aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog80
-rw-r--r--debian/control89
-rw-r--r--debian/copyright15
-rw-r--r--debian/gbp.conf6
-rw-r--r--debian/lacme-accountd.install2
-rw-r--r--debian/lacme-accountd.manpages1
-rw-r--r--debian/lacme.dirs1
-rw-r--r--debian/lacme.install5
-rw-r--r--debian/lacme.links1
-rw-r--r--debian/lacme.manpages1
-rw-r--r--debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch40
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules7
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides2
15 files changed, 252 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..b2b685c
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,80 @@
+lacme (0.6.1-1) unstable; urgency=medium
+
+ * New upstream release. Closes: #955767, #966958.
+ + Default listening socket for the webserver component is now
+ /run/lacme-www.socket. (It was previously under the legacy directory
+ /var/run.)
+ * debian/*: Adapt to new build system.
+ * debian/control: Bump debhelper compatibility level to 13.
+
+ -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Aug 2020 01:43:05 +0200
+
+lacme (0.6-3) unstable; urgency=medium
+
+ * New symlink /etc/apache2/conf-available/lacme.conf pointing to
+ /etc/lacme/apache2.conf for use with the a2enconf/a2disconf interface.
+ (Closes: #955859.)
+ * debian/*.{install,manpages}: Copy files from $DESTDIR (debian/tmp) not
+ from the source tree.
+ * debian/control:
+ + Add "Rules-Requires-Root: no".
+ + Add "debhelper-compat (= 12)" to Build-Depends.
+ + Bump Standards-Version to 4.5.0 (no changes necessary).
+ * Rename debian/source.lintian-overrides to debian/source/lintian-overrides.
+
+ -- Guilhem Moulin <guilhem@debian.org> Sun, 05 Apr 2020 18:26:36 +0200
+
+lacme (0.6-2) unstable; urgency=medium
+
+ * d/control: new dependency for lacme: libtimedate-perl. (It's currently a
+ reverse dependency of LWP, but we use it explicitly.)
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 18 Sep 2019 15:41:03 +0200
+
+lacme (0.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ * d/control: Bump Standards-Version to 4.4.0 (no changes necessary).
+ * d/compat, d/control: Bump debhelper compatibility level to 12.
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 23:50:15 +0200
+
+lacme (0.5-1) unstable; urgency=medium
+
+ * New upstream release, adding support for v2 ACME endpoints.
+ * Fix manpage generation with pandoc >=2.1. (Closes: #896982.)
+ * debian/control:
+ + Bump Standards-Version to 4.1.4. No changes.
+ + Build-depends: bump minimum pandoc version to 2.1.
+ + Depends (lacme): add libtypes-serialiser-perl
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 09 May 2018 14:17:19 +0200
+
+lacme (0.4-1) unstable; urgency=medium
+
+ * Fix manpage generation with pandoc >=1.18. (Closes: #869885.)
+
+ -- Guilhem Moulin <guilhem@debian.org> Fri, 28 Jul 2017 00:24:06 +0200
+
+lacme (0.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * Provide apache2 and nginx configuration snippet in /etc/lacme.
+ * debian/control: Bump Standards-Version to 4.0.0. No changes.
+
+ -- Guilhem Moulin <guilhem@debian.org> Sun, 09 Jul 2017 00:41:23 +0200
+
+lacme (0.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control:
+ + Promote lacme-accountd from lacme's Suggests to Recommends.
+ + Bump Standards-Version to 3.9.8. No changes.
+
+ -- Guilhem Moulin <guilhem@guilhem.org> Mon, 05 Dec 2016 16:35:59 +0100
+
+lacme (0.1-1) unstable; urgency=low
+
+ * Initial release. (Closes: #827357, #827358.)
+
+ -- Guilhem Moulin <guilhem@guilhem.org> Tue, 08 Dec 2015 18:58:20 +0100
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..2b43b79
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,89 @@
+Source: lacme
+Section: utils
+Priority: optional
+Maintainer: Guilhem Moulin <guilhem@debian.org>
+Build-Depends: debhelper-compat (= 13), jq, pandoc (>= 2.1~)
+Rules-Requires-Root: no
+Standards-Version: 4.5.0
+Homepage: https://git.guilhem.org/lacme/about/
+Vcs-Git: https://git.guilhem.org/lacme
+Vcs-Browser: https://git.guilhem.org/lacme
+
+Package: lacme
+Architecture: all
+Depends: libconfig-tiny-perl,
+ libjson-perl,
+ libnet-ssleay-perl,
+ libtimedate-perl,
+ libtypes-serialiser-perl,
+ libwww-perl,
+ openssl,
+ ${misc:Depends},
+ ${perl:Depends}
+Recommends: lacme-accountd (= ${binary:Version}), liblwp-protocol-https-perl
+Description: ACME client written with process isolation and minimal privileges in mind
+ lacme is divided into four components, each with its own executable:
+ .
+ * A process to manage the account key and issue SHA-256 signatures needed for
+ each ACME command. (This process binds to a UNIX-domain socket to reply to
+ signature requests from the ACME client.) One can use the UNIX-domain
+ socket forwarding facility of OpenSSH 6.7 and later to run this process on
+ a different host.
+ .
+ * A "master" process, which runs as root and is the only component
+ with access to the private key material of the server keys. It is used to
+ fork the ACME client (and optionally the ACME webserver) after dropping
+ root privileges. For certificate issuances, it also generates Certificate
+ Signing Requests, then verifies the validity of the issued certificate, and
+ optionally reloads or restarts services.
+ .
+ * An actual ACME client, which builds ACME commands and dialogues with
+ the remote ACME server. Since ACME commands need to be signed with the
+ account key, the "master" process passes the UNIX-domain socket of the
+ account key manager to the ACME client: data signatures are requested by
+ writing the data to be signed to the socket.
+ .
+ * For certificate issuances, an optional webserver, which is spawned
+ by the "master" process when no service is listening on the HTTP port.
+ (The only challenge type currently supported is "http-01", which requires a
+ webserver to answer challenges.) That webserver only processes GET and
+ HEAD requests under the "/.well-known/acme-challenge/" URI. By default
+ some iptables(8) rules are automatically installed to open the HTTP port,
+ and removed afterwards.
+
+Package: lacme-accountd
+Architecture: all
+Depends: libconfig-tiny-perl, libjson-perl, ${misc:Depends}, ${perl:Depends}
+Recommends: libcrypt-openssl-rsa-perl
+Description: lacme account key manager
+ lacme is an ACME client written with process isolation and minimal privileges
+ in mind. It is divided into four components, each with its own executable:
+ .
+ * A process to manage the account key and issue SHA-256 signatures needed for
+ each ACME command. (This process binds to a UNIX-domain socket to reply to
+ signature requests from the ACME client.) One can use the UNIX-domain
+ socket forwarding facility of OpenSSH 6.7 and later to run this process on
+ a different host.
+ .
+ * A "master" process, which runs as root and is the only component
+ with access to the private key material of the server keys. It is used to
+ fork the ACME client (and optionally the ACME webserver) after dropping
+ root privileges. For certificate issuances, it also generates Certificate
+ Signing Requests, then verifies the validity of the issued certificate, and
+ optionally reloads or restarts services.
+ .
+ * An actual ACME client, which builds ACME commands and dialogues with
+ the remote ACME server. Since ACME commands need to be signed with the
+ account key, the "master" process passes the UNIX-domain socket of the
+ account key manager to the ACME client: data signatures are requested by
+ writing the data to be signed to the socket.
+ .
+ * For certificate issuances, an optional webserver, which is spawned
+ by the "master" process when no service is listening on the HTTP port.
+ (The only challenge type currently supported is "http-01", which requires a
+ webserver to answer challenges.) That webserver only processes GET and
+ HEAD requests under the "/.well-known/acme-challenge/" URI. iptables(8)
+ rules can optionally be installed to temporarily open the HTTP port.
+ .
+ lacme-accountd is the first (account key manager) component. It is the only
+ component with access to the account key.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..9da44f7
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,15 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: native package
+
+Files: *
+Copyright: © 2015-2017 Guilhem Moulin <guilhem@fripost.org>
+License: GPL-3+
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in file "/usr/share/common-licenses/GPL-3".
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..4daf79f
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+upstream-branch = master
+debian-branch = debian
+upstream-tag = upstream/%(version)s
+debian-tag = debian/%(version)s
+pristine-tar = False
diff --git a/debian/lacme-accountd.install b/debian/lacme-accountd.install
new file mode 100644
index 0000000..5288ede
--- /dev/null
+++ b/debian/lacme-accountd.install
@@ -0,0 +1,2 @@
+bin/lacme-accountd usr/bin
+etc/lacme/lacme-accountd.conf etc/lacme
diff --git a/debian/lacme-accountd.manpages b/debian/lacme-accountd.manpages
new file mode 100644
index 0000000..34cd34f
--- /dev/null
+++ b/debian/lacme-accountd.manpages
@@ -0,0 +1 @@
+share/man/man1/lacme-accountd.1
diff --git a/debian/lacme.dirs b/debian/lacme.dirs
new file mode 100644
index 0000000..47f5aa9
--- /dev/null
+++ b/debian/lacme.dirs
@@ -0,0 +1 @@
+etc/lacme/lacme-certs.conf.d
diff --git a/debian/lacme.install b/debian/lacme.install
new file mode 100644
index 0000000..4ede614
--- /dev/null
+++ b/debian/lacme.install
@@ -0,0 +1,5 @@
+etc/lacme/apache2.conf etc/lacme/nginx.conf etc/lacme
+etc/lacme/lacme.conf etc/lacme/lacme-certs.conf etc/lacme
+libexec/lacme usr/libexec
+sbin/lacme usr/sbin
+share/lacme usr/share
diff --git a/debian/lacme.links b/debian/lacme.links
new file mode 100644
index 0000000..f3a30f2
--- /dev/null
+++ b/debian/lacme.links
@@ -0,0 +1 @@
+/etc/lacme/apache2.conf /etc/apache2/conf-available/lacme.conf
diff --git a/debian/lacme.manpages b/debian/lacme.manpages
new file mode 100644
index 0000000..393745a
--- /dev/null
+++ b/debian/lacme.manpages
@@ -0,0 +1 @@
+share/man/man8/lacme.8
diff --git a/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch
new file mode 100644
index 0000000..a66e14b
--- /dev/null
+++ b/debian/patches/Mention-the-Debian-BTS-in-the-manpages.patch
@@ -0,0 +1,40 @@
+From 736780d04831312953466c1a69f339af0ec7f2a9 Mon Sep 17 00:00:00 2001
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Thu, 1 Dec 2016 00:49:17 +0100
+Subject: Mention the Debian BTS in the manpages.
+
+---
+ lacme-accountd.1.md | 6 ++++++
+ lacme.8.md | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/lacme-accountd.1.md
++++ b/lacme-accountd.1.md
+@@ -130,6 +130,12 @@ execute [`lacme`(8)] remotely:
+ ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \
+ sudo lacme --socket=/path/to/remote.sock newOrder
+
++Bugs and feedback
++=================
++
++Bugs or feature requests for `lacme-accountd` should be filed with the
++Debian project's bug tracker at <<https://www.debian.org/Bugs/>>.
++
+ See also
+ ========
+
+--- a/lacme.8.md
++++ b/lacme.8.md
+@@ -400,6 +400,12 @@ Examples
+ ~$ sudo lacme newOrder
+ ~$ sudo lacme revokeCert /path/to/server/certificate.pem
+
++Bugs and feedback
++=================
++
++Bugs or feature requests for `lacme` should be filed with the Debian
++project's bug tracker at <<https://www.debian.org/Bugs/>>.
++
+ See also
+ ========
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1c2191a
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+Mention-the-Debian-BTS-in-the-manpages.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..cc86c79
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+override_dh_auto_build:
+ dh_auto_build -- DESTDIR= exec_prefix=/usr datadir=/usr/share runstatedir=/run
+
+%:
+ dh $@
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..264ad5e
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,2 @@
+# this repository is also upstream
+debian-watch-file-is-missing