DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
# Enable hardening features for daemons
-# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing
+# Note: blhc (build log hardening check) will find these false positives: CPPFLAGS 2 missing, LDFLAGS 1 missing
export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie
DPKG_EXPORT_BUILDFLAGS = 1
# Include buildflags.mk so we can append to the vars it sets.
--with-libcap \
--with-libsodium \
--with-protobuf=yes \
+ --enable-dnstap \
--without-net-snmp \
--disable-silent-rules \
--with-service-user=pdns \
override_dh_auto_install:
dh_auto_install
+ install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config
+ install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua
+ install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua
rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist
- ./pdns_recursor --no-config --config | sed \
+ ./pdns_recursor --no-config --config=default | sed \
-e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
+ -e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \
-e 's!# local-address=.*!local-address=127.0.0.1!' \
+ -e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \
-e 's!# quiet=.*!quiet=yes!' \
+ -e 's!# setgid=.*!setgid=pdns!' \
+ -e 's!# setuid=.*!setuid=pdns!' \
-e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \
+ -e '/^# version-string=.*/d' \
> debian/pdns-recursor/etc/powerdns/recursor.conf
override_dh_strip:
override_dh_gencontrol:
dh_gencontrol -- $(SUBSTVARS)
+
+override_dh_fixperms:
+ dh_fixperms
+# these files often contain passwords. 640 as it is chowned to root:pdns
+ chmod 0640 debian/pdns-recursor/etc/powerdns/recursor.conf
projects / thirdparty / pdns.git / blobdiff