diff options
Diffstat (limited to '')
-rwxr-xr-x | debian/rules | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..44bac00 --- /dev/null +++ b/debian/rules @@ -0,0 +1,233 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS := hardening=+all + +include /usr/share/dpkg/default.mk + +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + RUN_TESTS := yes +else + RUN_TESTS := +endif + +ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + PARALLEL := +else + PARALLEL := \ + -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +endif + +ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) + CC := gcc + PKG_CONFIG = pkg-config +else + CC := $(DEB_HOST_GNU_TYPE)-gcc + PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config + RUN_TESTS := +endif + +# Change the version string to reflect distribution +SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' | sed -e 's/.*-//') + +UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu)) +ifeq ($(UBUNTU),yes) +DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games +else +DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games +endif +SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +ifeq ($(UBUNTU),yes) +server_recommends := ssh-import-id +else +server_recommends := +endif + +# Common path configuration. +confflags += --sysconfdir=/etc/ssh +confflags += --libexecdir=\$${prefix}/lib/openssh + +# Common build options. +confflags += --disable-strip +confflags += --with-mantype=doc +confflags += --with-4in6 +confflags += --with-privsep-path=/run/sshd +confflags += --with-pid-dir=/run + +# The Hurd needs libcrypt for res_query et al. +ifeq ($(DEB_HOST_ARCH_OS),hurd) +confflags += --with-libs=-lcrypt +endif + +# Avoid using libmd even if it's installed; see +# https://bugs.debian.org/982705. +confflags += ac_cv_header_sha2_h=false + +# Everything above here is common to the deb and udeb builds. +confflags_udeb := $(confflags) + +# Options specific to the deb build. +confflags += --with-tcp-wrappers +confflags += --with-pam +confflags += --with-libedit +confflags += --with-kerberos5=/usr +confflags += --with-ssl-engine +ifeq ($(DEB_HOST_ARCH_OS),linux) +confflags += --with-selinux +confflags += --with-audit=linux +confflags += --with-systemd +confflags += --with-security-key-builtin +endif + +# The deb build wants xauth; the udeb build doesn't. +confflags += --with-xauth=/usr/bin/xauth +confflags_udeb += --without-xauth + +# Default paths. The udeb build has /usr/games removed. +confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH) +confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Compiler flags. +cflags := $(CPPFLAGS) $(CFLAGS) +cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\" +cflags_udeb := -Os +cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\" +confflags += --with-cflags='$(cflags)' +confflags_udeb += --with-cflags='$(cflags_udeb)' + +# Linker flags. +confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))' +confflags_udeb += --with-ldflags='-Wl,--as-needed' + +ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386) + BUILD_PACKAGES += -Nopenssh-tests +endif + +%: + dh $@ --with=autoreconf,systemd,runit $(BUILD_PACKAGES) + +autoreconf: + autoreconf -f -i + cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./ + +override_dh_autoreconf-arch: + dh_autoreconf debian/rules -- autoreconf + +override_dh_autoreconf-indep: + +override_dh_auto_configure-arch: + dh_auto_configure -Bdebian/build-deb -- $(confflags) +ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),) + dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb) + # Avoid libnsl linkage. Ugh. + perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status + cd debian/build-udeb && ./config.status +endif + +override_dh_auto_configure-indep: + +override_dh_auto_build-arch: + $(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' + $(MAKE) -C debian/build-deb regress-prep + $(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries +ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),) + $(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen +endif + +ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),) + $(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG) +endif + +override_dh_auto_build-indep: + +override_dh_auto_test-arch: +ifeq ($(RUN_TESTS),yes) + $(MAKE) -C debian/build-deb unit compat-tests + $(MAKE) -C debian/keygen-test +endif + +override_dh_auto_test-indep: + +override_dh_auto_clean: + rm -rf debian/build-deb debian/build-udeb +ifeq ($(RUN_TESTS),yes) + $(MAKE) -C debian/keygen-test clean +endif + $(MAKE) -C contrib clean + +override_dh_auto_install-arch: + $(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys + +override_dh_auto_install-indep: + +override_dh_install-arch: + rm -f debian/tmp/etc/ssh/sshd_config + + dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing +ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),) + dh_install -popenssh-client-udeb -popenssh-server-udeb \ + --sourcedir=debian/build-udeb +endif + + # Remove version control tags to avoid unnecessary conffile + # resolution steps for administrators. + sed -i '/\$$OpenBSD:/d' \ + debian/openssh-server/etc/ssh/moduli \ + debian/openssh-client/etc/ssh/ssh_config + +# We'd like to use dh_install --fail-missing here, but that doesn't work +# well in combination with dh-exec: it complains that files generated by +# dh-exec for architecture-dependent packages aren't installed. +override_dh_install-indep: + rm -f debian/tmp/etc/ssh/sshd_config + dh_install + +override_dh_installdocs: + dh_installdocs -Nopenssh-server -Nopenssh-sftp-server + dh_installdocs -popenssh-server -popenssh-sftp-server \ + --link-doc=openssh-client + # Avoid breaking dh_installexamples later. + mkdir -p debian/openssh-server/usr/share/doc/openssh-client + +override_dh_systemd_enable: + dh_systemd_enable -popenssh-server --name ssh ssh.service + dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket + +override_dh_installinit: + dh_installinit -R --name ssh + +debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in +ifeq ($(DEB_HOST_ARCH_OS),linux) + sed 's/^@IF_KEYINIT@//' $< > $@ +else + sed '/^@IF_KEYINIT@/d' $< > $@ +endif + +override_dh_installpam: debian/openssh-server.sshd.pam + dh_installpam --name sshd + +override_dh_runit: + dh_runit -popenssh-server + +override_dh_fixperms-arch: + dh_fixperms + chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign + +# Tighten libssl dependencies to match the check in entropy.c. +override_dh_shlibdeps: + dh_shlibdeps + debian/adjust-openssl-dependencies + +override_dh_gencontrol: + dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)' + +debian/faq.html: + wget -O - http://www.openssh.com/faq.html | \ + sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \ + > debian/faq.html |