diff options
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/control | 45 | ||||
| -rw-r--r-- | debian/copyright | 15 | ||||
| -rw-r--r-- | debian/gbp.conf | 6 | ||||
| -rw-r--r-- | debian/manpages | 2 | ||||
| -rwxr-xr-x | debian/rules | 4 | ||||
| -rw-r--r-- | debian/source/format | 1 |
8 files changed, 79 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..3f905f6 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +lacme (0.1-1) UNRELEASED; urgency=low + + * Initial release. + + -- Guilhem Moulin <guilhem@guilhem.org> Tue, 08 Dec 2015 18:58:20 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..533ea03 --- /dev/null +++ b/debian/control @@ -0,0 +1,45 @@ +Source: lacme +Section: utils +Priority: optional +Maintainer: Guilhem Moulin <guilhem@guilhem.org> +Build-Depends: debhelper (>= 9), jq, pandoc +Standards-Version: 3.9.6 +Vcs-Git: https://git.guilhem.org/lacme +Vcs-Browser: https://git.guilhem.org/lacme + +Package: lacme +Architecture: all +Depends: ${misc:Depends}, ${perl:Depends}, + libwww-perl, libjson-perl, libconfig-tiny-perl, + libnet-ssleay-perl, openssl +Recommends: liblwp-protocol-https-perl, + libcrypt-openssl-bignum-perl, libcrypt-openssl-rsa-perl +Description: ACME client written with process isolation and minimal privileges in mind + lacme is divided into four components, each with its own executable: + . + * A process to manage the account key and issue SHA-256 signatures needed for + each ACME command. (This process binds to a UNIX-domain socket to reply to + signature requests from the ACME client.) One can use the UNIX-domain + socket forwarding facility of OpenSSH 6.7 and later to run this process on + a different host. + . + * A "master" process, which runs as root and is the only component + with access to the private key material of the server keys. It is used to + fork the ACME client (and optionally the ACME webserver) after dropping + root privileges. For certificate issuances, it also generates Certificate + Signing Requests, then verifies the validity of the issued certificate, and + optionally reloads or restarts services. + . + * An actual ACME client, which builds ACME commands and dialogues with + the remote ACME server. Since ACME commands need to be signed with the + account key, the "master" process passes the UNIX-domain socket of the + account key manager to the ACME client: data signatures are requested by + writing the data to be signed to the socket. + . + * For certificate issuances, an optional webserver, which is spawned + by the "master" process when no service is listening on the HTTP port. + (The only challenge type currently supported is "http-01", which requires a + webserver to answer challenges.) That webserver only processes GET and + HEAD requests under the "/.well-known/acme-challenge/" URI. By default + some iptables(8) rules are automatically installed to open the HTTP port, + and removed afterwards. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..51440e8 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,15 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: native package + +Files: * +Copyright: © 2015 Guilhem Moulin <guilhem@fripost.org> +License: GPL-3+ + +License: GPL-3+ + This package is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + . + On Debian systems, the complete text of the GNU General Public License + version 3 can be found in file "/usr/share/common-licenses/GPL-3". diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..4daf79f --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,6 @@ +[DEFAULT] +upstream-branch = master +debian-branch = debian +upstream-tag = upstream/%(version)s +debian-tag = debian/%(version)s +pristine-tar = False diff --git a/debian/manpages b/debian/manpages new file mode 100644 index 0000000..5ce1b20 --- /dev/null +++ b/debian/manpages @@ -0,0 +1,2 @@ +lacme.1 +lacme-accountd.1 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) |