#!/usr/bin/make -f NULL = DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow # If the build environment sets -Bsymbolic-functions, which is often used as # hardening option, that would break libvirt build time self-testing. # Therefore let dpkg-buildflag strip that option if present. DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/default.mk # Fail if the symbols file contains certain mistakes DPKG_GENSYMBOLS_CHECK_LEVEL = 4 export DPKG_GENSYMBOLS_CHECK_LEVEL include debian/arches.mk ifeq ($(DEB_HOST_ARCH_OS), linux) WITH_DAEMONS = -Ddriver_libvirtd=enabled -Dhost_validate=enabled WITH_ESX = -Ddriver_esx=enabled -Dcurl=enabled WITH_VMWARE = -Ddriver_vmware=enabled WITH_STORAGE_FS = -Dstorage_fs=enabled WITH_STORAGE_DIR = -Dstorage_dir=enabled WITH_STORAGE_LVM = -Dstorage_lvm=enabled WITH_STORAGE_SCSI = -Dstorage_scsi=enabled WITH_STORAGE_ISCSI = -Dstorage_iscsi=enabled WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=enabled -Dlibiscsi=enabled WITH_STORAGE_DISK = -Dstorage_disk=enabled WITH_STORAGE_MPATH = -Dstorage_mpath=enabled WITH_STORAGE_ZFS = -Dstorage_zfs=enabled WITH_BLKID = -Dblkid=enabled WITH_FUSE = -Dfuse=enabled WITH_UDEV = -Dudev=enabled -Dpciaccess=enabled WITH_CAPNG = -Dcapng=enabled WITH_LIBNL = -Dlibnl=enabled WITH_NETWORK = -Ddriver_network=enabled WITH_INTERFACE = -Ddriver_interface=enabled WITH_SECRETS = -Ddriver_secrets=enabled WITH_OPENVZ = -Ddriver_openvz=enabled WITH_YAJL = -Dyajl=enabled WITH_POLKIT = -Dpolkit=enabled WITH_SANLOCK = -Dsanlock=enabled WITH_INIT_SCRIPT = -Dinit_script=systemd WITH_FIREWALLD = -Dfirewalld=enabled WITH_ATTR = -Dattr=enabled WITH_AUDIT = -Daudit=enabled WITH_LIBPCAP = -Dlibpcap=enabled WITH_SELINUX = -Dselinux=enabled -Dsecdriver_selinux=enabled -Dselinux_mount=/sys/fs/selinux WITH_APPARMOR = -Dapparmor=enabled -Dsecdriver_apparmor=enabled -Dapparmor_profiles=enabled WITH_NSS_PLUGIN = -Dnss=enabled WITH_DTRACE = -Ddtrace=enabled WITH_NUMA = -Dnumactl=enabled -Dnumad=enabled WITH_SYSCTL = -Dsysctl_config=enabled -Duserfaultfd_sysctl=enabled WITH_WIRESHARK = -Dwireshark_dissector=enabled else WITH_DAEMONS = -Ddriver_libvirtd=disabled -Dhost_validate=disabled WITH_ESX = -Ddriver_esx=disabled -Dcurl=disabled WITH_VMWARE = -Ddriver_vmware=disabled WITH_STORAGE_FS = -Dstorage_fs=disabled WITH_STORAGE_DIR = -Dstorage_dir=disabled WITH_STORAGE_LVM = -Dstorage_lvm=disabled WITH_STORAGE_SCSI = -Dstorage_scsi=disabled WITH_STORAGE_ISCSI = -Dstorage_iscsi=disabled WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=disabled -Dlibiscsi=disabled WITH_STORAGE_DISK = -Dstorage_disk=disabled WITH_STORAGE_MPATH = -Dstorage_mpath=enabled WITH_STORAGE_ZFS = -Dstorage_zfs=disabled WITH_BLKID = -Dblkid=disabled WITH_FUSE = -Dfuse=disabled WITH_UDEV = -Dudev=disabled -Dpciaccess=disabled WITH_CAPNG = -Dcapng=disabled WITH_LIBNL = -Dlibnl=disabled WITH_NETWORK = -Ddriver_network=disabled WITH_INTERFACE = -Ddriver_interface=disabled WITH_SECRETS = -Ddriver_secrets=disabled WITH_OPENVZ = -Ddriver_openvz=disabled WITH_POLKIT = -Dpolkit=disabled WITH_YAJL = -Dyajl=disabled WITH_SANLOCK = -Dsanlock=disabled WITH_INIT_SCRIPT = -Dinit_script=none WITH_FIREWALLD = -Dfirewalld=disabled WITH_ATTR = -Dattr=disabled WITH_AUDIT = -Daudit=disabled WITH_LIBPCAP = -Dlibpcap=disabled WITH_SELINUX = -Dselinux=disabled -Dsecdriver_selinux=disabled -Dselinux_mount= WITH_APPARMOR = -Dapparmor=disabled -Dsecdriver_apparmor=disabled -Dapparmor_profiles=disabled WITH_NSS_PLUGIN = -Dnss=disabled WITH_DTRACE = -Ddtrace=disabled WITH_NUMA = -Dnumactl=disabled -Dnumad=disabled WITH_SYSCTL = -Dsysctl_config=disabled -Duserfaultfd_sysctl=disabled WITH_WIRESHARK = -Dwireshark_dissector=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_CEPH))) WITH_STORAGE_RBD = -Dstorage_rbd=enabled else WITH_STORAGE_RBD = -Dstorage_rbd=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_GLUSTER))) WITH_STORAGE_GLUSTER = -Dstorage_gluster=enabled -Dglusterfs=enabled else WITH_STORAGE_GLUSTER = -Dstorage_gluster=disabled -Dglusterfs=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_QEMU))) WITH_QEMU = -Ddriver_qemu=enabled else WITH_QEMU = -Ddriver_qemu=disabled endif ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_LXC))) WITH_LXC = -Ddriver_lxc=enabled WITH_LOGIN_SHELL = -Dlogin_shell=enabled else WITH_LXC = -Ddriver_lxc=disabled WITH_LOGIN_SHELL = -Dlogin_shell=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_XEN))) WITH_LIBXL = -Ddriver_libxl=enabled else WITH_LIBXL = -Ddriver_libxl=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_VBOX))) WITH_VBOX = -Ddriver_vbox=enabled else WITH_VBOX = -Ddriver_vbox=disabled endif ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_NBDKIT))) WITH_NBDKIT = -Dnbdkit=enabled -Dnbdkit_config_default=enabled else WITH_NBDKIT = -Dnbdkit=disabled -Dnbdkit_config_default=disabled endif DEB_CONFIGURE_EXTRA_ARGS := \ --libexecdir=/usr/lib/libvirt \ -Drunstatedir=/run \ -Dinitconfdir=/etc/default \ -Dno_git=true \ -Dpackager="$(DEB_VENDOR)" \ -Dpackager_version="$(DEB_VERSION)" \ $(WITH_DAEMONS) \ $(WITH_QEMU) \ -Ddriver_remote=enabled \ -Dremote_default_mode=legacy \ -Ddriver_test=enabled \ -Ddriver_ch=disabled \ -Ddriver_bhyve=disabled \ -Ddriver_hyperv=disabled \ -Dopenwsman=disabled \ -Ddriver_vz=disabled \ -Dqemu_user=libvirt-qemu \ -Dqemu_group=libvirt-qemu \ -Dqemu_moddir=/usr/lib/$(DEB_HOST_MULTIARCH)/qemu \ -Dqemu_datadir=/usr/share/qemu \ -Ddocs=enabled \ -Ddocdir=/usr/share/doc/libvirt \ -Dtests=enabled \ -Drpath=disabled \ -Dnls=enabled \ -Dtls_priority=NORMAL \ $(WITH_OPENVZ) \ -Dsasl=enabled \ -Dlibssh2=enabled \ -Dlibssh=enabled \ -Dreadline=enabled \ -Dbash_completion=enabled \ -Dbash_completion_dir=/usr/share/bash-completion/completions \ $(WITH_YAJL) \ $(WITH_POLKIT) \ $(WITH_SANLOCK) \ $(WITH_UDEV) \ $(WITH_STORAGE_FS) \ $(WITH_STORAGE_DIR) \ $(WITH_STORAGE_LVM) \ $(WITH_STORAGE_SCSI) \ $(WITH_STORAGE_ISCSI) \ $(WITH_STORAGE_ISCSI_DIRECT) \ $(WITH_STORAGE_DISK) \ $(WITH_STORAGE_RBD) \ $(WITH_STORAGE_GLUSTER) \ $(WITH_STORAGE_MPATH) \ $(WITH_STORAGE_ZFS) \ -Dstorage_vstorage=disabled \ $(WITH_BLKID) \ $(WITH_FUSE) \ $(WITH_INIT_SCRIPT) \ $(WITH_NUMA) \ $(WITH_SYSCTL) \ $(WITH_SELINUX) \ $(WITH_APPARMOR) \ $(WITH_ESX) \ $(WITH_VMWARE) \ $(WITH_CAPNG) \ $(WITH_LIBNL) \ $(WITH_NETWORK) \ -Dnetcf=disabled \ $(WITH_INTERFACE) \ $(WITH_SECRETS) \ $(WITH_LIBXL) \ $(WITH_VBOX) \ $(WITH_LXC) \ $(WITH_LOGIN_SHELL) \ $(WITH_DTRACE) \ $(WITH_AUDIT) \ $(WITH_LIBPCAP) \ $(WITH_FIREWALLD) \ $(WITH_ATTR) \ $(WITH_NSS_PLUGIN) \ $(WITH_NBDKIT) \ $(WITH_WIRESHARK) \ -Dpm_utils=disabled \ $(NULL) # Those have to stay up through upgrades to avoid interruptions LIBVIRT_UNITS = \ virtlogd.service \ virtlockd.service \ libvirt-guests.service \ libvirtd.socket \ libvirtd-ro.socket \ libvirtd-admin.socket \ virtlogd.socket \ virtlogd-admin.socket \ virtlockd.socket \ virtlockd-admin.socket \ $(NULL) DEB_BUILDDIR := $(CURDIR)/debian/build DEB_DESTDIR := $(CURDIR)/debian/tmp %: dh $@ --builddirectory=$(DEB_BUILDDIR) override_dh_auto_configure: dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS) # The default timeout for tests in Meson is 30s, which is not enough # for architectures with slow buildds: make the timeout 10 times # larger (5m) to account for those # # Additionally, disable the syntax-check tests, as failures there don't # indicate functional issues, plus they get tripped up by the fact that # there are additional files in debian/ that they don't expect override_dh_auto_test: export LD_PRELOAD=""; \ export VIR_TEST_DEBUG=1; \ if ! dh_auto_test -- --timeout-multiplier 10 \ --no-suite syntax-check; \ then \ cat $(DEB_BUILDDIR)/meson-logs/testlog.txt; \ exit 1; \ fi # After the upstream build system has installed libvirt into $(DEB_DESTDIR), # we need to make some tweaks (add a few extra files, delete some contents # we're not interested in, move things around) so that later calls to the # various dh_* tools will work optimally. This target is the perfect place # to perform such operations execute_after_dh_auto_install: ifeq ($(DEB_HOST_ARCH_OS), linux) # Disable network autostart rm -rf $(DEB_DESTDIR)/etc/libvirt/qemu/networks/autostart/ # Move systemd units mkdir -p $(DEB_DESTDIR)/lib/systemd/system/ mv $(DEB_DESTDIR)/usr/lib/systemd/system/* \ $(DEB_DESTDIR)/lib/systemd/system/ # Move systcl files (we consider them examples) mkdir -p $(DEB_DESTDIR)/usr/share/doc/libvirt/examples/sysctl/ mv $(DEB_DESTDIR)/usr/lib/sysctl.d/* \ $(DEB_DESTDIR)/usr/share/doc/libvirt/examples/sysctl/ # Move networks (installed in /etc/ via maintscripts) mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/networks/ mv $(DEB_DESTDIR)/etc/libvirt/qemu/networks/* \ $(DEB_DESTDIR)/usr/share/libvirt/networks/ # Move nwfilters (installed in /etc/ via maintscripts) mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/nwfilter/ mv $(DEB_DESTDIR)/etc/libvirt/nwfilter/* \ $(DEB_DESTDIR)/usr/share/libvirt/nwfilter/ # Move NSS modules mkdir -p $(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH)/ mv $(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* \ $(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH)/ # Rename the upstream polkit rule so that it matches the name used # historically in Debian mv $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/50-libvirt.rules \ $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/60-libvirt.rules # Prepare Debian-specific configuration files to be installed mkdir -p $(DEB_DESTDIR)/etc/apt/apt.conf.d/ cp debian/apt/* \ $(DEB_DESTDIR)/etc/apt/apt.conf.d/ endif # Copy the release notes where dh_installdocs can find them cp NEWS.rst \ $(DEB_DESTDIR)/usr/share/doc/libvirt/NEWS # Don't ship the CI dashboard, which is not useful as documentation # triggers the privacy-breach-generic Lintian tag rm $(DEB_DESTDIR)/usr/share/doc/libvirt/html/ci-dashboard.html execute_after_dh_install: ifeq ($(DEB_HOST_ARCH_OS), linux) dh_apparmor -p libvirt-daemon-system --profile-name=usr.lib.libvirt.virt-aa-helper dh_apparmor -p libvirt-daemon-system --profile-name=usr.sbin.libvirtd endif ifeq ($(DEB_HOST_ARCH_OS), linux) override_dh_installinit: # Install SysV init scripts dh_installinit -p libvirt-daemon-system-sysv --name=virtlogd --no-stop-on-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=virtlockd --no-stop-on-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=libvirtd --restart-after-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=libvirt-guests --no-start # Install default files, which are used by both systemd and SysV init dh_installinit -p libvirt-daemon-system --name=virtlogd --no-scripts dh_installinit -p libvirt-daemon-system --name=virtlockd --no-scripts dh_installinit -p libvirt-daemon-system --name=libvirtd --no-scripts dh_installinit -p libvirt-daemon-system --name=libvirt-guests --no-scripts override_dh_installsystemd: dh_installsystemd -p libvirt-daemon-system --no-also libvirtd.service dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade $(LIBVIRT_UNITS) endif override_dh_installchangelogs: dh_installchangelogs -plibvirt0 dh_installchangelogs -plibvirt-doc override_dh_installdocs: dh_installdocs -plibvirt0 dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc # dh_missing can't figure out that some files are skipped on purpose due # to the conditionals above, so let's make the error non-fatal for -indep # builds. -arch builds don't need this because we sync whether each feature # is enabled and whether the corresponding files are installed override_dh_missing-indep: dh_missing --list-missing execute_before_dh_auto_clean: if test "$(DEB_LIBVIRT_MAINTAINER)"; then \ debian/scripts/process-templates.py --mode verify; \ fi debian/scripts/process-templates.py --mode build \ --arch $(DEB_HOST_ARCH) \ --os $(DEB_HOST_ARCH_OS)