diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-14 17:01:43 +0200 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-14 17:41:40 +0200 | 
| commit | b7539c0853dd395cf8b0f81c426e8287852703c4 (patch) | |
| tree | 61b5db9efb398b850ae42c8be3c18f50800bba48 /debian | |
| parent | 7572f83346d955270c99c023e0041c985494ee0d (diff) | |
Create a separate package for lacme-accountd.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/control | 54 | ||||
| -rw-r--r-- | debian/lacme-accountd.install | 2 | ||||
| -rw-r--r-- | debian/lacme-accountd.manpages (renamed from debian/manpages) | 1 | ||||
| -rw-r--r-- | debian/lacme.install | 4 | ||||
| -rw-r--r-- | debian/lacme.manpages | 1 | ||||
| -rwxr-xr-x | debian/rules | 4 | 
6 files changed, 61 insertions, 5 deletions
| diff --git a/debian/control b/debian/control index 533ea03..258ee91 100644 --- a/debian/control +++ b/debian/control @@ -4,16 +4,22 @@ Priority: optional  Maintainer: Guilhem Moulin <guilhem@guilhem.org>  Build-Depends: debhelper (>= 9), jq, pandoc  Standards-Version: 3.9.6 +Homepage: https://git.guilhem.org/lacme/about/  Vcs-Git: https://git.guilhem.org/lacme  Vcs-Browser: https://git.guilhem.org/lacme  Package: lacme  Architecture: all  Depends: ${misc:Depends}, ${perl:Depends}, - libwww-perl, libjson-perl, libconfig-tiny-perl, - libnet-ssleay-perl, openssl -Recommends: liblwp-protocol-https-perl, - libcrypt-openssl-bignum-perl, libcrypt-openssl-rsa-perl + openssl, + libconfig-tiny-perl, + libjson-perl, + libwww-perl, + libnet-ssleay-perl +Recommends: + liblwp-protocol-https-perl +Suggests: + lacme-accountd (= ${binary:Version})  Description: ACME client written with process isolation and minimal privileges in mind   lacme is divided into four components, each with its own executable:   . @@ -43,3 +49,43 @@ Description: ACME client written with process isolation and minimal privileges i      HEAD requests under the "/.well-known/acme-challenge/" URI.  By default      some iptables(8) rules are automatically installed to open the HTTP port,      and removed afterwards. + +Package: lacme-accountd +Architecture: all +Depends: ${misc:Depends}, ${perl:Depends}, + libconfig-tiny-perl, + libjson-perl +Recommends: libcrypt-openssl-rsa-perl +Description: lacme account key manager + lacme is an ACME client written with process isolation and minimal privileges + in mind.  It is divided into four components, each with its own executable: + . +  * A process to manage the account key and issue SHA-256 signatures needed for +    each ACME command.  (This process binds to a UNIX-domain socket to reply to +    signature requests from the ACME client.)  One can use the UNIX-domain +    socket forwarding facility of OpenSSH 6.7 and later to run this process on +    a different host. + . +  * A "master" process, which runs as root and is the only component +    with access to the private key material of the server keys.  It is used to +    fork the ACME client (and optionally the ACME webserver) after dropping +    root privileges.  For certificate issuances, it also generates Certificate +    Signing Requests, then verifies the validity of the issued certificate, and +    optionally reloads or restarts services. + . +  * An actual ACME client, which builds ACME commands and dialogues with +    the remote ACME server.  Since ACME commands need to be signed with the +    account key, the "master" process passes the UNIX-domain socket of the +    account key manager to the ACME client: data signatures are requested by +    writing the data to be signed to the socket. + . +  * For certificate issuances, an optional webserver, which is spawned +    by the "master" process when no service is listening on the HTTP port. +    (The only challenge type currently supported is "http-01", which requires a +    webserver to answer challenges.)  That webserver only processes GET and +    HEAD requests under the "/.well-known/acme-challenge/" URI.  By default +    some iptables(8) rules are automatically installed to open the HTTP port, +    and removed afterwards. + . + lacme-accountd is the first (account key manager) component.  It is the only + component with access to the account key. diff --git a/debian/lacme-accountd.install b/debian/lacme-accountd.install new file mode 100644 index 0000000..9070589 --- /dev/null +++ b/debian/lacme-accountd.install @@ -0,0 +1,2 @@ +lacme-accountd              /usr/bin +config/lacme-accountd.conf  /etc/lacme diff --git a/debian/manpages b/debian/lacme-accountd.manpages index 5ce1b20..953a66d 100644 --- a/debian/manpages +++ b/debian/lacme-accountd.manpages @@ -1,2 +1 @@ -lacme.1  lacme-accountd.1 diff --git a/debian/lacme.install b/debian/lacme.install new file mode 100644 index 0000000..457d2d8 --- /dev/null +++ b/debian/lacme.install @@ -0,0 +1,4 @@ +lacme                                      /usr/sbin +client webserver                           /usr/lib/lacme +config/lacme-certs.conf config/lacme.conf  /etc/lacme +certs/lets-encrypt-x[1-4]-cross-signed.pem /usr/share/lacme diff --git a/debian/lacme.manpages b/debian/lacme.manpages new file mode 100644 index 0000000..e438c58 --- /dev/null +++ b/debian/lacme.manpages @@ -0,0 +1 @@ +lacme.1 diff --git a/debian/rules b/debian/rules index 2d33f6a..f845727 100755 --- a/debian/rules +++ b/debian/rules @@ -2,3 +2,7 @@  %:  	dh $@ + +override_dh_installdocs: +	dh_installdocs -Nlacme-accountd +	dh_installdocs -placme-accountd --link-doc=lacme | 
