diff options
Diffstat (limited to 'debian/rules')
| -rwxr-xr-x | debian/rules | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..8c72f82d0 --- /dev/null +++ b/debian/rules @@ -0,0 +1,146 @@ +#!/usr/bin/make -f +#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs +export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow + +CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ + --enable-ldap --enable-curl \ + --enable-pkcs11 \ + --enable-mediation --enable-medsrv --enable-medcli \ + --enable-openssl --enable-agent \ + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock \ + --enable-eap-radius --enable-eap-identity --enable-eap-md5 \ + --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ + --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ + --enable-sql --enable-integrity-test \ + --enable-ha \ + --enable-led --enable-gcrypt \ + --enable-test-vectors \ + --enable-xauth-eap --enable-xauth-pam \ + --disable-blowfish --disable-des # BSD-Young license + #--with-user=strongswan --with-group=nogroup + # --enable-kernel-pfkey --enable-kernel-klips \ + # And for --enable-eap-sim we would need the library, which we don't + # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. + +# the padlock plugin only makes sense on i386 +# but it actually doesn't do much, so maybe we don't need it +DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) +ifeq ($(DEB_BUILD_ARCH_CPU),i386) + CONFIGUREARGS += --enable-padlock +endif + +ifeq ($(DEB_BUILD_ARCH_OS),linux) + # only enable network-manager and capabilities dropping on linux hosts + # some plugins are linux-only too + CONFIGUREARGS += --enable-nm \ + --with-capabilities=libcap \ + --enable-farp \ + --enable-dhcp +endif + +ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) + # recommended configure line for FreeBSD + # http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD + CONFIGUREARGS += --disable-kernel-netlink \ + --enable-kernel-pfkey --enable-kernel-pfroute \ + --with-group=wheel +endif + +override_dh_auto_configure: + dh_auto_configure -- $(CONFIGUREARGS) + +override_dh_auto_clean: + dh_auto_clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + # and make sure that template are up-to-date + debconf-updatepo + + +override_dh_install: + + # first special cases +ifeq ($(DEB_BUILD_ARCH_OS),linux) + # handle Linux-only plugins + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-dhcp.so + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-farp.so + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so +endif + +ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) + # handle FreeBSD-only plugins + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfkey.so + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfroute.so +endif + +ifeq ($(DEB_BUILD_ARCH_CPU),i386) + # special handling for padlock, as it is only built on i386 + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-padlock.so +endif + + # then install the rest, ignoring the above + dh_install --fail-missing \ + -X\.la -X\.a \ + -Xmedsrv -Xman3 \ + -Xlibstrongswan-kernel \ + -Xlibstrongswan-dhcp.so \ + -Xlibstrongswan-farp.so \ + -Xlibstrongswan-padlock.so + + # add additional files not covered by upstream makefile... + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + # also "patch" ipsec.conf to include the debconf-managed file + echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + # and to enable both IKEv1 and IKEv2 by default + sed -r 's/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp + mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + + # set permissions on ipsec.secrets + chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d + + # delete var/lock/subsys and var/run to satisfy lintian + rm -rf $(CURDIR)/debian/openswan/var/lock + rm -rf $(CURDIR)/debian/openswan/var/run + + # more lintian cleanups + find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf + +override_dh_installinit: + dh_installinit -n --name=ipsec + +override_dh_installchangelogs: + dh_installchangelogs NEWS + +override_dh_strip: + dh_strip --dbg-package=strongswan-dbg + +override_dh_fixperms: + dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan + +override_dh_makeshlibs: + dh_makeshlibs -n -X usr/lib/ipsec/plugins + +override_dh_installlogcheck: + dh_installlogcheck --name strongswan + +%: + dh $@ --parallel |