1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
#!/usr/bin/make -f
include /usr/share/dpkg/architecture.mk
include /usr/share/dpkg/pkg-info.mk
include /usr/share/debhelper/dh_package_notes/package-notes.mk
CONFOPTS += --enable-usrdir-path
CONFOPTS += --disable-makeinstall-chown
ifeq ($(DEB_HOST_ARCH_OS),linux)
CONFOPTS += --with-selinux
CONFOPTS += --with-smack
CONFOPTS += --enable-partx
ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
CONFOPTS += --without-systemd --without-udev --without-audit
else
CONFOPTS += --with-systemd --with-udev --with-audit
endif
ifneq ($(filter pkg.util-linux.noverity,$(DEB_BUILD_PROFILES)),)
CONFOPTS += --without-cryptsetup
else
CONFOPTS += --with-cryptsetup=dlopen
endif
endif
CONFOPTS += --enable-write
# build static versions of programs used in fdisk-udeb and util-linux-udeb
CONFOPTS += --enable-static-programs=fdisk,sfdisk,blkid
# Help welcome packaging the (libmount) python bindings.
# See http://bugs.debian.org/811361
CONFOPTS += --without-python
# disable utilities shipped by other packages
# => login
CONFOPTS += --disable-login
CONFOPTS += --disable-nologin
# => procps
CONFOPTS += --disable-kill
# => passwd
CONFOPTS += --disable-chfn-chsh
# => bsdmainutils
CONFOPTS += --disable-cal
# Keep hwclock as GPLv2 (and others)
CONFOPTS += --disable-hwclock-gplv3
# Reduce setgid programs (cf. CVE-2024-28085)
CONFOPTS += --disable-use-tty-group
CONFOPTS += --disable-liblastlog2
CONFOPTS += --disable-pam-liblastlog2
# Get the list of binary package, except lib* and *-udeb, from
# debian/control instead of hardcoding the list when installing
# bash-completions below.
BINARYPACKAGES := $(shell awk '/^Package: /{if($$2 !~ /^lib|-udeb$$/) print $$2}' $(CURDIR)/debian/control )
# hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
ifeq ($(filter stage1,$(DEB_BUILD_PROFILES))-$(DEB_HOST_ARCH_OS),-linux)
export deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,)
else
export deb_systemdsystemunitdir = debhelper needs this variable even when it doesn't need it
endif
%:
dh $@
override_dh_autoreconf:
AM_OPTS=--copy LT_OPTS=--copy dh_autoreconf ./autogen.sh
override_dh_auto_configure:
ss -xp
sysctl kernel.modules_disabled
dh_auto_configure -- $(CONFOPTS)
override_dh_auto_install:
dh_auto_install
#
# remove *.la files
rm -f debian/tmp/usr/lib/*/*.la
#
# Avoid shipping static libraries.
# - libblkid.a is used by e2fsprogs.
find debian/tmp/usr/lib -name 'lib*.a' \! -name 'libuuid.a' \! -name 'libblkid.a' -delete
#
# Remove programs we do not install
find debian/tmp/ -name 'addpart*' -delete
find debian/tmp/ -name 'delpart*' -delete
find debian/tmp/ -name 'enosys*' -delete
find debian/tmp/ -name 'irqtop*' -delete
find debian/tmp/ -name 'setpgid*' -delete
#
# show installed man pages
find debian/tmp/usr/share/man
override_dh_auto_clean:
dh_auto_clean
# drop arch-overrides, generated in dh_install by dh-exec usage.
rm -f debian/uuid-runtime.install.$(DEB_HOST_ARCH) \
debian/util-linux.install.$(DEB_HOST_ARCH)
# remove postinst generated in dh_installdeb
rm -f debian/util-linux.postinst
override_dh_install:
ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
# generate arch-override, as dh-exec install-rename can only run once.
[ -f debian/util-linux.install.$(DEB_HOST_ARCH) ] || \
debian/util-linux.install > \
debian/util-linux.install.$(DEB_HOST_ARCH)
[ -f debian/uuid-runtime.install.$(DEB_HOST_ARCH) ] || \
debian/uuid-runtime.install > \
debian/uuid-runtime.install.$(DEB_HOST_ARCH)
endif
#
install -D -p -m644 debian/fdisk-udeb.lintian-overrides \
debian/fdisk-udeb/usr/share/lintian/overrides/fdisk-udeb
dh_install \
-Nfdisk-udeb -Nlibblkid1-udeb \
-Nlibfdisk1-udeb -Nlibsmartcols1-udeb -Nlibuuid1-udeb \
-Nutil-linux-udeb
dh_install --remaining-packages
#
# Install bash-completions only for binaries we ship
for PACKAGE in $(BINARYPACKAGES) ; do \
for BINARY in debian/$$PACKAGE/bin/* debian/$$PACKAGE/sbin/* \
debian/$$PACKAGE/usr/bin/* \
debian/$$PACKAGE/usr/sbin/* ; \
do \
BASENAME=$$(basename $$BINARY); \
BCDIR=usr/share/bash-completion/completions/; \
BCNAME=$$BCDIR/$$BASENAME ; \
if [ "$$BASENAME" != '*' ] && find "debian/tmp/$$BCNAME" -quit; \
then \
echo "$$PACKAGE: Installing $$BCNAME"; \
[ -d debian/$$PACKAGE/$$BCDIR ] || \
mkdir -p debian/$$PACKAGE/$$BCDIR; \
mv debian/tmp/$$BCNAME debian/$$PACKAGE/$$BCNAME; \
fi; \
done; \
done
#
rm -rf debian/*-udeb/usr/share/doc
override_dh_installman:
ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
:
else
dh_installman --language=C
endif
override_dh_missing:
dh_missing --list-missing
override_dh_installinit:
ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
# install uuidd sysvinit script
make misc-utils/uuidd.rc
ln -s ../misc-utils/uuidd.rc debian/uuid-runtime.uuidd.init
dh_installinit --name=uuidd --restart-after-upgrade
rm -f debian/uuid-runtime.uuidd.init
endif
override_dh_installpam:
dh_installpam --package=util-linux --name=runuser
dh_installpam --package=util-linux --name=runuser-l
dh_installpam --package=util-linux --name=su
dh_installpam --package=util-linux --name=su-l
ifeq (linux,$(DEB_HOST_ARCH_OS))
override_dh_installsystemd:
dh_installsystemd -putil-linux fstrim.timer
dh_installsystemd -putil-linux fstrim.service
dh_installsystemd --remaining-packages
endif
override_dh_auto_test:
ifeq ($(DEB_HOST_ARCH_OS), linux)
dh_auto_test --max-parallel=1
else
@echo "WARNING: non-linux detected, making tests non-fatal."
dh_auto_test --max-parallel=1 || true
endif
execute_before_dh_installdeb:
ifeq ($(DEB_HOST_ARCH_OS), linux)
# due to UL_REQUIRES_LINUX([more]), only set up pager alternative
# on linux -- this avoids running uname in the maintainer script
# as doing so would be unreliable for chrootless installations
cp debian/util-linux.postinst.linux debian/util-linux.postinst
endif
|