1 files changed, 229 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..c8b778dc0
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,229 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+include /usr/share/dpkg/default.mk
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+  RUN_TESTS := yes
+else
+  RUN_TESTS :=
+endif
+ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+  PARALLEL :=
+else
+  PARALLEL := \
+        -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+endif
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  CC := gcc
+  PKG_CONFIG = pkg-config
+else
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+  PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
+  RUN_TESTS :=
+endif
+# Change the version string to reflect distribution
+SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' | sed -e 's/.*-//')
+UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu))
+ifeq ($(UBUNTU),yes)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ifeq ($(UBUNTU),yes)
+server_recommends := ssh-import-id
+else
+server_recommends :=
+endif
+# Common path configuration.
+confflags += --sysconfdir=/etc/ssh
+confflags += --libexecdir=\$${prefix}/lib/openssh
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/run/sshd
+confflags += --with-pid-dir=/run
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155
+ifeq ($(DEB_HOST_ARCH),hppa)
+confflags += --without-hardening
+endif
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+confflags += --with-audit=linux
+confflags += --with-systemd
+endif
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/xauth
+confflags_udeb += --without-xauth
+# Default paths. The udeb build has /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Compiler flags.
+cflags := $(CPPFLAGS) $(CFLAGS)
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+# Linker flags.
+confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
+confflags_udeb += --with-ldflags='-Wl,--as-needed'
+%:
+        dh $@ --with=autoreconf,systemd,runit
+autoreconf:
+        autoreconf -f -i
+        cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
+override_dh_autoreconf-arch:
+        dh_autoreconf debian/rules -- autoreconf
+override_dh_autoreconf-indep:
+override_dh_auto_configure-arch:
+        dh_auto_configure -Bdebian/build-deb -- $(confflags)
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb)
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status
+        cd debian/build-udeb && ./config.status
+endif
+override_dh_auto_configure-indep:
+override_dh_auto_build-arch:
+        $(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C debian/build-deb regress-prep
+        $(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        $(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+endif
+ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
+        $(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
+endif
+override_dh_auto_build-indep:
+override_dh_auto_test-arch:
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/build-deb unit compat-tests
+        $(MAKE) -C debian/keygen-test
+endif
+override_dh_auto_test-indep:
+override_dh_auto_clean:
+        rm -rf debian/build-deb debian/build-udeb
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/keygen-test clean
+endif
+        $(MAKE) -C contrib clean
+override_dh_auto_install-arch:
+        $(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
+override_dh_auto_install-indep:
+override_dh_install-arch:
+        rm -f debian/tmp/etc/ssh/sshd_config
+        dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        dh_install -popenssh-client-udeb -popenssh-server-udeb \
+                --sourcedir=debian/build-udeb
+endif
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-server/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+# We'd like to use dh_install --fail-missing here, but that doesn't work
+# well in combination with dh-exec: it complains that files generated by
+# dh-exec for architecture-dependent packages aren't installed.
+override_dh_install-indep:
+        rm -f debian/tmp/etc/ssh/sshd_config
+        dh_install
+override_dh_installdocs:
+        dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
+        dh_installdocs -popenssh-server -popenssh-sftp-server \
+                --link-doc=openssh-client
+        # Avoid breaking dh_installexamples later.
+        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
+override_dh_systemd_enable:
+        dh_systemd_enable -popenssh-server --name ssh ssh.service
+        dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket
+override_dh_installinit:
+        dh_installinit -R --name ssh
+debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+        sed 's/^@IF_KEYINIT@//' $< > $@
+else
+        sed '/^@IF_KEYINIT@/d' $< > $@
+endif
+override_dh_installpam: debian/openssh-server.sshd.pam
+        dh_installpam --name sshd
+override_dh_runit:
+        dh_runit -popenssh-server
+override_dh_fixperms-arch:
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+# Tighten libssl dependencies to match the check in entropy.c.
+override_dh_shlibdeps:
+        dh_shlibdeps
+        debian/adjust-openssl-dependencies
+override_dh_gencontrol:
+        dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
+debian/faq.html:
+        wget -O - http://www.openssh.com/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \
+                > debian/faq.html

diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..c8b778dc0 --- /dev/null +++ b/debian/rules
@@ -0,0 +1,229 @@
	1	#!/usr/bin/make -f
	2
	3	export DEB_BUILD_MAINT_OPTIONS := hardening=+all
	4
	5	include /usr/share/dpkg/default.mk
	6
	7	# Uncomment this to turn on verbose mode.
	8	# export DH_VERBOSE=1
	9
	10	# This has to be exported to make some magic below work.
	11	export DH_OPTIONS
	12
	13	ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
	14	RUN_TESTS := yes
	15	else
	16	RUN_TESTS :=
	17	endif
	18
	19	ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
	20	PARALLEL :=
	21	else
	22	PARALLEL := \
	23	-j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
	24	endif
	25
	26	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	27	CC := gcc
	28	PKG_CONFIG = pkg-config
	29	else
	30	CC := $(DEB_HOST_GNU_TYPE)-gcc
	31	PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
	32	RUN_TESTS :=
	33	endif
	34
	35	# Change the version string to reflect distribution
	36	SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' \| sed -e 's/.*-//')
	37
	38	UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu))
	39	ifeq ($(UBUNTU),yes)
	40	DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
	41	else
	42	DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games
	43	endif
	44	SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	45
	46	ifeq ($(UBUNTU),yes)
	47	server_recommends := ssh-import-id
	48	else
	49	server_recommends :=
	50	endif
	51
	52	# Common path configuration.
	53	confflags += --sysconfdir=/etc/ssh
	54	confflags += --libexecdir=\$${prefix}/lib/openssh
	55
	56	# Common build options.
	57	confflags += --disable-strip
	58	confflags += --with-mantype=doc
	59	confflags += --with-4in6
	60	confflags += --with-privsep-path=/run/sshd
	61	confflags += --with-pid-dir=/run
	62
	63	# The Hurd needs libcrypt for res_query et al.
	64	ifeq ($(DEB_HOST_ARCH_OS),hurd)
	65	confflags += --with-libs=-lcrypt
	66	endif
	67
	68	# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155
	69	ifeq ($(DEB_HOST_ARCH),hppa)
	70	confflags += --without-hardening
	71	endif
	72
	73	# Everything above here is common to the deb and udeb builds.
	74	confflags_udeb := $(confflags)
	75
	76	# Options specific to the deb build.
	77	confflags += --with-tcp-wrappers
	78	confflags += --with-pam
	79	confflags += --with-libedit
	80	confflags += --with-kerberos5=/usr
	81	confflags += --with-ssl-engine
	82	ifeq ($(DEB_HOST_ARCH_OS),linux)
	83	confflags += --with-selinux
	84	confflags += --with-audit=linux
	85	confflags += --with-systemd
	86	endif
	87
	88	# The deb build wants xauth; the udeb build doesn't.
	89	confflags += --with-xauth=/usr/bin/xauth
	90	confflags_udeb += --without-xauth
	91
	92	# Default paths. The udeb build has /usr/games removed.
	93	confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
	94	confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	95
	96	# Compiler flags.
	97	cflags := $(CPPFLAGS) $(CFLAGS)
	98	cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	99	cflags_udeb := -Os
	100	cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	101	confflags += --with-cflags='$(cflags)'
	102	confflags_udeb += --with-cflags='$(cflags_udeb)'
	103
	104	# Linker flags.
	105	confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
	106	confflags_udeb += --with-ldflags='-Wl,--as-needed'
	107
	108	%:
	109	dh $@ --with=autoreconf,systemd,runit
	110
	111	autoreconf:
	112	autoreconf -f -i
	113	cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
	114
	115	override_dh_autoreconf-arch:
	116	dh_autoreconf debian/rules -- autoreconf
	117
	118	override_dh_autoreconf-indep:
	119
	120	override_dh_auto_configure-arch:
	121	dh_auto_configure -Bdebian/build-deb -- $(confflags)
	122	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	123	dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb)
	124	# Avoid libnsl linkage. Ugh.
	125	perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status
	126	cd debian/build-udeb && ./config.status
	127	endif
	128
	129	override_dh_auto_configure-indep:
	130
	131	override_dh_auto_build-arch:
	132	$(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
	133	$(MAKE) -C debian/build-deb regress-prep
	134	$(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
	135	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	136	$(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
	137	endif
	138
	139	ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
	140	$(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
	141	endif
	142
	143	override_dh_auto_build-indep:
	144
	145	override_dh_auto_test-arch:
	146	ifeq ($(RUN_TESTS),yes)
	147	$(MAKE) -C debian/build-deb unit compat-tests
	148	$(MAKE) -C debian/keygen-test
	149	endif
	150
	151	override_dh_auto_test-indep:
	152
	153	override_dh_auto_clean:
	154	rm -rf debian/build-deb debian/build-udeb
	155	ifeq ($(RUN_TESTS),yes)
	156	$(MAKE) -C debian/keygen-test clean
	157	endif
	158	$(MAKE) -C contrib clean
	159
	160	override_dh_auto_install-arch:
	161	$(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
	162
	163	override_dh_auto_install-indep:
	164
	165	override_dh_install-arch:
	166	rm -f debian/tmp/etc/ssh/sshd_config
	167
	168	dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
	169	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	170	dh_install -popenssh-client-udeb -popenssh-server-udeb \
	171	--sourcedir=debian/build-udeb
	172	endif
	173
	174	# Remove version control tags to avoid unnecessary conffile
	175	# resolution steps for administrators.
	176	sed -i '/\$$OpenBSD:/d' \
	177	debian/openssh-server/etc/ssh/moduli \
	178	debian/openssh-client/etc/ssh/ssh_config
	179
	180	# We'd like to use dh_install --fail-missing here, but that doesn't work
	181	# well in combination with dh-exec: it complains that files generated by
	182	# dh-exec for architecture-dependent packages aren't installed.
	183	override_dh_install-indep:
	184	rm -f debian/tmp/etc/ssh/sshd_config
	185	dh_install
	186
	187	override_dh_installdocs:
	188	dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
	189	dh_installdocs -popenssh-server -popenssh-sftp-server \
	190	--link-doc=openssh-client
	191	# Avoid breaking dh_installexamples later.
	192	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
	193
	194	override_dh_systemd_enable:
	195	dh_systemd_enable -popenssh-server --name ssh ssh.service
	196	dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket
	197
	198	override_dh_installinit:
	199	dh_installinit -R --name ssh
	200
	201	debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
	202	ifeq ($(DEB_HOST_ARCH_OS),linux)
	203	sed 's/^@IF_KEYINIT@//' $< > $@
	204	else
	205	sed '/^@IF_KEYINIT@/d' $< > $@
	206	endif
	207
	208	override_dh_installpam: debian/openssh-server.sshd.pam
	209	dh_installpam --name sshd
	210
	211	override_dh_runit:
	212	dh_runit -popenssh-server
	213
	214	override_dh_fixperms-arch:
	215	dh_fixperms
	216	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
	217
	218	# Tighten libssl dependencies to match the check in entropy.c.
	219	override_dh_shlibdeps:
	220	dh_shlibdeps
	221	debian/adjust-openssl-dependencies
	222
	223	override_dh_gencontrol:
	224	dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
	225
	226	debian/faq.html:
	227	wget -O - http://www.openssh.com/faq.html \| \
	228	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \
	229	> debian/faq.html