#!/usr/bin/make -f NULL = DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow # If the build environment sets -Bsymbolic-functions, which is often used as # hardening option, that would break libvirt build time self-testing. # Therefore let dpkg-buildflag strip that option if present. DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/default.mk ARCHES_LXC = alpha amd64 arm64 armel armhf hppa i386 m68k mips64el mipsel powerpc ppc64 ppc64el riscv64 s390x sh4 sparc64 x32 ARCHES_XEN = amd64 arm64 armhf ARCHES_VBOX = amd64 i386 ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux)) ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_VBOX))) WITH_VBOX = -Ddriver_vbox=enabled else WITH_VBOX = -Ddriver_vbox=disabled endif ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_XEN))) WITH_LIBXL = -Ddriver_libxl=enabled else WITH_LIBXL = -Ddriver_libxl=disabled endif WITH_STORAGE_LVM = -Dstorage_lvm=enabled WITH_STORAGE_ISCSI = -Dstorage_iscsi=enabled WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=enabled WITH_STORAGE_DISK = -Dstorage_disk=enabled WITH_STORAGE_RBD = -Dstorage_rbd=enabled WITH_STORAGE_GLUSTER = -Dstorage_gluster=enabled WITH_UDEV = -Dudev=enabled WITH_CAPNG = -Dcapng=enabled WITH_LIBNL = -Dlibnl=enabled WITH_NETWORK = -Ddriver_network=enabled WITH_OPENVZ = -Ddriver_openvz=enabled WITH_POLKIT = -Dpolkit=enabled WITH_SANLOCK = -Dsanlock=enabled WITH_INIT_SCRIPT = -Dinit_script=systemd WITH_FIREWALLD = -Dfirewalld=enabled WITH_ATTR = -Dattr=enabled WITH_AUDIT = -Daudit=enabled WITH_SELINUX = -Dselinux=enabled -Dsecdriver_selinux=enabled -Dselinux_mount=/sys/fs/selinux WITH_APPARMOR = -Dapparmor=enabled -Dsecdriver_apparmor=enabled -Dapparmor_profiles=enabled WITH_NSS_PLUGIN = -Dnss=enabled WITH_DTRACE = -Ddtrace=enabled WITH_NUMA = -Dnumactl=enabled -Dnumad=enabled ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_LXC))) WITH_LXC = -Ddriver_lxc=enabled WITH_LOGIN_SHELL = -Dlogin_shell=enabled else WITH_LXC = -Ddriver_lxc=disabled WITH_LOGIN_SHELL = -Dlogin_shell=disabled endif else WITH_VBOX = -Ddriver_vbox=disabled WITH_LIBXL = -Ddriver_libxl=disabled WITH_STORAGE_LVM = -Dstorage_lvm=disabled WITH_STORAGE_ISCSI = -Dstorage_iscsi=disabled WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=disabled WITH_STORAGE_DISK = -Dstorage_disk=disabled WITH_STORAGE_RBD = -Dstorage_rbd=disabled WITH_STORAGE_GLUSTER = -Dstorage_gluster=disabled WITH_UDEV = -Dudev=disabled WITH_CAPNG = -Dcapng=disabled WITH_LIBNL = -Dlibnl=disabled WITH_NETWORK = -Ddriver_network=disabled WITH_OPENVZ = -Ddriver_openvz=disabled WITH_POLKIT = -Dpolkit=disabled WITH_SANLOCK = -Dsanlock=disabled WITH_INIT_SCRIPT = -Dinit_script=none WITH_FIREWALLD = -Dfirewalld=disabled WITH_ATTR = -Dattr=disabled WITH_AUDIT = -Daudit=disabled WITH_SELINUX = -Dselinux=disabled -Dsecdriver_selinux=disabled -Dselinux_mount= WITH_APPARMOR = -Dapparmor=disabled -Dsecdriver_apparmor=disabled -Dapparmor_profiles=disabled WITH_NSS_PLUGIN = -Dnss=disabled WITH_DTRACE = -Ddtrace=disabled WITH_NUMA = -Dnumactl=disabled -Dnumad=disabled WITH_LXC = -Ddriver_lxc=disabled WITH_LOGIN_SHELL = -Dlogin_shell=disabled endif DEB_CONFIGURE_EXTRA_ARGS := \ --libexecdir=/usr/lib/libvirt \ -Drunstatedir=/run \ -Dpackager="$(DEB_VENDOR)" \ -Dpackager_version="$(DEB_VERSION)" \ -Ddriver_qemu=enabled \ -Ddriver_libvirtd=enabled \ -Ddriver_remote=enabled \ -Dremote_default_mode=legacy \ -Ddriver_test=enabled \ -Ddriver_ch=disabled \ -Dqemu_user=libvirt-qemu \ -Dqemu_group=libvirt-qemu \ -Dqemu_moddir=/usr/lib/$(DEB_HOST_MULTIARCH)/qemu \ -Dqemu_datadir=/usr/share/qemu \ -Ddocs=enabled \ -Dtests=enabled \ $(WITH_OPENVZ) \ -Dsasl=enabled \ -Dyajl=enabled \ -Dlibssh2=enabled \ -Dlibssh=enabled \ $(WITH_POLKIT) \ $(WITH_SANLOCK) \ $(WITH_UDEV) \ -Dstorage_fs=enabled \ -Dstorage_dir=enabled \ $(WITH_STORAGE_LVM) \ $(WITH_STORAGE_ISCSI) \ $(WITH_STORAGE_ISCSI_DIRECT) \ $(WITH_STORAGE_DISK) \ $(WITH_STORAGE_RBD) \ $(WITH_STORAGE_GLUSTER) \ -Dstorage_vstorage=disabled \ -Dstorage_zfs=enabled \ $(WITH_INIT_SCRIPT) \ $(WITH_NUMA) \ $(WITH_SELINUX) \ $(WITH_APPARMOR) \ -Ddriver_esx=enabled \ $(WITH_CAPNG) \ $(WITH_LIBNL) \ $(WITH_NETWORK) \ -Dnetcf=disabled \ $(WITH_LIBXL) \ $(WITH_VBOX) \ $(WITH_LXC) \ $(WITH_LOGIN_SHELL) \ $(WITH_DTRACE) \ $(WITH_AUDIT) \ $(WITH_FIREWALLD) \ $(WITH_ATTR) \ $(WITH_NSS_PLUGIN) \ -Dwireshark_dissector=enabled \ $(NULL) # Those have to stay up through upgrades to avoid interruptions LIBVIRT_UNITS = \ virtlogd.service \ virtlockd.service \ libvirt-guests.service \ libvirtd.socket \ libvirtd-ro.socket \ libvirtd-admin.socket \ virtlogd.socket \ virtlogd-admin.socket \ virtlockd.socket \ virtlockd-admin.socket \ $(NULL) APPARMOR_ABSTRACTIONS = \ libvirt-lxc \ libvirt-qemu \ $(NULL) APPARMOR_TEMPLATES = \ TEMPLATE.lxc \ TEMPLATE.qemu \ $(NULL) APPARMOR_SERVICES = \ usr.lib.libvirt.virt-aa-helper \ usr.sbin.libvirtd \ $(NULL) NSS_PLUGINS = \ libvirt \ libvirt_guest \ $(NULL) SYSTEMTAP_TAPSETS = \ libvirt_functions \ libvirt_probes \ libvirt_qemu_probes \ $(NULL) SYSCTL_CONFIGS = \ libvirtd \ qemu-postcopy-migration \ $(NULL) DEB_BUILDDIR := $(CURDIR)/debian/build DEB_DESTDIR := $(CURDIR)/debian/tmp SRV_MONOLITHIC = libvirt-guests virtlogd virtlockd libvirtd libvirtd-tcp libvirtd-tls virt-guest-shutdown # For split daemons later, as of 6.0 the remaining elments are #SRV_SPLIT = virtnwfilterd virtinterfaced virtlxcd virtnetworkd virtnodedevd virtproxyd virtqemud virtsecretd virtstoraged virtvboxd virtxend virtproxyd-tcp virtproxyd-tls %: dh $@ --builddirectory=$(DEB_BUILDDIR) override_dh_auto_configure: dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS) # The default timeout for tests in Meson is 30s, which is not enough # for architectures with slow buildds: make the timeout 10 times # larger (5m) to account for those override_dh_auto_test: export LD_PRELOAD=""; \ export VIR_TEST_DEBUG=1; \ if ! dh_auto_test -- --timeout-multiplier 10; then \ cat $(DEB_BUILDDIR)/meson-logs/testlog.txt; \ exit 1; \ fi # After the upstream build system has installed libvirt into $(DEB_DESTDIR), # we need to make some tweaks (add a few extra files, delete some contents # we're not interested in, move things around) so that later calls to the # various dh_* tools will work optimally. This target is the perfect place # to perform such operations execute_after_dh_auto_install: # Move upstream files where dh_* can find them set -e; for f in $(SYSCTL_CONFIGS); do \ mv $(DEB_DESTDIR)/usr/lib/sysctl.d/60-$${f}.conf \ $(DEB_DESTDIR)/usr/lib/sysctl.d/$${f}.sysctl; \ done # Copy the release notes where dh_installdocs can find them cp NEWS.rst \ $(DEB_DESTDIR)/usr/share/doc/libvirt/NEWS # Rename the upstream polkit rule so that it matches the name used # historically in Debian mv $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/50-libvirt.rules \ $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/60-libvirt.rules # Don't ship any files that are managed by the user only rm $(DEB_DESTDIR)/etc/apparmor.d/local/* # Don't ship the CI dashboard, which is not useful as documentation # triggers the privacy-breach-generic Lintian tag rm $(DEB_DESTDIR)/usr/share/doc/libvirt/html/ci-dashboard.html # Disable network autostart rm -rf $(DEB_DESTDIR)/etc/libvirt/qemu/networks/autostart/ mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/ mv $(DEB_DESTDIR)/etc/libvirt/qemu/networks/ \ $(DEB_DESTDIR)/etc/libvirt/nwfilter/ \ $(DEB_DESTDIR)/usr/share/libvirt/ execute_after_dh_install: ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux)) # Linux supports more nice things: set -e; for f in $(SRV_MONOLITHIC); do \ dh_install -p libvirt-daemon-system \ usr/lib/systemd/system/$${f}* \ lib/systemd/system/; \ done dh_install -p libvirt-daemon usr/lib/libvirt/virt-aa-helper set -e; for f in $(APPARMOR_ABSTRACTIONS); do \ dh_install -p libvirt-daemon-system etc/apparmor.d/abstractions/$${f}; \ done set -e; for f in $(APPARMOR_TEMPLATES); do \ dh_install -p libvirt-daemon-system etc/apparmor.d/libvirt/$${f}; \ done set -e; for f in $(APPARMOR_SERVICES); do \ dh_install -p libvirt-daemon-system etc/apparmor.d/$${f}; \ dh_apparmor -p libvirt-daemon-system --profile-name=$${f}; \ done # Not all linux arches have systemtap yet if test -d $(DEB_DESTDIR)/usr/share/systemtap; then \ set -e; for f in $(SYSTEMTAP_TAPSETS); do \ dh_install -p libvirt-daemon-system \ usr/share/systemtap/tapset/$${f}.stp; \ done; \ fi dh_install -p libvirt-daemon-system etc/libvirt/lxc.conf dh_install -p libvirt-daemon-system etc/libvirt/qemu-sanlock.conf set -e; for f in $(NSS_PLUGINS); do \ dh_install -p libnss-libvirt \ usr/lib/$(DEB_HOST_MULTIARCH)/libnss_$${f}.so.2 \ lib/$(DEB_HOST_MULTIARCH)/; \ done endif ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_XEN))) dh_install -p libvirt-daemon-system etc/libvirt/libxl.conf dh_install -p libvirt-daemon-system etc/libvirt/libxl-lockd.conf dh_install -p libvirt-daemon-system etc/libvirt/libxl-sanlock.conf endif override_dh_installinit: # Install SysV init scripts dh_installinit -p libvirt-daemon-system-sysv --name=virtlogd --no-stop-on-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=virtlockd --no-stop-on-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=libvirtd --restart-after-upgrade dh_installinit -p libvirt-daemon-system-sysv --name=libvirt-guests --no-start # Install default files, which are used by both systemd and SysV init dh_installinit -p libvirt-daemon-system --name=virtlogd --no-scripts dh_installinit -p libvirt-daemon-system --name=virtlockd --no-scripts dh_installinit -p libvirt-daemon-system --name=libvirtd --no-scripts dh_installinit -p libvirt-daemon-system --name=libvirt-guests --no-scripts override_dh_installsystemd: dh_installsystemd -p libvirt-daemon-system --no-also libvirtd.service dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade $(LIBVIRT_UNITS) override_dh_installdocs: dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc dh_installdocs -Nlibvirt-doc # dh_missing can't figure out that some files are skipped on purpose due # to the conditionals above, so let's make the error non-fatal for -indep # builds. -arch builds don't need this because we sync whether each feature # is enabled and whether the corresponding files are installed override_dh_missing-indep: dh_missing --list-missing