summaryrefslogtreecommitdiffstats
path: root/debian/rules
blob: 9724ec1a36be2fc238c601e0c6baf43133962ef5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#!/usr/bin/make -f

include /usr/share/dpkg/architecture.mk
include /usr/share/dpkg/pkg-info.mk
include /usr/share/debhelper/dh_package_notes/package-notes.mk

CONFOPTS += --enable-usrdir-path
CONFOPTS += --disable-makeinstall-chown
ifeq ($(DEB_HOST_ARCH_OS),linux)
CONFOPTS += --with-selinux
CONFOPTS += --with-smack
CONFOPTS += --enable-partx

ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
	CONFOPTS += --without-systemd --without-udev --without-audit
else
	CONFOPTS += --with-systemd --with-udev --with-audit
endif

ifneq ($(filter pkg.util-linux.noverity,$(DEB_BUILD_PROFILES)),)
	CONFOPTS += --without-cryptsetup
else
	CONFOPTS += --with-cryptsetup=dlopen
endif
endif


CONFOPTS += --enable-write

# build static versions of programs used in fdisk-udeb and util-linux-udeb
CONFOPTS += --enable-static-programs=fdisk,sfdisk,blkid

# Help welcome packaging the (libmount) python bindings.
# See http://bugs.debian.org/811361
CONFOPTS += --without-python

# disable utilities shipped by other packages
# => login
CONFOPTS += --disable-login
CONFOPTS += --disable-nologin
# => procps
CONFOPTS += --disable-kill
# => passwd
CONFOPTS += --disable-chfn-chsh
# => bsdmainutils
CONFOPTS += --disable-cal

# Keep hwclock as GPLv2 (and others)
CONFOPTS += --disable-hwclock-gplv3

# Reduce setgid programs (cf. CVE-2024-28085)
CONFOPTS += --disable-use-tty-group

CONFOPTS += --disable-liblastlog2
CONFOPTS += --disable-pam-liblastlog2

# Get the list of binary package, except lib* and *-udeb, from
# debian/control instead of hardcoding the list when installing
# bash-completions below.
BINARYPACKAGES := $(shell awk '/^Package: /{if($$2 !~ /^lib|-udeb$$/) print $$2}' $(CURDIR)/debian/control )

# hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow

ifeq ($(filter stage1,$(DEB_BUILD_PROFILES))-$(DEB_HOST_ARCH_OS),-linux)
export deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,)
else
export deb_systemdsystemunitdir = debhelper needs this variable even when it doesn't need it
endif

%:
	dh $@

override_dh_autoreconf:
	AM_OPTS=--copy LT_OPTS=--copy dh_autoreconf ./autogen.sh

override_dh_auto_configure:
	ss -xp
	sysctl kernel.modules_disabled
	dh_auto_configure -- $(CONFOPTS)

override_dh_auto_install:
	dh_auto_install
	#
	# remove *.la files
	rm -f debian/tmp/usr/lib/*/*.la
	#
	# Avoid shipping static libraries.
	# - libblkid.a is used by e2fsprogs.
	find debian/tmp/usr/lib -name 'lib*.a' \! -name 'libuuid.a' \! -name 'libblkid.a' -delete
	#
	# Remove programs we do not install
	find debian/tmp/ -name 'addpart*' -delete
	find debian/tmp/ -name 'delpart*' -delete
	find debian/tmp/ -name 'enosys*' -delete
	find debian/tmp/ -name 'irqtop*' -delete
	find debian/tmp/ -name 'setpgid*' -delete
	#
	# show installed man pages
	find debian/tmp/usr/share/man

override_dh_auto_clean:
	dh_auto_clean
	# drop arch-overrides, generated in dh_install by dh-exec usage.
	rm -f debian/uuid-runtime.install.$(DEB_HOST_ARCH) \
		debian/util-linux.install.$(DEB_HOST_ARCH)
	# remove postinst generated in dh_installdeb
	rm -f debian/util-linux.postinst

override_dh_install:
ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
	# generate arch-override, as dh-exec install-rename can only run once.
	[ -f debian/util-linux.install.$(DEB_HOST_ARCH) ] || \
		debian/util-linux.install > \
		debian/util-linux.install.$(DEB_HOST_ARCH)
	[ -f debian/uuid-runtime.install.$(DEB_HOST_ARCH) ] || \
		debian/uuid-runtime.install > \
		debian/uuid-runtime.install.$(DEB_HOST_ARCH)
endif
	#
	install -D -p -m644 debian/fdisk-udeb.lintian-overrides \
		debian/fdisk-udeb/usr/share/lintian/overrides/fdisk-udeb
	dh_install \
		-Nfdisk-udeb -Nlibblkid1-udeb \
		-Nlibfdisk1-udeb -Nlibsmartcols1-udeb -Nlibuuid1-udeb \
		-Nutil-linux-udeb
	dh_install --remaining-packages
	#
	# Install bash-completions only for binaries we ship
	for PACKAGE in $(BINARYPACKAGES) ; do \
	for BINARY in debian/$$PACKAGE/bin/* debian/$$PACKAGE/sbin/* \
			debian/$$PACKAGE/usr/bin/* \
			debian/$$PACKAGE/usr/sbin/* ; \
	do \
		BASENAME=$$(basename $$BINARY); \
		BCDIR=usr/share/bash-completion/completions/; \
		BCNAME=$$BCDIR/$$BASENAME ; \
		if [ "$$BASENAME" != '*' ] && find "debian/tmp/$$BCNAME" -quit; \
		then \
			echo "$$PACKAGE: Installing $$BCNAME"; \
			[ -d debian/$$PACKAGE/$$BCDIR ] || \
				mkdir -p debian/$$PACKAGE/$$BCDIR; \
			mv debian/tmp/$$BCNAME debian/$$PACKAGE/$$BCNAME; \
		fi; \
	done; \
	done
	#
	rm -rf debian/*-udeb/usr/share/doc

override_dh_installman:
ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
	:
else
	dh_installman --language=C
endif

override_dh_missing:
	dh_missing --list-missing

override_dh_installinit:
ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
	# install uuidd sysvinit script
	make misc-utils/uuidd.rc
	ln -s ../misc-utils/uuidd.rc debian/uuid-runtime.uuidd.init
	dh_installinit --name=uuidd --restart-after-upgrade
	rm -f debian/uuid-runtime.uuidd.init
endif

override_dh_installpam:
	dh_installpam --package=util-linux --name=runuser
	dh_installpam --package=util-linux --name=runuser-l
	dh_installpam --package=util-linux --name=su
	dh_installpam --package=util-linux --name=su-l

ifeq (linux,$(DEB_HOST_ARCH_OS))
override_dh_installsystemd:
	dh_installsystemd -putil-linux fstrim.timer
	dh_installsystemd -putil-linux fstrim.service
	dh_installsystemd --remaining-packages
endif

override_dh_auto_test:
ifeq ($(DEB_HOST_ARCH_OS), linux)
	dh_auto_test --max-parallel=1
else
	@echo "WARNING: non-linux detected, making tests non-fatal."
	dh_auto_test --max-parallel=1 || true
endif

execute_before_dh_installdeb:
ifeq ($(DEB_HOST_ARCH_OS), linux)
	# due to UL_REQUIRES_LINUX([more]), only set up pager alternative
	# on linux -- this avoids running uname in the maintainer script
	# as doing so would be unreliable for chrootless installations
	cp debian/util-linux.postinst.linux debian/util-linux.postinst
endif