#!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 include /usr/share/dpkg/default.mk DEB_REVISION = $(call dpkg_late_eval,DEB_REVISION,echo '$(DEB_VERSION)' | sed -e 's/^.*-/-/') # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 COMMA = , ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS)))) NJOBS := -j $(subst parallel=,,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS)))) endif export arch = $(DEB_HOST_ARCH) ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) EXTRA_FEATURES=--disable-linux-caps endif SED_NATIVE_PKCS11 := \ sed -e 's,libisc\.,libisc-pkcs11.,g' \ -e 's,libisc-nosymtbl\.,libisc-pkcs11-nosymtbl.,g' \ -e 's,libdns\.,libdns-pkcs11.,g' \ -e 's,@CRYPTO@,@CRYPTO_PK11@,g' \ -e 's,ISC_INCLUDES,ISC_PKCS11_INCLUDES,g' \ -e 's,DNS_INCLUDES,DNS_PKCS11_INCLUDES,g' \ -e 's,\(dnssec-[^ ]*\)@EXEEXT@,\1-pkcs11@EXEEXT@,g' \ -e 's,/lib/isc/,/lib/isc-pkcs11/,g' \ -e 's,/lib/dns/,/lib/dns-pkcs11/,g' \ -e 's,named@EXEEXT@,named-pkcs11@EXEEXT@,g' \ -e 's,@CONTRIB_DLZ@,,g' \ -e 's,$${DLZDRIVER_INCLUDES} $${DBDRIVER_INCLUDES},,g' \ -e 's,$${DLZDRIVER_LIBS} $${DBDRIVER_LIBS},,g' \ -e 's,$${DLZDRIVER_OBJS} $${DBDRIVER_OBJS},,g' \ -e 's,$${DLZDRIVER_SRCS} $${DBDRIVER_SRCS},,g' \ -e 's,@DNS_CRYPTO_LIBS@,@DNS_CRYPTO_PK11_LIBS@,g' %: dh $@ --with python3 --fail-missing --exclude=.la --exclude=lwresd --exclude=__pycache__ prepare_native_pkcs11: rm -rf bin/named-pkcs11 && cp -r bin/named bin/named-pkcs11 rm -rf bin/dnssec-pkcs11 && cp -r bin/dnssec bin/dnssec-pkcs11 rm -rf lib/isc-pkcs11 && cp -r lib/isc lib/isc-pkcs11 rm -rf lib/dns-pkcs11 && cp -r lib/dns lib/dns-pkcs11 $(SED_NATIVE_PKCS11) < bin/named/Makefile.in > bin/named-pkcs11/Makefile.in $(SED_NATIVE_PKCS11) < bin/dnssec/Makefile.in > bin/dnssec-pkcs11/Makefile.in $(SED_NATIVE_PKCS11) < lib/isc/Makefile.in > lib/isc-pkcs11/Makefile.in $(SED_NATIVE_PKCS11) < lib/dns/Makefile.in > lib/dns-pkcs11/Makefile.in clean_native_pkcs11: rm -rf bin/named-pkcs11 rm -rf bin/dnssec-pkcs11 rm -rf lib/isc-pkcs11 rm -rf lib/dns-pkcs11 prepare_version: if [ ! -f version.bak ]; then cp version version.bak; fi sed -i 's,^EXTENSIONS=.*$$,EXTENSIONS=$(DEB_REVISION)-$(DEB_VENDOR),' version clean_version: if [ -f version.bak ]; then cp version.bak version; fi override_dh_autoreconf: prepare_native_pkcs11 prepare_version dh_autoreconf override_dh_auto_configure: debian/checkapi dh_auto_configure -B build -- \ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ --sysconfdir=/etc/bind \ --with-python=python3 \ --localstatedir=/ \ --enable-threads \ --enable-largefile \ --with-libtool \ --enable-shared \ --enable-static \ --with-gost=no \ --with-openssl=/usr \ --with-gssapi=/usr \ --disable-isc-spnego \ --with-libidn2 \ --with-libjson=/usr \ --with-lmdb=/usr \ --with-gnu-ld \ --with-geoip=/usr \ --with-atf=no \ --enable-ipv6 \ --enable-rrl \ --enable-filter-aaaa \ --enable-native-pkcs11 \ --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \ --with-randomdev=/dev/urandom \ --enable-dnstap \ $(EXTRA_FEATURES) dh_auto_configure -B build-udeb -- \ --sysconfdir=/etc/bind \ --with-python=python3 \ --localstatedir=/ \ --disable-epoll \ --disable-kqueue \ --disable-devpoll \ --disable-threads \ --disable-linux-caps \ --with-openssl=/usr \ --without-libxml2 \ --without-libjson \ --without-lmdb \ --enable-ipv6 \ --enable-shared \ --with-libtool \ --with-gssapi=no \ --disable-isc-spnego \ --libdir=/lib/$(DEB_HOST_MULTIARCH) \ --includedir=/usr/include/bind-export sh debian/apply-export-patch # no need to build these targets here sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile cp lib/dns/dnstap.proto build/lib/dns cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11 override_dh_auto_build: dh_auto_build -B build dh_auto_build -B build-udeb override_dh_auto_clean: clean_native_pkcs11 clean_version dh_auto_clean -B build dh_auto_clean -B build-udeb override_dh_auto_install: dh_auto_install -B build --destdir=$(CURDIR)/debian/tmp dh_auto_install -B build-udeb --destdir=$(CURDIR)/debian/tmp-udeb override_dh_install: dh_install --exclude=.la --exclude=lwresd --exclude=__pycache__ --fail-missing # Fix symlink for export libs to be absolute for lib in `find debian/tmp-udeb/lib/$(DEB_HOST_MULTIARCH)/ -type l -name 'lib*-export.so.*'`; do \ lib=$$(basename $$lib); \ dev=$$(echo $$lib | sed 's/\.so\..*/.so/'); \ echo /lib/$(DEB_HOST_MULTIARCH)/$$lib /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \ dh_link -plibbind-export-dev /lib/$(DEB_HOST_MULTIARCH)/$$lib \ /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \ done dh_apparmor -pbind9 --profile-name=usr.sbin.named override_dh_systemd_enable: dh_systemd_enable -pbind9 --no-enable --name=bind9-resolvconf bind9-resolvconf.service dh_systemd_enable -pbind9 --no-enable --name=bind9-pkcs11 bind9-pkcs11.service dh_systemd_enable -pbind9 bind9.service override_dh_makeshlibs: DNS_SOVER=$(shell debian/getapi dns) override_dh_makeshlibs: IRS_SOVER=$(shell debian/getapi irs) override_dh_makeshlibs: ISCCC_SOVER=$(shell debian/getapi isccc) override_dh_makeshlibs: ISCCFG_SOVER=$(shell debian/getapi isccfg) override_dh_makeshlibs: ISC_SOVER=$(shell debian/getapi isc) override_dh_makeshlibs: dh_makeshlibs -plibdns-export$(DNS_SOVER) --add-udeb=libdns-export$(DNS_SOVER)-udeb dh_makeshlibs -plibirs-export$(IRS_SOVER) --add-udeb=libirs-export$(IRS_SOVER)-udeb dh_makeshlibs -plibisccc-export$(ISCCC_SOVER) --add-udeb=libisccc-export$(ISCCC_SOVER)-udeb dh_makeshlibs -plibisccfg-export$(ISCCFG_SOVER) --add-udeb=libisccfg-export$(ISCCFG_SOVER)-udeb dh_makeshlibs -plibisc-export$(ISC_SOVER) --add-udeb=libisc-export$(ISC_SOVER)-udeb dh_makeshlibs --remaining-packages override_dh_shlibdeps: dh_shlibdeps # Downgrade libcrypto1.1-udeb dependency from 1.1.1 to 1.1.0 # The udebs don't use any newer symbols, but due to them using # shlibs the dependency is generated anyway. This blocks migration # to testing until OpenSSL 1.1.1 is sorted out sed -i 's:libcrypto1.1-udeb (>= 1.1.1):libcrypto1.1-udeb (>= 1.1.0):' debian/*-udeb.substvars .PHONY: prepare_native_pkcs11 clean_native_pkcs11