#! /usr/bin/make -f #export DH_VERBOSE = 1 #export DEB_BUILD_OPTIONS = nostrip export LC_ALL = C.UTF-8 include /usr/share/dpkg/default.mk include /usr/share/debhelper/dh_package_notes/package-notes.mk ifeq (amd64,$(DEB_HOST_ARCH)) export TEMPLATE_EFI_ARCH=x64 else ifeq (arm64,$(DEB_HOST_ARCH)) export TEMPLATE_EFI_ARCH=aa64 endif # We are building on OBS? Then it's an upstream build, set the profile and # use the addon for Secure Boot EFI signing ifneq ("$(wildcard /.build/build.dist)","") export DEB_BUILD_PROFILES += pkg.systemd.upstream DH_ADDONS = --with=signobs endif ifeq ($(DEB_VENDOR),Ubuntu) DEFAULT_NTP_SERVERS = ntp.ubuntu.com SUPPORT_URL = http://www.ubuntu.com/support CONFFLAGS_DISTRO = \ -Duser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ -Ddefault-llmnr=no \ -Ddefault-mdns=no else DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org SUPPORT_URL = https://www.debian.org/support CONFFLAGS_DISTRO = endif TEST_TIMEOUT_MULTIPLIER = "-t 10" # Fail on missing files and symbol changes on distro builds, but not if we # build/test upstream master. Also, don't put the debian revision in the version # tag when we build/test upstream as it doesn't have any meaning in that case # and it allows using the current date as the debian revision without causing # unnecessary rebuilds all the time. ifeq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) DH_MISSING ?= --fail-missing GENSYMBOLS_LEVEL ?= 4 VERSION_TAG = $(DEB_VERSION) else DH_MISSING ?= --list-missing GENSYMBOLS_LEVEL ?= 1 VERSION_TAG = $(DEB_VERSION_UPSTREAM) endif # Make sure that DEB_BUILD_OPTIONS can be used by users to override any options # we set here (By default DEB_BUILD_MAINT_OPTIONS overrides DEB_BUILD_OPTIONS). export DEB_BUILD_MAINT_OPTIONS = optimize=+lto hardening=+pie $(DEB_BUILD_OPTIONS) CONFFLAGS = \ -Dstatic-libsystemd=true \ -Dversion-tag="$(VERSION_TAG)" \ -Dquotaon-path=/usr/sbin/quotaon \ -Dquotacheck-path=/usr/sbin/quotacheck \ -Dkmod-path=/usr/bin/kmod \ -Dkexec-path=/usr/sbin/kexec \ -Dsulogin-path=/usr/sbin/sulogin \ -Dmount-path=/usr/bin/mount \ -Dumount-path=/usr/bin/umount \ -Dloadkeys-path=/usr/bin/loadkeys \ -Dsetfont-path=/usr/bin/setfont \ -Dnologin-path=/usr/sbin/nologin \ -Dsysvinit-path=/etc/init.d \ -Dsysvrcnd-path=/etc \ -Dlocalegen-path=/usr/sbin/locale-gen \ -Ddebug-shell=/usr/bin/bash \ -Dzshcompletiondir=/usr/share/zsh/vendor-completions \ -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \ -Dsupport-url=$(SUPPORT_URL) \ -Ddefault-kill-user-processes=false \ -Ddefault-dnssec=no \ -Dpamconfdir=no \ -Dpamlibdir=/usr/lib/$(DEB_HOST_MULTIARCH)/security \ -Drpmmacrosdir=no \ -Dvconsole=false \ -Dfirstboot=true \ -Dxkbcommon=disabled \ -Dwheel-group=false \ -Doomd=true \ -Durlify=true \ -Dgnutls=disabled \ -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \ -Dsystem-uid-max=999 \ -Dsystem-gid-max=999 \ -Dnobody-user=nobody \ -Dnobody-group=nogroup \ -Ddev-kvm-mode=0660 \ -Dgroup-render-mode=0660 \ -Drepart=enabled \ -Dfdisk=enabled \ -Dsysext=true \ -Dnscd=true \ -Dselinux=enabled \ -Dhwdb=true \ -Dsysusers=true \ -Dinstall-tests=$(if $(filter noinsttest,$(DEB_BUILD_PROFILES)),false,true) \ -Dman=$(if $(filter nodoc,$(DEB_BUILD_PROFILES)),disabled,enabled) \ -Ddbus-interfaces-dir=$(if $(filter nodoc,$(DEB_BUILD_PROFILES)),no,yes) \ -Dtranslations=true \ -Dnss-myhostname=true \ -Dnss-mymachines=enabled \ -Dnss-resolve=enabled \ -Dnss-systemd=true \ -Dresolve=true \ -Dstatus-unit-format-default=combined \ -Dstandalone-binaries=true \ -Dutmp=false \ -Dmode=$(if $(filter pkg.systemd.upstream,$(DEB_BUILD_PROFILES)),developer,release) ifeq ($(filter nocheck,$(DEB_BUILD_PROFILES))$(filter noinsttest,$(DEB_BUILD_PROFILES)),nochecknoinsttest) CONFFLAGS += -Dtests=false else CONFFLAGS += -Dtests=true endif ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) CONFFLAGS += \ -Daudit=enabled \ -Dlibcryptsetup=enabled \ -Dlibcryptsetup-plugins=enabled \ -Dcoredump=true \ -Delfutils=enabled \ -Dapparmor=enabled \ -Dlibidn2=enabled \ -Dlibiptc=enabled \ -Dlibcurl=enabled \ -Dimportd=enabled \ -Dmicrohttpd=enabled \ -Dopenssl=enabled \ -Dcryptolib=openssl \ -Ddns-over-tls=openssl \ -Dlibfido2=enabled \ -Dtpm2=enabled \ -Dp11kit=enabled \ -Dqrencode=enabled \ -Dpwquality=enabled \ -Dhomed=enabled \ -Duserdb=true \ -Dpcre2=enabled \ -Dukify=enabled \ -Dbootloader=$(if $(filter amd64 i386 arm64 armhf loong64 riscv64,$(DEB_HOST_ARCH)),enabled,disabled) \ -Dsysupdate=enabled else CONFFLAGS += \ -Daudit=disabled \ -Dlibcryptsetup=disabled \ -Dlibcryptsetup-plugins=disabled \ -Dcoredump=false \ -Delfutils=disabled \ -Dapparmor=disabled \ -Dlibidn2=disabled \ -Dlibiptc=disabled \ -Dlibcurl=disabled \ -Dimportd=disabled \ -Dmicrohttpd=disabled \ -Dopenssl=disabled \ -Dlibfido2=disabled \ -Dtpm2=disabled \ -Dp11kit=disabled \ -Dqrencode=disabled \ -Dpwquality=disabled \ -Dhomed=disabled \ -Duserdb=false \ -Dpcre2=disabled \ -Dukify=disabled \ -Dbootloader=disabled \ -Dsysupdate=disabled endif # BPF/BTF are only enabled and usable on a few architectures ifeq (, $(filter $(DEB_BUILD_PROFILES), stage1 pkg.systemd.nobpf)) ifneq (,$(filter $(DEB_TARGET_ARCH), amd64 arm64 ppc64el riscv64 s390x)) CONFFLAGS += \ -Dbpf-framework=enabled \ -Dbpf-compiler=clang ifeq ($(DEB_VENDOR),Ubuntu) # Source: https://git.launchpad.net/ubuntu/+source/xdp-tools/tree/debian/rules # On Ubuntu, the `bpftool` in path is a shell wrapper pointing at # the binary corresponding to runtime kernel version. # # We do not know the kernel version being used on the system building # this package, and in sbuild/container environments uname might not # even match anything available to the build. # Gladly for the build we only need the tool to generate skeleton code. # # If any /usr/lib/linux-tools/*/bpftool exists, locate the most recent # version and point to that, otherwise `bpftool` from PATH will be # used. bpftool_binary := $(shell find /usr/lib/linux-tools/ -name 'bpftool' -perm /u=x 2>/dev/null | sort | head -n1) ifneq ($(bpftool_binary),) export PATH := $(shell dirname $(bpftool_binary)):$(PATH) endif endif # TODO: once linux-bpf-dev is available in all releases that we build for, drop the # conditional on the wildcard and the alternative dependency on linux-headers-generic ifneq ("$(wildcard /usr/include/$(DEB_HOST_MULTIARCH)/linux/bpf/vmlinux.h)","") CONFFLAGS += -Dvmlinux-h=provided -Dvmlinux-h-path=/usr/include/$(DEB_HOST_MULTIARCH)/linux/bpf/vmlinux.h else ifneq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) CONFFLAGS += -Dvmlinux-h=auto else CONFFLAGS += -Dvmlinux-h=disabled endif endif endif endif ifeq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) CONFFLAGS += -Ddns-servers='' CONFFLAGS += -Dsbat-distro-url=https://tracker.debian.org/pkg/systemd else CONFFLAGS += -Dsbat-distro-url=https://github.com/systemd/systemd CONFFLAGS += -Dsbat-distro=upstream CONFFLAGS += -Dsbat-distro-summary='Upstream build from git' endif # Increase the minimum number of sections to keep free in stub PE header in # order to be able to create an UKI file with many DTBs (each of them is stored # in a different .dtbauto section) ifneq (,$(filter $(DEB_TARGET_ARCH), arm64 armhf riscv64)) CONFFLAGS += -Defi-stub-extra-sections=500 endif override_dh_auto_configure: dh_auto_configure \ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_UPSTREAM) execute_before_dh_auto_build: # blhc false positives: C++ fuzz test program, cc -E flags listing, PE-COFF EFI binaries @echo 'blhc: ignore-line-regexp: .* -o test-bus-vtable-cc.*' @echo 'blhc: ignore-line-regexp: .*cc -E.*' @echo 'blhc: ignore-line-regexp: .* -o src/boot/.*' execute_before_dh_auto_clean: ifneq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) debian/extra/checkout-upstream endif execute_before_dh_install: # remove unnecessary / unused files that are picked up by wildcards/directory listings in dh_install rm -rf debian/tmp/usr/share/doc/systemd/LICENSES/ rm -f debian/tmp/usr/share/doc/systemd/LICENSE.* rm -f debian/tmp/usr/lib/udev/*.d/README # replace upstream sysusers.d/basic.conf with proper users for Debian if [ -d debian/tmp/usr/lib/sysusers.d/ ]; then \ debian/extra/make-sysusers-basic > debian/tmp/usr/lib/sysusers.d/basic.conf; \ fi execute_after_dh_install-arch: # Ubuntu specific files ifeq ($(DEB_VENDOR),Ubuntu) install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/usr/lib/udev/rules.d/ install -D --mode=644 debian/extra/resolved.conf.d/cache-no-negative.conf debian/systemd-resolved/usr/lib/systemd/resolved.conf.d/cache-no-negative.conf cp -a debian/extra/units-ubuntu/* debian/systemd/usr/lib/systemd/system/ endif ifeq (,$(filter stage1, $(DEB_BUILD_PROFILES))) ifeq ($(DEB_VENDOR),Debian) ifneq ($(TEMPLATE_EFI_ARCH),) debian/extra/gen-signing-template $(DEB_VERSION) $(DEB_HOST_ARCH) $(TEMPLATE_EFI_ARCH) endif endif endif override_dh_missing: dh_missing $(DH_MISSING) override_dh_installsystemd: dh_installsystemd -psystemd-timesyncd dh_installsystemd -psystemd-oomd systemd-oomd.service dh_installsystemd -psystemd-oomd --no-stop-on-upgrade systemd-oomd.socket dh_installsystemd -psystemd-container --no-stop-on-upgrade machines.target dh_installsystemd -psystemd-userdbd --no-stop-on-upgrade systemd-userdbd.socket dh_installsystemd -psystemd-homed --no-also systemd-homed.service systemd-homed-activate.service dh_installsystemd -psystemd-resolved dh_installsystemd -pudev systemd-udevd.service override_dh_installsystemduser: execute_after_dh_installsysusers: dh_installsysusers -pudev --name=debian-udev PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION / {print $$3}' obj-$(DEB_HOST_GNU_TYPE)/config.h | tr -d \") # The SysV compat tools (which are symlinks to systemctl) are # quasi-essential, so add their dependencies to Pre-Depends # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589 override_dh_shlibdeps: dh_shlibdeps -psystemd -Llibsystemd-shared -- \ -dPre-Depends -edebian/systemd/usr/bin/systemctl \ -dDepends dh_shlibdeps -plibsystemd-shared -lusr/lib/$(DEB_HOST_MULTIARCH)/systemd dh_shlibdeps --remaining-packages -Llibsystemd-shared override_dh_makeshlibs: sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local dh_makeshlibs -plibsystemd-shared -Xlibsystemd-shared -Xlibsystemd-core -- -c$(GENSYMBOLS_LEVEL) dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL) # Ensure builds against the udeb package gets a dependency on libudev1-udeb. The last time a symbol # was added was in 247, and the API is pretty much frozen, so we can have a fixed version here. echo 'udeb: libudev 1 libudev1-udeb (>= 247)' >> debian/libudev1/DEBIAN/shlibs override_dh_auto_test: ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS))) # some tests hang under fakeroot, so disable fakeroot env -u LD_PRELOAD meson test -C obj-$(DEB_HOST_GNU_TYPE) --print-errorlogs $(TEST_TIMEOUT_MULTIPLIER) endif ifeq ($(DEB_VENDOR),Ubuntu) ifeq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) execute_after_dh_link: # Mask systemd-gpt-auto-generator by default on Ubuntu dh_link -psystemd /dev/null /etc/systemd/system-generators/systemd-gpt-auto-generator endif endif %: dh $@ $(DH_ADDONS) # TODO: ideally it should be possible to disable this via an env var or DEB_BUILD_OPTIONS override_dh_strip_nondeterminism: ifeq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) dh_strip_nondeterminism endif