1 files changed, 366 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..ba78595af
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,366 @@
+#!/usr/bin/make -f
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+include /usr/share/hardening-includes/hardening.make
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
+OPTFLAGS := -O2
+else
+OPTFLAGS := -O0
+endif
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+  RUN_TESTS := yes
+else
+  RUN_TESTS :=
+endif
+DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  confflags += --build=$(DEB_HOST_GNU_TYPE)
+  CC := gcc
+else
+  confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+  RUN_TESTS :=
+endif
+DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
+DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
+# Take account of old dpkg-architecture output.
+ifeq ($(DEB_HOST_ARCH_OS),)
+  DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
+  ifeq ($(DEB_HOST_ARCH_OS),gnu)
+    DEB_HOST_ARCH_OS := hurd
+  endif
+endif
+ifeq ($(DEB_HOST_ARCH_CPU),)
+  DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
+  ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
+    DEB_HOST_ARCH_CPU := amd64
+  endif
+endif
+ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
+  ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
+    # Apparently this is not implied by -fPIE, at least on the mipsen.
+    PIC_CFLAGS := -fPIC
+    PIC_LDFLAGS := -fPIC
+  endif
+endif
+# Change the version string to include the Debian version
+SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
+DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null || echo Debian)
+ifeq ($(DISTRIBUTOR),Ubuntu)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+# Common path configuration.
+confflags += --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/var/run/sshd
+confflags += --without-rand-helper
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+endif
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/xauth
+confflags_udeb += --without-xauth
+# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Compiler flags.
+cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
+cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+# Linker flags.
+confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
+confflags_udeb += --with-ldflags='-Wl,--as-needed'
+build: build-deb build-udeb
+build-deb: build-deb-stamp
+build-deb-stamp:
+        dh_testdir
+        mkdir -p build-deb
+        cd build-deb && ../configure $(confflags)
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
+        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed'
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests
+endif
+        touch build-deb-stamp
+build-udeb: build-udeb-stamp
+build-udeb-stamp:
+        dh_testdir
+        mkdir -p build-udeb
+        cd build-udeb && ../configure $(confflags_udeb)
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
+        cd build-udeb && ./config.status
+        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+        touch build-udeb-stamp
+clean:
+        dh_testdir
+        rm -rf build-deb build-udeb
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests clean
+endif
+        $(MAKE) -C contrib clean
+        (cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
+                > debian/copyright
+        dh_clean
+install: DH_OPTIONS=-a
+install: build
+        dh_testdir
+        dh_testroot
+        dh_prep
+        dh_installdirs
+        $(MAKE) -C build-deb DESTDIR=`pwd`/debian/openssh-client install-nokeys
+        rm -f debian/openssh-client/etc/ssh/sshd_config
+        #Temporary hack: remove /usr/share/Ssh.bin, since we have no smartcard support anyway.
+        rm -f debian/openssh-client/usr/share/Ssh.bin
+        # Split off the server.
+        mv debian/openssh-client/usr/sbin/sshd debian/openssh-server/usr/sbin/
+        mv debian/openssh-client/usr/lib/openssh/sftp-server debian/openssh-server/usr/lib/openssh/
+        mv debian/openssh-client/usr/share/man/man5/authorized_keys.5 debian/openssh-server/usr/share/man/man5/
+        mv debian/openssh-client/usr/share/man/man5/sshd_config.5 debian/openssh-server/usr/share/man/man5/
+        mv debian/openssh-client/usr/share/man/man8/sshd.8 debian/openssh-server/usr/share/man/man8/
+        mv debian/openssh-client/usr/share/man/man8/sftp-server.8 debian/openssh-server/usr/share/man/man8/
+        rmdir debian/openssh-client/usr/sbin debian/openssh-client/var/run/sshd
+        install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
+        install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
+        install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
+        install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
+        install -m 644 debian/ssh-askpass-gnome.png debian/ssh-askpass-gnome/usr/share/pixmaps/ssh-askpass-gnome.png
+        install -m 755 debian/ssh-argv0 debian/openssh-client/usr/bin/ssh-argv0
+        install -m 644 debian/ssh-argv0.1 debian/openssh-client/usr/share/man/man1/ssh-argv0.1
+        install -o root -g root debian/openssh-server.init debian/openssh-server/etc/init.d/ssh
+        install -o root -g root -m 644 debian/openssh-server.default debian/openssh-server/etc/default/ssh
+        install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
+        install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
+        install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh
+        install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp
+        install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp
+        install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd
+        install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-client/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+# Build architecture-independent files here.
+binary-indep: binary-ssh binary-ssh-krb5
+# Build architecture-dependent files here.
+binary-arch: binary-openssh-client binary-openssh-server
+binary-arch: binary-ssh-askpass-gnome
+binary-arch: binary-openssh-client-udeb binary-openssh-server-udeb
+binary-openssh-client: DH_OPTIONS=-popenssh-client
+binary-openssh-client: build install
+        dh_testdir
+        dh_testroot
+        dh_installdebconf
+        dh_installdocs
+        dh_installchangelogs
+        dh_lintian
+        dh_strip
+        dh_compress
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+        dh_installdeb
+        test ! -e debian/ssh/etc/ssh/ssh_prng_cmds \
+          || echo "/etc/ssh/ssh_prng_cmds" >> debian/openssh-client/DEBIAN/conffiles
+        perl -i debian/substitute-conffile.pl \
+                ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
+                ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
+                debian/openssh-client/DEBIAN/preinst
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-server: DH_OPTIONS=-popenssh-server
+binary-openssh-server: build install
+        dh_testdir
+        dh_testroot
+        dh_installdebconf
+        dh_installdocs
+        mv debian/openssh-server/usr/share/doc/openssh-server debian/openssh-server/usr/share/doc/openssh-client
+        rm -f debian/openssh-server/usr/share/doc/openssh-client/copyright
+        dh_installpam --name sshd
+        dh_lintian
+        dh_link
+        dh_installexamples
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        # Yes, ETC_PAM_D_SSH is meant to be spelled that way, to match the
+        # old configuration file name we need to transfer.
+        perl -i debian/substitute-conffile.pl \
+                ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
+                ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
+                ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/sshd \
+                debian/openssh-server/DEBIAN/preinst
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh: DH_OPTIONS=-pssh
+binary-ssh: build install
+        dh_testdir
+        dh_testroot
+        dh_installdirs
+        dh_installdocs
+        mv debian/ssh/usr/share/doc/ssh debian/ssh/usr/share/doc/openssh-client
+        rm -f debian/ssh/usr/share/doc/openssh-client/copyright
+        dh_lintian
+        dh_link
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
+binary-ssh-krb5: build install
+        dh_testdir
+        dh_testroot
+        dh_installdocs
+        dh_installchangelogs
+        dh_link
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
+binary-ssh-askpass-gnome: build install
+        dh_testdir
+        dh_testroot
+        dh_installdocs
+        dh_installexamples
+        dh_installchangelogs
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-client-udeb: DH_OPTIONS=-popenssh-client-udeb
+binary-openssh-client-udeb: build install
+        dh_testdir
+        dh_testroot
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary-openssh-server-udeb: DH_OPTIONS=-popenssh-server-udeb
+binary-openssh-server-udeb: build install
+        dh_testdir
+        dh_testroot
+        dh_strip
+        dh_compress
+        dh_fixperms
+        dh_installdeb
+        dh_shlibdeps
+        dh_gencontrol
+        dh_md5sums
+        dh_builddeb
+binary: binary-indep binary-arch
+debian/faq.html:
+        wget -O - http://www.openssh.org/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
+                > debian/faq.html
+# You only need to run this immediately after checking out the package from
+# revision control.
+quilt-setup:
+        [ ! -d .pc ]
+        set -e; for patch in $$(quilt series | tac); do \
+                patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
+        done
+        quilt push -a
+.PHONY: build clean binary-indep binary-arch binary install
+.PHONY: build-deb build-udeb
+.PHONY: binary-openssh-client binary-openssh-server binary-ssh
+.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
+.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb
+.PHONY: quilt-setup

diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..ba78595af --- /dev/null +++ b/debian/rules
@@ -0,0 +1,366 @@
	1	#!/usr/bin/make -f
	2
	3	# Uncomment this to turn on verbose mode.
	4	# export DH_VERBOSE=1
	5
	6	include /usr/share/hardening-includes/hardening.make
	7
	8	# This has to be exported to make some magic below work.
	9	export DH_OPTIONS
	10
	11	ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
	12	OPTFLAGS := -O2
	13	else
	14	OPTFLAGS := -O0
	15	endif
	16
	17	ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
	18	RUN_TESTS := yes
	19	else
	20	RUN_TESTS :=
	21	endif
	22
	23	DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
	24	DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
	25
	26	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	27	confflags += --build=$(DEB_HOST_GNU_TYPE)
	28	CC := gcc
	29	else
	30	confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
	31	CC := $(DEB_HOST_GNU_TYPE)-gcc
	32	RUN_TESTS :=
	33	endif
	34
	35	DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
	36	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
	37
	38	# Take account of old dpkg-architecture output.
	39	ifeq ($(DEB_HOST_ARCH_OS),)
	40	DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
	41	ifeq ($(DEB_HOST_ARCH_OS),gnu)
	42	DEB_HOST_ARCH_OS := hurd
	43	endif
	44	endif
	45	ifeq ($(DEB_HOST_ARCH_CPU),)
	46	DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
	47	ifeq ($(DEB_HOST_ARCH_CPU),x86_64)
	48	DEB_HOST_ARCH_CPU := amd64
	49	endif
	50	endif
	51
	52	ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
	53	ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:))
	54	# Apparently this is not implied by -fPIE, at least on the mipsen.
	55	PIC_CFLAGS := -fPIC
	56	PIC_LDFLAGS := -fPIC
	57	endif
	58	endif
	59
	60	# Change the version string to include the Debian version
	61	SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog \| sed -n -e '/^Version:/s/Version: //p' \| sed -e 's/[^-]*-//')
	62
	63	DISTRIBUTOR := $(shell lsb_release -is 2>/dev/null \|\| echo Debian)
	64	ifeq ($(DISTRIBUTOR),Ubuntu)
	65	DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
	66	else
	67	DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
	68	endif
	69	SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
	70
	71	# Common path configuration.
	72	confflags += --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man
	73
	74	# Common build options.
	75	confflags += --disable-strip
	76	confflags += --with-mantype=doc
	77	confflags += --with-4in6
	78	confflags += --with-privsep-path=/var/run/sshd
	79	confflags += --without-rand-helper
	80
	81	# The Hurd needs libcrypt for res_query et al.
	82	ifeq ($(DEB_HOST_ARCH_OS),hurd)
	83	confflags += --with-libs=-lcrypt
	84	endif
	85
	86	# Everything above here is common to the deb and udeb builds.
	87	confflags_udeb := $(confflags)
	88
	89	# Options specific to the deb build.
	90	confflags += --with-tcp-wrappers
	91	confflags += --with-pam
	92	confflags += --with-libedit
	93	confflags += --with-kerberos5=/usr
	94	confflags += --with-ssl-engine
	95	ifeq ($(DEB_HOST_ARCH_OS),linux)
	96	confflags += --with-selinux
	97	endif
	98
	99	# The deb build wants xauth; the udeb build doesn't.
	100	confflags += --with-xauth=/usr/bin/xauth
	101	confflags_udeb += --without-xauth
	102
	103	# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
	104	confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
	105	confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	106
	107	# Compiler flags.
	108	cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
	109	cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
	110	cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	111	cflags_udeb := -Os
	112	cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	113	confflags += --with-cflags='$(cflags)'
	114	confflags_udeb += --with-cflags='$(cflags_udeb)'
	115
	116	# Linker flags.
	117	confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
	118	confflags_udeb += --with-ldflags='-Wl,--as-needed'
	119
	120	build: build-deb build-udeb
	121
	122	build-deb: build-deb-stamp
	123	build-deb-stamp:
	124	dh_testdir
	125	mkdir -p build-deb
	126	cd build-deb && ../configure $(confflags)
	127
	128	# Debian's /var/log/btmp has inappropriate permissions.
	129	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-deb/config.h
	130
	131	$(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
	132	$(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed'
	133	ifeq ($(RUN_TESTS),yes)
	134	$(MAKE) -C debian/tests
	135	endif
	136
	137	touch build-deb-stamp
	138
	139	build-udeb: build-udeb-stamp
	140	build-udeb-stamp:
	141	dh_testdir
	142	mkdir -p build-udeb
	143	cd build-udeb && ../configure $(confflags_udeb)
	144	# Debian's /var/log/btmp has inappropriate permissions.
	145	perl -pi -e 's,.#define USE_BTMP .,/* #undef USE_BTMP */,' build-udeb/config.h
	146	# Avoid libnsl linkage. Ugh.
	147	perl -pi -e 's/ +-lnsl//' build-udeb/config.status
	148	cd build-udeb && ./config.status
	149	$(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
	150	touch build-udeb-stamp
	151
	152	clean:
	153	dh_testdir
	154	rm -rf build-deb build-udeb
	155	ifeq ($(RUN_TESTS),yes)
	156	$(MAKE) -C debian/tests clean
	157	endif
	158	$(MAKE) -C contrib clean
	159	(cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
	160	> debian/copyright
	161	dh_clean
	162
	163	install: DH_OPTIONS=-a
	164	install: build
	165	dh_testdir
	166	dh_testroot
	167	dh_prep
	168	dh_installdirs
	169
	170	$(MAKE) -C build-deb DESTDIR=`pwd`/debian/openssh-client install-nokeys
	171
	172	rm -f debian/openssh-client/etc/ssh/sshd_config
	173	#Temporary hack: remove /usr/share/Ssh.bin, since we have no smartcard support anyway.
	174	rm -f debian/openssh-client/usr/share/Ssh.bin
	175
	176	# Split off the server.
	177	mv debian/openssh-client/usr/sbin/sshd debian/openssh-server/usr/sbin/
	178	mv debian/openssh-client/usr/lib/openssh/sftp-server debian/openssh-server/usr/lib/openssh/
	179	mv debian/openssh-client/usr/share/man/man5/authorized_keys.5 debian/openssh-server/usr/share/man/man5/
	180	mv debian/openssh-client/usr/share/man/man5/sshd_config.5 debian/openssh-server/usr/share/man/man5/
	181	mv debian/openssh-client/usr/share/man/man8/sshd.8 debian/openssh-server/usr/share/man/man8/
	182	mv debian/openssh-client/usr/share/man/man8/sftp-server.8 debian/openssh-server/usr/share/man/man8/
	183	rmdir debian/openssh-client/usr/sbin debian/openssh-client/var/run/sshd
	184
	185	install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
	186	install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
	187
	188	install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
	189	install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
	190	install -m 644 debian/ssh-askpass-gnome.png debian/ssh-askpass-gnome/usr/share/pixmaps/ssh-askpass-gnome.png
	191
	192	install -m 755 debian/ssh-argv0 debian/openssh-client/usr/bin/ssh-argv0
	193	install -m 644 debian/ssh-argv0.1 debian/openssh-client/usr/share/man/man1/ssh-argv0.1
	194
	195	install -o root -g root debian/openssh-server.init debian/openssh-server/etc/init.d/ssh
	196	install -o root -g root -m 644 debian/openssh-server.default debian/openssh-server/etc/default/ssh
	197	install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
	198	install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
	199
	200	install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh
	201	install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp
	202	install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp
	203	install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd
	204	install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
	205
	206	# Remove version control tags to avoid unnecessary conffile
	207	# resolution steps for administrators.
	208	sed -i '/\$$OpenBSD:/d' \
	209	debian/openssh-client/etc/ssh/moduli \
	210	debian/openssh-client/etc/ssh/ssh_config
	211
	212	# Build architecture-independent files here.
	213	binary-indep: binary-ssh binary-ssh-krb5
	214
	215	# Build architecture-dependent files here.
	216	binary-arch: binary-openssh-client binary-openssh-server
	217	binary-arch: binary-ssh-askpass-gnome
	218	binary-arch: binary-openssh-client-udeb binary-openssh-server-udeb
	219
	220	binary-openssh-client: DH_OPTIONS=-popenssh-client
	221	binary-openssh-client: build install
	222	dh_testdir
	223	dh_testroot
	224	dh_installdebconf
	225	dh_installdocs
	226	dh_installchangelogs
	227	dh_lintian
	228	dh_strip
	229	dh_compress
	230	dh_fixperms
	231	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
	232	dh_installdeb
	233	test ! -e debian/ssh/etc/ssh/ssh_prng_cmds \
	234	\|\| echo "/etc/ssh/ssh_prng_cmds" >> debian/openssh-client/DEBIAN/conffiles
	235	perl -i debian/substitute-conffile.pl \
	236	ETC_SSH_MODULI debian/openssh-client/etc/ssh/moduli \
	237	ETC_SSH_SSH_CONFIG debian/openssh-client/etc/ssh/ssh_config \
	238	debian/openssh-client/DEBIAN/preinst
	239	dh_shlibdeps
	240	dh_gencontrol
	241	dh_md5sums
	242	dh_builddeb
	243
	244	binary-openssh-server: DH_OPTIONS=-popenssh-server
	245	binary-openssh-server: build install
	246	dh_testdir
	247	dh_testroot
	248	dh_installdebconf
	249	dh_installdocs
	250	mv debian/openssh-server/usr/share/doc/openssh-server debian/openssh-server/usr/share/doc/openssh-client
	251	rm -f debian/openssh-server/usr/share/doc/openssh-client/copyright
	252	dh_installpam --name sshd
	253	dh_lintian
	254	dh_link
	255	dh_installexamples
	256	dh_strip
	257	dh_compress
	258	dh_fixperms
	259	dh_installdeb
	260	# Yes, ETC_PAM_D_SSH is meant to be spelled that way, to match the
	261	# old configuration file name we need to transfer.
	262	perl -i debian/substitute-conffile.pl \
	263	ETC_DEFAULT_SSH debian/openssh-server/etc/default/ssh \
	264	ETC_INIT_D_SSH debian/openssh-server/etc/init.d/ssh \
	265	ETC_PAM_D_SSH debian/openssh-server/etc/pam.d/sshd \
	266	debian/openssh-server/DEBIAN/preinst
	267	dh_shlibdeps
	268	dh_gencontrol
	269	dh_md5sums
	270	dh_builddeb
	271
	272	binary-ssh: DH_OPTIONS=-pssh
	273	binary-ssh: build install
	274	dh_testdir
	275	dh_testroot
	276	dh_installdirs
	277	dh_installdocs
	278	mv debian/ssh/usr/share/doc/ssh debian/ssh/usr/share/doc/openssh-client
	279	rm -f debian/ssh/usr/share/doc/openssh-client/copyright
	280	dh_lintian
	281	dh_link
	282	dh_compress
	283	dh_fixperms
	284	dh_installdeb
	285	dh_gencontrol
	286	dh_md5sums
	287	dh_builddeb
	288
	289	binary-ssh-krb5: DH_OPTIONS=-pssh-krb5
	290	binary-ssh-krb5: build install
	291	dh_testdir
	292	dh_testroot
	293	dh_installdocs
	294	dh_installchangelogs
	295	dh_link
	296	dh_compress
	297	dh_fixperms
	298	dh_installdeb
	299	dh_gencontrol
	300	dh_md5sums
	301	dh_builddeb
	302
	303	binary-ssh-askpass-gnome: DH_OPTIONS=-pssh-askpass-gnome
	304	binary-ssh-askpass-gnome: build install
	305	dh_testdir
	306	dh_testroot
	307	dh_installdocs
	308	dh_installexamples
	309	dh_installchangelogs
	310	dh_strip
	311	dh_compress
	312	dh_fixperms
	313	dh_installdeb
	314	dh_shlibdeps
	315	dh_gencontrol
	316	dh_md5sums
	317	dh_builddeb
	318
	319	binary-openssh-client-udeb: DH_OPTIONS=-popenssh-client-udeb
	320	binary-openssh-client-udeb: build install
	321	dh_testdir
	322	dh_testroot
	323	dh_strip
	324	dh_compress
	325	dh_fixperms
	326	dh_installdeb
	327	dh_shlibdeps
	328	dh_gencontrol
	329	dh_md5sums
	330	dh_builddeb
	331
	332	binary-openssh-server-udeb: DH_OPTIONS=-popenssh-server-udeb
	333	binary-openssh-server-udeb: build install
	334	dh_testdir
	335	dh_testroot
	336	dh_strip
	337	dh_compress
	338	dh_fixperms
	339	dh_installdeb
	340	dh_shlibdeps
	341	dh_gencontrol
	342	dh_md5sums
	343	dh_builddeb
	344
	345	binary: binary-indep binary-arch
	346
	347	debian/faq.html:
	348	wget -O - http://www.openssh.org/faq.html \| \
	349	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
	350	> debian/faq.html
	351
	352	# You only need to run this immediately after checking out the package from
	353	# revision control.
	354	quilt-setup:
	355	[ ! -d .pc ]
	356	set -e; for patch in $$(quilt series \| tac); do \
	357	patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
	358	done
	359	quilt push -a
	360
	361	.PHONY: build clean binary-indep binary-arch binary install
	362	.PHONY: build-deb build-udeb
	363	.PHONY: binary-openssh-client binary-openssh-server binary-ssh
	364	.PHONY: binary-ssh-krb5 binary-ssh-askpass-gnome
	365	.PHONY: binary-openssh-client-udeb binary-openssh-server-udeb
	366	.PHONY: quilt-setup