#!/usr/bin/make -f SHELL = /bin/sh -e export DEB_BUILD_MAINT_OPTIONS = hardening=+all # Fast version of dpkg/architecture.mk defining all vars in one go ifeq (${DEB_HOST_MULTIARCH},) $(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d)) endif include /usr/share/dpkg/buildtools.mk include /usr/share/dpkg/buildflags.mk include /usr/share/dpkg/pkg-info.mk include /usr/share/dpkg/vendor.mk V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1) WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \ $(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS})) # stop python from generating .pyc caches export PYTHONDONTWRITEBYTECODE=1 ifeq (linux,${DEB_HOST_ARCH_OS}) ifneq (${DEB_HOST_GNU_TYPE},${DEB_BUILD_GNU_TYPE}) # for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd) export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH} endif endif DESTDIR = ${CURDIR}/debian/tmp LDB_EPOCH = 2: LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2) LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION} LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION}) LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev omit-pkgs = with-glusterfs = with-ceph = with-snapper = config-args = \ --prefix=/usr \ --enable-fhs \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=/usr/libexec \ --libdir=/usr/lib/${DEB_HOST_MULTIARCH} \ --datadir=/usr/share \ --with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \ --with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \ --with-privatedir=/var/lib/samba/private \ --with-smbpasswd-file=/etc/samba/smbpasswd \ --with-piddir=/run/samba \ --with-lockdir=/run/samba \ --with-sockets-dir=/run/samba \ --with-statedir=/var/lib/samba \ --with-cachedir=/var/cache/samba \ --with-pam \ --with-syslog \ --with-utmp \ --with-winbind \ --with-automount \ --with-ldap \ --with-ads \ --with-gpgme \ --enable-avahi \ --enable-spotlight \ --with-profiling-data \ --disable-rpath --disable-rpath-install \ --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \ --bundled-libraries=NONE,pytevent,ldb \ \ --with-cluster-support \ --enable-etcd-reclock \ --with-socketpath=/run/ctdb/ctdbd.socket \ --with-logdir=/var/log/ctdb \ ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes) with-ceph = $(if $(filter amd64 arm64 mips64el ppc64el riscv64 s390x, ${DEB_HOST_ARCH}),yes) with-snapper = yes config-args += \ --with-quota \ --with-systemd \ endif # Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386) omit-pkgs += ctdb libpam-winbind samba samba-testsuite samba-vfs-modules endif ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH})) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358 # on these platforms gcc does not link with -latomic, resulting in # third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal': # third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8' # ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id); # third_party/heimdal/lib/base/heimbase-atomics.h: # #include # #define heim_base_atomic_load(x) atomic_load((x)) # include a workaround for now # (-latomic and comes from gcc, --as-needed is already in use) LDFLAGS += -latomic endif ifneq (,$(filter m68k ,${DEB_HOST_ARCH})) # without this, build fails with multiple messages like: # foo.s:NNN: Error: Adjusted signed .word (0xb64a) overflows: `switch'-statement too large. # when building third_party/heimdal/lib/asn1/asn1_rfc2459_asn1.c (generated) # It would be best to enable this switch for a single file only (where it is needed) CFLAGS += -mlong-jump-table-offsets endif # build is done in bin/default/ subdir CFLAGS += -ffile-prefix-map=../../= config-args += $(if ${with-ceph},\ --enable-cephfs --enable-ceph-reclock,\ --disable-cephfs) with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES}) ifneq (,${with_mitkrb5}) config-args += \ --with-system-mitkrb5 \ --with-experimental-mit-ad-dc \ --with-system-mitkdc=/usr/sbin/krb5kdc # samba packages will have its own version suffix mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5 mitkrb5-dep-pkgs = samba-libs samba-dev mitkrb5-dep-pkgs += samba samba-common-bin python3-samba mitkrb5-dep-pkgs += samba-dsdb-modules samba-vfs-modules mitkrb5-dep-pkgs += libsmbclient smbclient mitkrb5-dep-pkgs += libnss-winbind libpam-winbind mitkrb5-dep-pkgs += winbind libwbclient0 mitkrb5-dep-pkgs += samba-testsuite mitkrb5-dep-pkgs += ctdb else mitkrb5-dep-pkgs = endif ifneq (,${omit-pkgs}) export DH_OPTIONS += $(addprefix -N, ${omit-pkgs}) endif # ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS} build-pkgs := $(shell dh_listpackages) binary binary-arch binary-indep \ install install-arch install-indep: %: dh $* configure: bin/configured.stamp .PHONY: configure bin/configured.stamp: # branding if [ ! -f VERSION.orig ]; then \ mv VERSION VERSION.orig; \ sed -r -e 's/^(SAMBA_VERSION_VENDOR_SUFFIX).*/\1=${DEB_VENDOR}/' \ VERSION.orig > VERSION; \ fi CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \ CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \ ${WAF} -j1 -C configure ${config-args} || \ { $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; } # #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html rm -f third_party/heimdal/lib/gssapi/gssapi.h ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way [ -d third_party/heimdal-build-with-mitkrb5 ] || \ mv third_party/heimdal third_party/heimdal-build-with-mitkrb5 endif touch $@ build-arch: bin/built.stamp bin/built.stamp: bin/configured.stamp # samba build system is designed so that default build (what is produced # by waf build) supposed to be run directly from the build directory, # with all the paths pointing there. At the install stage, quite some # recompilation/relinking is done again, to adopt to the actual install # paths. There's no need (for now) to build samba to be run from the build # directory, so we use `waf install' here instead of `waf build'. # Build these two executables first, and build the install stage. # This will pefrorm unnecessary/extra install step (into d/tmp), which # we'll repeat during actual install stage, but this is definitely # better/faster than building whole thing for _not_ running from the build dir. ${WAF} $(if $V,-v) install --destdir="${DESTDIR}" touch $@ build-indep: build: build-arch build-indep ############## Tests ############## # We should use separate build for tests since it requires configuration # with --enable-selftest which is not compatible with production build. # Since samba build system always builds in bin/, we save whole source # into a subdir (testbuild/) and run everything from there. testbuild/copied.stamp: rm -rf testbuild; mkdir testbuild cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/ # cleanup some files just in case, do not interfere with production build find testbuild -name __pycache__ -exec rm -rf {} + rm -f testbuild/compile_commands.json touch $@ testbuild/configured.stamp: testbuild/copied.stamp @echo "############## selftest configure ##############" # allow some bundled "lib" for now just for the test build. Debian has them # (libsocket-wrapper &Co), but let's just build the bundled ones. There's no # good reason to use externally-packaged wrappers, they're small to build and # we don't use them for production build, and extra versioned build-dep hurts. cd testbuild && \ CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ ${WAF} -j1 -C configure --enable-selftest \ $$(echo '${config-args}' | \ sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|') # FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build) rm -f testbuild/selftest/knownfail.d/debian echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \ >>testbuild/selftest/knownfail.d/debian # echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \ # >>testbuild/selftest/knownfail.d/debian echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \ >>testbuild/selftest/knownfail.d/debian echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \ >>testbuild/selftest/knownfail.d/debian touch $@ selftest-quick: testbuild/configured.stamp @echo "############## selftest run ##############" cd testbuild && ${WAF} test --quick override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick) override_dh_auto_install-arch: # the same "waf install" as in the build target ${WAF} install --destdir="${DESTDIR}" # get list of files in build log find debian/tmp # Included in python-tevent? rm debian/tmp/usr/lib/python*/*-packages/_tevent.* rm debian/tmp/usr/lib/python*/*-packages/tevent.py # pam stuff install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/ # Debian goodies to set global option in smb.conf and add a share install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/ install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/ install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/ install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/ # install-and-rename docs for ctdb (also arch-specific) mkdir -p debian/tmp/ctdb install -p ctdb/config/events/README debian/tmp/ctdb/README.notification install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification ifeq ($(DEB_HOST_ARCH_OS), hurd) install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd endif ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd endif # compatibility link. When ldb was built by its own it stored modules in # /usr/lib//ldb/modules/ldb/. Now as part of samba it stores modules in # /usr/lib//samba/ldb/. Keep them together instead of d/*.{links,dirs}. # (sssd 2.6.3-3 moved their module to the new location; # samba-dsdb-modules always had their modules in ..../samba/ldb/) # This compat symlink should go away after bookworm # (needed mostly for bullseye sssd) dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \ /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat provision-dest := debian/samba-ad-provision/usr/share/samba/setup override_dh_auto_install-indep: # only arch-all package is samba-common containing a few debian-specific files # Most of files needs are renamed during install so lets put them # directly into the right place without d/samba-common.install indirection # Debian goodies install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/ ifeq (${DEB_VENDOR}, Ubuntu) patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff endif install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/ install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/ install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/ # we wrongly have pam file in samba-common instead of samba install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba # install provision files (samba-ad-provision, source4/setup/) mkdir -p -m0755 ${provision-dest} cp -r --preserve=timestamps source4/setup/. ${provision-dest} rm -rf ${provision-dest}/tests rm -f ${provision-dest}/wscript* \ ${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif override_dh_installpam: # include a command only if the given package is being built ifpkg = $(if $(filter ${1},${build-pkgs}),${2}) override_dh_installinit: ifneq (,$(filter samba, ${build-pkgs})) dh_installinit -psamba --name smbd dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler dh_installinit -psamba --name samba-ad-dc endif $(call ifpkg, winbind, dh_installinit -pwinbind) ifneq (,$(filter ctdb, ${build-pkgs})) install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb # Install dh scripts dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts endif override_dh_installsystemd: ifneq (,$(filter samba, ${build-pkgs})) dh_installsystemd -psamba --name=smbd dh_installsystemd -psamba --name=nmbd dh_installsystemd -psamba --name=samba-ad-dc endif $(call ifpkg, winbind, dh_installsystemd -pwinbind) $(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade) execute_after_dh_fixperms-arch: $(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper) override_dh_makeshlibs: # generate symbols file with correct cpython suffix in there { \ suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \ SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \ echo "libpyldb-util$${suff}.2 #PACKAGE# #MINVER#"; \ echo "* Build-Depends-Package: python3-ldb-dev" ; \ echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \ cat debian/python3-ldb.symbols.in; \ } > debian/python3-ldb.symbols # create symbols and shlibs files in separate wrapper script # to deal with private libraries debian/genshlibs \ $(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \ $(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs}) rm -f debian/python3-ldb.symbols # depcheck package, dep1|dep2... -- dependencies which should NOT be there depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \ then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi override_dh_shlibdeps: # for specific executables/modules, put dependencies in separate variables # to change Depends to Recommends for them in d/control dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \ -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper ifneq (,$(filter ctdb, ${build-pkgs})) echo "rados:Depends=" >> debian/ctdb.substvars ifneq (${with-ceph},) dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \ debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper endif endif ifneq (,$(filter samba-vfs-modules,${build-pkgs})) echo "vfsmods:Depends=" >> debian/samba-vfs-modules.substvars ifneq (${with-snapper}${with-ceph}${with-glusterfs},) dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \ $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \ $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \ $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so) endif endif # after shlibdeps run, check that we don't have wrong depdendencies $(call depcheck, samba-libs, samba|winbind|smbclient|ctdb) $(call depcheck, smbclient, samba|winbind|ctdb) $(call depcheck, ctdb, samba|winbind|smbclient) $(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff $(call depcheck, python3-samba, samba|winbind|ctdb) $(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb) $(call depcheck, libsmbclient, samba|winbind|smbclient|ctdb) override_dh_gencontrol: dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION} ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}" endif dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}" # move files from / to /usr if needed (#1059187): if command -v dh_movetousr >/dev/null; then dh_movetousr -plibpam-winbind -plibnss-winbind; fi clean: # see also debian/clean dh_clean bin/ testbuild/ [ ! -f VERSION.orig ] || mv -f VERSION.orig VERSION ifneq (,${with_mitkrb5}) [ ! -d third_party/heimdal-build-with-mitkrb5 ] || \ mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal endif