1 files changed, 228 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..5e415fc7f
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,228 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+include /usr/share/dpkg/default.mk
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+  RUN_TESTS := yes
+else
+  RUN_TESTS :=
+endif
+ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+  PARALLEL :=
+else
+  PARALLEL := \
+        -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+endif
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  CC := gcc
+  PKG_CONFIG = pkg-config
+else
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+  PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
+  RUN_TESTS :=
+endif
+# Change the version string to reflect distribution
+SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' | sed -e 's/.*-//')
+UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu))
+ifeq ($(UBUNTU),yes)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ifeq ($(UBUNTU),yes)
+server_recommends := ssh-import-id
+else
+server_recommends :=
+endif
+# Common path configuration.
+confflags += --sysconfdir=/etc/ssh
+confflags += --libexecdir=\$${prefix}/lib/openssh
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/run/sshd
+confflags += --with-pid-dir=/run
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+confflags += --with-audit=linux
+confflags += --with-systemd
+endif
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/xauth
+confflags_udeb += --without-xauth
+# Default paths. The udeb build has /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Compiler flags.
+cflags := $(CPPFLAGS) $(CFLAGS)
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+# Linker flags.
+confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
+confflags_udeb += --with-ldflags='-Wl,--as-needed'
+ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386)
+  BUILD_PACKAGES += -Nopenssh-tests
+endif
+%:
+        dh $@ --with=autoreconf,systemd,runit $(BUILD_PACKAGES)
+autoreconf:
+        autoreconf -f -i
+        cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
+override_dh_autoreconf-arch:
+        dh_autoreconf debian/rules -- autoreconf
+override_dh_autoreconf-indep:
+override_dh_auto_configure-arch:
+        dh_auto_configure -Bdebian/build-deb -- $(confflags)
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb)
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status
+        cd debian/build-udeb && ./config.status
+endif
+override_dh_auto_configure-indep:
+override_dh_auto_build-arch:
+        $(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C debian/build-deb regress-prep
+        $(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        $(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+endif
+ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
+        $(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
+endif
+override_dh_auto_build-indep:
+override_dh_auto_test-arch:
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/build-deb unit compat-tests
+        $(MAKE) -C debian/keygen-test
+endif
+override_dh_auto_test-indep:
+override_dh_auto_clean:
+        rm -rf debian/build-deb debian/build-udeb
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/keygen-test clean
+endif
+        $(MAKE) -C contrib clean
+override_dh_auto_install-arch:
+        $(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
+override_dh_auto_install-indep:
+override_dh_install-arch:
+        rm -f debian/tmp/etc/ssh/sshd_config
+        dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
+ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
+        dh_install -popenssh-client-udeb -popenssh-server-udeb \
+                --sourcedir=debian/build-udeb
+endif
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-server/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+# We'd like to use dh_install --fail-missing here, but that doesn't work
+# well in combination with dh-exec: it complains that files generated by
+# dh-exec for architecture-dependent packages aren't installed.
+override_dh_install-indep:
+        rm -f debian/tmp/etc/ssh/sshd_config
+        dh_install
+override_dh_installdocs:
+        dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
+        dh_installdocs -popenssh-server -popenssh-sftp-server \
+                --link-doc=openssh-client
+        # Avoid breaking dh_installexamples later.
+        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
+override_dh_systemd_enable:
+        dh_systemd_enable -popenssh-server --name ssh ssh.service
+        dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket
+override_dh_installinit:
+        dh_installinit -R --name ssh
+debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+        sed 's/^@IF_KEYINIT@//' $< > $@
+else
+        sed '/^@IF_KEYINIT@/d' $< > $@
+endif
+override_dh_installpam: debian/openssh-server.sshd.pam
+        dh_installpam --name sshd
+override_dh_runit:
+        dh_runit -popenssh-server
+override_dh_fixperms-arch:
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+# Tighten libssl dependencies to match the check in entropy.c.
+override_dh_shlibdeps:
+        dh_shlibdeps
+        debian/adjust-openssl-dependencies
+override_dh_gencontrol:
+        dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
+debian/faq.html:
+        wget -O - http://www.openssh.com/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \
+                > debian/faq.html

diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..5e415fc7f --- /dev/null +++ b/debian/rules
@@ -0,0 +1,228 @@
	1	#!/usr/bin/make -f
	2
	3	export DEB_BUILD_MAINT_OPTIONS := hardening=+all
	4
	5	include /usr/share/dpkg/default.mk
	6
	7	# Uncomment this to turn on verbose mode.
	8	# export DH_VERBOSE=1
	9
	10	# This has to be exported to make some magic below work.
	11	export DH_OPTIONS
	12
	13	ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
	14	RUN_TESTS := yes
	15	else
	16	RUN_TESTS :=
	17	endif
	18
	19	ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
	20	PARALLEL :=
	21	else
	22	PARALLEL := \
	23	-j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
	24	endif
	25
	26	ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
	27	CC := gcc
	28	PKG_CONFIG = pkg-config
	29	else
	30	CC := $(DEB_HOST_GNU_TYPE)-gcc
	31	PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
	32	RUN_TESTS :=
	33	endif
	34
	35	# Change the version string to reflect distribution
	36	SSH_EXTRAVERSION := $(DEB_VENDOR)-$(shell echo '$(DEB_VERSION)' \| sed -e 's/.*-//')
	37
	38	UBUNTU := $(shell $(call dpkg_vendor_derives_from,Ubuntu))
	39	ifeq ($(UBUNTU),yes)
	40	DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
	41	else
	42	DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/games
	43	endif
	44	SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	45
	46	ifeq ($(UBUNTU),yes)
	47	server_recommends := ssh-import-id
	48	else
	49	server_recommends :=
	50	endif
	51
	52	# Common path configuration.
	53	confflags += --sysconfdir=/etc/ssh
	54	confflags += --libexecdir=\$${prefix}/lib/openssh
	55
	56	# Common build options.
	57	confflags += --disable-strip
	58	confflags += --with-mantype=doc
	59	confflags += --with-4in6
	60	confflags += --with-privsep-path=/run/sshd
	61	confflags += --with-pid-dir=/run
	62
	63	# The Hurd needs libcrypt for res_query et al.
	64	ifeq ($(DEB_HOST_ARCH_OS),hurd)
	65	confflags += --with-libs=-lcrypt
	66	endif
	67
	68	# Everything above here is common to the deb and udeb builds.
	69	confflags_udeb := $(confflags)
	70
	71	# Options specific to the deb build.
	72	confflags += --with-tcp-wrappers
	73	confflags += --with-pam
	74	confflags += --with-libedit
	75	confflags += --with-kerberos5=/usr
	76	confflags += --with-ssl-engine
	77	ifeq ($(DEB_HOST_ARCH_OS),linux)
	78	confflags += --with-selinux
	79	confflags += --with-audit=linux
	80	confflags += --with-systemd
	81	endif
	82
	83	# The deb build wants xauth; the udeb build doesn't.
	84	confflags += --with-xauth=/usr/bin/xauth
	85	confflags_udeb += --without-xauth
	86
	87	# Default paths. The udeb build has /usr/games removed.
	88	confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
	89	confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	90
	91	# Compiler flags.
	92	cflags := $(CPPFLAGS) $(CFLAGS)
	93	cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	94	cflags_udeb := -Os
	95	cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
	96	confflags += --with-cflags='$(cflags)'
	97	confflags_udeb += --with-cflags='$(cflags_udeb)'
	98
	99	# Linker flags.
	100	confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
	101	confflags_udeb += --with-ldflags='-Wl,--as-needed'
	102
	103	ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386)
	104	BUILD_PACKAGES += -Nopenssh-tests
	105	endif
	106
	107	%:
	108	dh $@ --with=autoreconf,systemd,runit $(BUILD_PACKAGES)
	109
	110	autoreconf:
	111	autoreconf -f -i
	112	cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
	113
	114	override_dh_autoreconf-arch:
	115	dh_autoreconf debian/rules -- autoreconf
	116
	117	override_dh_autoreconf-indep:
	118
	119	override_dh_auto_configure-arch:
	120	dh_auto_configure -Bdebian/build-deb -- $(confflags)
	121	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	122	dh_auto_configure -Bdebian/build-udeb -- $(confflags_udeb)
	123	# Avoid libnsl linkage. Ugh.
	124	perl -pi -e 's/ +-lnsl//' debian/build-udeb/config.status
	125	cd debian/build-udeb && ./config.status
	126	endif
	127
	128	override_dh_auto_configure-indep:
	129
	130	override_dh_auto_build-arch:
	131	$(MAKE) -C debian/build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
	132	$(MAKE) -C debian/build-deb regress-prep
	133	$(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
	134	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	135	$(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
	136	endif
	137
	138	ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
	139	$(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
	140	endif
	141
	142	override_dh_auto_build-indep:
	143
	144	override_dh_auto_test-arch:
	145	ifeq ($(RUN_TESTS),yes)
	146	$(MAKE) -C debian/build-deb unit compat-tests
	147	$(MAKE) -C debian/keygen-test
	148	endif
	149
	150	override_dh_auto_test-indep:
	151
	152	override_dh_auto_clean:
	153	rm -rf debian/build-deb debian/build-udeb
	154	ifeq ($(RUN_TESTS),yes)
	155	$(MAKE) -C debian/keygen-test clean
	156	endif
	157	$(MAKE) -C contrib clean
	158
	159	override_dh_auto_install-arch:
	160	$(MAKE) -C debian/build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
	161
	162	override_dh_auto_install-indep:
	163
	164	override_dh_install-arch:
	165	rm -f debian/tmp/etc/ssh/sshd_config
	166
	167	dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
	168	ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
	169	dh_install -popenssh-client-udeb -popenssh-server-udeb \
	170	--sourcedir=debian/build-udeb
	171	endif
	172
	173	# Remove version control tags to avoid unnecessary conffile
	174	# resolution steps for administrators.
	175	sed -i '/\$$OpenBSD:/d' \
	176	debian/openssh-server/etc/ssh/moduli \
	177	debian/openssh-client/etc/ssh/ssh_config
	178
	179	# We'd like to use dh_install --fail-missing here, but that doesn't work
	180	# well in combination with dh-exec: it complains that files generated by
	181	# dh-exec for architecture-dependent packages aren't installed.
	182	override_dh_install-indep:
	183	rm -f debian/tmp/etc/ssh/sshd_config
	184	dh_install
	185
	186	override_dh_installdocs:
	187	dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
	188	dh_installdocs -popenssh-server -popenssh-sftp-server \
	189	--link-doc=openssh-client
	190	# Avoid breaking dh_installexamples later.
	191	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
	192
	193	override_dh_systemd_enable:
	194	dh_systemd_enable -popenssh-server --name ssh ssh.service
	195	dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket
	196
	197	override_dh_installinit:
	198	dh_installinit -R --name ssh
	199
	200	debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
	201	ifeq ($(DEB_HOST_ARCH_OS),linux)
	202	sed 's/^@IF_KEYINIT@//' $< > $@
	203	else
	204	sed '/^@IF_KEYINIT@/d' $< > $@
	205	endif
	206
	207	override_dh_installpam: debian/openssh-server.sshd.pam
	208	dh_installpam --name sshd
	209
	210	override_dh_runit:
	211	dh_runit -popenssh-server
	212
	213	override_dh_fixperms-arch:
	214	dh_fixperms
	215	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
	216
	217	# Tighten libssl dependencies to match the check in entropy.c.
	218	override_dh_shlibdeps:
	219	dh_shlibdeps
	220	debian/adjust-openssl-dependencies
	221
	222	override_dh_gencontrol:
	223	dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
	224
	225	debian/faq.html:
	226	wget -O - http://www.openssh.com/faq.html \| \
	227	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.com/\2,g' \
	228	> debian/faq.html