github.com/anonymouse64/snapd@v0.0.0-20210824153203-04c4c42d842d/packaging/ubuntu-16.04/rules (about) 1 #!/usr/bin/make -f 2 # -*- makefile -*- 3 # 4 # These rules should work for any debian-ish distro that uses systemd 5 # as init. That does _not_ include Ubuntu 14.04 ("trusty"); look for 6 # its own special rule file. 7 # 8 # Please keep the diff between that and this relatively small, even if 9 # it means having suboptimal code; these need to be kept in sync by 10 # sentient bags of meat. 11 12 #export DH_VERBOSE=1 13 export DH_OPTIONS 14 export DH_GOPKG := github.com/snapcore/snapd 15 #export DEB_BUILD_OPTIONS=nocheck 16 export DH_GOLANG_EXCLUDES=tests 17 export DH_GOLANG_GO_GENERATE=1 18 19 export PATH:=${PATH}:${CURDIR} 20 # make sure that correct go version is found on xenial 21 export PATH:=/usr/lib/go-1.13/bin:${PATH} 22 # GOCACHE is needed by go-1.13 23 export GOCACHE:=/tmp/go-build 24 25 include /etc/os-release 26 27 # On 18.04 the released version of apt (1.6.1) has a bug that causes 28 # problem on "apt purge snapd". To ensure this won't happen add the 29 # right dependency on 18.04. 30 ifeq (${VERSION_ID},"18.04") 31 SUBSTVARS = -Vsnapd:Breaks="systemd (<< 237-3ubuntu10.24), apt (<< 1.6.3)" 32 endif 33 # Same as above for 18.10 just a different version. 34 ifeq (${VERSION_ID},"18.10") 35 SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.7.0~alpha2)" 36 endif 37 38 # this is overridden in the ubuntu/14.04 release branch 39 SYSTEMD_UNITS_DESTDIR="lib/systemd/system/" 40 41 # The go tool does not fully support vendoring with gccgo, but we can 42 # work around that by constructing the appropriate -I flag by hand. 43 GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes) 44 45 BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std 46 # Disable -buildmode=pie mode on all our 32bit platforms 47 # (i386 and armhf). For i386 because of LP: #1711052 and for 48 # armhf because of LP: #1822738 49 ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH_BITS),64) 50 BUILDFLAGS+= -buildmode=pie 51 endif 52 53 GCCGOFLAGS= 54 ifeq ($(GCCGO),yes) 55 GOARCH := $(shell go env GOARCH) 56 GOOS := $(shell go env GOOS) 57 BUILDFLAGS:= 58 GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor" 59 export DH_GOLANG_GO_GENERATE=0 60 # workaround for https://github.com/golang/go/issues/23721 61 export GOMAXPROCS=2 62 endif 63 64 # build with "tpm" support on ubuntu by default 65 # TAGS are the go build tags for all binaries, SNAP_TAGS are for snap and 66 # snap-bootstrap build only. 67 TAGS= 68 SNAP_TAGS= 69 # check if we need to include the testkeys in the binary 70 ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS))) 71 # if enabled also enable bootloader assets testing 72 TAGS=-tags "withtestkeys withbootassetstesting" 73 SNAP_TAGS=-tags "nomanagers withtestkeys" 74 else 75 SNAP_TAGS=-tags nomanagers 76 endif 77 78 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) 79 80 BUILT_USING_PACKAGES= 81 # export DEB_BUILD_MAINT_OPTIONS = hardening=+all 82 # DPKG_EXPORT_BUILDFLAGS = 1 83 # include /usr/share/dpkg/buildflags.mk 84 85 # Currently, we enable confinement for Ubuntu only, not for derivatives, 86 # because derivatives may have different kernels that don't support all the 87 # required confinement features and we don't to mislead anyone about the 88 # security of the system. Discuss a proper approach to this for downstreams 89 # if and when they approach us. 90 ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) 91 # On Ubuntu 16.04 we need to produce a build that can be used on wide 92 # variety of systems. As such we prefer static linking over dynamic linking 93 # for stability, predicability and easy of deployment. We need to link some 94 # things dynamically though: udev has no stable IPC protocol between 95 # libudev and udevd so we need to link with it dynamically. 96 VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --with-host-arch-triplet=$(DEB_HOST_MULTIARCH) 97 ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64) 98 VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH) 99 endif 100 BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev 101 else 102 ifeq ($(shell dpkg-vendor --query Vendor),Debian) 103 BUILT_USING_PACKAGES=libcap-dev 104 else 105 VENDOR_ARGS=--disable-apparmor 106 endif 107 endif 108 BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) 109 110 %: 111 ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc) 112 dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build 113 else 114 # "powerpc" is not supported unfortunately, do nothing here 115 # See https://github.com/tianon/debian-runc/compare/70957b315f82170dc2ab7085d39c23835c0fa996...xenial for a more elaborate version of this idea. 116 # Note that snapd never really worked on powerpc (we never had a core 117 # snap there) so we don't need to show anything to the user 118 if [ "$@" = "clean" ]; then \ 119 rm -rf debian/snapd; \ 120 fi; \ 121 if [ "$@" = "binary" ] || [ "$@" = "binary-arch" ]; then \ 122 install -m755 -d debian/snapd/usr/share/doc/snapd/; \ 123 cp debian/README.powerpc debian/snapd/usr/share/doc/snapd/; \ 124 dh_installdeb; \ 125 dh_gencontrol; \ 126 dh_builddeb; \ 127 fi; 128 endif 129 130 override_dh_fixperms: 131 dh_fixperms -Xusr/lib/snapd/snap-confine 132 133 134 # The .real profile is a workaround for a bug in dpkg LP: #1673247 that causes 135 # ubiquity to crash. It allows us to "move" the snap-confine profile from 136 # snap-confine into snapd in a way that works with old dpkg that is in the live 137 # CD image. 138 # 139 # Because both the usual and the .real profile describe the same binary the 140 # .real profile takes priority (as it is loaded later). 141 # 142 # We need run dh_apparmor *before* dh_systemd_enable to ensure the postinst 143 # snippets are added in the right order (first the new apparmor profile 144 # is loaded, then we restart the service). 145 override_dh_systemd_enable: 146 dh_apparmor --profile-name=usr.lib.snapd.snap-confine.real -psnapd 147 dh_systemd_enable 148 149 override_dh_clean: 150 dh_clean 151 $(MAKE) -C data clean 152 # XXX: hacky 153 $(MAKE) -C cmd distclean || true 154 # XXX: hacky^2 155 (cd c-vendor/squashfuse/src && rm -f snapfuse && make distclean || true ) 156 157 override_dh_auto_build: 158 # usually done via `go generate` but that is not supported on powerpc 159 ./mkversion.sh 160 # Build golang bits 161 mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data 162 cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/ 163 cp -a bootloader/assets/data _build/src/$(DH_GOPKG)/bootloader/assets 164 165 # this is the main go build 166 SNAPD_VANILLA_GO=$$(which go) PATH="$$(pwd)/packaging/build-tools/:$$PATH" dh_auto_build -- $(BUILDFLAGS) $(TAGS) $(GCCGOFLAGS) 167 168 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off go build $(BUILDFLAGS) $(GCCGOFLAGS) $(SNAP_TAGS) $(DH_GOPKG)/cmd/snap) 169 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off go build $(BUILDFLAGS) $(GCCGOFLAGS) $(SNAP_TAGS) $(DH_GOPKG)/cmd/snap-bootstrap) 170 171 # Generate static snap-exec, snapctl and snap-update-ns - it somehow includes CGO so 172 # we must force a static build here. We need a static snap-{exec,update-ns}/snapctl 173 # inside the core snap because not all bases will have a libc 174 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off CGO_ENABLED=0 go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-exec) 175 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off CGO_ENABLED=0 go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snapctl) 176 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off go build --ldflags '-extldflags "-static"' $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-update-ns) 177 178 # ensure we generated a static build 179 $(shell if ldd _build/bin/snap-exec; then false "need static build"; fi) 180 $(shell if ldd _build/bin/snap-update-ns; then false "need static build"; fi) 181 $(shell if ldd _build/bin/snapctl; then false "need static build"; fi) 182 183 # ensure snap-seccomp is build with a static libseccomp on Ubuntu 184 ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) 185 sed -i "s|#cgo LDFLAGS:|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go 186 (cd _build/bin && GOPATH=$$(pwd)/.. GO111MODULE=off CGO_LDFLAGS_ALLOW="/.*/libseccomp.a" go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-seccomp) 187 # ensure that libseccomp is not dynamically linked 188 ldd _build/bin/snap-seccomp 189 test "$$(ldd _build/bin/snap-seccomp | grep libseccomp)" = "" 190 # revert again so that the subsequent tests work 191 sed -i "s|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|#cgo LDFLAGS:|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go 192 endif 193 194 # Build C bits, sadly manually 195 cd cmd && ( autoreconf -i -f ) 196 cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) 197 $(MAKE) -C cmd all 198 199 # Generate the real systemd/dbus/env config files 200 $(MAKE) -C data all 201 202 # build squashfuse and rename to snapfuse 203 (cd c-vendor/squashfuse/src && mkdir -p autom4te.cache && ./autogen.sh --disable-demo && ./configure --disable-demo && make && mv squashfuse_ll snapfuse) 204 205 override_dh_auto_test: 206 dh_auto_test -- $(BUILDFLAGS) $(TAGS) $(GCCGOFLAGS) 207 # a tested default (production) build should have no test keys 208 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) 209 # check that only the main trusted account-keys are included 210 for b in _build/bin/snapd _build/bin/snap-bootstrap _build/bin/snap-preseed; do \ 211 [ $$(strings $$b |grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ] && \ 212 strings $$b |grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" && \ 213 strings $$b |grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$"; \ 214 done; 215 # same for snap-repair 216 [ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ] 217 # common with snapd 218 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" 219 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" 220 # repair-root 221 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$" 222 endif 223 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) 224 # run the snap-confine tests 225 $(MAKE) -C cmd check 226 endif 227 228 override_dh_install: 229 # we do not need this in the package, its just needed during build 230 rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go 231 # toolbelt is not shippable 232 rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt 233 # we do not like /usr/bin/snappy anymore 234 rm -f ${CURDIR}/debian/tmp/usr/bin/snappy 235 # i18n stuff 236 mkdir -p debian/snapd/usr/share 237 if [ -d share/locale ]; then \ 238 cp -R share/locale debian/snapd/usr/share; \ 239 fi 240 # chrorder generator 241 rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder 242 # bootloader assets generator 243 rm -f ${CURDIR}/debian/tmp/usr/bin/genasset 244 # docs generator 245 rm -f ${CURDIR}/debian/tmp/usr/bin/docs 246 247 # Install snapd's systemd units / upstart jobs, done 248 # here instead of debian/snapd.install because the 249 # ubuntu/14.04 release branch adds/changes bits here 250 $(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \ 251 SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR) 252 # We called this apps-bin-path.sh instead of snapd.sh, and 253 # it's a conf file so we're stuck with it 254 mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh 255 256 $(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp 257 258 # Rename the apparmor profile, see dh_apparmor call above for an explanation. 259 mv $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine.real 260 261 dh_install 262 263 override_dh_auto_install: snap.8 264 dh_auto_install -O--buildsystem=golang 265 266 snap.8: 267 # fix reproducible builds as reported by: 268 # https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/snapd.html 269 # once golang-go-flags is fixed we can remove the "sed" expression 270 $(CURDIR)/_build/bin/snap help --man | sed '1 s/^.*/.TH snap 8 "$(shell date --reference=debian/changelog +"%d %B %Y")"/' > $@ 271 272 override_dh_auto_clean: 273 dh_auto_clean -O--buildsystem=golang 274 rm -vf snap.8 275 276 override_dh_gencontrol: 277 dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" $(SUBSTVARS)