1 files changed, 351 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..618525636
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,351 @@
+#!/usr/bin/make -f
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+include /usr/share/hardening-includes/hardening.make
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
+OPTFLAGS := -O2
+else
+OPTFLAGS := -O0
+endif
+DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  confflags += --build=$(DEB_HOST_GNU_TYPE)
+  CC := gcc
+else
+  confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
+DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
+# Take account of old dpkg-architecture output.
+ifeq ($(DEB_HOST_ARCH_OS),)
+  DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
+  ifeq ($(DEB_HOST_ARCH_OS),gnu)
+    DEB_HOST_ARCH_OS := hurd
+  endif
+endif
+ifeq ($(DEB_HOST_ARCH_CPU),)
+  DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
+  ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
+    DEB_HOST_ARCH_CPU := amd64
+  endif
+endif
+ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
+  ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
+    # Apparently this is not implied by -fPIE, at least on the mipsen.
+    PIC_CFLAGS := -fPIC
+    PIC_LDFLAGS := -fPIC
+  endif
+endif
+# Change the version string to include the Debian version
+SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
+DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null || echo Debian)
+ifeq ($(DISTRIBUTOR),Ubuntu)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+# Common path configuration.
+confflags += --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/var/run/sshd
+confflags += --without-rand-helper
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+endif
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/X11/xauth
+confflags_udeb += --without-xauth
+# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Compiler flags.
+cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
+cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+# Linker flags.
+ifneq ($(PIC_LDFLAGS)$(HARDENING_LDFLAGS),)
+confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
+endif
+build: build-deb build-udeb
+build-deb: build-deb-stamp
+build-deb-stamp:
+        dh_testdir
+        mkdir -p build-deb
+        cd build-deb && ../configure $(confflags)
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+        # Some 2.2 kernels have trouble with setres[ug]id() (bug #239999).
+        perl -pi -e 's/.*#undef (BROKEN_SETRES[UG]ID).*/#define $$1 1/' build-deb/config.h
+endif
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
+        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall'
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+        $(MAKE) -C debian/tests
+endif
+        touch build-deb-stamp
+build-udeb: build-udeb-stamp
+build-udeb-stamp:
+        dh_testdir
+        mkdir -p build-udeb
+        cd build-udeb && ../configure $(confflags_udeb)
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
+        cd build-udeb && ./config.status
+        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+        touch build-udeb-stamp
+clean:
+        dh_testdir
+        rm -rf build-deb build-udeb
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+        $(MAKE) -C debian/tests clean
+endif
+        $(MAKE) -C contrib clean
+        (cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
+                > debian/copyright
+        dh_clean
+install: DH_OPTIONS=-a
+install: build
+        dh_testdir
+        dh_testroot
+        dh_prep
+        dh_installdirs
+        $(MAKE) -C build-deb DESTDIR=`pwd`/debian/openssh-client install-nokeys
+        rm -f debian/openssh-client/etc/ssh/sshd_config
+        #Temporary hack: remove /usr/share/Ssh.bin, since we have no smartcard support anyway.
+        rm -f debian/openssh-client/usr/share/Ssh.bin
+        # Split off the server.
+        mv debian/openssh-client/usr/sbin/sshd debian/openssh-server/usr/sbin/
+        mv debian/openssh-client/usr/lib/openssh/sftp-server debian/openssh-server/usr/lib/openssh/
+        mv debian/openssh-client/usr/share/man/man5/authorized_keys.5 debian/openssh-server/usr/share/man/man5/
+        mv debian/openssh-client/usr/share/man/man5/sshd_config.5 debian/openssh-server/usr/share/man/man5/
+        mv debian/openssh-client/usr/share/man/man8/sshd.8 debian/openssh-server/usr/share/man/man8/
+        mv debian/openssh-client/usr/share/man/man8/sftp-server.8 debian/openssh-server/usr/share/man/man8/
+        rmdir debian/openssh-client/usr/sbin debian/openssh-client/var/run/sshd
+        install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
+        install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
+        install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
+        install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
+        uudecode -o debian/ssh-askpass-gnome/usr/share/pixmaps/ssh-askpass-gnome.png debian/ssh-askpass-gnome.png.uue
+        install -m 755 debian/ssh-argv0 debian/openssh-client/usr/bin/ssh-argv0
+        install -m 644 debian/ssh-argv0.1 debian/openssh-client/usr/share/man/man1/ssh-argv0.1
+        install -o root -g root debian/openssh-server.init debian/openssh-server/etc/init.d/ssh
+        install -o root -g root -m 644 debian/openssh-server.default debian/openssh-server/etc/default/ssh
+        install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
+        install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
+        install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh
+        install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp
+        install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp
+        install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd
+        install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-client/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+# Build architecture-independent files here.
+binary-indep: binary-ssh binary-ssh-krb5
+# Build architecture-dependent files here.
+binary-arch: binary-openssh-client binary-openssh-server
+binary-arch: binary-ssh-askpass-gnome
+binary-arch: binary-openssh-client-udeb binary-openssh-server-udeb
+binary-openssh-client: DH_OPTIONS=-popenssh-client
+binary-openssh-client: build install
+        dh_testdir
+        dh_testroot
+        dh_installdebconf
+        dh_installdocs
+        dh_installchangelogs
+        install -m644 debian/openssh-client.lintian debian/openssh-client/usr/share/lintian/overrides/openssh-client
+        dh_strip
+        dh_compress
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+        dh_installdeb
+        test ! -e debian/ssh/etc/ssh/ssh_prng_cmds \
+          || echo "/etc/ssh/ssh_prng_cmds" >> debian/openssh-client/DEBIAN/conffiles
+        perl -i debian/substitute-conffile.pl \
+                ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
+                ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
+                debian/openssh-client/DEBIAN/preinst
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-server: DH_OPTIONS=-popenssh-server
+binary-openssh-server: build install
+        dh_testdir
+        dh_testroot
+        dh_installdebconf
+        dh_installdocs
+        mv debian/openssh-server/usr/share/doc/openssh-server debian/openssh-server/usr/share/doc/openssh-client
+        rm -f debian/openssh-server/usr/share/doc/openssh-client/copyright
+        install -m644 debian/openssh-server.lintian debian/openssh-server/usr/share/lintian/overrides/openssh-server
+        dh_installpam --name sshd
+        dh_link
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        perl -i debian/substitute-conffile.pl \
+                ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
+                ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
+                ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/ssh \
+                debian/openssh-server/DEBIAN/preinst
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh: DH_OPTIONS=-pssh
+binary-ssh: build install
+        dh_testdir
+        dh_testroot
+        dh_installdirs
+        dh_installdocs
+        mv debian/ssh/usr/share/doc/ssh debian/ssh/usr/share/doc/openssh-client
+        rm -f debian/ssh/usr/share/doc/openssh-client/copyright
+        install -m644 debian/ssh.lintian debian/ssh/usr/share/lintian/overrides/ssh
+        dh_link
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
+binary-ssh-krb5: build install
+        dh_testdir
+        dh_testroot
+        dh_installdocs
+        dh_installchangelogs
+        dh_link
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
+binary-ssh-askpass-gnome: build install
+        dh_testdir
+        dh_testroot
+        dh_installdocs
+        dh_installexamples
+        dh_installchangelogs
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-client-udeb: DH_OPTIONS=-popenssh-client-udeb
+binary-openssh-client-udeb: build install
+        dh_testdir
+        dh_testroot
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-server-udeb: DH_OPTIONS=-popenssh-server-udeb
+binary-openssh-server-udeb: build install
+        dh_testdir
+        dh_testroot
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary: binary-indep binary-arch
+debian/faq.html:
+        wget -O - http://www.openssh.org/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
+                > debian/faq.html
+.PHONY: build clean binary-indep binary-arch binary install
+.PHONY: build-deb build-udeb
+.PHONY: binary-openssh-client binary-openssh-server binary-ssh
+.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
+.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb

diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..618525636 --- /dev/null +++ b/debian/rules
@@ -0,0 +1,351 @@
	1	#!/usr/bin/make -f
	2
	3	# Uncomment this to turn on verbose mode.
	4	# export DH_VERBOSE=1
	5
	6	include /usr/share/hardening-includes/hardening.make
	7
	8	# This has to be exported to make some magic below work.
	9	export DH_OPTIONS
	10
	11	ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
	12	OPTFLAGS := -O2
	13	else
	14	OPTFLAGS := -O0
	15	endif
	16
	17	DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
	18	DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
	19
	20	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	21	confflags += --build=$(DEB_HOST_GNU_TYPE)
	22	CC := gcc
	23	else
	24	confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
	25	CC := $(DEB_HOST_GNU_TYPE)-gcc
	26	endif
	27
	28	DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
	29	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
	30
	31	# Take account of old dpkg-architecture output.
	32	ifeq ($(DEB_HOST_ARCH_OS),)
	33	DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
	34	ifeq ($(DEB_HOST_ARCH_OS),gnu)
	35	DEB_HOST_ARCH_OS := hurd
	36	endif
	37	endif
	38	ifeq ($(DEB_HOST_ARCH_CPU),)
	39	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
	40	ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
	41	DEB_HOST_ARCH_CPU := amd64
	42	endif
	43	endif
	44
	45	ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
	46	ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
	47	# Apparently this is not implied by -fPIE, at least on the mipsen.
	48	PIC_CFLAGS := -fPIC
	49	PIC_LDFLAGS := -fPIC
	50	endif
	51	endif
	52
	53	# Change the version string to include the Debian version
	54	SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog \| sed -n -e '/^Version:/s/Version: //p' \| sed -e 's/[^-]*-//')
	55
	56	DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null \|\| echo Debian)
	57	ifeq ($(DISTRIBUTOR),Ubuntu)
	58	DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
	59	else
	60	DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
	61	endif
	62	SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
	63
	64	# Common path configuration.
	65	confflags += --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man
	66
	67	# Common build options.
	68	confflags += --disable-strip
	69	confflags += --with-mantype=doc
	70	confflags += --with-4in6
	71	confflags += --with-privsep-path=/var/run/sshd
	72	confflags += --without-rand-helper
	73
	74	# The Hurd needs libcrypt for res_query et al.
	75	ifeq ($(DEB_HOST_ARCH_OS),hurd)
	76	confflags += --with-libs=-lcrypt
	77	endif
	78
	79	# Everything above here is common to the deb and udeb builds.
	80	confflags_udeb := $(confflags)
	81
	82	# Options specific to the deb build.
	83	confflags += --with-tcp-wrappers
	84	confflags += --with-pam
	85	confflags += --with-libedit
	86	confflags += --with-kerberos5=/usr
	87	confflags += --with-ssl-engine
	88	ifeq ($(DEB_HOST_ARCH_OS),linux)
	89	confflags += --with-selinux
	90	endif
	91
	92	# The deb build wants xauth; the udeb build doesn't.
	93	confflags += --with-xauth=/usr/bin/X11/xauth
	94	confflags_udeb += --without-xauth
	95
	96	# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
	97	confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
	98	confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	99
	100	# Compiler flags.
	101	cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
	102	cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
	103	cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	104	cflags_udeb := -Os
	105	cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	106	confflags += --with-cflags='$(cflags)'
	107	confflags_udeb += --with-cflags='$(cflags_udeb)'
	108
	109	# Linker flags.
	110	ifneq ($(PIC_LDFLAGS)$(HARDENING_LDFLAGS),)
	111	confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
	112	endif
	113
	114	build: build-deb build-udeb
	115
	116	build-deb: build-deb-stamp
	117	build-deb-stamp:
	118	dh_testdir
	119	mkdir -p build-deb
	120	cd build-deb && ../configure $(confflags)
	121
	122	ifeq ($(DEB_HOST_ARCH_OS),linux)
	123	# Some 2.2 kernels have trouble with setres[ug]id() (bug #239999).
	124	perl -pi -e 's/.#undef (BROKEN_SETRES[UG]ID)./#define $$1 1/' build-deb/config.h
	125	endif
	126	# Debian's /var/log/btmp has inappropriate permissions.
	127	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-deb/config.h
	128
	129	$(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
	130	$(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall'
	131	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	132	$(MAKE) -C debian/tests
	133	endif
	134
	135	touch build-deb-stamp
	136
	137	build-udeb: build-udeb-stamp
	138	build-udeb-stamp:
	139	dh_testdir
	140	mkdir -p build-udeb
	141	cd build-udeb && ../configure $(confflags_udeb)
	142	# Debian's /var/log/btmp has inappropriate permissions.
	143	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-udeb/config.h
	144	# Avoid libnsl linkage. Ugh.
	145	perl -pi -e 's/ +-lnsl//' build-udeb/config.status
	146	cd build-udeb && ./config.status
	147	$(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
	148	touch build-udeb-stamp
	149
	150	clean:
	151	dh_testdir
	152	rm -rf build-deb build-udeb
	153	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	154	$(MAKE) -C debian/tests clean
	155	endif
	156	$(MAKE) -C contrib clean
	157	(cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
	158	> debian/copyright
	159	dh_clean
	160
	161	install: DH_OPTIONS=-a
	162	install: build
	163	dh_testdir
	164	dh_testroot
	165	dh_prep
	166	dh_installdirs
	167
	168	$(MAKE) -C build-deb DESTDIR=`pwd`/debian/openssh-client install-nokeys
	169
	170	rm -f debian/openssh-client/etc/ssh/sshd_config
	171	#Temporary hack: remove /usr/share/Ssh.bin, since we have no smartcard support anyway.
	172	rm -f debian/openssh-client/usr/share/Ssh.bin
	173
	174	# Split off the server.
	175	mv debian/openssh-client/usr/sbin/sshd debian/openssh-server/usr/sbin/
	176	mv debian/openssh-client/usr/lib/openssh/sftp-server debian/openssh-server/usr/lib/openssh/
	177	mv debian/openssh-client/usr/share/man/man5/authorized_keys.5 debian/openssh-server/usr/share/man/man5/
	178	mv debian/openssh-client/usr/share/man/man5/sshd_config.5 debian/openssh-server/usr/share/man/man5/
	179	mv debian/openssh-client/usr/share/man/man8/sshd.8 debian/openssh-server/usr/share/man/man8/
	180	mv debian/openssh-client/usr/share/man/man8/sftp-server.8 debian/openssh-server/usr/share/man/man8/
	181	rmdir debian/openssh-client/usr/sbin debian/openssh-client/var/run/sshd
	182
	183	install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
	184	install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
	185
	186	install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
	187	install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
	188	uudecode -o debian/ssh-askpass-gnome/usr/share/pixmaps/ssh-askpass-gnome.png debian/ssh-askpass-gnome.png.uue
	189
	190	install -m 755 debian/ssh-argv0 debian/openssh-client/usr/bin/ssh-argv0
	191	install -m 644 debian/ssh-argv0.1 debian/openssh-client/usr/share/man/man1/ssh-argv0.1
	192
	193	install -o root -g root debian/openssh-server.init debian/openssh-server/etc/init.d/ssh
	194	install -o root -g root -m 644 debian/openssh-server.default debian/openssh-server/etc/default/ssh
	195	install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
	196	install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
	197
	198	install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh
	199	install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp
	200	install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp
	201	install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd
	202	install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
	203
	204	# Remove version control tags to avoid unnecessary conffile
	205	# resolution steps for administrators.
	206	sed -i '/\$$OpenBSD:/d' \
	207	debian/openssh-client/etc/ssh/moduli \
	208	debian/openssh-client/etc/ssh/ssh_config
	209
	210	# Build architecture-independent files here.
	211	binary-indep: binary-ssh binary-ssh-krb5
	212
	213	# Build architecture-dependent files here.
	214	binary-arch: binary-openssh-client binary-openssh-server
	215	binary-arch: binary-ssh-askpass-gnome
	216	binary-arch: binary-openssh-client-udeb binary-openssh-server-udeb
	217
	218	binary-openssh-client: DH_OPTIONS=-popenssh-client
	219	binary-openssh-client: build install
	220	dh_testdir
	221	dh_testroot
	222	dh_installdebconf
	223	dh_installdocs
	224	dh_installchangelogs
	225	install -m644 debian/openssh-client.lintian debian/openssh-client/usr/share/lintian/overrides/openssh-client
	226	dh_strip
	227	dh_compress
	228	dh_fixperms
	229	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
	230	dh_installdeb
	231	test ! -e debian/ssh/etc/ssh/ssh_prng_cmds \
	232	\|\| echo "/etc/ssh/ssh_prng_cmds" >> debian/openssh-client/DEBIAN/conffiles
	233	perl -i debian/substitute-conffile.pl \
	234	ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
	235	ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
	236	debian/openssh-client/DEBIAN/preinst
	237	dh_shlibdeps
	238	dh_gencontrol
	239	dh_md5sums
	240	dh_builddeb
	241
	242	binary-openssh-server: DH_OPTIONS=-popenssh-server
	243	binary-openssh-server: build install
	244	dh_testdir
	245	dh_testroot
	246	dh_installdebconf
	247	dh_installdocs
	248	mv debian/openssh-server/usr/share/doc/openssh-server debian/openssh-server/usr/share/doc/openssh-client
	249	rm -f debian/openssh-server/usr/share/doc/openssh-client/copyright
	250	install -m644 debian/openssh-server.lintian debian/openssh-server/usr/share/lintian/overrides/openssh-server
	251	dh_installpam --name sshd
	252	dh_link
	253	dh_strip
	254	dh_compress
	255	dh_fixperms
	256	dh_installdeb
	257	perl -i debian/substitute-conffile.pl \
	258	ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
	259	ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
	260	ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/ssh \
	261	debian/openssh-server/DEBIAN/preinst
	262	dh_shlibdeps
	263	dh_gencontrol
	264	dh_md5sums
	265	dh_builddeb
	266
	267	binary-ssh: DH_OPTIONS=-pssh
	268	binary-ssh: build install
	269	dh_testdir
	270	dh_testroot
	271	dh_installdirs
	272	dh_installdocs
	273	mv debian/ssh/usr/share/doc/ssh debian/ssh/usr/share/doc/openssh-client
	274	rm -f debian/ssh/usr/share/doc/openssh-client/copyright
	275	install -m644 debian/ssh.lintian debian/ssh/usr/share/lintian/overrides/ssh
	276	dh_link
	277	dh_compress
	278	dh_fixperms
	279	dh_installdeb
	280	dh_gencontrol
	281	dh_md5sums
	282	dh_builddeb
	283
	284	binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
	285	binary-ssh-krb5: build install
	286	dh_testdir
	287	dh_testroot
	288	dh_installdocs
	289	dh_installchangelogs
	290	dh_link
	291	dh_compress
	292	dh_fixperms
	293	dh_installdeb
	294	dh_gencontrol
	295	dh_md5sums
	296	dh_builddeb
	297
	298	binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
	299	binary-ssh-askpass-gnome: build install
	300	dh_testdir
	301	dh_testroot
	302	dh_installdocs
	303	dh_installexamples
	304	dh_installchangelogs
	305	dh_strip
	306	dh_compress
	307	dh_fixperms
	308	dh_installdeb
	309	dh_shlibdeps
	310	dh_gencontrol
	311	dh_md5sums
	312	dh_builddeb
	313
	314	binary-openssh-client-udeb: DH_OPTIONS=-popenssh-client-udeb
	315	binary-openssh-client-udeb: build install
	316	dh_testdir
	317	dh_testroot
	318	dh_strip
	319	dh_compress
	320	dh_fixperms
	321	dh_installdeb
	322	dh_shlibdeps
	323	dh_gencontrol
	324	dh_md5sums
	325	dh_builddeb
	326
	327	binary-openssh-server-udeb: DH_OPTIONS=-popenssh-server-udeb
	328	binary-openssh-server-udeb: build install
	329	dh_testdir
	330	dh_testroot
	331	dh_strip
	332	dh_compress
	333	dh_fixperms
	334	dh_installdeb
	335	dh_shlibdeps
	336	dh_gencontrol
	337	dh_md5sums
	338	dh_builddeb
	339
	340	binary: binary-indep binary-arch
	341
	342	debian/faq.html:
	343	wget -O - http://www.openssh.org/faq.html \| \
	344	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
	345	> debian/faq.html
	346
	347	.PHONY: build clean binary-indep binary-arch binary install
	348	.PHONY: build-deb build-udeb
	349	.PHONY: binary-openssh-client binary-openssh-server binary-ssh
	350	.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
	351	.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb