#!/usr/bin/make -f
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE
export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
include /usr/share/dpkg/default.mk
DEB_REVISION = $(call dpkg_late_eval,DEB_REVISION,echo '$(DEB_VERSION)' | sed -e 's/^.*-/-/')
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
COMMA = ,
ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
NJOBS := -j $(subst parallel=,,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS))))
endif
export arch = $(DEB_HOST_ARCH)
ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
EXTRA_FEATURES=--disable-linux-caps
endif
SED_NATIVE_PKCS11 := \
sed -e 's,libisc\.,libisc-pkcs11.,g' \
-e 's,libisc-nosymtbl\.,libisc-pkcs11-nosymtbl.,g' \
-e 's,libdns\.,libdns-pkcs11.,g' \
-e 's,@CRYPTO@,@CRYPTO_PK11@,g' \
-e 's,ISC_INCLUDES,ISC_PKCS11_INCLUDES,g' \
-e 's,DNS_INCLUDES,DNS_PKCS11_INCLUDES,g' \
-e 's,\(dnssec-[^ ]*\)@EXEEXT@,\1-pkcs11@EXEEXT@,g' \
-e 's,/lib/isc/,/lib/isc-pkcs11/,g' \
-e 's,/lib/dns/,/lib/dns-pkcs11/,g' \
-e 's,named@EXEEXT@,named-pkcs11@EXEEXT@,g' \
-e 's,@CONTRIB_DLZ@,,g' \
-e 's,$${DLZDRIVER_INCLUDES} $${DBDRIVER_INCLUDES},,g' \
-e 's,$${DLZDRIVER_LIBS} $${DBDRIVER_LIBS},,g' \
-e 's,$${DLZDRIVER_OBJS} $${DBDRIVER_OBJS},,g' \
-e 's,$${DLZDRIVER_SRCS} $${DBDRIVER_SRCS},,g' \
-e 's,@DNS_CRYPTO_LIBS@,@DNS_CRYPTO_PK11_LIBS@,g'
%:
dh $@ --with python3 --fail-missing --exclude=.la --exclude=lwresd --exclude=__pycache__
prepare_native_pkcs11:
rm -rf bin/named-pkcs11 && cp -r bin/named bin/named-pkcs11
rm -rf bin/dnssec-pkcs11 && cp -r bin/dnssec bin/dnssec-pkcs11
rm -rf lib/isc-pkcs11 && cp -r lib/isc lib/isc-pkcs11
rm -rf lib/dns-pkcs11 && cp -r lib/dns lib/dns-pkcs11
$(SED_NATIVE_PKCS11) < bin/named/Makefile.in > bin/named-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < bin/dnssec/Makefile.in > bin/dnssec-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < lib/isc/Makefile.in > lib/isc-pkcs11/Makefile.in
$(SED_NATIVE_PKCS11) < lib/dns/Makefile.in > lib/dns-pkcs11/Makefile.in
clean_native_pkcs11:
rm -rf bin/named-pkcs11
rm -rf bin/dnssec-pkcs11
rm -rf lib/isc-pkcs11
rm -rf lib/dns-pkcs11
prepare_version:
if [ ! -f version.bak ]; then cp version version.bak; fi
sed -i 's,^EXTENSIONS=.*$$,EXTENSIONS=$(DEB_REVISION)-$(DEB_VENDOR),' version
clean_version:
if [ -f version.bak ]; then cp version.bak version; fi
override_dh_autoreconf: prepare_native_pkcs11 prepare_version
dh_autoreconf
override_dh_auto_configure:
debian/checkapi
dh_auto_configure -B build -- \
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--sysconfdir=/etc/bind \
--with-python=python3 \
--localstatedir=/ \
--enable-threads \
--enable-largefile \
--with-libtool \
--enable-shared \
--enable-static \
--with-gost=no \
--with-openssl=/usr \
--with-gssapi=/usr \
--disable-isc-spnego \
--with-libidn2 \
--with-libjson=/usr \
--with-lmdb=/usr \
--with-gnu-ld \
--with-geoip=/usr \
--with-atf=no \
--enable-ipv6 \
--enable-rrl \
--enable-filter-aaaa \
--enable-native-pkcs11 \
--with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
--with-randomdev=/dev/urandom \
--enable-dnstap \
$(EXTRA_FEATURES)
dh_auto_configure -B build-udeb -- \
--sysconfdir=/etc/bind \
--with-python=python3 \
--localstatedir=/ \
--disable-epoll \
--disable-kqueue \
--disable-devpoll \
--disable-threads \
--disable-linux-caps \
--with-openssl=/usr \
--without-libxml2 \
--without-libjson \
--without-lmdb \
--enable-ipv6 \
--enable-shared \
--with-libtool \
--with-gssapi=no \
--disable-isc-spnego \
--libdir=/lib/$(DEB_HOST_MULTIARCH) \
--includedir=/usr/include/bind-export
sh debian/apply-export-patch
# no need to build these targets here
sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
cp lib/dns/dnstap.proto build/lib/dns
cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11
override_dh_auto_build:
dh_auto_build -B build
dh_auto_build -B build-udeb
override_dh_auto_clean: clean_native_pkcs11 clean_version
dh_auto_clean -B build
dh_auto_clean -B build-udeb
override_dh_auto_install:
dh_auto_install -B build --destdir=$(CURDIR)/debian/tmp
dh_auto_install -B build-udeb --destdir=$(CURDIR)/debian/tmp-udeb
override_dh_install:
dh_install --exclude=.la --exclude=lwresd --exclude=__pycache__ --fail-missing
# Fix symlink for export libs to be absolute
for lib in `find debian/tmp-udeb/lib/$(DEB_HOST_MULTIARCH)/ -type l -name 'lib*-export.so.*'`; do \
lib=$$(basename $$lib); \
dev=$$(echo $$lib | sed 's/\.so\..*/.so/'); \
echo /lib/$(DEB_HOST_MULTIARCH)/$$lib /usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
dh_link -plibbind-export-dev /lib/$(DEB_HOST_MULTIARCH)/$$lib \
/usr/lib/$(DEB_HOST_MULTIARCH)/$$dev; \
done
dh_apparmor -pbind9 --profile-name=usr.sbin.named
override_dh_systemd_enable:
dh_systemd_enable -pbind9 --no-enable --name=bind9-resolvconf bind9-resolvconf.service
dh_systemd_enable -pbind9 --no-enable --name=bind9-pkcs11 bind9-pkcs11.service
dh_systemd_enable -pbind9 bind9.service
override_dh_makeshlibs: DNS_SOVER=$(shell debian/getapi dns)
override_dh_makeshlibs: IRS_SOVER=$(shell debian/getapi irs)
override_dh_makeshlibs: ISCCC_SOVER=$(shell debian/getapi isccc)
override_dh_makeshlibs: ISCCFG_SOVER=$(shell debian/getapi isccfg)
override_dh_makeshlibs: ISC_SOVER=$(shell debian/getapi isc)
override_dh_makeshlibs:
dh_makeshlibs -plibdns-export$(DNS_SOVER) --add-udeb=libdns-export$(DNS_SOVER)-udeb
dh_makeshlibs -plibirs-export$(IRS_SOVER) --add-udeb=libirs-export$(IRS_SOVER)-udeb
dh_makeshlibs -plibisccc-export$(ISCCC_SOVER) --add-udeb=libisccc-export$(ISCCC_SOVER)-udeb
dh_makeshlibs -plibisccfg-export$(ISCCFG_SOVER) --add-udeb=libisccfg-export$(ISCCFG_SOVER)-udeb
dh_makeshlibs -plibisc-export$(ISC_SOVER) --add-udeb=libisc-export$(ISC_SOVER)-udeb
dh_makeshlibs --remaining-packages
override_dh_shlibdeps:
dh_shlibdeps
# Downgrade libcrypto1.1-udeb dependency from 1.1.1 to 1.1.0
# The udebs don't use any newer symbols, but due to them using
# shlibs the dependency is generated anyway. This blocks migration
# to testing until OpenSSL 1.1.1 is sorted out
sed -i 's:libcrypto1.1-udeb (>= 1.1.1):libcrypto1.1-udeb (>= 1.1.0):' debian/*-udeb.substvars
.PHONY: prepare_native_pkcs11 clean_native_pkcs11