#!/usr/bin/make -f

NULL =

DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow

# If the build environment sets -Bsymbolic-functions, which is often used as
# hardening option, that would break libvirt build time self-testing.
# Therefore let dpkg-buildflag strip that option if present.
DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions

DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/default.mk

# Fail if the symbols file contains certain mistakes
DPKG_GENSYMBOLS_CHECK_LEVEL = 4
export DPKG_GENSYMBOLS_CHECK_LEVEL

include debian/arches.mk

ifeq ($(DEB_HOST_ARCH_OS), linux)
    WITH_DAEMONS              = -Ddriver_libvirtd=enabled -Dhost_validate=enabled -Dssh_proxy=enabled
    WITH_ESX                  = -Ddriver_esx=enabled -Dcurl=enabled
    WITH_VMWARE               = -Ddriver_vmware=enabled
    WITH_STORAGE_FS           = -Dstorage_fs=enabled
    WITH_STORAGE_DIR          = -Dstorage_dir=enabled
    WITH_STORAGE_LVM          = -Dstorage_lvm=enabled
    WITH_STORAGE_SCSI         = -Dstorage_scsi=enabled
    WITH_STORAGE_ISCSI        = -Dstorage_iscsi=enabled
    WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=enabled -Dlibiscsi=enabled
    WITH_STORAGE_DISK         = -Dstorage_disk=enabled
    WITH_STORAGE_MPATH        = -Dstorage_mpath=enabled
    WITH_STORAGE_ZFS          = -Dstorage_zfs=enabled
    WITH_BLKID                = -Dblkid=enabled
    WITH_FUSE                 = -Dfuse=enabled
    WITH_UDEV                 = -Dudev=enabled -Dpciaccess=enabled
    WITH_CAPNG                = -Dcapng=enabled
    WITH_LIBNL                = -Dlibnl=enabled
    WITH_NETWORK              = -Ddriver_network=enabled -Dfirewall_backend_priority=iptables,nftables
    WITH_INTERFACE            = -Ddriver_interface=enabled
    WITH_SECRETS              = -Ddriver_secrets=enabled
    WITH_OPENVZ               = -Ddriver_openvz=enabled
    WITH_JSON_C               = -Djson_c=enabled
    WITH_POLKIT               = -Dpolkit=enabled
    WITH_SANLOCK              = -Dsanlock=enabled
    WITH_INIT_SCRIPT          = -Dinit_script=systemd
    WITH_FIREWALLD            = -Dfirewalld=enabled
    WITH_ATTR                 = -Dattr=enabled
    WITH_AUDIT                = -Daudit=enabled
    WITH_LIBPCAP              = -Dlibpcap=enabled
    WITH_SELINUX              = -Dselinux=enabled -Dsecdriver_selinux=enabled -Dselinux_mount=/sys/fs/selinux
    WITH_APPARMOR             = -Dapparmor=enabled -Dsecdriver_apparmor=enabled -Dapparmor_profiles=enabled
    WITH_NSS_PLUGIN           = -Dnss=enabled
    WITH_DTRACE               = -Ddtrace=enabled
    WITH_NUMA                 = -Dnumactl=enabled -Dnumad=enabled
    WITH_SYSCTL               = -Dsysctl_config=enabled -Duserfaultfd_sysctl=enabled
    WITH_LXC                  = -Ddriver_lxc=enabled
    WITH_LOGIN_SHELL          = -Dlogin_shell=enabled
else
    WITH_DAEMONS              = -Ddriver_libvirtd=disabled -Dhost_validate=disabled -Dssh_proxy=disabled
    WITH_ESX                  = -Ddriver_esx=disabled -Dcurl=disabled
    WITH_VMWARE               = -Ddriver_vmware=disabled
    WITH_STORAGE_FS           = -Dstorage_fs=disabled
    WITH_STORAGE_DIR          = -Dstorage_dir=disabled
    WITH_STORAGE_LVM          = -Dstorage_lvm=disabled
    WITH_STORAGE_SCSI         = -Dstorage_scsi=disabled
    WITH_STORAGE_ISCSI        = -Dstorage_iscsi=disabled
    WITH_STORAGE_ISCSI_DIRECT = -Dstorage_iscsi_direct=disabled -Dlibiscsi=disabled
    WITH_STORAGE_DISK         = -Dstorage_disk=disabled
    WITH_STORAGE_MPATH        = -Dstorage_mpath=enabled
    WITH_STORAGE_ZFS          = -Dstorage_zfs=disabled
    WITH_BLKID                = -Dblkid=disabled
    WITH_FUSE                 = -Dfuse=disabled
    WITH_UDEV                 = -Dudev=disabled -Dpciaccess=disabled
    WITH_CAPNG                = -Dcapng=disabled
    WITH_LIBNL                = -Dlibnl=disabled
    WITH_NETWORK              = -Ddriver_network=disabled -Dfirewall_backend_priority=iptables,nftables
    WITH_INTERFACE            = -Ddriver_interface=disabled
    WITH_SECRETS              = -Ddriver_secrets=disabled
    WITH_OPENVZ               = -Ddriver_openvz=disabled
    WITH_POLKIT               = -Dpolkit=disabled
    WITH_JSON_C               = -Djson_c=disabled
    WITH_SANLOCK              = -Dsanlock=disabled
    WITH_INIT_SCRIPT          = -Dinit_script=none
    WITH_FIREWALLD            = -Dfirewalld=disabled
    WITH_ATTR                 = -Dattr=disabled
    WITH_AUDIT                = -Daudit=disabled
    WITH_LIBPCAP              = -Dlibpcap=disabled
    WITH_SELINUX              = -Dselinux=disabled -Dsecdriver_selinux=disabled -Dselinux_mount=
    WITH_APPARMOR             = -Dapparmor=disabled -Dsecdriver_apparmor=disabled -Dapparmor_profiles=disabled
    WITH_NSS_PLUGIN           = -Dnss=disabled
    WITH_DTRACE               = -Ddtrace=disabled
    WITH_NUMA                 = -Dnumactl=disabled -Dnumad=disabled
    WITH_SYSCTL               = -Dsysctl_config=disabled -Duserfaultfd_sysctl=disabled
    WITH_LXC                  = -Ddriver_lxc=disabled
    WITH_LOGIN_SHELL          = -Dlogin_shell=disabled
endif

ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_CEPH)))
    WITH_STORAGE_RBD          = -Dstorage_rbd=enabled
else
    WITH_STORAGE_RBD          = -Dstorage_rbd=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_GLUSTER)))
    WITH_STORAGE_GLUSTER      = -Dstorage_gluster=enabled -Dglusterfs=enabled
else
    WITH_STORAGE_GLUSTER      = -Dstorage_gluster=disabled -Dglusterfs=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_QEMU)))
    WITH_QEMU                 = -Ddriver_qemu=enabled
else
    WITH_QEMU                 = -Ddriver_qemu=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_XEN)))
    WITH_LIBXL                = -Ddriver_libxl=enabled
else
    WITH_LIBXL                = -Ddriver_libxl=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_VBOX)))
    WITH_VBOX                 = -Ddriver_vbox=enabled
else
    WITH_VBOX                 = -Ddriver_vbox=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_WIRESHARK)))
    WITH_WIRESHARK            = -Dwireshark_dissector=enabled
else
    WITH_WIRESHARK            = -Dwireshark_dissector=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_NBDKIT)))
    WITH_NBDKIT               = -Dnbdkit=enabled -Dnbdkit_config_default=enabled
else
    WITH_NBDKIT               = -Dnbdkit=disabled -Dnbdkit_config_default=disabled
endif

DEB_CONFIGURE_EXTRA_ARGS := \
    --libexecdir=/usr/lib/libvirt \
    -Drunstatedir=/run \
    -Dinitconfdir=/etc/default \
    -Dsshconfdir=/etc/ssh/ssh_config.d \
    -Dunitdir=/usr/lib/systemd/system \
    -Dsysusersdir=/usr/lib/sysusers.d \
    -Dno_git=true \
    -Dpackager="$(DEB_VENDOR)" \
    -Dpackager_version="$(DEB_VERSION)" \
    $(WITH_DAEMONS) \
    $(WITH_QEMU) \
    -Ddriver_remote=enabled \
    -Dremote_default_mode=legacy \
    -Ddriver_test=enabled \
    -Ddriver_ch=disabled \
    -Ddriver_bhyve=disabled \
    -Ddriver_hyperv=disabled \
    -Dopenwsman=disabled \
    -Ddriver_vz=disabled \
    -Dqemu_user=libvirt-qemu \
    -Dqemu_group=kvm \
    -Dqemu_moddir=/usr/lib/$(DEB_HOST_MULTIARCH)/qemu \
    -Dqemu_datadir=/usr/share/qemu \
    -Ddocs=enabled \
    -Ddocdir=/usr/share/doc/libvirt \
    -Dtests=enabled \
    -Drpath=disabled \
    -Dnls=enabled \
    -Dtls_priority=NORMAL \
    $(WITH_OPENVZ) \
    -Dsasl=enabled \
    -Dlibssh2=disabled \
    -Dlibssh=enabled \
    -Dreadline=enabled \
    -Dbash_completion=enabled \
    -Dbash_completion_dir=/usr/share/bash-completion/completions \
    $(WITH_JSON_C) \
    $(WITH_POLKIT) \
    $(WITH_SANLOCK) \
    $(WITH_UDEV) \
    $(WITH_STORAGE_FS) \
    $(WITH_STORAGE_DIR) \
    $(WITH_STORAGE_LVM) \
    $(WITH_STORAGE_SCSI) \
    $(WITH_STORAGE_ISCSI) \
    $(WITH_STORAGE_ISCSI_DIRECT) \
    $(WITH_STORAGE_DISK) \
    $(WITH_STORAGE_RBD) \
    $(WITH_STORAGE_GLUSTER) \
    $(WITH_STORAGE_MPATH) \
    $(WITH_STORAGE_ZFS) \
    -Dstorage_vstorage=disabled \
    $(WITH_BLKID) \
    $(WITH_FUSE) \
    $(WITH_INIT_SCRIPT) \
    $(WITH_NUMA) \
    $(WITH_SYSCTL) \
    $(WITH_SELINUX) \
    $(WITH_APPARMOR) \
    $(WITH_ESX) \
    $(WITH_VMWARE) \
    $(WITH_CAPNG) \
    $(WITH_LIBNL) \
    $(WITH_NETWORK) \
    -Dnetcf=disabled \
    $(WITH_INTERFACE) \
    $(WITH_SECRETS) \
    $(WITH_LIBXL) \
    $(WITH_VBOX) \
    $(WITH_LXC) \
    $(WITH_LOGIN_SHELL) \
    $(WITH_DTRACE) \
    $(WITH_AUDIT) \
    $(WITH_LIBPCAP) \
    $(WITH_FIREWALLD) \
    $(WITH_ATTR) \
    $(WITH_NSS_PLUGIN) \
    $(WITH_NBDKIT) \
    $(WITH_WIRESHARK) \
    -Dpm_utils=disabled \
    $(NULL)

DEB_BUILDDIR := $(CURDIR)/debian/build
DEB_DESTDIR := $(CURDIR)/debian/tmp

%:
	dh $@ --builddirectory=$(DEB_BUILDDIR)

override_dh_auto_configure:
	dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS)

# The default timeout for tests in Meson is 30s, which is not enough
# for architectures with slow buildds: make the timeout 10 times
# larger (5m) to account for those
#
# Additionally, disable the syntax-check tests, as failures there don't
# indicate functional issues, plus they get tripped up by the fact that
# there are additional files in debian/ that they don't expect
override_dh_auto_test:
	export LD_PRELOAD=""; \
	export VIR_TEST_DEBUG=1; \
	if ! dh_auto_test -- --timeout-multiplier 10 \
	                     --no-suite syntax-check; \
	then \
	    cat $(DEB_BUILDDIR)/meson-logs/testlog.txt; \
	    exit 1; \
	fi

# After the upstream build system has installed libvirt into $(DEB_DESTDIR),
# we need to make some tweaks (add a few extra files, delete some contents
# we're not interested in, move things around) so that later calls to the
# various dh_* tools will work optimally. This target is the perfect place
# to perform such operations
execute_after_dh_auto_install:
ifeq ($(DEB_HOST_ARCH_OS), linux)
	# Disable network autostart
	rm -rf $(DEB_DESTDIR)/etc/libvirt/qemu/networks/autostart/

	# Move systcl files (we consider them examples)
	mkdir -p $(DEB_DESTDIR)/usr/share/doc/libvirt/examples/sysctl/
	mv $(DEB_DESTDIR)/usr/lib/sysctl.d/* \
	   $(DEB_DESTDIR)/usr/share/doc/libvirt/examples/sysctl/

	# Move networks (installed in /etc/ via maintscripts)
	mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/networks/
	mv $(DEB_DESTDIR)/etc/libvirt/qemu/networks/* \
	   $(DEB_DESTDIR)/usr/share/libvirt/networks/

	# Move nwfilters (installed in /etc/ via maintscripts)
	mkdir -p $(DEB_DESTDIR)/usr/share/libvirt/nwfilter/
	mv $(DEB_DESTDIR)/etc/libvirt/nwfilter/* \
	   $(DEB_DESTDIR)/usr/share/libvirt/nwfilter/

	# Rename the upstream polkit rule so that it matches the name used
	# historically in Debian
	mv $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/50-libvirt.rules \
	   $(DEB_DESTDIR)/usr/share/polkit-1/rules.d/60-libvirt.rules

	# Prepare Debian-specific configuration files to be installed
	mkdir -p $(DEB_DESTDIR)/etc/apt/apt.conf.d/
	cp debian/apt/* \
	   $(DEB_DESTDIR)/etc/apt/apt.conf.d/

	# Install apport package hook
	mkdir -p $(DEB_DESTDIR)/usr/share/apport/package-hooks/
	cp -f debian/libvirt-daemon-common.apport \
	      $(DEB_DESTDIR)/usr/share/apport/package-hooks/source_libvirt.py

	# Copy dnsmasq configuration
	mkdir -p $(DEB_DESTDIR)/etc/dnsmasq.d-available/
	cp debian/libvirt-daemon-config-network.dnsmasq \
	   $(DEB_DESTDIR)/etc/dnsmasq.d-available/libvirt-daemon

	# Add profile script to automatically set default URI
	mkdir -p $(DEB_DESTDIR)/etc/profile.d/
	cp -f debian/libvirt-uri.sh $(DEB_DESTDIR)/etc/profile.d/
endif

	# Copy the release notes where dh_installdocs can find them
	cp NEWS.rst \
	   $(DEB_DESTDIR)/usr/share/doc/libvirt/NEWS

	# Don't ship the CI dashboard, which is not useful as documentation
	# triggers the privacy-breach-generic Lintian tag
	rm $(DEB_DESTDIR)/usr/share/doc/libvirt/html/ci-dashboard.html

ifeq ($(DEB_HOST_ARCH_OS), linux)
execute_after_dh_install:
	dh_apparmor -p libvirt-daemon --profile-name=usr.sbin.libvirtd
	dh_apparmor -p libvirt-daemon-common --profile-name=usr.lib.libvirt.virt-aa-helper

override_dh_installinit:
	dh_installinit -p libvirt-daemon --name=libvirtd --restart-after-upgrade
	dh_installinit -p libvirt-daemon-log --name=virtlogd --no-stop-on-upgrade
	dh_installinit -p libvirt-daemon-lock --name=virtlockd --no-stop-on-upgrade
	dh_installinit -p libvirt-daemon-common --name=libvirt-guests --no-start

override_dh_installsystemd:
	dh_installsystemd -p libvirt-daemon --no-also libvirtd.service
	dh_installsystemd -p libvirt-daemon --no-stop-on-upgrade libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
	dh_installsystemd -p libvirt-daemon-log --no-stop-on-upgrade virtlogd.service virtlogd.socket virtlogd-admin.socket
	dh_installsystemd -p libvirt-daemon-lock --no-stop-on-upgrade virtlockd.service virtlockd.socket virtlockd-admin.socket
	dh_installsystemd -p libvirt-daemon-common --no-stop-on-upgrade libvirt-guests.service
endif

override_dh_installchangelogs:
	dh_installchangelogs -plibvirt-common
	dh_installchangelogs -plibvirt-doc

override_dh_installdocs:
	dh_installdocs -plibvirt-common
	dh_installdocs -plibvirt-doc --doc-main-package libvirt-doc

# dh_missing can't figure out that some files are skipped on purpose due
# to the conditionals above, so let's make the error non-fatal for -indep
# builds. -arch builds don't need this because we sync whether each feature
# is enabled and whether the corresponding files are installed
override_dh_missing-indep:
	dh_missing --list-missing

execute_before_dh_auto_clean:
	if test "$(DEB_LIBVIRT_MAINTAINER)"; then \
	    debian/scripts/process-templates.py --mode verify; \
	fi
	debian/scripts/process-templates.py --mode build \
	                                    --arch $(DEB_HOST_ARCH) \
	                                    --os $(DEB_HOST_ARCH_OS)
