1 files changed, 218 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..85b916bd4
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,218 @@
+#!/usr/bin/make -f
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+include /usr/share/hardening-includes/hardening.make
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
+OPTFLAGS := -O2
+else
+OPTFLAGS := -O0
+endif
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+  RUN_TESTS := yes
+else
+  RUN_TESTS :=
+endif
+DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  CC := gcc
+else
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+  RUN_TESTS :=
+endif
+DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
+DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
+# Take account of old dpkg-architecture output.
+ifeq ($(DEB_HOST_ARCH_OS),)
+  DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
+  ifeq ($(DEB_HOST_ARCH_OS),gnu)
+    DEB_HOST_ARCH_OS := hurd
+  endif
+endif
+ifeq ($(DEB_HOST_ARCH_CPU),)
+  DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
+  ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
+    DEB_HOST_ARCH_CPU := amd64
+  endif
+endif
+ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
+  ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
+    # Apparently this is not implied by -fPIE, at least on the mipsen.
+    PIC_CFLAGS := -fPIC
+    PIC_LDFLAGS := -fPIC
+  endif
+endif
+# Change the version string to include the Debian version
+SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
+DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null || echo Debian)
+ifeq ($(DISTRIBUTOR),Ubuntu)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+# Common path configuration.
+confflags += --sysconfdir=/etc/ssh
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/var/run/sshd
+confflags += --without-rand-helper
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+endif
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/xauth
+confflags_udeb += --without-xauth
+# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Compiler flags.
+cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
+cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+# Linker flags.
+confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
+confflags_udeb += --with-ldflags='-Wl,--as-needed'
+%:
+        dh $@
+override_dh_auto_configure:
+        dh_auto_configure -Bbuild-deb -- $(confflags)
+        dh_auto_configure -Bbuild-udeb -- $(confflags_udeb)
+override_dh_auto_build:
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
+        cd build-udeb && ./config.status
+        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed'
+override_dh_auto_test:
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests
+endif
+override_dh_auto_clean:
+        rm -rf build-deb build-udeb
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests clean
+endif
+        $(MAKE) -C contrib clean
+        (cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
+                > debian/copyright
+override_dh_auto_install:
+        $(MAKE) -C build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
+override_dh_install:
+        rm -f debian/tmp/etc/ssh/sshd_config
+        dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
+        dh_install -popenssh-client-udeb -popenssh-server-udeb \
+                --sourcedir=build-udeb
+        install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
+        install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
+        install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-client/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+override_dh_installdocs:
+        dh_installdocs -Nopenssh-server -Nssh
+        dh_installdocs -popenssh-server -pssh --link-doc=openssh-client
+        # Avoid breaking dh_installexamples later.
+        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
+override_dh_installinit:
+        dh_installinit --name ssh
+override_dh_installpam:
+        dh_installpam --name sshd
+override_dh_fixperms:
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+override_dh_installdeb:
+        dh_installdeb
+        perl -i debian/substitute-conffile.pl \
+                ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
+                ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
+                debian/openssh-client/DEBIAN/preinst
+        # Yes, ETC_PAM_D_SSH is meant to be spelled that way, to match the
+        # old configuration file name we need to transfer.
+        perl -i debian/substitute-conffile.pl \
+                ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
+                ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
+                ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/sshd \
+                debian/openssh-server/DEBIAN/preinst
+debian/faq.html:
+        wget -O - http://www.openssh.org/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
+                > debian/faq.html
+# You only need to run this immediately after checking out the package from
+# revision control.
+quilt-setup:
+        [ ! -d .pc ]
+        set -e; for patch in $$(quilt series | tac); do \
+                patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
+        done
+        quilt push -a
+.PHONY: quilt-setup

diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..85b916bd4 --- /dev/null +++ b/debian/rules
@@ -0,0 +1,218 @@
	1	#!/usr/bin/make -f
	2
	3	# Uncomment this to turn on verbose mode.
	4	# export DH_VERBOSE=1
	5
	6	include /usr/share/hardening-includes/hardening.make
	7
	8	# This has to be exported to make some magic below work.
	9	export DH_OPTIONS
	10
	11	ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
	12	OPTFLAGS := -O2
	13	else
	14	OPTFLAGS := -O0
	15	endif
	16
	17	ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
	18	RUN_TESTS := yes
	19	else
	20	RUN_TESTS :=
	21	endif
	22
	23	DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
	24	DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
	25
	26	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	27	CC := gcc
	28	else
	29	CC := $(DEB_HOST_GNU_TYPE)-gcc
	30	RUN_TESTS :=
	31	endif
	32
	33	DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
	34	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
	35
	36	# Take account of old dpkg-architecture output.
	37	ifeq ($(DEB_HOST_ARCH_OS),)
	38	DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
	39	ifeq ($(DEB_HOST_ARCH_OS),gnu)
	40	DEB_HOST_ARCH_OS := hurd
	41	endif
	42	endif
	43	ifeq ($(DEB_HOST_ARCH_CPU),)
	44	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
	45	ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
	46	DEB_HOST_ARCH_CPU := amd64
	47	endif
	48	endif
	49
	50	ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
	51	ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
	52	# Apparently this is not implied by -fPIE, at least on the mipsen.
	53	PIC_CFLAGS := -fPIC
	54	PIC_LDFLAGS := -fPIC
	55	endif
	56	endif
	57
	58	# Change the version string to include the Debian version
	59	SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog \| sed -n -e '/^Version:/s/Version: //p' \| sed -e 's/[^-]*-//')
	60
	61	DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null \|\| echo Debian)
	62	ifeq ($(DISTRIBUTOR),Ubuntu)
	63	DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
	64	else
	65	DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
	66	endif
	67	SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
	68
	69	# Common path configuration.
	70	confflags += --sysconfdir=/etc/ssh
	71
	72	# Common build options.
	73	confflags += --disable-strip
	74	confflags += --with-mantype=doc
	75	confflags += --with-4in6
	76	confflags += --with-privsep-path=/var/run/sshd
	77	confflags += --without-rand-helper
	78
	79	# The Hurd needs libcrypt for res_query et al.
	80	ifeq ($(DEB_HOST_ARCH_OS),hurd)
	81	confflags += --with-libs=-lcrypt
	82	endif
	83
	84	# Everything above here is common to the deb and udeb builds.
	85	confflags_udeb := $(confflags)
	86
	87	# Options specific to the deb build.
	88	confflags += --with-tcp-wrappers
	89	confflags += --with-pam
	90	confflags += --with-libedit
	91	confflags += --with-kerberos5=/usr
	92	confflags += --with-ssl-engine
	93	ifeq ($(DEB_HOST_ARCH_OS),linux)
	94	confflags += --with-selinux
	95	endif
	96
	97	# The deb build wants xauth; the udeb build doesn't.
	98	confflags += --with-xauth=/usr/bin/xauth
	99	confflags_udeb += --without-xauth
	100
	101	# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
	102	confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
	103	confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	104
	105	# Compiler flags.
	106	cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
	107	cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
	108	cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	109	cflags_udeb := -Os
	110	cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	111	confflags += --with-cflags='$(cflags)'
	112	confflags_udeb += --with-cflags='$(cflags_udeb)'
	113
	114	# Linker flags.
	115	confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
	116	confflags_udeb += --with-ldflags='-Wl,--as-needed'
	117
	118	%:
	119	dh $@
	120
	121	override_dh_auto_configure:
	122	dh_auto_configure -Bbuild-deb -- $(confflags)
	123	dh_auto_configure -Bbuild-udeb -- $(confflags_udeb)
	124
	125	override_dh_auto_build:
	126	# Debian's /var/log/btmp has inappropriate permissions.
	127	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-deb/config.h
	128	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-udeb/config.h
	129
	130	# Avoid libnsl linkage. Ugh.
	131	perl -pi -e 's/ +-lnsl//' build-udeb/config.status
	132	cd build-udeb && ./config.status
	133
	134	$(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
	135	$(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
	136
	137	$(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed'
	138
	139	override_dh_auto_test:
	140	ifeq ($(RUN_TESTS),yes)
	141	$(MAKE) -C debian/tests
	142	endif
	143
	144	override_dh_auto_clean:
	145	rm -rf build-deb build-udeb
	146	ifeq ($(RUN_TESTS),yes)
	147	$(MAKE) -C debian/tests clean
	148	endif
	149	$(MAKE) -C contrib clean
	150	(cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
	151	> debian/copyright
	152
	153	override_dh_auto_install:
	154	$(MAKE) -C build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
	155
	156	override_dh_install:
	157	rm -f debian/tmp/etc/ssh/sshd_config
	158
	159	dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
	160	dh_install -popenssh-client-udeb -popenssh-server-udeb \
	161	--sourcedir=build-udeb
	162
	163	install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
	164
	165	install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
	166	install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
	167
	168	# Remove version control tags to avoid unnecessary conffile
	169	# resolution steps for administrators.
	170	sed -i '/\$$OpenBSD:/d' \
	171	debian/openssh-client/etc/ssh/moduli \
	172	debian/openssh-client/etc/ssh/ssh_config
	173
	174	override_dh_installdocs:
	175	dh_installdocs -Nopenssh-server -Nssh
	176	dh_installdocs -popenssh-server -pssh --link-doc=openssh-client
	177	# Avoid breaking dh_installexamples later.
	178	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
	179
	180	override_dh_installinit:
	181	dh_installinit --name ssh
	182
	183	override_dh_installpam:
	184	dh_installpam --name sshd
	185
	186	override_dh_fixperms:
	187	dh_fixperms
	188	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
	189
	190	override_dh_installdeb:
	191	dh_installdeb
	192	perl -i debian/substitute-conffile.pl \
	193	ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
	194	ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
	195	debian/openssh-client/DEBIAN/preinst
	196	# Yes, ETC_PAM_D_SSH is meant to be spelled that way, to match the
	197	# old configuration file name we need to transfer.
	198	perl -i debian/substitute-conffile.pl \
	199	ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
	200	ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
	201	ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/sshd \
	202	debian/openssh-server/DEBIAN/preinst
	203
	204	debian/faq.html:
	205	wget -O - http://www.openssh.org/faq.html \| \
	206	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
	207	> debian/faq.html
	208
	209	# You only need to run this immediately after checking out the package from
	210	# revision control.
	211	quilt-setup:
	212	[ ! -d .pc ]
	213	set -e; for patch in $$(quilt series \| tac); do \
	214	patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
	215	done
	216	quilt push -a
	217
	218	.PHONY: quilt-setup