mirror of https://gitee.com/openkylin/openssh.git
230 lines
6.7 KiB
Plaintext
230 lines
6.7 KiB
Plaintext
|
#!/usr/bin/make -f
|
||
|
|
||
|
export DEB_BUILD_MAINT_OPTIONS := hardening=+all
|
||
|
|
||
|
include /usr/share/dpkg/default.mk
|
||
|
|
||
|
# Uncomment this to turn on verbose mode.
|
||
|
# export DH_VERBOSE=1
|
||
|
|
||
|
# This has to be exported to make some magic below work.
|
||
|
export DH_OPTIONS
|
||
|
|
||
|
ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
|
||
|
RUN_TESTS := yes
|
||
|
else
|
||
|
RUN_TESTS :=
|
||
|
endif
|
||
|
|
||
|
ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
|
||
|
PARALLEL :=
|
||
|
else
|
||
|
PARALLEL := \
|
||
|
-j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
|
||
|
endif
|
||
|
|
||
|
ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
|
||
|
CC := gcc
|
||
|
PKG_CONFIG = pkg-config
|
||
|
else
|
||
|
CC := $(DEB_HOST_GNU_TYPE)-gcc
|
||
|
PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
|
||
|
RUN_TESTS :=
|
||
|
endif
|
||
|
|
||
|
# Change the version string to reflect distribution
|
||
|
SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' | sed -e 's/.*-//')
|
||
|
|
||
|
UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu))
|
||
|
ifeq ($(UBUNTU),yes)
|
||
|
DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
|
||
|
else
|
||
|
DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games
|
||
|
endif
|
||
|
SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||
|
|
||
|
ifeq ($(UBUNTU),yes)
|
||
|
server_recommends := ssh-import-id
|
||
|
else
|
||
|
server_recommends :=
|
||
|
endif
|
||
|
|
||
|
# Common path configuration.
|
||
|
confflags += --sysconfdir=/etc/ssh
|
||
|
confflags += --libexecdir=\$${prefix}/lib/openssh
|
||
|
|
||
|
# Common build options.
|
||
|
confflags += --disable-strip
|
||
|
confflags += --with-mantype=doc
|
||
|
confflags += --with-4in6
|
||
|
confflags += --with-privsep-path=/run/sshd
|
||
|
confflags += --with-pid-dir=/run
|
||
|
|
||
|
# The Hurd needs libcrypt for res_query et al.
|
||
|
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||
|
confflags += --with-libs=-lcrypt
|
||
|
endif
|
||
|
|
||
|
# Everything above here is common to the deb and udeb builds.
|
||
|
confflags_udeb := $(confflags)
|
||
|
|
||
|
# Options specific to the deb build.
|
||
|
confflags += --with-tcp-wrappers
|
||
|
confflags += --with-pam
|
||
|
confflags += --with-libedit
|
||
|
confflags += --with-kerberos5=/usr
|
||
|
confflags += --with-ssl-engine
|
||
|
ifeq ($(DEB_HOST_ARCH_OS),linux)
|
||
|
confflags += --with-selinux
|
||
|
confflags += --with-audit=linux
|
||
|
confflags += --with-systemd
|
||
|
confflags += --with-security-key-builtin
|
||
|
endif
|
||
|
|
||
|
# The deb build wants xauth; the udeb build doesn't.
|
||
|
confflags += --with-xauth=/usr/bin/xauth
|
||
|
confflags_udeb += --without-xauth
|
||
|
|
||
|
# Default paths. The udeb build has /usr/games removed.
|
||
|
confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
|
||
|
confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||
|
|
||
|
# Compiler flags.
|
||
|
cflags := $(CPPFLAGS) $(CFLAGS)
|
||
|
cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
|
||
|
cflags_udeb := -Os
|
||
|
cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
|
||
|
confflags += --with-cflags='$(cflags)'
|
||
|
confflags_udeb += --with-cflags='$(cflags_udeb)'
|
||
|
|
||
|
# Linker flags.
|
||
|
confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
|
||
|
confflags_udeb += --with-ldflags='-Wl,--as-needed'
|
||
|
|
||
|
ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386)
|
||
|
BUILD_PACKAGES += -Nopenssh-tests
|
||
|
endif
|
||
|
|
||
|
%:
|
||
|
dh $@ --with=autoreconf,systemd,runit $(BUILD_PACKAGES)
|
||
|
|
||
|
autoreconf:
|
||
|
autoreconf -f -i
|
||
|
cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
|
||
|
|
||
|
override_dh_autoreconf-arch:
|
||
|
dh_autoreconf debian/rules -- autoreconf
|
||
|
|
||
|
override_dh_autoreconf-indep:
|
||
|
|
||
|
override_dh_auto_configure-arch:
|
||
|
dh_auto_configure -Bdebian/build-deb -- $(confflags)
|
||
|
ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
|
||
|
dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb)
|
||
|
# Avoid libnsl linkage. Ugh.
|
||
|
perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status
|
||
|
cd debian/build-udeb && ./config.status
|
||
|
endif
|
||
|
|
||
|
override_dh_auto_configure-indep:
|
||
|
|
||
|
override_dh_auto_build-arch:
|
||
|
$(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
|
||
|
$(MAKE) -C debian/build-deb regress-prep
|
||
|
$(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
|
||
|
ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
|
||
|
$(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
|
||
|
endif
|
||
|
|
||
|
ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
|
||
|
$(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
|
||
|
endif
|
||
|
|
||
|
override_dh_auto_build-indep:
|
||
|
|
||
|
override_dh_auto_test-arch:
|
||
|
ifeq ($(RUN_TESTS),yes)
|
||
|
$(MAKE) -C debian/build-deb unit compat-tests
|
||
|
$(MAKE) -C debian/keygen-test
|
||
|
endif
|
||
|
|
||
|
override_dh_auto_test-indep:
|
||
|
|
||
|
override_dh_auto_clean:
|
||
|
rm -rf debian/build-deb debian/build-udeb
|
||
|
ifeq ($(RUN_TESTS),yes)
|
||
|
$(MAKE) -C debian/keygen-test clean
|
||
|
endif
|
||
|
$(MAKE) -C contrib clean
|
||
|
|
||
|
override_dh_auto_install-arch:
|
||
|
$(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
|
||
|
|
||
|
override_dh_auto_install-indep:
|
||
|
|
||
|
override_dh_install-arch:
|
||
|
rm -f debian/tmp/etc/ssh/sshd_config
|
||
|
|
||
|
dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
|
||
|
ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
|
||
|
dh_install -popenssh-client-udeb -popenssh-server-udeb \
|
||
|
--sourcedir=debian/build-udeb
|
||
|
endif
|
||
|
|
||
|
# Remove version control tags to avoid unnecessary conffile
|
||
|
# resolution steps for administrators.
|
||
|
sed -i '/\$$OpenBSD:/d' \
|
||
|
debian/openssh-server/etc/ssh/moduli \
|
||
|
debian/openssh-client/etc/ssh/ssh_config
|
||
|
|
||
|
# We'd like to use dh_install --fail-missing here, but that doesn't work
|
||
|
# well in combination with dh-exec: it complains that files generated by
|
||
|
# dh-exec for architecture-dependent packages aren't installed.
|
||
|
override_dh_install-indep:
|
||
|
rm -f debian/tmp/etc/ssh/sshd_config
|
||
|
dh_install
|
||
|
|
||
|
override_dh_installdocs:
|
||
|
dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
|
||
|
dh_installdocs -popenssh-server -popenssh-sftp-server \
|
||
|
--link-doc=openssh-client
|
||
|
# Avoid breaking dh_installexamples later.
|
||
|
mkdir -p debian/openssh-server/usr/share/doc/openssh-client
|
||
|
|
||
|
override_dh_systemd_enable:
|
||
|
dh_systemd_enable -popenssh-server --name ssh ssh.service
|
||
|
dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket
|
||
|
|
||
|
override_dh_installinit:
|
||
|
dh_installinit -R --name ssh
|
||
|
|
||
|
debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
|
||
|
ifeq ($(DEB_HOST_ARCH_OS),linux)
|
||
|
sed 's/^@IF_KEYINIT@//' $< > $@
|
||
|
else
|
||
|
sed '/^@IF_KEYINIT@/d' $< > $@
|
||
|
endif
|
||
|
|
||
|
override_dh_installpam: debian/openssh-server.sshd.pam
|
||
|
dh_installpam --name sshd
|
||
|
|
||
|
override_dh_runit:
|
||
|
dh_runit -popenssh-server
|
||
|
|
||
|
override_dh_fixperms-arch:
|
||
|
dh_fixperms
|
||
|
chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
|
||
|
|
||
|
# Tighten libssl dependencies to match the check in entropy.c.
|
||
|
override_dh_shlibdeps:
|
||
|
dh_shlibdeps
|
||
|
debian/adjust-openssl-dependencies
|
||
|
|
||
|
override_dh_gencontrol:
|
||
|
dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
|
||
|
|
||
|
debian/faq.html:
|
||
|
wget -O - http://www.openssh.com/faq.html | \
|
||
|
sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \
|
||
|
> debian/faq.html
|