From 0a4ce40eb8a333f1beebdc332680d10789ce8426 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Thu, 4 Sep 2025 14:01:33 +0100 Subject: [PATCH] Make Debian packaging more Debian-like When you do `./configure`, the options are stored in the rules file. This then means you can use the normal Debian packaging methods. `make deb` also now uses `dpkg-buildpackage`. --- .github/workflows/packaging.yml | 4 +- Docker/packaging/debian/Dockerfile | 3 +- configure.ac | 7 +++ debian/include.am | 82 ++++++------------------------ debian/libwolfssl-dev.install | 6 +++ debian/libwolfssl.install | 1 + debian/rules.in | 79 ++++++++++++++++++++++++++++ debian/source/format | 1 + 8 files changed, 112 insertions(+), 71 deletions(-) create mode 100644 debian/libwolfssl-dev.install create mode 100644 debian/libwolfssl.install create mode 100644 debian/rules.in create mode 100644 debian/source/format diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index e498e33af..2b78fc8f9 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -45,8 +45,8 @@ jobs: - name: Confirm packages built run: | DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l) - if [ "$DEB_COUNT" != "2" ]; then - echo Did not find exactly two deb packages!!! + if [ "$DEB_COUNT" != "3" ]; then + echo Did not find exactly three deb packages!!! exit 1 fi # disabled 20240919 -- broken target. diff --git a/Docker/packaging/debian/Dockerfile b/Docker/packaging/debian/Dockerfile index 87b0c1c80..a485273b7 100644 --- a/Docker/packaging/debian/Dockerfile +++ b/Docker/packaging/debian/Dockerfile @@ -2,5 +2,4 @@ FROM debian:latest RUN apt-get -y update RUN apt-get -y upgrade -RUN apt-get install -y build-essential autoconf gawk debhelper lintian - +RUN apt-get install -y build-essential autoconf gawk debhelper lintian dpkg-dev diff --git a/configure.ac b/configure.ac index 51c614a4f..0a7c101f4 100644 --- a/configure.ac +++ b/configure.ac @@ -46,6 +46,12 @@ AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg WOLFSSL_CONFIG_ARGS=$ac_configure_args AC_SUBST([WOLFSSL_CONFIG_ARGS]) +# Store configure options and CFLAGS for debian rules generation +CONFIGURE_OPTIONS="$ac_configure_args" +CONFIGURE_CFLAGS="$CFLAGS" +AC_SUBST([CONFIGURE_OPTIONS]) +AC_SUBST([CONFIGURE_CFLAGS]) + # shared library versioning # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately @@ -10940,6 +10946,7 @@ AC_CONFIG_FILES([Makefile wolfcrypt/test/test_paths.h ]) AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test]) +AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/debian/include.am b/debian/include.am index e6f932b89..f939867b2 100644 --- a/debian/include.am +++ b/debian/include.am @@ -1,77 +1,25 @@ # vim:ft=automake -DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) - +# Debian packaging using dpkg-buildpackage deb: -# Setup meta folders - mkdir -p debian/libwolfssl/DEBIAN debian/libwolfssl-dev/DEBIAN -# "Install" wolfSSL - make install exec_prefix=$(CURDIR)/debian/libwolfssl/usr \ - prefix=$(CURDIR)/debian/libwolfssl-dev/usr -# deb shared lib stuff - fakeroot dh_makeshlibs - dh_shlibdeps - dh_installdeb -# Generate the lib and src descriptions - fakeroot dh_gencontrol -# Make adjustments to the package structure and to satisfy lintian checks -# Correct doc dir name - @rm -rf debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev - @mv debian/libwolfssl-dev/usr/share/doc/wolfssl \ - debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev -# Clear lib folder - @rm -rf debian/libwolfssl-dev/usr/lib - @mkdir -p debian/libwolfssl-dev/usr/lib -# Move the top level .so into the dev pkg - @mv debian/libwolfssl/usr/lib/libwolfssl.so debian/libwolfssl-dev/usr/lib -# Create correct pkg doc dir - @rm -rf debian/libwolfssl/usr/share/doc/libwolfssl - @mkdir -p debian/libwolfssl/usr/share/doc/libwolfssl -# Place changelog - @gzip -n -9 -c debian/changelog | \ - tee debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz > \ - debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz -# Place copyright - @cp debian/copyright debian/libwolfssl/usr/share/doc/libwolfssl - @cp debian/copyright debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev -# Remove .la file https://wiki.debian.org/ReleaseGoals/LAFileRemoval - @rm debian/libwolfssl/usr/lib/libwolfssl.la -# Strip unwanted symbols -# https://www.debian.org/doc/debian-policy/ch-files.html#binaries - @strip --strip-unneeded debian/libwolfssl/usr/lib/libwolfssl.so.*.*.* -# Place pkgconfig so that it is available for cross-compilation -# https://lintian.debian.org/tags/pkg-config-unavailable-for-cross-compilation - @rm -rf debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH) - @mkdir -p debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH) - @mv debian/libwolfssl/usr/lib/pkgconfig \ - debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH) -# Set the expected access rules - @chmod 644 debian/libwolfssl/usr/lib/libwolfssl.so.*.*.* - @chmod 644 debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz \ - debian/libwolfssl/usr/share/doc/libwolfssl/copyright \ - debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz \ - debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/copyright -# Do this as the last step to mark all directories with the correct access bits - @find debian/libwolfssl*/usr -type d | xargs chmod 755 -# Generate debs - dpkg-deb --root-owner-group -b debian/libwolfssl . - dpkg-deb --root-owner-group -b debian/libwolfssl-dev . -# Check that everything is correct with lintian -# - we don't provide a manual page for wolfssl-config -# - we don't care about matching the soname for our debs - lintian *.deb --fail-on error,warning --tag-display-limit 0 \ - --suppress-tags no-manual-page,package-name-doesnt-match-sonames -# Clean up the working dirs - make deb-clean + dpkg-buildpackage -us -uc + +deb-source: + dpkg-buildpackage -S -us -uc + +deb-binary: + dpkg-buildpackage -B -us -uc deb-docker: docker build -t "debian-builder:Dockerfile" Docker/packaging/debian docker run --rm -v $(CURDIR):/opt/wolfssl debian-builder:Dockerfile \ - bash -c 'cd /opt/wolfssl && ./config.status --recheck && make deb && \ - make clean deb-clean &> /dev/null' -# To allow the user to keep using the configuration on the host - @./config.status --recheck &> /dev/null + bash -c 'cd /opt/wolfssl && ./autogen.sh && ./configure $(WOLFSSL_CONFIG_ARGS) && make deb && find .. -maxdepth 1 -type f -exec cp {} . \;' deb-clean: + dh_clean --exclude=debian/control --exclude=debian/changelog \ + --exclude=debian/rules || true rm -rf debian/libwolfssl debian/libwolfssl-dev debian/files \ - debian/*.substvars debian/.debhelper + debian/*.substvars debian/.debhelper debian/tmp + rm -f debian/debhelper-build-stamp + +.PHONY: deb deb-source deb-binary deb-docker deb-clean diff --git a/debian/libwolfssl-dev.install b/debian/libwolfssl-dev.install new file mode 100644 index 000000000..21de1f206 --- /dev/null +++ b/debian/libwolfssl-dev.install @@ -0,0 +1,6 @@ +usr/include/ +usr/lib/*/libwolfssl.so +usr/lib/*/libwolfssl.a +usr/lib/*/pkgconfig/wolfssl.pc +usr/bin/wolfssl-config +usr/share/doc/wolfssl/ diff --git a/debian/libwolfssl.install b/debian/libwolfssl.install new file mode 100644 index 000000000..74c748be5 --- /dev/null +++ b/debian/libwolfssl.install @@ -0,0 +1 @@ +usr/lib/*/libwolfssl.so.* diff --git a/debian/rules.in b/debian/rules.in new file mode 100644 index 000000000..d9c7b8602 --- /dev/null +++ b/debian/rules.in @@ -0,0 +1,79 @@ +#!/usr/bin/make -f + +# Store the configure options and CFLAGS used during ./configure +# This file is generated from rules.in by the configure script +CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@ +CONFIGURE_CFLAGS = @CONFIGURE_CFLAGS@ +ENABLED_FIPS = @ENABLED_FIPS@ + +# Use debhelper with automatic sequence +%: + dh $@ + +# Override configure to use the stored options +override_dh_auto_configure: + ./configure \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) \ + --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ + --libexecdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ + --disable-maintainer-mode \ + --disable-dependency-tracking \ + --enable-shared \ + --enable-static \ + $(CONFIGURE_OPTIONS) \ + CFLAGS="$(CONFIGURE_CFLAGS)" + +# Override test to skip them (optional, remove if you want to run tests) +#override_dh_auto_test: + # Skip tests during package build + +# Handle FIPS builds which require special hash generation +override_dh_auto_build: +ifeq ($(ENABLED_FIPS),yes) + # FIPS build requires two-stage process with hash generation + $(MAKE) + ./fips-hash.sh + $(MAKE) +else + # Standard build + dh_auto_build +endif + +# Handle multiarch library placement and remove .la files +override_dh_auto_install: + dh_auto_install + # Remove .la files (not needed in modern Debian packages) + find debian/tmp -name '*.la' -delete + # Move libraries to multiarch directory if needed + if [ -d debian/tmp/usr/lib ]; then \ + mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH); \ + if [ -f debian/tmp/usr/lib/libwolfssl.so.* ]; then \ + mv debian/tmp/usr/lib/libwolfssl.so.* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \ + fi; \ + if [ -f debian/tmp/usr/lib/libwolfssl.so ]; then \ + mv debian/tmp/usr/lib/libwolfssl.so debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \ + fi; \ + if [ -f debian/tmp/usr/lib/libwolfssl.a ]; then \ + mv debian/tmp/usr/lib/libwolfssl.a debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \ + fi; \ + if [ -d debian/tmp/usr/lib/pkgconfig ]; then \ + mv debian/tmp/usr/lib/pkgconfig debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/; \ + fi; \ + fi + +# Set proper permissions and strip symbols +override_dh_strip: + dh_strip --dbgsym-migration='libwolfssl-dbg (<< 5.0.0-1~)' + +# Auto-clean override - prevent make distclean from removing debian files +override_dh_auto_clean: + # Run make clean instead of make distclean to preserve debian files + if [ -f Makefile ]; then \ + $(MAKE) clean; \ + fi diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..89ae9db8f --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native)