1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
#!/usr/bin/make -f
NULL =
DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
# If the build environment sets -Bsymbolic-functions, which is often used as
# hardening option, that would break libvirt build time self-testing.
# Therefore let dpkg-buildflag strip that option if present.
DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/default.mk
ARCHES_LXC = alpha amd64 arm64 armel armhf hppa i386 m68k mips64el mipsel powerpc ppc64 ppc64el riscv64 s390x sh4 sparc64 x32
ARCHES_XEN = amd64 arm64 armhf
ARCHES_VBOX = amd64 i386
ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_VBOX)))
WITH_VBOX = -Ddriver_vbox=enabled
else
WITH_VBOX = -Ddriver_vbox=disabled
endif
ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_XEN)))
WITH_LIBXL = -Ddriver_libxl=enabled
else
WITH_LIBXL = -Ddriver_libxl=disabled
endif
WITH_STORAGE_LVM = -Dstorage_lvm=enabled
WITH_STORAGE_ISCSI = -Dstorage_iscsi=enabled
WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=enabled
WITH_STORAGE_DISK = -Dstorage_disk=enabled
WITH_STORAGE_RBD = -Dstorage_rbd=enabled
WITH_STORAGE_GLUSTER = -Dstorage_gluster=enabled
WITH_UDEV = -Dudev=enabled
WITH_CAPNG = -Dcapng=enabled
WITH_LIBNL = -Dlibnl=enabled
WITH_NETWORK = -Ddriver_network=enabled
WITH_OPENVZ = -Ddriver_openvz=enabled
WITH_POLKIT = -Dpolkit=enabled
WITH_SANLOCK = -Dsanlock=enabled
WITH_INIT_SCRIPT = -Dinit_script=systemd
WITH_FIREWALLD = -Dfirewalld=enabled
WITH_ATTR = -Dattr=enabled
WITH_AUDIT = -Daudit=enabled
WITH_SELINUX = -Dselinux=enabled -Dsecdriver_selinux=enabled -Dselinux_mount=/sys/fs/selinux
WITH_APPARMOR = -Dapparmor=enabled -Dsecdriver_apparmor=enabled -Dapparmor_profiles=enabled
WITH_NSS_PLUGIN = -Dnss=enabled
WITH_DTRACE = -Ddtrace=enabled
WITH_NUMA = -Dnumactl=enabled -Dnumad=enabled
ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_LXC)))
WITH_LXC = -Ddriver_lxc=enabled
WITH_LOGIN_SHELL = -Dlogin_shell=enabled
else
WITH_LXC = -Ddriver_lxc=disabled
WITH_LOGIN_SHELL = -Dlogin_shell=disabled
endif
else
WITH_VBOX = -Ddriver_vbox=disabled
WITH_LIBXL = -Ddriver_libxl=disabled
WITH_STORAGE_LVM = -Dstorage_lvm=disabled
WITH_STORAGE_ISCSI = -Dstorage_iscsi=disabled
WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=disabled
WITH_STORAGE_DISK = -Dstorage_disk=disabled
WITH_STORAGE_RBD = -Dstorage_rbd=disabled
WITH_STORAGE_GLUSTER = -Dstorage_gluster=disabled
WITH_UDEV = -Dudev=disabled
WITH_CAPNG = -Dcapng=disabled
WITH_LIBNL = -Dlibnl=disabled
WITH_NETWORK = -Ddriver_network=disabled
WITH_OPENVZ = -Ddriver_openvz=disabled
WITH_POLKIT = -Dpolkit=disabled
WITH_SANLOCK = -Dsanlock=disabled
WITH_INIT_SCRIPT = -Dinit_script=none
WITH_FIREWALLD = -Dfirewalld=disabled
WITH_ATTR = -Dattr=disabled
WITH_AUDIT = -Daudit=disabled
WITH_SELINUX = -Dselinux=disabled -Dsecdriver_selinux=disabled -Dselinux_mount=
WITH_APPARMOR = -Dapparmor=disabled -Dsecdriver_apparmor=disabled -Dapparmor_profiles=disabled
WITH_NSS_PLUGIN = -Dnss=disabled
WITH_DTRACE = -Ddtrace=disabled
WITH_NUMA = -Dnumactl=disabled -Dnumad=disabled
WITH_LXC = -Ddriver_lxc=disabled
WITH_LOGIN_SHELL = -Dlogin_shell=disabled
endif
DEB_CONFIGURE_EXTRA_ARGS := \
--libexecdir=/usr/lib/libvirt \
-Drunstatedir=/run \
-Dpackager="$(DEB_VENDOR)" \
-Dpackager_version="$(DEB_VERSION)" \
-Ddriver_qemu=enabled \
-Ddriver_libvirtd=enabled \
-Ddriver_remote=enabled \
-Dremote_default_mode=legacy \
-Ddriver_test=enabled \
-Ddriver_ch=disabled \
-Dqemu_user=libvirt-qemu \
-Dqemu_group=libvirt-qemu \
-Dqemu_moddir=/usr/lib/$(DEB_HOST_MULTIARCH)/qemu \
-Dqemu_datadir=/usr/share/qemu \
-Ddocs=enabled \
-Dtests=enabled \
$(WITH_OPENVZ) \
-Dsasl=enabled \
-Dyajl=enabled \
-Dlibssh2=enabled \
-Dlibssh=enabled \
$(WITH_POLKIT) \
$(WITH_SANLOCK) \
$(WITH_UDEV) \
-Dstorage_fs=enabled \
-Dstorage_dir=enabled \
$(WITH_STORAGE_LVM) \
$(WITH_STORAGE_ISCSI) \
$(WITH_STORAGE_ISCSI_DIRECT) \
$(WITH_STORAGE_DISK) \
$(WITH_STORAGE_RBD) \
$(WITH_STORAGE_GLUSTER) \
-Dstorage_vstorage=disabled \
-Dstorage_zfs=enabled \
$(WITH_INIT_SCRIPT) \
$(WITH_NUMA) \
$(WITH_SELINUX) \
$(WITH_APPARMOR) \
-Ddriver_esx=enabled \
$(WITH_CAPNG) \
$(WITH_LIBNL) \
$(WITH_NETWORK) \
-Dnetcf=disabled \
$(WITH_LIBXL) \
$(WITH_VBOX) \
$(WITH_LXC) \
$(WITH_LOGIN_SHELL) \
$(WITH_DTRACE) \
$(WITH_AUDIT) \
$(WITH_FIREWALLD) \
$(WITH_ATTR) \
$(WITH_NSS_PLUGIN) \
-Dwireshark_dissector=enabled \
$(NULL)
# Those have to stay up through upgrades to avoid interruptions
LIBVIRT_UNITS = \
virtlogd.service \
virtlockd.service \
libvirt-guests.service \
libvirtd.socket \
libvirtd-ro.socket \
libvirtd-admin.socket \
virtlogd.socket \
virtlogd-admin.socket \
virtlockd.socket \
virtlockd-admin.socket \
$(NULL)
APPARMOR_ABSTRACTIONS = \
libvirt-lxc \
libvirt-qemu \
$(NULL)
APPARMOR_TEMPLATES = \
TEMPLATE.lxc \
TEMPLATE.qemu \
$(NULL)
APPARMOR_SERVICES = \
usr.lib.libvirt.virt-aa-helper \
usr.sbin.libvirtd \
$(NULL)
NSS_PLUGINS = \
libvirt \
libvirt_guest \
$(NULL)
SYSTEMTAP_TAPSETS = \
libvirt_functions \
libvirt_probes \
libvirt_qemu_probes \
$(NULL)
SYSCTL_CONFIGS = \
libvirtd \
qemu-postcopy-migration \
$(NULL)
DEB_BUILDDIR := $(CURDIR)/debian/build
DEB_DESTDIR := $(CURDIR)/debian/tmp
SRV_MONOLITHIC = libvirt-guests virtlogd virtlockd libvirtd libvirtd-tcp libvirtd-tls virt-guest-shutdown
# For split daemons later, as of 6.0 the remaining elments are
#SRV_SPLIT = virtnwfilterd virtinterfaced virtlxcd virtnetworkd virtnodedevd virtproxyd virtqemud virtsecretd virtstoraged virtvboxd virtxend virtproxyd-tcp virtproxyd-tls
%:
dh $@ --builddirectory=$(DEB_BUILDDIR)
override_dh_auto_configure:
dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS)
# The default timeout for tests in Meson is 30s, which is not enough
# for architectures with slow buildds: make the timeout 10 times
# larger (5m) to account for those
override_dh_auto_test:
export LD_PRELOAD=""; \
export VIR_TEST_DEBUG=1; \
if ! dh_auto_test -- --timeout-multiplier 10; then \
cat $(DEB_BUILDDIR)/meson-logs/testlog.txt; \
exit 1; \
fi
# After the upstream build system has installed libvirt into $(DEB_DESTDIR),
# we need to make some tweaks (add a few extra files, delete some contents
# we're not interested in, move things around) so that later calls to the
# various dh_* tools will work optimally. This target is the perfect place
# to perform such operations
execute_after_dh_auto_install:
# Move upstream files where dh_* can find them
set -e; for f in $(SYSCTL_CONFIGS); do \
mv $(DEB_DESTDIR)/usr/lib/sysctl.d/60-$${f}.conf \
$(DEB_DESTDIR)/usr/lib/sysctl.d/$${f}.sysctl; \
done
# Copy the release notes where dh_installdocs can find them
cp NEWS.rst \
$(DEB_DESTDIR)/usr/share/doc/libvirt/NEWS
# Rename the upstream polkit rule so that it matches the name used
# historically in Debian
mv $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/50-libvirt.rules \
$(DEB_DESTDIR)/usr/share/polkit-1/rules.d/60-libvirt.rules
# Don't ship any files that are managed by the user only
rm $(DEB_DESTDIR)/etc/apparmor.d/local/*
# Don't ship the CI dashboard, which is not useful as documentation
# triggers the privacy-breach-generic Lintian tag
rm $(DEB_DESTDIR)/usr/share/doc/libvirt/html/ci-dashboard.html
# Disable network autostart
rm -rf $(DEB_DESTDIR)/etc/libvirt/qemu/networks/autostart/
mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/
mv $(DEB_DESTDIR)/etc/libvirt/qemu/networks/ \
$(DEB_DESTDIR)/etc/libvirt/nwfilter/ \
$(DEB_DESTDIR)/usr/share/libvirt/
execute_after_dh_install:
ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
# Linux supports more nice things:
set -e; for f in $(SRV_MONOLITHIC); do \
dh_install -p libvirt-daemon-system \
usr/lib/systemd/system/$${f}* \
lib/systemd/system/; \
done
dh_install -p libvirt-daemon usr/lib/libvirt/virt-aa-helper
set -e; for f in $(APPARMOR_ABSTRACTIONS); do \
dh_install -p libvirt-daemon-system etc/apparmor.d/abstractions/$${f}; \
done
set -e; for f in $(APPARMOR_TEMPLATES); do \
dh_install -p libvirt-daemon-system etc/apparmor.d/libvirt/$${f}; \
done
set -e; for f in $(APPARMOR_SERVICES); do \
dh_install -p libvirt-daemon-system etc/apparmor.d/$${f}; \
dh_apparmor -p libvirt-daemon-system --profile-name=$${f}; \
done
# Not all linux arches have systemtap yet
if test -d $(DEB_DESTDIR)/usr/share/systemtap; then \
set -e; for f in $(SYSTEMTAP_TAPSETS); do \
dh_install -p libvirt-daemon-system \
usr/share/systemtap/tapset/$${f}.stp; \
done; \
fi
dh_install -p libvirt-daemon-system etc/libvirt/lxc.conf
dh_install -p libvirt-daemon-system etc/libvirt/qemu-sanlock.conf
set -e; for f in $(NSS_PLUGINS); do \
dh_install -p libnss-libvirt \
usr/lib/$(DEB_HOST_MULTIARCH)/libnss_$${f}.so.2 \
lib/$(DEB_HOST_MULTIARCH)/; \
done
endif
ifneq (,$(findstring $(DEB_HOST_ARCH), $(ARCHES_XEN)))
dh_install -p libvirt-daemon-system etc/libvirt/libxl.conf
dh_install -p libvirt-daemon-system etc/libvirt/libxl-lockd.conf
dh_install -p libvirt-daemon-system etc/libvirt/libxl-sanlock.conf
endif
override_dh_installinit:
# Install SysV init scripts
dh_installinit -p libvirt-daemon-system-sysv --name=virtlogd --no-stop-on-upgrade
dh_installinit -p libvirt-daemon-system-sysv --name=virtlockd --no-stop-on-upgrade
dh_installinit -p libvirt-daemon-system-sysv --name=libvirtd --restart-after-upgrade
dh_installinit -p libvirt-daemon-system-sysv --name=libvirt-guests --no-start
# Install default files, which are used by both systemd and SysV init
dh_installinit -p libvirt-daemon-system --name=virtlogd --no-scripts
dh_installinit -p libvirt-daemon-system --name=virtlockd --no-scripts
dh_installinit -p libvirt-daemon-system --name=libvirtd --no-scripts
dh_installinit -p libvirt-daemon-system --name=libvirt-guests --no-scripts
override_dh_installsystemd:
dh_installsystemd -p libvirt-daemon-system --no-also libvirtd.service
dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade $(LIBVIRT_UNITS)
override_dh_installdocs:
dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc
dh_installdocs -Nlibvirt-doc
# dh_missing can't figure out that some files are skipped on purpose due
# to the conditionals above, so let's make the error non-fatal for -indep
# builds. -arch builds don't need this because we sync whether each feature
# is enabled and whether the corresponding files are installed
override_dh_missing-indep:
dh_missing --list-missing
|
