File: rules

package info (click to toggle)
xen 4.11.1+92-g6c33308a8d-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 36,276 kB
  • sloc: ansic: 488,072; asm: 7,866; python: 7,435; makefile: 7,336; sh: 6,425; ml: 4,752; perl: 4,223; cpp: 1,829; lex: 708; yacc: 656; pascal: 433
file content (322 lines) | stat: -rwxr-xr-x 12,004 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
#!/usr/bin/make -f

# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1

SHELL    := bash -e

# This influences dpkg-buildflags to specify better linker
# options.  See https://wiki.debian.org/Hardening
# TBH it is not clear to me (Diziet, 2018) why this is not the
# default but it is definitely appropriate for Xen, many of whose
# users will care significantly about security.x
#
# Note that we don't use the dpkg-buildflags output for the
# hypervisor build.  This because I haven't investigated which
# of them are sane to use in the hypervisor context, rather than
# simply in userland binaries.
#
export DEB_BUILD_MAINT_OPTIONS = hardening=+all

# Architecture handling.
#
# We need to explicitly specify the architecture because the Xen
# upstream build system likes to use `uname' which can produce wrong
# answers it other-bitness chroots, and because we need to build a
# 64-bit hypervisor even on i386 (since there is no 32-bit hypervisor
# anymore).

# Also there is terminological confusion.  The DEB_* variables follow
# GNU GCC terminology:
#
# dpkg / GNU    Xen         Meaning
#  BUILD         COMPILE     Host: where this build is running
#  HOST          TARGET      Target: where the binaries we build now will run

include /usr/share/dpkg/architecture.mk

# Xen has its own different architecture names, which are nither
# Debian nor GNU names.

flavour_amd64 = amd64
flavour_i386  = amd64
flavour_armhf = armhf
flavour_arm64 = arm64

xen_arch_amd64 = x86_64
xen_arch_i386  = x86_32
xen_arch_armhf = arm32
xen_arch_arm64 = arm64

flavour=$(flavour_$(DEB_HOST_ARCH))

# Much of the work here is to make different upstream versions of Xen
# coinstallable, and arrange to run which ever version of the tools
# corresponds to the running hypervisor.
#
# This packaging produces one version.  The nominal upstream version
# represents the control ABI used by hypervisor management utilities.
#
# In this package that version number appears in (i) debian/control
# and (ii) the first two numbers in the package version in
# debian/changelog.  These must both be updated when a new major
# upstream version is packaged (eg 4.10 -> 4.11).
# (Everywhere else, it is handled dynamically.)
#
upstream_version := \
 $(shell dpkg-parsechangelog -SVersion | sed 's/\(\.[0-9]*\)\..*/\1/' )

# Many of the debhelper files are most conveniently provided as
# templates which depend on the flavour and the upstream version.
# Since even some package names depend on the version, so do some
# dh input filenames.  We support this as follows:
#
# These runes take all files named   debian/*.vsn-in
# and do these three things:
#  1. in the file contents
#    (a) substitute @version@ @flavour@
#    (b) interpret lines like
#		? flavour = <value> [ | <other-value> ...]
#		? flavour != <value> [ | <other-value> ...]
#     as conditional output lasting until the next ? on is own.
#  2. replace any V in the file *name* with that same version
#     and any F with the flavour
#  3. strip .vsn-in from the end
# The resulting files are then consumed by dh.
#
# (debhelper has a shell script control file facility, but that cannot
# handle the need to vary the actual filename seen by debhelper.)

TEMPLATE_FILES := $(wildcard debian/*.vsn-in)

define template_rule_template =
 TEMPLATED_FILES += $(2)
 $(2): $(1) debian/rules debian/changelog debian/template-subst
	debian/template-subst $(upstream_version) $(flavour) <$$< >$$@.tmp \
	&& mv -f $$@{.tmp,}
endef

$(foreach t,$(TEMPLATE_FILES), $(eval 					\
	$(call 								\
		template_rule_template, $t, 				\
		$(subst F,$(flavour),					\
		 $(subst V,$(upstream_version),				\
		  $(basename $t)					\
		 ))							\
	)))

templated-files: $(TEMPLATED_FILES)
	:

# Work around bug in dpkg-buildpackage: between dpkg 1.14.17 and 1.16.1
# it exports these.  This is a problem because we need to pass different
# options to the hypervisor build - the default options from dpkg
# et al are suitable for dom0 binaries but not for the hypervisor.
undefine CFLAGS
undefine CXXFLAGS
undefine FFLAGS
undefine CPPFLAGS
undefine LDFLAGS

# The Xen build system likes to download things at build-time.  We
# think we have disabled all of that with appropriate configure
# options.  But, set these too, so we spot if we miss any.
export WGET=/bin/false GIT=/bin/false

# Other build flags etc.

t=$(PWD)/debian/tmp

dpkg_CFLAGS   := $(shell dpkg-buildflags --get CFLAGS)
dpkg_CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS)
dpkg_LDFLAGS  := $(shell dpkg-buildflags --get LDFLAGS)

make_args_xen= $(make_args_common) \
	XEN_COMPILE_ARCH=$(xen_arch_$(DEB_BUILD_ARCH)) \
	XEN_TARGET_ARCH=$(xen_arch_$(flavour)) \
# (Xen upstream does not offer a separate CPPFLAGS,
# so we pass those in CFLAGS.)

make_args_tools= $(make_args_common) \
	XEN_COMPILE_ARCH=$(xen_arch_$(DEB_BUILD_ARCH)) \
	XEN_TARGET_ARCH=$(xen_arch_$(DEB_HOST_ARCH)) \
	EXTRA_CFLAGS_XEN_TOOLS='$(dpkg_CFLAGS) $(dpkg_CPPFLAGS)' \
	PREPEND_LDFLAGS_XEN_TOOLS='$(dpkg_LDFLAGS)'

%:
	dh $@ --with=python2

# Without this, something on stretch passes CFLAGS in the environment
# to the Xen build system, which then (with 4.11) chokes printing
#   /bin/sh: 1: Syntax error: Unterminated quoted string
# probably because the CFLAGS value contains multiple options and
# therefore spaces.  See also the note by `undefine CFLAGS', above.
override_dh_auto_clean:
	rm -f debian/xen-tools-built.stamp
	$(MAKE) -j1 distclean

# To avoid that the build dirties the tree, our delta queue deletes
# config.sub and config.guess.  dh_update_autotools_config can get
# us fresh ones for each build, but it expects to find some there
# already with some weird properties.  Instead, just copy them
# from /usr/share/misc (which is where it gets them anyway)
override_dh_update_autotools_config:
	cp /usr/share/misc/{config.sub,config.guess} .

# Upstream has both a kconfig style configure for the hypervisor
# and autoconfery for the tools (what we call the `utils').
override_dh_auto_configure:
	cp debian/xen-kconfig xen/.config
	make -C xen olddefconfig $(make_args_xen)
	:
	$(make_args_tools) ./configure \
		--disable-stubdom \
		--prefix=/usr \
		--includedir=/usr/include \
		--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
		--with-libexec-libdir-suffix=/$(DEB_HOST_MULTIARCH) \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--sysconfdir=/etc \
		--localstatedir=/var \
		--with-libexec-leaf-dir=xen-$(upstream_version) \
		--disable-blktap1 \
		--disable-blktap2 \
		--disable-qemu-traditional --disable-rombios \
		--with-system-qemu=/usr/bin/qemu-system-i386 \
		--enable-ovmf --with-system-ovmf=/usr/share/ovmf/OVMF.fd \
		--with-system-seabios=/usr/share/seabios/bios-256k.bin

# tools/firmware/xen-dir is the `shim' used for booting PV guests
# in an HVM container, for security (particularly, for meltdown/spectre
# mitigation).  It's actually a hypervisor.  On i386 it is not built
# by `make tools' because run that with XEN_COMPILE_ARCH=x86_32 which
# is no longer a supported hypervisor architecture.  And we want to
# build it with $(make_args_xen) not $(make_args_tools).  So do it
# separately.
override_dh_auto_build:
	$(MAKE) $(make_args_xen) xen
	$(MAKE) $(make_args_tools) tools docs CONFIG_PV_SHIM=n
	case $(flavour) in \
	amd64|i386) \
		$(MAKE) $(make_args_xen) -C tools/firmware/xen-dir ;; \
	esac
	touch debian/xen-tools-built.stamp

# We keep the amount of fixup and messing about with debian/tmp/
# to a minimum, because when working it is easier to rerun the
# later parts of the build than the whole of the two upstream make installs.
# However, there are three sets of fixes we must make:
override_dh_auto_install: $(TEMPLATED_FILES)
	$(MAKE) $(make_args_xen) DESTDIR=$t install-xen
	$(MAKE) $(make_args_tools) DESTDIR=$t \
		install-{tools,docs} CONFIG_PV_SHIM=n
	:
	@# shim install target needs to be run separately because we
	@# need to pass it the make_args_xen settings, in particular
	@# on i386 bwe need to pass x86_64 here to actually build it.
	@# Luckily this target, unlike the build, is a noop on
	@# shimless arches, so it does not need to be conditional.
	$(MAKE) $(make_args_xen) DESTDIR=$t $(make_args_xen) \
		-C tools/firmware install-shim
	:
	@# pkgconfig files contain arch-specific paths so must
	@# be in /usr/lib/<triplet>, not /usr/share.
	mv $t/usr/share/pkgconfig $t/usr/lib/$(DEB_HOST_MULTIARCH)/
	:
	@# Inexplicably, upstream puts the efi binares in usr/lib64
	case $(flavour) in \
		armhf) ;; \
		*) mv $t/usr/lib64/efi/* $t/boot/. ;; \
	esac
	:
	@# This file contains an arch-specific path and we put it
	@# in xen-utils-common, an arch-all package.  But the
	@# path is only used to put the libdir on LD_LIBRARY_PATH
	@# in the hotplug scripts.  We have a patch to drop that.
	sed -i '/^libdir=/d' $t/etc/xen/scripts/hotplugpath.sh

# libfsimage not only has an unstable ABI, but also a very poor name.
# Our makefile patch puts it in a different directory and fixes up the
# rpath; this rules code excludes the header files.
dh_install_excludes += -Xinclude/fsimage

# The upstream build produces these.
dh_install_excludes += -X'*.pyc'

# The upstream docs build erroneously ships .deps into the html output.
dh_install_excludes += -X/.deps

# Upstream puts pygrub in its lib directory which is in our per-version
# package, and leaves a symlink in /usr/bin.  Exclude the symlink.
# We don't want this in /usr/bin anyway.
dh_install_excludes += -Xusr/bin/pygrub

# We want the xenstore utilities in their own package.  The general
# install does everything from /usr/bin and /usr/share/man, so we
# need to exclude them.  debhelpers's -X option is ... odd.  Not
# suitable, anyway.  So we rm them after running dh_install.
# The installation is done separately via xenstore-utils.install.
xenstore_rm = $(addprefix debian/xen-utils-common/,		\
		$(foreach utility, xenstore xenstore-*,		\
			usr/bin/$(utility)			\
			usr/share/man/man1/$(utility).1		\
		))

override_dh_install:
	debian/shuffle-binaries $(upstream_version) $(flavour)
	:
	debian/shuffle-boot-files $(upstream_version) $(flavour)
	:
	dh_install $(dh_install_excludes)
	if test -d debian/xen-utils-common; then rm -v $(xenstore_rm); fi
	:
	debian/installsharedlibs

# dh_python2 does not know to look in the funny directory where
# we put the versioned /usr/lib files including some python scripts.
override_dh_python2:
	dh_python2
	dh_python2 -pxen-utils-$(upstream_version) \
		usr/lib/xen-$(upstream_version)/bin

# We have two init scripts.  (There used to be xend too.)
override_dh_installinit:
	dh_installinit --name xen -- defaults 20 21
	dh_installinit --name xendomains --no-start -- defaults 21 20

# dh_strip in dh compat 10 and earlier (which we are at so this
# package builds on stretch) looks at filenames and modes to decide
# what to process.  hvmloader doesn't match, so we must trick it.
# It is sufficient to make it executable.  And we have to undo
# that again, then.  This all happens after dh_install so we operate
# on the package-specific file.
override_dh_strip:
	find debian/xen-utils-* -name hvmloader | xargs -r chmod -v +x
	dh_strip
	find debian/xen-utils-* -name hvmloader | xargs -r chmod -v -x

# Hardlink the various xenstore-* programs together.  This is an
# argv[0]-using binary of which we can have only one copy.  We need to
# do this late, because dh_strip breaks hardlinks.
#
# The debug files are fairly large, fairly rarely used,
# and not compressed by the upstream build system.
override_dh_compress:
	rdfind -makehardlinks true -makeresultsfile false \
		debian/xenstore-utils/usr/bin
	:
	dh_compress
	find debian/xen-hypervisor-*/usr/lib/debug -type f -print0 \
		| xargs -0r gzip -9vn

# By default, files in debian/tmp which are not handled by anything
# in rules are ignored.  This makes them into errors.
override_dh_missing:
	dh_missing --fail-missing


# We are dropping the config file /etc/default/xen which appeared in
# earlier versions.  See ./ucf-remove-fixup for more details.
override_dh_ucf:
	dh_ucf