#!/usr/bin/make -f
# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.

# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1

DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)

include hardening.make
DEFAULT_PIE:=$(DEB_BUILD_HARDENING_PIE)
DEFAULT_STACKPROT:=$(DEB_BUILD_HARDENING_STACKPROTECTOR)

build: build-stamp test
build-stamp:
	# Building
	dh_testdir

	mkdir -p build-tree
	install hardened-cc hardened-ld build-tree

	# Set defaults, based on OS and CPU
	perl -pi -e 's/ #OS#/ '"$(DEB_HOST_ARCH_OS)"'/; s/ #CPU#/ '"$(DEB_HOST_ARCH_CPU)"'/;' build-tree/hardened-cc build-tree/hardened-ld
	perl -pi -e "s/default{'DEB_BUILD_HARDENING_PIE'}=1;/default{'DEB_BUILD_HARDENING_PIE'}=$(DEFAULT_PIE);/;" build-tree/hardened-cc build-tree/hardened-ld
	perl -pi -e "s/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=$(DEFAULT_STACKPROT);/;" build-tree/hardened-cc build-tree/hardened-ld

	# Duplicate cc wrapper to c++
	cp build-tree/hardened-cc build-tree/hardened-c++
	perl -pi -e 's/hardened-cc/hardened-c++/g; s|/usr/bin/cc|/usr/bin/c++|g;' build-tree/hardened-c++

	# Set up man pages
	ln -sf hardened-cc.1 hardening-wrapper.1
	cp hardened-cc.1 hardened-c++.1
	perl -pi -e 's/hardened-cc/hardened-c++/g; s/gcc/g++/g;' hardened-c++.1
	pod2man hardening-check > hardening-check.1

	# Done building
	touch build-stamp

clean:
	dh_testdir
	dh_testroot

	rm -f build-stamp test-stamp
	rm -rf build-tree
	rm -f hardened-c++.1 hardening-wrapper.1 hardening-check.1
	dh_clean

test: build-stamp test-stamp
test-stamp:
	(cd tests; make check)
	# Done testing
	touch test-stamp

install: build
	dh_testdir
	dh_testroot
	dh_clean -k
	dh_installdirs usr/bin
	dh_installdirs -phardening-wrapper -A usr/share/lintian/overrides
	install -m644 debian/lintian.overrides debian/hardening-wrapper/usr/share/lintian/overrides/hardening-wrapper
	install build-tree/hardened-cc build-tree/hardened-c++ build-tree/hardened-ld debian/hardening-wrapper/usr/bin
	# programatically build links (change debian/h-w.{preinst,postrm} too)
	for ver in 4.1 4.2 4.3 4.4 4.5 4.6; do dh_link -phardening-wrapper \
		usr/bin/hardened-cc usr/bin/gcc-$$ver \
		usr/bin/hardened-c++ usr/bin/g++-$$ver \
		;\
	done
	dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.bfd
	dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.gold
	install -m644 -D hardening.make debian/hardening-includes/usr/share/hardening-includes/hardening.make
	install -m755 -D hardening-check debian/hardening-includes/usr/bin/hardening-check


# Build architecture-dependent files here.
binary-arch: build install
#	dh_testversion -a
	dh_perl -a
	dh_testdir -a
	dh_testroot -a
	dh_installdocs -a AUTHORS TODO
	dh_installexamples -a
	dh_installmenu -a
#	dh_installinit -a
	dh_installcron -a
	dh_installman -a
#	dh_undocumented -a
	dh_installchangelogs -a
	dh_strip -a
	dh_compress -a
	dh_fixperms -a
	dh_installdeb -a
	dh_shlibdeps -a
	dh_gencontrol -a
#	dh_makeshlibs -a
	dh_md5sums -a
	dh_builddeb -a

# Build architecture-independent files here.
binary-indep: build install
	dh_testdir -i
	dh_testroot -i
	dh_installchangelogs -i
	dh_installdocs -i
	dh_installexamples -i
#	dh_installmenu -i
#	dh_installdebconf -i
#	dh_installlogrotate -i
#	dh_installemacsen -i
#	dh_installcatalogs -i
#	dh_installpam -i
#	dh_installmime -i
#	dh_installinit -i
#	dh_installcron -i
#	dh_installinfo -i
#	dh_installwm -i
#	dh_installudev -i
#	dh_lintian -i
#	dh_bugfiles -i
#	dh_undocumented -i
	dh_installman -i
	dh_link -i
	dh_compress -i
	dh_fixperms -i
#	dh_perl -i
	dh_installdeb -i
	dh_gencontrol -i
	dh_md5sums -i
	dh_builddeb -i

source diff:
	@echo >&2 'source and diff are obsolete - use dpkg-source -b'; false

binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary test
