diff options
Diffstat (limited to 'debian/rules')
-rwxr-xr-x | debian/rules | 415 |
1 files changed, 415 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..412ff76 --- /dev/null +++ b/debian/rules @@ -0,0 +1,415 @@ +#!/usr/bin/make -f +SHELL = /bin/sh -e + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# Fast version of dpkg/architecture.mk defining all vars in one go +ifeq (${DEB_HOST_MULTIARCH},) + $(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d)) +endif +include /usr/share/dpkg/buildtools.mk +include /usr/share/dpkg/buildflags.mk +include /usr/share/dpkg/pkg-info.mk +include /usr/share/dpkg/vendor.mk +V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1) +WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \ + $(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS})) + +ifeq (linux,${DEB_HOST_ARCH_OS}) +# for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd) +export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH} +endif + +DESTDIR = ${CURDIR}/debian/tmp + +LDB_EPOCH = 2: +LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2) +LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION} +LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION}) +LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev + +# #1021371: we only need the single "version" symbol LDB_2.4.4 in the library +# should be removed for bookworm+. Also LDB_2.4.4 in d/libldb2.symbols +EXTRA_ABI_VERSION_FILES = lib/ldb/ABI/ldb-2.4.4.sigs + +omit-pkgs = +with-glusterfs = +with-ceph = +with-snapper = + +config-args = \ + --prefix=/usr \ + --enable-fhs \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/libexec \ + --libdir=/usr/lib/${DEB_HOST_MULTIARCH} \ + --datadir=/usr/share \ + --with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \ + --with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \ + --with-privatedir=/var/lib/samba/private \ + --with-smbpasswd-file=/etc/samba/smbpasswd \ + --with-piddir=/run/samba \ + --with-lockdir=/run/samba \ + --with-sockets-dir=/run/samba \ + --with-statedir=/var/lib/samba \ + --with-cachedir=/var/cache/samba \ + --with-pam \ + --with-syslog \ + --with-utmp \ + --with-winbind \ + --with-automount \ + --with-ldap \ + --with-ads \ + --with-gpgme \ + --enable-avahi \ + --enable-spotlight \ + --with-profiling-data \ + --disable-rpath --disable-rpath-install \ + --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \ + --bundled-libraries=NONE,pytevent,ldb \ + \ + --with-cluster-support \ + --enable-etcd-reclock \ + --with-socketpath=/run/ctdb/ctdbd.socket \ + --with-logdir=/var/log/ctdb \ + +ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features +with-glusterfs = yes +with-ceph = yes +with-snapper = yes + +# Ceph is not available on all platforms +ifeq (,$(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH})) +with-ceph = +endif + +config-args += \ + --with-quota \ + \ + --with-systemd \ + --systemd-install-services \ + --with-systemddir=/lib/systemd/system \ + --systemd-smb-extra='ExecCondition=/usr/share/samba/is-configured smb' \ + --systemd-nmb-extra='ExecCondition=/usr/share/samba/is-configured nmb' \ + --systemd-winbind-extra='ExecCondition=/usr/share/samba/is-configured winbind' \ + --systemd-samba-extra='ExecCondition=/usr/share/samba/is-configured samba' \ + +endif + +# Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules +ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386) +omit-pkgs += ctdb libpam-winbind samba samba-testsuite samba-vfs-modules +with-ceph = +with-glusterfs = +endif + +ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH})) +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358 +# on these platforms gcc does not link with -latomic, resulting in +# third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal': +# third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8' +# ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id); +# third_party/heimdal/lib/base/heimbase-atomics.h: +# #include <stdatomic.h> +# #define heim_base_atomic_load(x) atomic_load((x)) +# include a workaround for now +# (-latomic and <stdatomic.h> comes from gcc, --as-needed is already in use) +LDFLAGS := ${LDFLAGS} -latomic +endif + +config-args += $(if ${with-ceph},\ + --enable-cephfs --enable-ceph-reclock,\ + --disable-cephfs) + +with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES}) +ifneq (,${with_mitkrb5}) +config-args += \ + --with-system-mitkrb5 \ + --with-experimental-mit-ad-dc \ + --with-system-mitkdc=/usr/sbin/krb5kdc +# samba packages will have its own version suffix +mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5 +mitkrb5-dep-pkgs = samba-libs samba-dev +mitkrb5-dep-pkgs += samba samba-common-bin python3-samba +mitkrb5-dep-pkgs += samba-dsdb-modules samba-vfs-modules +mitkrb5-dep-pkgs += libsmbclient smbclient +mitkrb5-dep-pkgs += libnss-winbind libpam-winbind +mitkrb5-dep-pkgs += winbind +mitkrb5-dep-pkgs += samba-testsuite +mitkrb5-dep-pkgs += ctdb +else +mitkrb5-dep-pkgs = +endif + +ifneq (,${omit-pkgs}) +export DH_OPTIONS += $(addprefix -N, ${omit-pkgs}) +endif +# ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS} +build-pkgs := $(shell dh_listpackages) + +binary binary-arch binary-indep \ +install install-arch install-indep: %: + dh $* + +configure: bin/configured.stamp +.PHONY: configure +bin/configured.stamp: +# branding + if [ ! -f VERSION.orig ]; then \ + mv VERSION VERSION.orig; \ + sed -r -e 's/^(SAMBA_VERSION_VENDOR_SUFFIX).*/\1=${DEB_VENDOR}/' \ + VERSION.orig > VERSION; \ + fi + CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \ + CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ + PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \ + ${WAF} -j1 -C configure ${config-args} || \ + { $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; } +# #1021371: we only need the single "version" symbol LDB_2.4.4 in the library + touch ${EXTRA_ABI_VERSION_FILES} +# #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html + rm -f third_party/heimdal/lib/gssapi/gssapi.h +ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way + [ -d third_party/heimdal-build-with-mitkrb5 ] || \ + mv third_party/heimdal third_party/heimdal-build-with-mitkrb5 +endif + touch $@ + +build-arch: bin/built.stamp +bin/built.stamp: bin/configured.stamp +# samba build system is designed so that default build (what is produced +# by waf build) supposed to be run directly from the build directory, +# with all the paths pointing there. At the install stage, quite some +# recompilation/relinking is done again, to adopt to the actual install +# paths. There's no need (for now) to build samba to be run from the build +# directory, so we use `waf install' here instead of `waf build'. +# Build these two executables first, and build the install stage. +# This will pefrorm unnecessary/extra install step (into d/tmp), which +# we'll repeat during actual install stage, but this is definitely +# better/faster than building whole thing for _not_ running from the build dir. + ${WAF} $(if $V,-v) install --destdir="${DESTDIR}" + touch $@ +build-indep: +build: build-arch build-indep + +############## Tests ############## +# We should use separate build for tests since it requires configuration +# with --enable-selftest which is not compatible with production build. +# Since samba build system always builds in bin/, we save whole source +# into a subdir (testbuild/) and run everything from there. + +testbuild/copied.stamp: + rm -rf testbuild; mkdir testbuild + cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/ +# cleanup some files just in case, do not interfere with production build + find testbuild -name __pycache__ -exec rm -rf {} + + rm -f testbuild/compile_commands.json + touch $@ +testbuild/configured.stamp: testbuild/copied.stamp + @echo "############## selftest configure ##############" +# allow some bundled "lib" for now just for the test build. Debian has them +# (libsocket-wrapper &Co), but let's just build the bundled ones. There's no +# good reason to use externally-packaged wrappers, they're small to build and +# we don't use them for production build, and extra versioned build-dep hurts. + cd testbuild && \ + CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ + ${WAF} -j1 -C configure --enable-selftest \ + $$(echo '${config-args}' | \ + sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|') +# FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build) + rm -f testbuild/selftest/knownfail.d/debian + echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \ + >>testbuild/selftest/knownfail.d/debian +# echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \ +# >>testbuild/selftest/knownfail.d/debian + echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \ + >>testbuild/selftest/knownfail.d/debian + echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \ + >>testbuild/selftest/knownfail.d/debian + touch $@ +selftest-quick: testbuild/configured.stamp + @echo "############## selftest run ##############" + cd testbuild && ${WAF} test --quick + +override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick) + +override_dh_auto_install-arch: +# the same "waf install" as in the build target + ${WAF} install --destdir="${DESTDIR}" + # get list of files in build log + find debian/tmp + # Included in python-tevent? + rm debian/tmp/usr/lib/python*/*-packages/_tevent.* + rm debian/tmp/usr/lib/python*/*-packages/tevent.py + # pam stuff + install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind + mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/ + # Debian goodies to set global option in smb.conf and add a share + install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/ + install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/ + install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/ + install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba + install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/ +ifeq ($(DEB_HOST_ARCH_OS), linux) +# Services fixups. Historically, debian used smbd, nmbd and samba-ad-dc service names. +# Upstream samba used names smb, nmb and samba. +# We can not easily rename them now (need to rename possible overrides and drop-ins), +# but we can provide synonyms + mv debian/tmp/lib/systemd/system/nmb.service debian/tmp/lib/systemd/system/nmbd.service + ln -s nmbd.service debian/tmp/lib/systemd/system/nmb.service + mv debian/tmp/lib/systemd/system/smb.service debian/tmp/lib/systemd/system/smbd.service + ln -s smbd.service debian/tmp/lib/systemd/system/smb.service + mv debian/tmp/lib/systemd/system/samba.service debian/tmp/lib/systemd/system/samba-ad-dc.service + ln -s samba-ad-dc.service debian/tmp/lib/systemd/system/samba.service + sed -i \ + -e 's|/etc/sysconfig/|/etc/default/|' \ + -e 's|nmb\.service|nmbd.service|' \ + -e 's|smb\.service|smbd.service|' \ + -e 's|samba\.service|samba-ad-dc.service|' \ + debian/tmp/lib/systemd/system/nmbd.service \ + debian/tmp/lib/systemd/system/samba-ad-dc.service \ + debian/tmp/lib/systemd/system/smbd.service \ + debian/tmp/lib/systemd/system/winbind.service +endif + # install-and-rename docs for ctdb (also arch-specific) + mkdir -p debian/tmp/ctdb + install -p ctdb/config/events/README debian/tmp/ctdb/README.notification + install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification +ifeq ($(DEB_HOST_ARCH_OS), hurd) + install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd +endif +ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) + install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd +endif + +# compatibility link. When ldb was built by its own it stored modules in +# /usr/lib/<triple>/ldb/modules/ldb/. Now as part of samba it stores modules in +# /usr/lib/<triple>/samba/ldb/. Keep them together instead of d/*.{links,dirs}. +# (sssd 2.6.3-3 moved their module to the new location; +# samba-dsdb-modules always had their modules in ..../samba/ldb/) +# This compat symlink should go away after bookworm +# (needed mostly for bullseye sssd) + dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb + dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \ + /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat + +provision-dest := debian/samba-ad-provision/usr/share/samba/setup + +override_dh_auto_install-indep: +# only arch-all package is samba-common containing a few debian-specific files +# Most of files needs are renamed during install so lets put them +# directly into the right place without d/samba-common.install indirection + # Debian goodies + install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/ +ifeq (${DEB_VENDOR}, Ubuntu) + patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff +endif + install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/ + install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/ + install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/ + install -Dp -m0755 debian/samba-common.dhcp debian/samba-common/etc/dhcp/dhclient-enter-hooks.d/samba + # we wrongly have pam file in samba-common instead of samba + install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba + +# install provision files (samba-ad-provision, source4/setup/) + mkdir -p -m0755 ${provision-dest} + cp -r --preserve=timestamps source4/setup/. ${provision-dest} + rm -rf ${provision-dest}/tests + rm -f ${provision-dest}/wscript* \ + ${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif + +override_dh_installpam: + +# include a command only if the given package is being built +ifpkg = $(if $(filter ${1},${build-pkgs}),${2}) + +override_dh_installinit: +ifneq (,$(filter samba, ${build-pkgs})) + dh_installinit -psamba --name smbd + dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler + dh_installinit -psamba --name samba-ad-dc +endif + $(call ifpkg, winbind, dh_installinit -pwinbind) +ifneq (,$(filter ctdb, ${build-pkgs})) + install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb + # Install dh scripts + dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts +endif + +override_dh_installsystemd: + $(call ifpkg, samba, dh_installsystemd -psamba) + $(call ifpkg, winbind, dh_installsystemd -pwinbind) + $(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade) + +execute_after_dh_fixperms-arch: + $(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper) + +override_dh_makeshlibs: + # generate symbols file with correct cpython suffix in there + { \ + suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \ + SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \ + echo "libpyldb-util$${suff}.2 python3-ldb #MINVER#"; \ + echo "* Build-Depends-Package: python3-ldb-dev" ; \ + echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \ + cat debian/python3-ldb.symbols.in; \ + } > debian/python3-ldb.symbols + + # create symbols and shlibs files in separate wrapper script + # to deal with private libraries + debian/genshlibs \ + $(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \ + $(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs}) + + rm -f debian/python3-ldb.symbols + +# depcheck package, dep1|dep2... -- dependencies which should NOT be there +depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \ + then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi + +override_dh_shlibdeps: +# for specific executables/modules, put dependencies in separate variables +# to change Depends to Recommends for them in d/control + dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \ + -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper +ifneq (,$(filter ctdb, ${build-pkgs})) + echo "rados:Depends=" >> debian/ctdb.substvars +ifneq (${with-ceph},) + dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \ + debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper +endif +endif +ifneq (,$(filter samba-vfs-modules,${build-pkgs})) + echo "vfsmods:Depends=" >> debian/samba-vfs-modules.substvars +ifneq (${with-snapper}${with-ceph}${with-glusterfs},) + dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \ + $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \ + $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \ + $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so) +endif +endif +# after shlibdeps run, check that we don't have wrong depdendencies + $(call depcheck, samba-libs, samba|winbind|smbclient|ctdb) + $(call depcheck, smbclient, samba|winbind|ctdb) + $(call depcheck, ctdb, samba|winbind|smbclient) + $(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff + $(call depcheck, python3-samba, samba|winbind|ctdb) + $(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb) + $(call depcheck, libsmbclient, samba|winbind|smbclient|ctdb) + +override_dh_gencontrol: + dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION} +ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) + dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}" +endif + dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}" + +clean: + # see also debian/clean + dh_clean bin/ testbuild/ + rm -f ${EXTRA_ABI_VERSION_FILES} + [ ! -f VERSION.orig ] || mv -f VERSION.orig VERSION +ifneq (,${with_mitkrb5}) + [ ! -d third_party/heimdal-build-with-mitkrb5 ] || \ + mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal +endif |