#!/usr/bin/make -f #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --enable-ldap --enable-curl \ --with-capabilities=libcap \ --enable-smartcard --enable-pkcs11 \ --with-default-pkcs11=/usr/lib/$(DEB_HOST_MULTIARCH)/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ --enable-openssl --enable-agent \ --enable-ctr --enable-ccm --enable-gcm --enable-addrblock \ --enable-eap-radius --enable-eap-identity --enable-eap-md5 \ --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ --enable-sql --enable-integrity-test \ --enable-ha --enable-dhcp --enable-farp \ --enable-led --enable-gcrypt \ --enable-test-vectors --enable-nat-transport \ --enable-nm \ --with-user=strongswan --with-group=nogroup \ --disable-blowfish --disable-des # BSD-Young license # --enable-kernel-pfkey --enable-kernel-klips \ # And for --enable-eap-sim we would need the library, which we don't # have right now. # Don't --enable-cisco-quirks, because some other IPsec implementations # (most notably the Phion one) have problems connecting when pluto # sends these Cisco options. # the padlock plugin only makes sense on i386 # but it actually doesn't do much, so maybe we don't need it DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) ifeq ($(DEB_BUILD_ARCH_CPU),i386) CONFIGUREARGS += --enable-padlock endif override_dh_auto_configure: dh_auto_configure -- $(CONFIGUREARGS) override_dh_auto_clean: dh_auto_clean # after a make clean, no binaries _should_ be left, but .... -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm # Really clean (#356716) # This is a hack: should be better implemented rm -f lib/libstrongswan/libstrongswan.a || true rm -f lib/libstrongswan/liboswlog.a || true # just in case something went wrong rm -f $(CURDIR)/debian/ipsec.secrets # and make sure that template are up-to-date debconf-updatepo override_dh_install: # install files from debian/tmp into proper package dirs dh_install --fail-missing -X\.la -X\.a -Xmedsrv -Xman3 -Xlibstrongswan-padlock.so # special handling for padlock, as it is only built on i386 ifeq ($(DEB_BUILD_ARCH_CPU),i386) install $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/libstrongswan-padlock.so* $(CURDIR)/debian/libstrongswan/usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins/ endif # add additional files not covered by upstream makefile... install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets # also "patch" ipsec.conf to include the debconf-managed file echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf # and to enable both IKEv1 and IKEv2 by default sed -r 's/^[ \t]+# *plutostart=(yes|no) */\tplutostart=yes/;s/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf # set permissions on ipsec.secrets chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ # this is handled by update-rc.d rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d # delete var/lock/subsys and var/run to satisfy lintian rm -rf $(CURDIR)/debian/openswan/var/lock rm -rf $(CURDIR)/debian/openswan/var/run # the logcheck ignore files install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.paranoid/strongswan install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.server/strongswan install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.workstation/strongswan install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/libstrongswan/etc/logcheck/violations.ignore.d/strongswan # more lintian cleanups find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf override_dh_installinit: dh_installinit -n --name=ipsec override_dh_installchangelogs: dh_installchangelogs NEWS override_dh_strip: dh_strip --dbg-package=strongswan-dbg override_dh_fixperms: dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan override_dh_makeshlibs: dh_makeshlibs -n -X usr/lib/$(DEB_HOST_MULTIARCH)/ipsec/plugins %: dh $@ --parallel