summaryrefslogtreecommitdiffstats
path: root/debian/rules
blob: 9b3fa1286957bdd695ee65548318e66ea5ca2305 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
#!/usr/bin/make -f
SHELL = /bin/sh -e

export DEB_BUILD_MAINT_OPTIONS = hardening=+all
# Fast version of dpkg/architecture.mk defining all vars in one go
ifeq (${DEB_HOST_MULTIARCH},)
   $(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d))
endif
include /usr/share/dpkg/buildtools.mk
include /usr/share/dpkg/buildflags.mk
include /usr/share/dpkg/pkg-info.mk
include /usr/share/dpkg/vendor.mk
V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1)
WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \
	$(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS}))

# stop python from generating .pyc caches
export PYTHONDONTWRITEBYTECODE=1

ifeq (linux,${DEB_HOST_ARCH_OS})
ifneq (${DEB_HOST_GNU_TYPE},${DEB_BUILD_GNU_TYPE})
# for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd)
export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}
endif
endif

DESTDIR = ${CURDIR}/debian/tmp

LDB_EPOCH = 2:
LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2)
LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION}
LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION})
LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev

before-trixie := $(filter pkg.samba.before-trixie, ${DEB_BUILD_PROFILES})

omit-pkgs =

config-args = \
	--vendor-name=${DEB_VENDOR}-${DEB_VERSION_UPSTREAM_REVISION} \
	--prefix=/usr \
	--enable-fhs \
	--sysconfdir=/etc \
	--localstatedir=/var \
	--libexecdir=/usr/libexec \
	--libdir=/usr/lib/${DEB_HOST_MULTIARCH} \
	--datadir=/usr/share \
	--with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \
	--with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \
	--with-privatedir=/var/lib/samba/private \
	--with-smbpasswd-file=/etc/samba/smbpasswd \
	--with-piddir=/run/samba \
	--with-lockdir=/run/samba \
	--with-sockets-dir=/run/samba \
	--with-statedir=/var/lib/samba \
	--with-cachedir=/var/cache/samba \
	--with-pam \
	--with-syslog \
	--with-utmp \
	--with-winbind \
	--with-automount \
	--with-ldap \
	--with-ads \
	--with-gpgme \
	--enable-avahi \
	--enable-spotlight \
	--with-profiling-data \
	--disable-rpath --disable-rpath-install \
	--with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \
	--bundled-libraries=NONE,pytevent,ldb \
	\
	--with-cluster-support \
	--enable-etcd-reclock \
	--with-socketpath=/run/ctdb/ctdbd.socket \
	--with-logdir=/var/log/ctdb \

ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features

config-args += \
	--with-quota \
	--with-systemd \

endif

# Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules
ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386)
omit-pkgs += ctdb libpam-winbind samba samba-ad-dc samba-testsuite samba-vfs-modules samba-vfs-ceph samba-vfs-glusterfs
endif

ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH}))
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358
# on these platforms gcc does not link with -latomic, resulting in
#   third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal':
#   third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8'
#     ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id);
#   third_party/heimdal/lib/base/heimbase-atomics.h:
#     #include <stdatomic.h>
#     #define heim_base_atomic_load(x)        atomic_load((x))
# include a workaround for now
# (-latomic and <stdatomic.h> comes from gcc, --as-needed is already in use)
LDFLAGS += -latomic
endif

ifneq (,$(filter m68k ,${DEB_HOST_ARCH}))
# without this, build fails with multiple messages like:
# foo.s:NNN: Error: Adjusted signed .word (0xb64a) overflows: `switch'-statement too large.
# when building third_party/heimdal/lib/asn1/asn1_rfc2459_asn1.c (generated)
# It would be best to enable this switch for a single file only (where it is needed)
CFLAGS += -mlong-jump-table-offsets
endif

# build is done in bin/default/ subdir
CFLAGS += -ffile-prefix-map=../../=

# we had t64 transition (libsmbclient => libsmbclient0) for trixie
libsmbclient := $(if ${before-trixie},libsmbclient,libsmbclient0)

with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES})
ifneq (,${with_mitkrb5})
config-args += \
	--with-system-mitkrb5 \
	--with-experimental-mit-ad-dc \
	--with-system-mitkdc=/usr/sbin/krb5kdc
# samba packages will have its own version suffix
mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5
mitkrb5-dep-pkgs = samba-libs samba-dev
mitkrb5-dep-pkgs += samba samba-common-bin python3-samba
mitkrb5-dep-pkgs += samba-vfs-ceph samba-vfs-glusterfs
mitkrb5-dep-pkgs += samba-dsdb-modules
mitkrb5-dep-pkgs += ${libsmbclient} smbclient
mitkrb5-dep-pkgs += libnss-winbind libpam-winbind
mitkrb5-dep-pkgs += winbind libwbclient0
mitkrb5-dep-pkgs += samba-testsuite
mitkrb5-dep-pkgs += ctdb
else
mitkrb5-dep-pkgs =
endif

ifneq (,${omit-pkgs})
export DH_OPTIONS += $(addprefix -N, ${omit-pkgs})
endif
# ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS}
build-pkgs := $(shell dh_listpackages)

with-ceph := $(filter samba-vfs-ceph,${build-pkgs})
config-args += $(if ${with-ceph},\
	  --enable-cephfs --enable-ceph-reclock,\
	  --disable-cephfs)

binary binary-arch binary-indep \
install install-arch install-indep: %:
	dh $*

configure: bin/configured.stamp
.PHONY: configure
bin/configured.stamp:
	CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \
	CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
	PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \
	    ${WAF} -j1 -C configure ${config-args} || \
	  { $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; }
# #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html
	rm -f third_party/heimdal/lib/gssapi/gssapi.h
ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way
	[ -d third_party/heimdal-build-with-mitkrb5 ] || \
		mv third_party/heimdal third_party/heimdal-build-with-mitkrb5
endif
	touch $@

build-arch: bin/built.stamp
bin/built.stamp: bin/configured.stamp
# samba build system is designed so that default build (what is produced
# by waf build) supposed to be run directly from the build directory,
# with all the paths pointing there.  At the install stage, quite some
# recompilation/relinking is done again, to adopt to the actual install
# paths. There's no need (for now) to build samba to be run from the build
# directory, so we use `waf install' here instead of `waf build'.
# Build these two executables first, and build the install stage.
# This will pefrorm unnecessary/extra install step (into d/tmp), which
# we'll repeat during actual install stage, but this is definitely
# better/faster than building whole thing for _not_ running from the build dir.
	${WAF} $(if $V,-v) install --destdir="${DESTDIR}"
	touch $@
build-indep:
build: build-arch build-indep

##############  Tests ##############
# We should use separate build for tests since it requires configuration
# with --enable-selftest which is not compatible with production build.
# Since samba build system always builds in bin/, we save whole source
# into a subdir (testbuild/) and run everything from there.

testbuild/copied.stamp:
	rm -rf testbuild; mkdir testbuild
	cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/
# cleanup some files just in case, do not interfere with production build
	find testbuild -name __pycache__ -exec rm -rf {} +
	rm -f testbuild/compile_commands.json
	touch $@
testbuild/configured.stamp: testbuild/copied.stamp
	@echo "############## selftest configure ##############"
# allow some bundled "lib" for now just for the test build. Debian has them
# (libsocket-wrapper &Co), but let's just build the bundled ones. There's no
# good reason to use externally-packaged wrappers, they're small to build and
# we don't use them for production build, and extra versioned build-dep hurts.
	cd testbuild && \
	CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
	    ${WAF} -j1 -C configure --enable-selftest \
		$$(echo '${config-args}' | \
		   sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|')
# FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build)
	rm -f testbuild/selftest/knownfail.d/debian
	echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \
		>>testbuild/selftest/knownfail.d/debian
#	echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \
#		>>testbuild/selftest/knownfail.d/debian
	echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \
		>>testbuild/selftest/knownfail.d/debian
	echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \
		>>testbuild/selftest/knownfail.d/debian
	touch $@
selftest-quick: testbuild/configured.stamp
	@echo "############## selftest run ##############"
	cd testbuild && ${WAF} test --quick

override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick)

override_dh_auto_install-arch:
# the same "waf install" as in the build target
	${WAF} install --destdir="${DESTDIR}"
	# get list of files in build log
	find debian/tmp
	# Included in python-tevent?
	rm debian/tmp/usr/lib/python*/*-packages/_tevent.*
	rm debian/tmp/usr/lib/python*/*-packages/tevent.py
	# selftests: either not needed or should go to -testsuite
	rm -rf debian/tmp/usr/lib/python3/dist-packages/samba/tests/
	# pam stuff
	install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind
	mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/
	install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/
	install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba
	# install-and-rename docs for ctdb (also arch-specific)
	mkdir -p debian/tmp/ctdb
	install -p ctdb/config/events/README debian/tmp/ctdb/README.notification
	install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification
ifeq ($(DEB_HOST_ARCH_OS), hurd)
	install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd
endif
ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
	install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd
endif

# compatibility link. When ldb was built by its own it stored modules in
# /usr/lib/<triple>/ldb/modules/ldb/. Now as part of samba it stores modules in
# /usr/lib/<triple>/samba/ldb/.  Keep them together instead of d/*.{links,dirs}.
# (sssd 2.6.3-3 moved their module to the new location;
#  samba-dsdb-modules always had their modules in ..../samba/ldb/)
# This compat symlink should go away after bookworm
# (needed mostly for bullseye sssd)
	dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb
	dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \
	                  /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat

execute_after_dh_install:
# some vfs modules are in separate packages.  Removing them here avoids having
# explicit list of other modules in d/samba.install
	rm -f \
	    debian/samba/usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs*.so \
	    debian/samba/usr/share/man/man8/vfs_glusterfs*.8 \
	    debian/samba/usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/ceph*.so \
	    debian/samba/usr/share/man/man8/vfs_ceph*.8

provision-dest := debian/samba-ad-provision/usr/share/samba/setup

override_dh_auto_install-indep:
# only arch-all package is samba-common containing a few debian-specific files
# Most of files needs are renamed during install so lets put them
# directly into the right place without d/samba-common.install indirection
	# Debian goodies
	install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/
ifeq (${DEB_VENDOR}, Ubuntu)
	patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff
endif
	# we wrongly have pam file in samba-common instead of samba
	install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba

# install provision files (samba-ad-provision, source4/setup/)
	mkdir -p -m0755 ${provision-dest}
	cp -r --preserve=timestamps source4/setup/. ${provision-dest}
	rm -rf ${provision-dest}/tests
	rm -f	${provision-dest}/wscript* \
		${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif

override_dh_installpam:

# include a command only if the given package is being built
ifpkg = $(if $(filter ${1},${build-pkgs}),${2})

override_dh_installinit:
ifneq (,$(filter samba, ${build-pkgs}))
	dh_installinit -psamba --name smbd
	dh_installinit -psamba --name nmbd
	dh_installinit -psamba-ad-dc
endif
	$(call ifpkg, winbind, dh_installinit -pwinbind)
ifneq (,$(filter ctdb, ${build-pkgs}))
	install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb
	# Install dh scripts
	dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts
endif

override_dh_installsystemd:
ifneq (,$(filter samba, ${build-pkgs}))
	dh_installsystemd -psamba --name=smbd
	dh_installsystemd -psamba --name=nmbd
	dh_installsystemd -psamba-ad-dc
endif
	$(call ifpkg, winbind, dh_installsystemd -pwinbind)
	$(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade)

execute_after_dh_fixperms-arch:
	$(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper)

override_dh_makeshlibs:
	# generate symbols file with correct cpython suffix in there
	{ \
	    suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \
	    SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \
	    echo "libpyldb-util$${suff}.2 #PACKAGE# #MINVER#"; \
	    echo "* Build-Depends-Package: python3-ldb-dev" ; \
	    echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \
	    cat debian/python3-ldb.symbols.in; \
	} > debian/python3-ldb.symbols

	# create symbols and shlibs files in separate wrapper script
	# to deal with private libraries
	debian/genshlibs \
		$(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \
		$(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs})

	rm -f debian/python3-ldb.symbols

# depcheck package, dep1|dep2... -- dependencies which should NOT be there
depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \
	then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi

override_dh_shlibdeps:
# for specific executables/modules, put dependencies in separate variables
# to change Depends to Recommends for them in d/control
	dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \
	    -Xctdb_mutex_ceph_rados_helper
ifneq (,$(filter ctdb, ${build-pkgs}))
	echo "rados:Depends=" >> debian/ctdb.substvars
ifneq (${with-ceph},)
	dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \
	    debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper
endif
endif
# after shlibdeps run, check that we don't have wrong depdendencies
	$(call depcheck, samba-libs, samba|winbind|smbclient|ctdb)
	$(call depcheck, smbclient, samba|winbind|ctdb)
	$(call depcheck, ctdb, samba|winbind|smbclient)
	$(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff
	$(call depcheck, python3-samba, samba|winbind|ctdb)
	$(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb)
	$(call depcheck, ${libsmbclient}, samba|winbind|smbclient|ctdb)

override_dh_gencontrol:
	dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION}
ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs}))
	dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}"
endif
	dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}"
ifeq (,${before-trixie})
# run dh_movetousr only on trixie and up, not before
	dh_movetousr -plibpam-winbind -plibnss-winbind
endif

clean:
	# see also debian/clean
	dh_clean bin/ testbuild/
ifneq (,${with_mitkrb5})
	[ ! -d third_party/heimdal-build-with-mitkrb5 ] || \
		mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal
endif