github.com/stolowski/snapd@v0.0.0-20210407085831-115137ce5a22/packaging/ubuntu-14.04/rules (about) 1 #!/usr/bin/make -f 2 # -*- makefile -*- 3 # 4 # These rules should work for any debian-ish distro that is *not* 5 # systemd based but can use a tweaked, deputy systemd. This includes 6 # just Ubuntu 14.04 ("trusty"), to our knowledge (let us know if 7 # you're using this elsewhere!). The more general, systemd-based one 8 # is the 16.04 rule. 9 # 10 # Please keep the diff between that and this relatively small, even if 11 # it means having suboptimal code; these need to be kept in sync by 12 # sentient bags of meat. 13 14 #export DH_VERBOSE=1 15 export DH_OPTIONS 16 export DH_GOPKG := github.com/snapcore/snapd 17 #export DEB_BUILD_OPTIONS=nocheck 18 export DH_GOLANG_EXCLUDES=tests 19 export DH_GOLANG_GO_GENERATE=1 20 21 export PATH:=${PATH}:${CURDIR} 22 # make sure that correct go version is found on trusty 23 export PATH:=/usr/lib/go-1.10/bin:${PATH} 24 25 include /etc/os-release 26 27 # On trusty we are relying on a deputy systemd, which does not run as 28 # PID 1. To solve the problem of services shipping systemd units and 29 # upstart jobs being started twice, we altered systemd on trusty to 30 # ignore /lib/systemd/system and instead consider only selected units 31 # from /lib/systemd/upstart. 32 SYSTEMD_UNITS_DESTDIR="lib/systemd/upstart/" 33 34 # The go tool does not fully support vendoring with gccgo, but we can 35 # work around that by constructing the appropriate -I flag by hand. 36 GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes) 37 38 BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std 39 # Disable -buildmode=pie mode on all our 32bit platforms 40 # (i386 and armhf). For i386 because of LP: #1711052 and for 41 # armhf because of LP: #1822738 42 ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH_BITS),64) 43 BUILDFLAGS+= -buildmode=pie 44 endif 45 46 GCCGOFLAGS= 47 ifeq ($(GCCGO),yes) 48 GOARCH := $(shell go env GOARCH) 49 GOOS := $(shell go env GOOS) 50 BUILDFLAGS:= 51 GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor" 52 export DH_GOLANG_GO_GENERATE=0 53 endif 54 55 # check if we need to include the testkeys in the binary 56 # TAGS are the go build tags for all binaries, SNAP_TAGS are for snap 57 # build only. 58 TAGS= 59 SNAP_TAGS= 60 ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS))) 61 TAGS=-tags withtestkeys 62 SNAP_TAGS=-tags "nomanagers withtestkeys" 63 else 64 SNAP_TAGS=-tags nomanagers 65 endif 66 67 BUILT_USING_PACKAGES= 68 # export DEB_BUILD_MAINT_OPTIONS = hardening=+all 69 # DPKG_EXPORT_BUILDFLAGS = 1 70 # include /usr/share/dpkg/buildflags.mk 71 72 # Currently, we enable confinement for Ubuntu only, not for derivatives, 73 # because derivatives may have different kernels that don't support all the 74 # required confinement features and we don't to mislead anyone about the 75 # security of the system. Discuss a proper approach to this for downstreams 76 # if and when they approach us. 77 # NOTE this could be simpler for trusty, but this way keeps the diff down. 78 ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) 79 # On Ubuntu 16.04 we need to produce a build that can be used on wide 80 # variety of systems. As such we prefer static linking over dynamic linking 81 # for stability, predicability and easy of deployment. We need to link some 82 # things dynamically though: udev has no stable IPC protocol between 83 # libudev and udevd so we need to link with it dynamically. 84 VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp 85 BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev 86 else 87 ifeq ($(shell dpkg-vendor --query Vendor),Debian) 88 VENDOR_ARGS=--disable-apparmor --disable-seccomp 89 BUILT_USING_PACKAGES=libcap-dev 90 else 91 VENDOR_ARGS=--disable-apparmor 92 endif 93 endif 94 BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) 95 96 %: 97 dh $@ --buildsystem=golang --with=golang --fail-missing --builddirectory=_build 98 99 override_dh_fixperms: 100 dh_fixperms -Xusr/lib/snapd/snap-confine 101 102 103 # trusty doesn't need the .real workaround 104 override_dh_installdeb: 105 dh_apparmor --profile-name=usr.lib.snapd.snap-confine -psnapd 106 dh_installdeb 107 108 override_dh_clean: 109 ifneq (,$(TEST_GITHUB_AUTOPKGTEST)) 110 # this will be set by the GITHUB webhook to trigger a autopkgtest 111 # we only need to run "govendor sync" here and then its ready 112 (export GOPATH="/tmp/go"; \ 113 mkdir -p /tmp/go/src/github.com/snapcore/; \ 114 cp -ar . /tmp/go/src/github.com/snapcore/snapd; \ 115 go get -u github.com/kardianos/govendor; \ 116 (cd /tmp/go/src/github.com/snapcore/snapd ; /tmp/go/bin/govendor sync); \ 117 cp -ar /tmp/go/src/github.com/snapcore/snapd/vendor/ .; \ 118 ) 119 endif 120 dh_clean 121 $(MAKE) -C data clean 122 # XXX: hacky 123 $(MAKE) -C cmd distclean || true 124 125 override_dh_auto_build: 126 # usually done via `go generate` but that is not supported on powerpc 127 ./mkversion.sh 128 # Build golang bits 129 mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data 130 cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/ 131 cp -a bootloader/assets/data _build/src/$(DH_GOPKG)/bootloader/assets 132 dh_auto_build -- $(BUILDFLAGS) $(TAGS) $(GCCGOFLAGS) 133 134 (cd _build/bin && GOPATH=$$(pwd)/.. go build $(BUILDFLAGS) $(GCCGOFLAGS) $(SNAP_TAGS) $(DH_GOPKG)/cmd/snap) 135 136 # Generate static snap-exec, snapctl and snap-udpate-ns - it somehow includes CGO so we must 137 # force a static build here. We need a static snap-{exec,update-ns}/snapctl inside 138 # the core snap because not all bases will have a libc 139 (cd _build/bin && GOPATH=$$(pwd)/.. CGO_ENABLED=0 go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-exec) 140 (cd _build/bin && GOPATH=$$(pwd)/.. CGO_ENABLED=0 go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snapctl) 141 (cd _build/bin && GOPATH=$$(pwd)/.. go build --ldflags '-extldflags "-static"' $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-update-ns) 142 # ensure we generated a static build 143 $(shell if ldd _build/bin/snap-exec; then false "need static build"; fi) 144 $(shell if ldd _build/bin/snap-update-ns; then false "need static build"; fi) 145 $(shell if ldd _build/bin/snapctl; then false "need static build"; fi) 146 147 # Build C bits, sadly manually 148 cd cmd && ( autoreconf -i -f ) 149 cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) 150 $(MAKE) -C cmd all 151 152 # Generate the real systemd/dbus/env config files 153 $(MAKE) -C data all 154 155 override_dh_auto_test: 156 dh_auto_test -- $(BUILDFLAGS) $(TAGS) $(GCCGOFLAGS) 157 # a tested default (production) build should have no test keys 158 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) 159 # check that only the main trusted account-keys are included 160 [ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ] 161 strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" 162 strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" 163 # same for snap-repair 164 [ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ] 165 # common with snapd 166 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" 167 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" 168 # repair-root 169 strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$" 170 endif 171 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) 172 # run the snap-confine tests 173 $(MAKE) -C cmd check 174 endif 175 176 override_dh_install: 177 # we do not need this in the package, its just needed during build 178 rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go 179 # toolbelt is not shippable 180 rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt 181 # we do not like /usr/bin/snappy anymore 182 rm -f ${CURDIR}/debian/tmp/usr/bin/snappy 183 # snap-bootstrap is only useful on core (and we don't have a 14.04 core) 184 rm -f ${CURDIR}/debian/tmp/usr/bin/snap-bootstrap 185 # same goes for snap-recovery-chooser 186 rm -f ${CURDIR}/debian/tmp/usr/bin/snap-recovery-chooser 187 # i18n stuff 188 mkdir -p debian/snapd/usr/share 189 if [ -d share/locale ]; then \ 190 cp -R share/locale debian/snapd/usr/share; \ 191 fi 192 # chrorder generator 193 rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder 194 # bootloader assets generator 195 rm -f ${CURDIR}/debian/tmp/usr/bin/genasset 196 # docs generator 197 rm -f ${CURDIR}/debian/tmp/usr/bin/docs 198 199 # Install snapd's systemd units / upstart jobs, done 200 # here instead of debian/snapd.install because the 201 # ubuntu/14.04 release branch adds/changes bits here 202 $(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \ 203 SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR) 204 # We called this apps-bin-path.sh instead of snapd.sh, and 205 # it's a conf file so we're stuck with it 206 mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh 207 208 # trusty needs this to make /snap rshared 209 install --mode=0644 debian/snap.mount.service debian/snapd/$(SYSTEMD_UNITS_DESTDIR) 210 211 $(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp 212 213 # trusty doesn't need the .real workaround 214 215 # On Ubuntu and Debian we don't need to install the apparmor helper service. 216 rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.apparmor.service 217 rm $(CURDIR)/debian/tmp/usr/lib/snapd/snapd-apparmor 218 219 dh_install 220 221 override_dh_auto_install: snap.8 222 dh_auto_install -O--buildsystem=golang 223 224 snap.8: 225 $(CURDIR)/_build/bin/snap help --man > $@ 226 227 override_dh_auto_clean: 228 dh_auto_clean -O--buildsystem=golang 229 rm -vf snap.8 230 231 override_dh_gencontrol: 232 dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"