1:5.8.1p1-3

[openssh.git] / debian / rules

#!/usr/bin/make -f

# Uncomment this to turn on verbose mode.
# export DH_VERBOSE=1

include /usr/share/hardening-includes/hardening.make

# This has to be exported to make some magic below work.
export DH_OPTIONS

ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
OPTFLAGS := -O2
else
OPTFLAGS := -O0
endif

ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
  RUN_TESTS := yes
else
  RUN_TESTS :=
endif

DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)

ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
  CC := gcc
else
  CC := $(DEB_HOST_GNU_TYPE)-gcc
  RUN_TESTS :=
endif

DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)

# Take account of old dpkg-architecture output.
ifeq ($(DEB_HOST_ARCH_OS),)
  DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
  ifeq ($(DEB_HOST_ARCH_OS),gnu)
    DEB_HOST_ARCH_OS := hurd
  endif
endif
ifeq ($(DEB_HOST_ARCH_CPU),)
  DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
  ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
    DEB_HOST_ARCH_CPU := amd64
  endif
endif

ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
  ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
    # Apparently this is not implied by -fPIE, at least on the mipsen.
    PIC_CFLAGS := -fPIC
    PIC_LDFLAGS := -fPIC
  endif
endif

# Change the version string to include the Debian version
SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')

DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null || echo Debian)
ifeq ($(DISTRIBUTOR),Ubuntu)
DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
else
DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
endif
SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11

# Common path configuration.
confflags += --sysconfdir=/etc/ssh

# Common build options.
confflags += --disable-strip
confflags += --with-mantype=doc
confflags += --with-4in6
confflags += --with-privsep-path=/var/run/sshd
confflags += --without-rand-helper

# The Hurd needs libcrypt for res_query et al.
ifeq ($(DEB_HOST_ARCH_OS),hurd)
confflags += --with-libs=-lcrypt
endif

# Everything above here is common to the deb and udeb builds.
confflags_udeb := $(confflags)

# Options specific to the deb build.
confflags += --with-tcp-wrappers
confflags += --with-pam
confflags += --with-libedit
confflags += --with-kerberos5=/usr
confflags += --with-ssl-engine
ifeq ($(DEB_HOST_ARCH_OS),linux)
confflags += --with-selinux
endif

# The deb build wants xauth; the udeb build doesn't.
confflags += --with-xauth=/usr/bin/xauth
confflags_udeb += --without-xauth

# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# Compiler flags.
cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
cflags_udeb := -Os
cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
confflags += --with-cflags='$(cflags)'
confflags_udeb += --with-cflags='$(cflags_udeb)'

# Linker flags.
confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
confflags_udeb += --with-ldflags='-Wl,--as-needed'

%:
        dh $@

override_dh_auto_configure:
        dh_auto_configure -Bbuild-deb -- $(confflags)
        dh_auto_configure -Bbuild-udeb -- $(confflags_udeb)

override_dh_auto_build:
        # Debian's /var/log/btmp has inappropriate permissions.
        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h

        # Avoid libnsl linkage. Ugh.
        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
        cd build-udeb && ./config.status

        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen

        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed'

override_dh_auto_test:
ifeq ($(RUN_TESTS),yes)
        $(MAKE) -C debian/tests
endif

override_dh_auto_clean:
        rm -rf build-deb build-udeb
ifeq ($(RUN_TESTS),yes)
        $(MAKE) -C debian/tests clean
endif
        $(MAKE) -C contrib clean
        (cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
                > debian/copyright

override_dh_auto_install:
        $(MAKE) -C build-deb DESTDIR=`pwd`/debian/tmp install-nokeys

override_dh_install:
        rm -f debian/tmp/etc/ssh/sshd_config

        dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
        dh_install -popenssh-client-udeb -popenssh-server-udeb \
                --sourcedir=build-udeb

        install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass

        install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
        install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server

        # Remove version control tags to avoid unnecessary conffile
        # resolution steps for administrators.
        sed -i '/\$$OpenBSD:/d' \
                debian/openssh-client/etc/ssh/moduli \
                debian/openssh-client/etc/ssh/ssh_config

override_dh_installdocs:
        dh_installdocs -Nopenssh-server -Nssh
        dh_installdocs -popenssh-server -pssh --link-doc=openssh-client
        # Avoid breaking dh_installexamples later.
        mkdir -p debian/openssh-server/usr/share/doc/openssh-client

override_dh_installinit:
        dh_installinit -n --name ssh

override_dh_installpam:
        dh_installpam --name sshd

override_dh_fixperms:
        dh_fixperms
        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign

override_dh_installdeb:
        dh_installdeb
        perl -i debian/substitute-conffile.pl \
                ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
                ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
                debian/openssh-client/DEBIAN/preinst
        # Yes, ETC_PAM_D_SSH is meant to be spelled that way, to match the
        # old configuration file name we need to transfer.
        perl -i debian/substitute-conffile.pl \
                ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
                ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
                ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/sshd \
                debian/openssh-server/DEBIAN/preinst

debian/faq.html:
        wget -O - http://www.openssh.org/faq.html | \
                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
                > debian/faq.html

# You only need to run this immediately after checking out the package from
# revision control.
quilt-setup:
        [ ! -d .pc ]
        set -e; for patch in $$(quilt series | tac); do \
                patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
        done
        quilt push -a

.PHONY: quilt-setup