Make Debian packaging more Debian-like

When you do `./configure`, the options are stored in the rules file.
This then means you can use the normal Debian packaging methods.

`make deb` also now uses `dpkg-buildpackage`.

.github/workflows/packaging.yml

@@ -45,8 +45,8 @@ jobs:
       - name: Confirm packages built
         run: |
           DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
-          if [ "$DEB_COUNT" != "2" ]; then
-            echo Did not find exactly two deb packages!!!
+          if [ "$DEB_COUNT" != "3" ]; then
+            echo Did not find exactly three deb packages!!!
             exit 1
           fi
 # disabled 20240919 -- broken target.

Docker/packaging/debian/Dockerfile

@@ -2,5 +2,4 @@ FROM debian:latest
 
 RUN apt-get -y update
 RUN apt-get -y upgrade
-RUN apt-get install -y build-essential autoconf gawk debhelper lintian
-
+RUN apt-get install -y build-essential autoconf gawk debhelper lintian dpkg-dev

configure.ac

@@ -46,6 +46,12 @@ AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg
 WOLFSSL_CONFIG_ARGS=$ac_configure_args
 AC_SUBST([WOLFSSL_CONFIG_ARGS])
 
+# Store configure options and CFLAGS for debian rules generation
+CONFIGURE_OPTIONS="$ac_configure_args"
+CONFIGURE_CFLAGS="$CFLAGS"
+AC_SUBST([CONFIGURE_OPTIONS])
+AC_SUBST([CONFIGURE_CFLAGS])
+
 # shared library versioning
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
 
@@ -10940,6 +10946,7 @@ AC_CONFIG_FILES([Makefile
         wolfcrypt/test/test_paths.h
         ])
 AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
+AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])
 
 AX_CREATE_GENERIC_CONFIG
 AX_AM_JOBSERVER([yes])

debian/include.am

@@ -1,77 +1,25 @@
 # vim:ft=automake
 
-DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-
+# Debian packaging using dpkg-buildpackage
 deb:
-# Setup meta folders
-	mkdir -p debian/libwolfssl/DEBIAN debian/libwolfssl-dev/DEBIAN
-# "Install" wolfSSL
-	make install exec_prefix=$(CURDIR)/debian/libwolfssl/usr \
-		prefix=$(CURDIR)/debian/libwolfssl-dev/usr
-# deb shared lib stuff
-	fakeroot dh_makeshlibs
-	dh_shlibdeps
-	dh_installdeb
-# Generate the lib and src descriptions
-	fakeroot dh_gencontrol
-# Make adjustments to the package structure and to satisfy lintian checks
-# Correct doc dir name
-	@rm -rf debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-	@mv debian/libwolfssl-dev/usr/share/doc/wolfssl \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-# Clear lib folder
-	@rm -rf debian/libwolfssl-dev/usr/lib
-	@mkdir -p debian/libwolfssl-dev/usr/lib
-# Move the top level .so into the dev pkg
-	@mv debian/libwolfssl/usr/lib/libwolfssl.so debian/libwolfssl-dev/usr/lib
-# Create correct pkg doc dir
-	@rm -rf debian/libwolfssl/usr/share/doc/libwolfssl
-	@mkdir -p debian/libwolfssl/usr/share/doc/libwolfssl
-# Place changelog
-	@gzip -n -9 -c debian/changelog | \
-		tee debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz > \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz
-# Place copyright
-	@cp debian/copyright debian/libwolfssl/usr/share/doc/libwolfssl
-	@cp debian/copyright debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-# Remove .la file https://wiki.debian.org/ReleaseGoals/LAFileRemoval
-	@rm debian/libwolfssl/usr/lib/libwolfssl.la
-# Strip unwanted symbols
-# https://www.debian.org/doc/debian-policy/ch-files.html#binaries
-	@strip --strip-unneeded debian/libwolfssl/usr/lib/libwolfssl.so.*.*.*
-# Place pkgconfig so that it is available for cross-compilation
-# https://lintian.debian.org/tags/pkg-config-unavailable-for-cross-compilation
-	@rm -rf debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-	@mkdir -p debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-	@mv debian/libwolfssl/usr/lib/pkgconfig \
-		debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-# Set the expected access rules
-	@chmod 644 debian/libwolfssl/usr/lib/libwolfssl.so.*.*.*
-	@chmod 644 debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz \
-		debian/libwolfssl/usr/share/doc/libwolfssl/copyright \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/copyright
-# Do this as the last step to mark all directories with the correct access bits
-	@find debian/libwolfssl*/usr -type d | xargs chmod 755
-# Generate debs
-	dpkg-deb --root-owner-group -b debian/libwolfssl .
-	dpkg-deb --root-owner-group -b debian/libwolfssl-dev .
-# Check that everything is correct with lintian
-# - we don't provide a manual page for wolfssl-config
-# - we don't care about matching the soname for our debs
-	lintian *.deb --fail-on error,warning --tag-display-limit 0 \
-		--suppress-tags no-manual-page,package-name-doesnt-match-sonames
-# Clean up the working dirs
-	make deb-clean
+	dpkg-buildpackage -us -uc
+
+deb-source:
+	dpkg-buildpackage -S -us -uc
+
+deb-binary:
+	dpkg-buildpackage -B -us -uc
 
 deb-docker:
 	docker build -t "debian-builder:Dockerfile" Docker/packaging/debian
 	docker run --rm -v $(CURDIR):/opt/wolfssl debian-builder:Dockerfile \
-		bash -c 'cd /opt/wolfssl && ./config.status --recheck && make deb && \
-				make clean deb-clean &> /dev/null'
-# To allow the user to keep using the configuration on the host
-	@./config.status --recheck &> /dev/null
+		bash -c 'cd /opt/wolfssl && ./autogen.sh && ./configure $(WOLFSSL_CONFIG_ARGS) && make deb && find .. -maxdepth 1 -type f -exec cp {} . \;'
 
 deb-clean:
+	dh_clean --exclude=debian/control --exclude=debian/changelog \
+		--exclude=debian/rules || true
 	rm -rf debian/libwolfssl debian/libwolfssl-dev debian/files \
-		debian/*.substvars debian/.debhelper
+		debian/*.substvars debian/.debhelper debian/tmp
+	rm -f debian/debhelper-build-stamp
+
+.PHONY: deb deb-source deb-binary deb-docker deb-clean

debian/libwolfssl-dev.install

@@ -0,0 +1,6 @@
+usr/include/
+usr/lib/*/libwolfssl.so
+usr/lib/*/libwolfssl.a
+usr/lib/*/pkgconfig/wolfssl.pc
+usr/bin/wolfssl-config
+usr/share/doc/wolfssl/

debian/libwolfssl.install

@@ -0,0 +1 @@
+usr/lib/*/libwolfssl.so.*

debian/rules.in

@@ -0,0 +1,79 @@
+#!/usr/bin/make -f
+
+# Store the configure options and CFLAGS used during ./configure
+# This file is generated from rules.in by the configure script
+CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@
+CONFIGURE_CFLAGS = @CONFIGURE_CFLAGS@
+ENABLED_FIPS = @ENABLED_FIPS@
+
+# Use debhelper with automatic sequence
+%:
+	dh $@
+
+# Override configure to use the stored options
+override_dh_auto_configure:
+	./configure \
+		--build=$(DEB_BUILD_GNU_TYPE) \
+		--host=$(DEB_HOST_GNU_TYPE) \
+		--prefix=/usr \
+		--mandir=\$${prefix}/share/man \
+		--infodir=\$${prefix}/share/info \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \
+		--libexecdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \
+		--disable-maintainer-mode \
+		--disable-dependency-tracking \
+		--enable-shared \
+		--enable-static \
+		$(CONFIGURE_OPTIONS) \
+		CFLAGS="$(CONFIGURE_CFLAGS)"
+
+# Override test to skip them (optional, remove if you want to run tests)
+#override_dh_auto_test:
+	# Skip tests during package build
+
+# Handle FIPS builds which require special hash generation
+override_dh_auto_build:
+ifeq ($(ENABLED_FIPS),yes)
+	# FIPS build requires two-stage process with hash generation
+	$(MAKE)
+	./fips-hash.sh
+	$(MAKE)
+else
+	# Standard build
+	dh_auto_build
+endif
+
+# Handle multiarch library placement and remove .la files
+override_dh_auto_install:
+	dh_auto_install
+	# Remove .la files (not needed in modern Debian packages)
+	find debian/tmp -name '*.la' -delete
+	# Move libraries to multiarch directory if needed
+	if [ -d debian/tmp/usr/lib ]; then \
+		mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH); \
+		if [ -f debian/tmp/usr/lib/libwolfssl.so.* ]; then \
+			mv debian/tmp/usr/lib/libwolfssl.so.* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \
+		fi; \
+		if [ -f debian/tmp/usr/lib/libwolfssl.so ]; then \
+			mv debian/tmp/usr/lib/libwolfssl.so debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \
+		fi; \
+		if [ -f debian/tmp/usr/lib/libwolfssl.a ]; then \
+			mv debian/tmp/usr/lib/libwolfssl.a debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \
+		fi; \
+		if [ -d debian/tmp/usr/lib/pkgconfig ]; then \
+			mv debian/tmp/usr/lib/pkgconfig debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \
+		fi; \
+	fi
+
+# Set proper permissions and strip symbols
+override_dh_strip:
+	dh_strip --dbgsym-migration='libwolfssl-dbg (<< 5.0.0-1~)'
+
+# Auto-clean override - prevent make distclean from removing debian files
+override_dh_auto_clean:
+	# Run make clean instead of make distclean to preserve debian files
+	if [ -f Makefile ]; then \
+		$(MAKE) clean; \
+	fi

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)