/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/rules

  • Committer: Teddy Hogeborn
  • Date: 2016-03-19 03:19:04 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160319031904-v76knawxxbef79xv
Client: Fix permissions on plugin helper directory.

The Makefile target "install-client-nokey" creates the plugin-helper
directory /usr/lib/<ARCH>/mandos/plugin-helpers as mode u=rwx,go=
(0700).  Make this also the case for the Debian package.  Also change
the Makefile so it does not install the plugin helper
"mandos-client-iprouteadddel" as setuid root; this is unnecessary and
was, due to dh_fixperms, never propagated to the Debian package
anyway.

* Makefile (install-client-nokey): Do not set setuid bit on
  "plugin-helpers/mandos-client-iprouteadddel".
* debian/mandos-client.postinst (configure): If older version, fix
  permissions on plugin helper directory.
* debian/rules (override_dh_fixperms-arch): Exclude plugin helper
  directory from dh_fixperms.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
#!/usr/bin/make -f
2
 
 
3
 
ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
4
 
    MAKEFLAGS += OPTIMIZE=-O0
5
 
endif
6
 
 
7
 
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
8
 
    NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
9
 
    MAKEFLAGS += -j$(NUMJOBS)
10
 
endif
11
 
 
12
2
%:
13
3
        dh $@
14
4
 
32
22
override_dh_fixperms-arch:
33
23
        dh_fixperms --exclude etc/keys/mandos \
34
24
                --exclude etc/mandos/plugins.d \
35
 
                --exclude etc/mandos/plugin-helpers \
36
 
                --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugins.d \
37
 
                --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugin-helpers \
 
25
                --exclude usr/lib/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/mandos/plugins.d \
 
26
                --exclude usr/lib/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/mandos/plugin-helpers \
38
27
                --exclude usr/share/doc/mandos-client/examples/network-hooks.d
39
28
        chmod --recursive g-w -- \
40
29
        "$(CURDIR)/debian/mandos-client/usr/share/doc/mandos-client/examples/network-hooks.d"
43
32
        dh_fixperms --exclude etc/mandos/clients.conf
44
33
 
45
34
override_dh_auto_test-arch: ;
46
 
 
47
 
#bpo## dpkg-shlibdeps sees the "libgnutls28-dev (>= 3.6.6) |
48
 
#bpo## libgnutls28-dev (<< 3.6.0)," in the build-dependencies not as two
49
 
#bpo## alternatives, but as an absolute dependency on libgnutls30 >= 3.6.6.
50
 
#bpo## So we have to do this ugly hack to hide this build dependency if we
51
 
#bpo## compiled with libgnutls30 << 3.6.0.
52
 
#bpo#override_dh_shlibdeps-arch:
53
 
#bpo#   -gnutls_version=$$(dpkg-query --showformat='$${Version}' \
54
 
#bpo#           --show libgnutls30); \
55
 
#bpo#   dpkg --compare-versions $$gnutls_version lt 3.6.0 \
56
 
#bpo#           && { cp --archive debian/control debian/control.orig; sed --expression='s/libgnutls28-dev (>= 3\.6\.6) |//' debian/control; }
57
 
#bpo#   dh_shlibdeps
58
 
#bpo#   -gnutls_version=$$(dpkg-query --showformat='$${Version}' \
59
 
#bpo#           --show libgnutls30); \
60
 
#bpo#   dpkg --compare-versions $$gnutls_version lt 3.6.0 \
61
 
#bpo#           && mv debian/control.orig debian/control