-cluster-support \
+ --enable-etcd-reclock \
+ --with-socketpath=/run/ctdb/ctdbd.socket \
+ --with-logdir=/var/log/ctdb \
+
+ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features
+with-glusterfs = yes
+with-ceph = yes
+with-snapper = yes
+
+# Ceph is not available on all platforms
+ifeq (,$(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}))
+with-ceph =
+endif
+
+config-args += \
+ --with-quota \
+ \
+ --with-systemd \
+ --systemd-install-services \
+ --with-systemddir=/lib/systemd/system \
+ --systemd-smb-extra='ExecCondition=/usr/share/samba/is-configured smb' \
+ --systemd-nmb-extra='ExecCondition=/usr/share/samba/is-configured nmb' \
+ --systemd-winbind-extra='ExecCondition=/usr/share/samba/is-configured winbind' \
+ --systemd-samba-extra='ExecCondition=/usr/share/samba/is-configured samba' \
+
+endif
+
+# Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules
+ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386)
+omit-pkgs += ctdb libpam-winbind samba samba-testsuite samba-vfs-modules
+with-ceph =
+with-glusterfs =
+endif
+
+ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH}))
+# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358
+# on these platforms gcc does not link with -latomic, resulting in
+# third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal':
+# third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8'
+# ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id);
+# third_party/heimdal/lib/base/heimbase-atomics.h:
+# #include <stdatomic.h>
+# #define heim_base_atomic_load(x) atomic_load((x))
+# include a workaround for now
+# (-latomic and <stdatomic.h> comes from gcc, --as-needed is already in use)
+LDFLAGS := ${LDFLAGS} -latomic
+endif
+
+config-args += $(if ${with-ceph},\
+ --enable-cephfs --enable-ceph-reclock,\
+ --disable-cephfs)
+
+with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES})
+ifneq (,${with_mitkrb5})
+config-args += \
+ --with-system-mitkrb5 \
+ --with-experimental-mit-ad-dc \
+ --with-system-mitkdc=/usr/sbin/krb5kdc
+# samba packages will have its own version suffix
+mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5
+mitkrb5-dep-pkgs = samba-libs samba-dev
+mitkrb5-dep-pkgs += samba samba-common-bin python3-samba
+mitkrb5-dep-pkgs += samba-dsdb-modules samba-vfs-modules
+mitkrb5-dep-pkgs += libsmbclient smbclient
+mitkrb5-dep-pkgs += libnss-winbind libpam-winbind
+mitkrb5-dep-pkgs += winbind
+mitkrb5-dep-pkgs += samba-testsuite
+mitkrb5-dep-pkgs += ctdb
+else
+mitkrb5-dep-pkgs =
+endif
+
+ifneq (,${omit-pkgs})
+export DH_OPTIONS += $(addprefix -N, ${omit-pkgs})
+endif
+# ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS}
+build-pkgs := $(shell dh_listpackages)
+
+binary binary-arch binary-indep \
+install install-arch install-indep: %:
+ dh $*
+
+configure: bin/configured.stamp
+.PHONY: configure
+bin/configured.stamp:
+# branding
+ if [ ! -f VERSION.orig ]; then \
+ mv VERSION VERSION.orig; \
+ sed -r -e 's/^(SAMBA_VERSION_VENDOR_SUFFIX).*/\1=${DEB_VENDOR}/' \
+ VERSION.orig > VERSION; \
+ fi
+ CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \
+ CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
+ PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \
+ ${WAF} -j1 -C configure ${config-args} || \
+ { $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; }
+# #1021371: we only need the single "version" symbol LDB_2.4.4 in the library
+ touch ${EXTRA_ABI_VERSION_FILES}
+# #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html
+ rm -f third_party/heimdal/lib/gssapi/gssapi.h
+ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way
+ [ -d third_party/heimdal-build-with-mitkrb5 ] || \
+ mv third_party/heimdal third_party/heimdal-build-with-mitkrb5
+endif
+ touch $@
+
+build-arch: bin/built.stamp
+bin/built.stamp: bin/configured.stamp
+# samba build system is designed so that default build (what is produced
+# by waf build) supposed to be run directly from the build directory,
+# with all the paths pointing there. At the install stage, quite some
+# recompilation/relinking is done again, to adopt to the actual install
+# paths. There's no need (for now) to build samba to be run from the build
+# directory, so we use `waf install' here instead of `waf build'.
+# Build these two executables first, and build the install stage.
+# This will pefrorm unnecessary/extra install step (into d/tmp), which
+# we'll repeat during actual install stage, but this is definitely
+# better/faster than building whole thing for _not_ running from the build dir.
+ ${WAF} $(if $V,-v) install --destdir="${DESTDIR}"
+ touch $@
+build-indep:
+build: build-arch build-indep
+
+############## Tests ##############
+# We should use separate build for tests since it requires configuration
+# with --enable-selftest which is not compatible with production build.
+# Since samba build system always builds in bin/, we save whole source
+# into a subdir (testbuild/) and run everything from there.
+
+testbuild/copied.stamp:
+ rm -rf testbuild; mkdir testbuild
+ cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/
+# cleanup some files just in case, do not interfere with production build
+ find testbuild -name __pycache__ -exec rm -rf {} +
+ rm -f testbuild/compile_commands.json
+ touch $@
+testbuild/configured.stamp: testbuild/copied.stamp
+ @echo "############## selftest configure ##############"
+# allow some bundled "lib" for now just for the test build. Debian has them
+# (libsocket-wrapper &Co), but let's just build the bundled ones. There's no
+# good reason to use externally-packaged wrappers, they're small to build and
+# we don't use them for production build, and extra versioned build-dep hurts.
+ cd testbuild && \
+ CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
+ ${WAF} -j1 -C configure --enable-selftest \
+ $$(echo '${config-args}' | \
+ sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|')
+# FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build)
+ rm -f testbuild/selftest/knownfail.d/debian
+ echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \
+ >>testbuild/selftest/knownfail.d/debian
+# echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \
+# >>testbuild/selftest/knownfail.d/debian
+ echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \
+ >>testbuild/selftest/knownfail.d/debian
+ echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \
+ >>testbuild/selftest/knownfail.d/debian
+ touch $@
+selftest-quick: testbuild/configured.stamp
+ @echo "############## selftest run ##############"
+ cd testbuild && ${WAF} test --quick
+
+override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick)
+
+override_dh_auto_install-arch:
+# the same "waf install" as in the build target
+ ${WAF} install --destdir="${DESTDIR}"
+ # get list of files in build log
+ find debian/tmp
+ # Included in python-tevent?
+ rm debian/tmp/usr/lib/python*/*-packages/_tevent.*
+ rm debian/tmp/usr/lib/python*/*-packages/tevent.py
+ # pam stuff
+ install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind
+ mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/
+ # Debian goodies to set global option in smb.conf and add a share
+ install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/
+ install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/
+ install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/
+ install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba
+ install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/
+ifeq ($(DEB_HOST_ARCH_OS), linux)
+# Services fixups. Historically, debian used smbd, nmbd and samba-ad-dc service names.
+# Upstream samba used names smb, nmb and samba.
+# We can not easily rename them now (need to rename possible overrides and drop-ins),
+# but we can provide synonyms
+ mv debian/tmp/lib/systemd/system/nmb.service debian/tmp/lib/systemd/system/nmbd.service
+ ln -s nmbd.service debian/tmp/lib/systemd/system/nmb.service
+ mv debian/tmp/lib/systemd/system/smb.service debian/tmp/lib/systemd/system/smbd.service
+ ln -s smbd.service debian/tmp/lib/systemd/system/smb.service
+ mv debian/tmp/lib/systemd/system/samba.service debian/tmp/lib/systemd/system/samba-ad-dc.service
+ ln -s samba-ad-dc.service debian/tmp/lib/systemd/system/samba.service
+ sed -i \
+ -e 's|/etc/sysconfig/|/etc/default/|' \
+ -e 's|nmb\.service|nmbd.service|' \
+ -e 's|smb\.service|smbd.service|' \
+ -e 's|samba\.service|samba-ad-dc.service|' \
+ debian/tmp/lib/systemd/system/nmbd.service \
+ debian/tmp/lib/systemd/system/samba-ad-dc.service \
+ debian/tmp/lib/systemd/system/smbd.service \
+ debian/tmp/lib/systemd/system/winbind.service
+endif
+ # install-and-rename docs for ctdb (also arch-specific)
+ mkdir -p debian/tmp/ctdb
+ install -p ctdb/config/events/README debian/tmp/ctdb/README.notification
+ install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification
+ifeq ($(DEB_HOST_ARCH_OS), hurd)
+ install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd
+endif
+ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
+ install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd
+endif
+
+# compatibility link. When ldb was built by its own it stored modules in
+# /usr/lib/<triple>/ldb/modules/ldb/. Now as part of samba it stores modules in
+# /usr/lib/<triple>/samba/ldb/. Keep them together instead of d/*.{links,dirs}.
+# (sssd 2.6.3-3 moved their module to the new location;
+# samba-dsdb-modules always had their modules in ..../samba/ldb/)
+# This compat symlink should go away after bookworm
+# (needed mostly for bullseye sssd)
+ dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb
+ dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \
+ /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat
+
+provision-dest := debian/samba-ad-provision/usr/share/samba/setup
+
+override_dh_auto_install-indep:
+# only arch-all package is samba-common containing a few debian-specific files
+# Most of files needs are renamed during install so lets put them
+# directly into the right place without d/samba-common.install indirection
+ # Debian goodies
+ install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/
+ifeq (${DEB_VENDOR}, Ubuntu)
+ patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff
+endif
+ install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/
+ install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/
+ install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/
+ install -Dp -m0755 debian/samba-common.dhcp debian/samba-common/etc/dhcp/dhclient-enter-hooks.d/samba
+ # we wrongly have pam file in samba-common instead of samba
+ install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba
+
+# install provision files (samba-ad-provision, source4/setup/)
+ mkdir -p -m0755 ${provision-dest}
+ cp -r --preserve=timestamps source4/setup/. ${provision-dest}
+ rm -rf ${provision-dest}/tests
+ rm -f ${provision-dest}/wscript* \
+ ${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif
+
+override_dh_installpam:
+
+# include a command only if the given package is being built
+ifpkg = $(if $(filter ${1},${build-pkgs}),${2})
+
+override_dh_installinit:
+ifneq (,$(filter samba, ${build-pkgs}))
+ dh_installinit -psamba --name smbd
+ dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler
+ dh_installinit -psamba --name samba-ad-dc
+endif
+ $(call ifpkg, winbind, dh_installinit -pwinbind)
+ifneq (,$(filter ctdb, ${build-pkgs}))
+ install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb
+ # Install dh scripts
+ dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts
+endif
+
+override_dh_installsystemd:
+ $(call ifpkg, samba, dh_installsystemd -psamba)
+ $(call ifpkg, winbind, dh_installsystemd -pwinbind)
+ $(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade)
+
+execute_after_dh_fixperms-arch:
+ $(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper)
+
+override_dh_makeshlibs:
+ # generate symbols file with correct cpython suffix in there
+ { \
+ suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \
+ SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \
+ echo "libpyldb-util$${suff}.2 python3-ldb #MINVER#"; \
+ echo "* Build-Depends-Package: python3-ldb-dev" ; \
+ echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \
+ cat debian/python3-ldb.symbols.in; \
+ } > debian/python3-ldb.symbols
+
+ # create symbols and shlibs files in separate wrapper script
+ # to deal with private libraries
+ debian/genshlibs \
+ $(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \
+ $(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs})
+
+ rm -f debian/python3-ldb.symbols
+
+# depcheck package, dep1|dep2... -- dependencies which should NOT be there
+depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \
+ then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi
+
+override_dh_shlibdeps:
+# for specific executables/modules, put dependencies in separate variables
+# to change Depends to Recommends for them in d/control
+ dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \
+ -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
+ifneq (,$(filter ctdb, ${build-pkgs}))
+ echo "rados:Depends=" >> debian/ctdb.substvars
+ifneq (${with-ceph},)
+ dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \
+ debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper
+endif
+endif
+ifneq (,$(filter samba-vfs-modules,${build-pkgs}))
+ echo "vfsmods:Depends=" >> debian/samba-vfs-modules.substvars
+ifneq (${with-snapper}${with-ceph}${with-glusterfs},)
+ dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \
+ $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \
+ $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \
+ $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so)
+endif
+endif
+# after shlibdeps run, check that we don't have wrong depdendencies
+ $(call depcheck, samba-libs, samba|winbind|smbclient|ctdb)
+ $(call depcheck, smbclient, samba|winbind|ctdb)
+ $(call depcheck, ctdb, samba|winbind|smbclient)
+ $(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff
+ $(call depcheck, python3-samba, samba|winbind|ctdb)
+ $(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb)
+ $(call depcheck, libsmbclient, samba|winbind|smbclient|ctdb)
+
+override_dh_gencontrol:
+ dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION}
+ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs}))
+ dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}"
+endif
+ dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}"
+
+clean:
+ # see also debian/clean
+ dh_clean bin/ testbuild/
+ rm -f ${EXTRA_ABI_VERSION_FILES}
+ [ ! -f VERSION.orig ] || mv -f VERSION.orig VERSION
+ifneq (,${with_mitkrb5})
+ [ ! -d third_party/heimdal-build-with-mitkrb5 ] || \
+ mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal
+endif