1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
|
#!/usr/bin/make -f
SHELL = /bin/sh -e
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
# Fast version of dpkg/architecture.mk defining all vars in one go
ifeq (${DEB_HOST_MULTIARCH},)
$(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d))
endif
include /usr/share/dpkg/buildtools.mk
include /usr/share/dpkg/buildflags.mk
include /usr/share/dpkg/pkg-info.mk
include /usr/share/dpkg/vendor.mk
V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1)
WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \
$(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
# stop python from generating .pyc caches
export PYTHONDONTWRITEBYTECODE=1
ifeq (linux,${DEB_HOST_ARCH_OS})
ifneq (${DEB_HOST_GNU_TYPE},${DEB_BUILD_GNU_TYPE})
# for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd)
export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}
endif
endif
DESTDIR = ${CURDIR}/debian/tmp
LDB_EPOCH = 2:
LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2)
LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION}
LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION})
LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev
omit-pkgs =
with-glusterfs =
with-ceph =
with-snapper =
config-args = \
--prefix=/usr \
--enable-fhs \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=/usr/libexec \
--libdir=/usr/lib/${DEB_HOST_MULTIARCH} \
--datadir=/usr/share \
--with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \
--with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \
--with-privatedir=/var/lib/samba/private \
--with-smbpasswd-file=/etc/samba/smbpasswd \
--with-piddir=/run/samba \
--with-lockdir=/run/samba \
--with-sockets-dir=/run/samba \
--with-statedir=/var/lib/samba \
--with-cachedir=/var/cache/samba \
--with-pam \
--with-syslog \
--with-utmp \
--with-winbind \
--with-automount \
--with-ldap \
--with-ads \
--with-gpgme \
--enable-avahi \
--enable-spotlight \
--with-profiling-data \
--disable-rpath --disable-rpath-install \
--with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \
--bundled-libraries=NONE,pytevent,ldb \
\
--with-cluster-support \
--enable-etcd-reclock \
--with-socketpath=/run/ctdb/ctdbd.socket \
--with-logdir=/var/log/ctdb \
ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features
with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes)
with-ceph = $(if $(filter amd64 arm64 mips64el ppc64el riscv64 s390x, ${DEB_HOST_ARCH}),yes)
with-snapper = yes
config-args += \
--with-quota \
--with-systemd \
endif
# Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules
ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386)
omit-pkgs += ctdb libpam-winbind samba samba-testsuite samba-vfs-modules
endif
ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH}))
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358
# on these platforms gcc does not link with -latomic, resulting in
# third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal':
# third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8'
# ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id);
# third_party/heimdal/lib/base/heimbase-atomics.h:
# #include <stdatomic.h>
# #define heim_base_atomic_load(x) atomic_load((x))
# include a workaround for now
# (-latomic and <stdatomic.h> comes from gcc, --as-needed is already in use)
LDFLAGS += -latomic
endif
ifneq (,$(filter m68k ,${DEB_HOST_ARCH}))
# without this, build fails with multiple messages like:
# foo.s:NNN: Error: Adjusted signed .word (0xb64a) overflows: `switch'-statement too large.
# when building third_party/heimdal/lib/asn1/asn1_rfc2459_asn1.c (generated)
# It would be best to enable this switch for a single file only (where it is needed)
CFLAGS += -mlong-jump-table-offsets
endif
# build is done in bin/default/ subdir
CFLAGS += -ffile-prefix-map=../../=
config-args += $(if ${with-ceph},\
--enable-cephfs --enable-ceph-reclock,\
--disable-cephfs)
# we had t64 transition (libsmbclient => libsmbclient0) for trixie
ifneq (,$(filter pkg.samba.before-trixie, ${DEB_BUILD_PROFILES}))
libsmbclient := libsmbclient
else
libsmbclient := libsmbclient0
endif
with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES})
ifneq (,${with_mitkrb5})
config-args += \
--with-system-mitkrb5 \
--with-experimental-mit-ad-dc \
--with-system-mitkdc=/usr/sbin/krb5kdc
# samba packages will have its own version suffix
mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5
mitkrb5-dep-pkgs = samba-libs samba-dev
mitkrb5-dep-pkgs += samba samba-common-bin python3-samba
mitkrb5-dep-pkgs += samba-dsdb-modules samba-vfs-modules
mitkrb5-dep-pkgs += ${libsmbclient} smbclient
mitkrb5-dep-pkgs += libnss-winbind libpam-winbind
mitkrb5-dep-pkgs += winbind libwbclient0
mitkrb5-dep-pkgs += samba-testsuite
mitkrb5-dep-pkgs += ctdb
else
mitkrb5-dep-pkgs =
endif
ifneq (,${omit-pkgs})
export DH_OPTIONS += $(addprefix -N, ${omit-pkgs})
endif
# ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS}
build-pkgs := $(shell dh_listpackages)
binary binary-arch binary-indep \
install install-arch install-indep: %:
dh $*
configure: bin/configured.stamp
.PHONY: configure
bin/configured.stamp:
# branding
if [ ! -f VERSION.orig ]; then \
mv VERSION VERSION.orig; \
sed -r -e 's/^(SAMBA_VERSION_VENDOR_SUFFIX).*/\1=${DEB_VENDOR}/' \
VERSION.orig > VERSION; \
fi
CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \
CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \
${WAF} -j1 -C configure ${config-args} || \
{ $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; }
# #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html
rm -f third_party/heimdal/lib/gssapi/gssapi.h
ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way
[ -d third_party/heimdal-build-with-mitkrb5 ] || \
mv third_party/heimdal third_party/heimdal-build-with-mitkrb5
endif
touch $@
build-arch: bin/built.stamp
bin/built.stamp: bin/configured.stamp
# samba build system is designed so that default build (what is produced
# by waf build) supposed to be run directly from the build directory,
# with all the paths pointing there. At the install stage, quite some
# recompilation/relinking is done again, to adopt to the actual install
# paths. There's no need (for now) to build samba to be run from the build
# directory, so we use `waf install' here instead of `waf build'.
# Build these two executables first, and build the install stage.
# This will pefrorm unnecessary/extra install step (into d/tmp), which
# we'll repeat during actual install stage, but this is definitely
# better/faster than building whole thing for _not_ running from the build dir.
${WAF} $(if $V,-v) install --destdir="${DESTDIR}"
touch $@
build-indep:
build: build-arch build-indep
############## Tests ##############
# We should use separate build for tests since it requires configuration
# with --enable-selftest which is not compatible with production build.
# Since samba build system always builds in bin/, we save whole source
# into a subdir (testbuild/) and run everything from there.
testbuild/copied.stamp:
rm -rf testbuild; mkdir testbuild
cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/
# cleanup some files just in case, do not interfere with production build
find testbuild -name __pycache__ -exec rm -rf {} +
rm -f testbuild/compile_commands.json
touch $@
testbuild/configured.stamp: testbuild/copied.stamp
@echo "############## selftest configure ##############"
# allow some bundled "lib" for now just for the test build. Debian has them
# (libsocket-wrapper &Co), but let's just build the bundled ones. There's no
# good reason to use externally-packaged wrappers, they're small to build and
# we don't use them for production build, and extra versioned build-dep hurts.
cd testbuild && \
CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \
${WAF} -j1 -C configure --enable-selftest \
$$(echo '${config-args}' | \
sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|')
# FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build)
rm -f testbuild/selftest/knownfail.d/debian
echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \
>>testbuild/selftest/knownfail.d/debian
# echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \
# >>testbuild/selftest/knownfail.d/debian
echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \
>>testbuild/selftest/knownfail.d/debian
echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \
>>testbuild/selftest/knownfail.d/debian
touch $@
selftest-quick: testbuild/configured.stamp
@echo "############## selftest run ##############"
cd testbuild && ${WAF} test --quick
override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick)
override_dh_auto_install-arch:
# the same "waf install" as in the build target
${WAF} install --destdir="${DESTDIR}"
# get list of files in build log
find debian/tmp
# Included in python-tevent?
rm debian/tmp/usr/lib/python*/*-packages/_tevent.*
rm debian/tmp/usr/lib/python*/*-packages/tevent.py
# selftests: either not needed or should go to -testsuite
rm -rf debian/tmp/usr/lib/python3/dist-packages/samba/tests/
# pam stuff
install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind
mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/
# Debian goodies to set global option in smb.conf and add a share
install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/
install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/
install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/
install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba
install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/
# install-and-rename docs for ctdb (also arch-specific)
mkdir -p debian/tmp/ctdb
install -p ctdb/config/events/README debian/tmp/ctdb/README.notification
install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification
ifeq ($(DEB_HOST_ARCH_OS), hurd)
install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd
endif
ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd
endif
# compatibility link. When ldb was built by its own it stored modules in
# /usr/lib/<triple>/ldb/modules/ldb/. Now as part of samba it stores modules in
# /usr/lib/<triple>/samba/ldb/. Keep them together instead of d/*.{links,dirs}.
# (sssd 2.6.3-3 moved their module to the new location;
# samba-dsdb-modules always had their modules in ..../samba/ldb/)
# This compat symlink should go away after bookworm
# (needed mostly for bullseye sssd)
dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb
dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \
/usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat
provision-dest := debian/samba-ad-provision/usr/share/samba/setup
override_dh_auto_install-indep:
# only arch-all package is samba-common containing a few debian-specific files
# Most of files needs are renamed during install so lets put them
# directly into the right place without d/samba-common.install indirection
# Debian goodies
install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/
ifeq (${DEB_VENDOR}, Ubuntu)
patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff
endif
install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/
install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/
install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/
# we wrongly have pam file in samba-common instead of samba
install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba
# install provision files (samba-ad-provision, source4/setup/)
mkdir -p -m0755 ${provision-dest}
cp -r --preserve=timestamps source4/setup/. ${provision-dest}
rm -rf ${provision-dest}/tests
rm -f ${provision-dest}/wscript* \
${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif
override_dh_installpam:
# include a command only if the given package is being built
ifpkg = $(if $(filter ${1},${build-pkgs}),${2})
override_dh_installinit:
ifneq (,$(filter samba, ${build-pkgs}))
dh_installinit -psamba --name smbd
dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler
dh_installinit -psamba --name samba-ad-dc
endif
$(call ifpkg, winbind, dh_installinit -pwinbind)
ifneq (,$(filter ctdb, ${build-pkgs}))
install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb
# Install dh scripts
dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts
endif
override_dh_installsystemd:
ifneq (,$(filter samba, ${build-pkgs}))
dh_installsystemd -psamba --name=smbd
dh_installsystemd -psamba --name=nmbd
dh_installsystemd -psamba --name=samba-ad-dc
endif
$(call ifpkg, winbind, dh_installsystemd -pwinbind)
$(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade)
execute_after_dh_fixperms-arch:
$(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper)
override_dh_makeshlibs:
# generate symbols file with correct cpython suffix in there
{ \
suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \
SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \
echo "libpyldb-util$${suff}.2 #PACKAGE# #MINVER#"; \
echo "* Build-Depends-Package: python3-ldb-dev" ; \
echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \
cat debian/python3-ldb.symbols.in; \
} > debian/python3-ldb.symbols
# create symbols and shlibs files in separate wrapper script
# to deal with private libraries
debian/genshlibs \
$(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \
$(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs})
rm -f debian/python3-ldb.symbols
# depcheck package, dep1|dep2... -- dependencies which should NOT be there
depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \
then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi
override_dh_shlibdeps:
# for specific executables/modules, put dependencies in separate variables
# to change Depends to Recommends for them in d/control
dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \
-Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
ifneq (,$(filter ctdb, ${build-pkgs}))
echo "rados:Depends=" >> debian/ctdb.substvars
ifneq (${with-ceph},)
dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \
debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper
endif
endif
ifneq (,$(filter samba-vfs-modules,${build-pkgs}))
echo "vfsmods:Depends=" >> debian/samba-vfs-modules.substvars
ifneq (${with-snapper}${with-ceph}${with-glusterfs},)
dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \
$(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \
$(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \
$(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so)
endif
endif
# after shlibdeps run, check that we don't have wrong depdendencies
$(call depcheck, samba-libs, samba|winbind|smbclient|ctdb)
$(call depcheck, smbclient, samba|winbind|ctdb)
$(call depcheck, ctdb, samba|winbind|smbclient)
$(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff
$(call depcheck, python3-samba, samba|winbind|ctdb)
$(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb)
$(call depcheck, ${libsmbclient}, samba|winbind|smbclient|ctdb)
override_dh_gencontrol:
dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION}
ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs}))
dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}"
endif
dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}"
# move files from / to /usr if needed (#1059187):
if command -v dh_movetousr >/dev/null; then dh_movetousr -plibpam-winbind -plibnss-winbind; fi
clean:
# see also debian/clean
dh_clean bin/ testbuild/
[ ! -f VERSION.orig ] || mv -f VERSION.orig VERSION
ifneq (,${with_mitkrb5})
[ ! -d third_party/heimdal-build-with-mitkrb5 ] || \
mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal
endif
|