summaryrefslogtreecommitdiff
path: root/debian/rules
blob: 7fa5ffa1795131da43dff5610c1bf448b3c0b130 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
#!/usr/bin/make -f
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.

# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1

# This is the debhelper compatability version to use.
export DH_COMPAT=4

export DH_OPTIONS

ifeq (,$(wildcard /usr/bin/po2debconf))
	PO2DEBCONF := no
	MINDEBCONFVER := 0.5
else
	PO2DEBCONF := yes
	MINDEBCONFVER := 1.2.0
endif

configure: configure-stamp
configure-stamp:
	dh_testdir
	# Add here commands to configure the package.

	touch configure-stamp

patch:
	dh_testdir
	dpatch apply-all

unpatch:
	dpatch deapply-all
	#rm -f patch-stamp

build: build-stamp
build-stamp: patch
	# create a dummy ipsec.secrets file before building the package so
	# that no RSA keys are created during the build process
	# (a package should not include a RSA key, it should produce the key
	# on demand, e.g. in the postinst script)
	touch $(CURDIR)/debian/ipsec.secrets
	$(MAKE) programs INC_USRLOCAL=/usr \
        		 FINALBINDIR=/usr/lib/ipsec \
			 FINALLIBEXECDIR=/usr/lib/ipsec \
			 PUBDIR=/usr/sbin \
			 MANTREE=/usr/share/man \
			 CONFDIR=$(CURDIR)/debian \
			 USE_LDAP=true USE_LIBCURL=true HAVE_THREADS=true \
			 USE_XAUTH=true USE_XAUTHPAM=true
	# remove the temporary file, it will be created during install
	rm -f $(CURDIR)/debian/ipsec.secrets

	# also generate the fswcert tool
	#$(MAKE) -C programs/fswcert/
	# ugly hack....
	#$(MAKE) -C programs/fswcert/ programs WERROR='-lcrypto'

	touch build-stamp

clean: unpatch
	dh_testdir
	dh_testroot
	rm -f build-stamp configure-stamp

	-$(MAKE) clean
	#-$(MAKE) -C programs/fswcert/ clean
	# after a make clean, no binaries _should_ be left, but ....
	-find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm
	-find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm

	# Really clean (#356716)
	# This is a hack: should be better implemented
	rm -f lib/libstrongswan/libstrongswan.a || true
	rm -f lib/libstrongswan/liboswlog.a || true

	# just in case something went wrong
	rm -f $(CURDIR)/debian/ipsec.secrets
	
	# and make sure that template are up-to-date
	debconf-updatepo

	dh_clean

ifeq ($(PO2DEBCONF),yes)       
	# Hack for woody compatibility. This makes sure that the       
	# debian/templates file shipped in the source package doesn't 
	# specify encodings, which woody's debconf can't handle. If building
	# on a system with po-debconf installed (conveniently debhelper (>=
	# 4.1.16) depends on it), the binary-arch target will generate a
	# better version for sarge.       
	echo 1 > debian/po/output
	po2debconf debian/strongswan.templates.master > debian/strongswan.templates
	rm -f debian/po/output
endif

install-strongswan: DH_OPTIONS=-a
install-strongswan: build
	dh_testdir
	dh_testroot
	dh_clean -k
	dh_installdirs

	# Add here commands to install the package into debian/tmp.
	$(MAKE) install INC_USRLOCAL=/usr \
        		FINALBINDIR=/usr/lib/ipsec \
			FINALLIBEXECDIR=/usr/lib/ipsec \
			PUBDIR=$(CURDIR)/debian/strongswan/usr/sbin \
			MANTREE=$(CURDIR)/debian/strongswan/usr/share/man \
			DESTDIR=$(CURDIR)/debian/strongswan
	rm -rf $(CURDIR)/debian/strongswan/usr/local
	install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan/etc/ipsec.secrets

	# use bash for init.d and _plutorun
	patch $(CURDIR)/debian/strongswan/etc/init.d/ipsec < debian/use-bash1.diff
	patch $(CURDIR)/debian/strongswan/usr/lib/ipsec/_plutorun < debian/use-bash2.diff

	# install the fswcert tool
	#install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/strongswan/usr/bin
	#install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/strongswan/usr/share/man/man8

	rm -f $(CURDIR)/debian/strongswan/etc/init.d/ipsec?*
	rm -f $(CURDIR)/debian/strongswan/usr/lib/ipsec/_plutorun?*

	# this is handled by update-rc.d
	rm -rf $(CURDIR)/debian/strongswan/etc/rc?.d
        
	dh_installdocs -pstrongswan -n
	# change the paths in the installed doc files (but only in regular 
	# files, not in links to the outside of the build tree !)
	( cd $(CURDIR)/debian/strongswan/; \
	  for f in `grep "/usr/local/" --recursive --files-with-match *`; \
	  do \
		if [ -f $$f -a ! -L $$f ]; then \
		    cp $$f $$f.old; \
 		    sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \
		    rm $$f.old; \
		fi; \
	  done )
	# but remove the doc/src dir, which just duplicates the HTML files
	rm -rf $(CURDIR)/debian/strongswan/usr/share/doc/strongswan/doc/src
	# and the index file in the main doc directory - it's replicated under
	# doc/
	rm -f $(CURDIR)/debian/strongswan/usr/share/doc/strongswan/index.html
	  
	# the logcheck ignore files
	install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.paranoid/strongswan
	install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.server/strongswan
	install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.workstation/strongswan
	install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/strongswan/etc/logcheck/violations.ignore.d/strongswan

	# set permissions on ipsec.secrets
	chmod 600 $(CURDIR)/debian/strongswan/etc/ipsec.secrets
	chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.conf
	chmod 700 -R $(CURDIR)/debian/strongswan/etc/ipsec.d/private/
	# don't know why they come with +x set by default...
	chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/policies/*
	chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/examples/*
	# or why these are copied to the directory...
	rm -f $(CURDIR)/debian/strongswan/usr/lib/ipsec/ipsec_pr.template
	rm -f $(CURDIR)/debian/strongswan/usr/lib/ipsec/distro.txt

	# more lintian cleanups
	find $(CURDIR)/debian/strongswan -name ".cvsignore" | xargs --no-run-if-empty rm -f
	find $(CURDIR)/debian/strongswan -name "/.svn/" | xargs --no-run-if-empty rm -rf

	# and lintian overrides
	install --mode=0644 $(CURDIR)/debian/strongswan.lintian-overrides $(CURDIR)/debian/strongswan/usr/share/lintian/overrides/strongswan

binary-common:
	#dh_testversion 2
	dh_testdir
	dh_testroot
	dh_installdebconf
	dh_installchangelogs CHANGES
	dh_link
	dh_strip
	dh_compress
	dh_fixperms -X etc/ipsec.conf -X etc/ipsec.secrets -X etc/ipsec.d

#	dh_makeshlibs
	dh_installdeb
#	dh_perl
	dh_shlibdeps
	dh_gencontrol
	dh_md5sums
	dh_builddeb

# Build architecture-independent files here.
binary-indep: 
	$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common

# Build architecture-dependent files here.
binary-arch: install-strongswan
	$(MAKE) -f debian/rules DH_OPTIONS=-a binary-common

# Any other binary targets build just one binary package at a time.
#binary-%: build install
#	make -f debian/rules binary-common DH_OPTIONS=-p$*
             
binary: binary-indep binary-arch
.PHONY: clean binary-indep binary-arch