aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog22
-rw-r--r--debian/compat1
-rw-r--r--debian/control88
-rw-r--r--debian/copyright15
-rw-r--r--debian/gbp.conf6
-rw-r--r--debian/lacme-accountd.install2
-rw-r--r--debian/lacme-accountd.manpages1
-rw-r--r--debian/lacme.dirs1
-rw-r--r--debian/lacme.install5
-rw-r--r--debian/lacme.manpages1
-rw-r--r--debian/patches/0001-Mention-the-Debian-BTS-in-the-manpages.patch47
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules4
-rw-r--r--debian/source.lintian-overrides2
-rw-r--r--debian/source/format1
15 files changed, 197 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..f05b265
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,22 @@
+lacme (0.3-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+ * Provide nginx configuration snippet in /etc/lacme/nginx.conf
+ * debian/control: Bump Standards-Version to 4.0.0. No changes.
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 28 Jun 2017 22:14:15 +0200
+
+lacme (0.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control:
+ + Promote lacme-accountd from lacme's Suggests to Recommends.
+ + Bump Standards-Version to 3.9.8. No changes.
+
+ -- Guilhem Moulin <guilhem@guilhem.org> Mon, 05 Dec 2016 16:35:59 +0100
+
+lacme (0.1-1) unstable; urgency=low
+
+ * Initial release. (Closes: #827357, #827358.)
+
+ -- Guilhem Moulin <guilhem@guilhem.org> Tue, 08 Dec 2015 18:58:20 +0100
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..93c26f7
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,88 @@
+Source: lacme
+Section: utils
+Priority: optional
+Maintainer: Guilhem Moulin <guilhem@debian.org>
+Build-Depends: debhelper (>= 9), jq, pandoc
+Standards-Version: 4.0.0
+Homepage: https://git.guilhem.org/lacme/about/
+Vcs-Git: https://git.guilhem.org/lacme
+Vcs-Browser: https://git.guilhem.org/lacme
+
+Package: lacme
+Architecture: all
+Depends: ${misc:Depends}, ${perl:Depends},
+ openssl,
+ libconfig-tiny-perl,
+ libjson-perl,
+ libwww-perl,
+ libnet-ssleay-perl
+Recommends: liblwp-protocol-https-perl, lacme-accountd (= ${binary:Version})
+Description: ACME client written with process isolation and minimal privileges in mind
+ lacme is divided into four components, each with its own executable:
+ .
+ * A process to manage the account key and issue SHA-256 signatures needed for
+ each ACME command. (This process binds to a UNIX-domain socket to reply to
+ signature requests from the ACME client.) One can use the UNIX-domain
+ socket forwarding facility of OpenSSH 6.7 and later to run this process on
+ a different host.
+ .
+ * A "master" process, which runs as root and is the only component
+ with access to the private key material of the server keys. It is used to
+ fork the ACME client (and optionally the ACME webserver) after dropping
+ root privileges. For certificate issuances, it also generates Certificate
+ Signing Requests, then verifies the validity of the issued certificate, and
+ optionally reloads or restarts services.
+ .
+ * An actual ACME client, which builds ACME commands and dialogues with
+ the remote ACME server. Since ACME commands need to be signed with the
+ account key, the "master" process passes the UNIX-domain socket of the
+ account key manager to the ACME client: data signatures are requested by
+ writing the data to be signed to the socket.
+ .
+ * For certificate issuances, an optional webserver, which is spawned
+ by the "master" process when no service is listening on the HTTP port.
+ (The only challenge type currently supported is "http-01", which requires a
+ webserver to answer challenges.) That webserver only processes GET and
+ HEAD requests under the "/.well-known/acme-challenge/" URI. By default
+ some iptables(8) rules are automatically installed to open the HTTP port,
+ and removed afterwards.
+
+Package: lacme-accountd
+Architecture: all
+Depends: ${misc:Depends}, ${perl:Depends},
+ libconfig-tiny-perl,
+ libjson-perl
+Recommends: libcrypt-openssl-rsa-perl
+Description: lacme account key manager
+ lacme is an ACME client written with process isolation and minimal privileges
+ in mind. It is divided into four components, each with its own executable:
+ .
+ * A process to manage the account key and issue SHA-256 signatures needed for
+ each ACME command. (This process binds to a UNIX-domain socket to reply to
+ signature requests from the ACME client.) One can use the UNIX-domain
+ socket forwarding facility of OpenSSH 6.7 and later to run this process on
+ a different host.
+ .
+ * A "master" process, which runs as root and is the only component
+ with access to the private key material of the server keys. It is used to
+ fork the ACME client (and optionally the ACME webserver) after dropping
+ root privileges. For certificate issuances, it also generates Certificate
+ Signing Requests, then verifies the validity of the issued certificate, and
+ optionally reloads or restarts services.
+ .
+ * An actual ACME client, which builds ACME commands and dialogues with
+ the remote ACME server. Since ACME commands need to be signed with the
+ account key, the "master" process passes the UNIX-domain socket of the
+ account key manager to the ACME client: data signatures are requested by
+ writing the data to be signed to the socket.
+ .
+ * For certificate issuances, an optional webserver, which is spawned
+ by the "master" process when no service is listening on the HTTP port.
+ (The only challenge type currently supported is "http-01", which requires a
+ webserver to answer challenges.) That webserver only processes GET and
+ HEAD requests under the "/.well-known/acme-challenge/" URI. By default
+ some iptables(8) rules are automatically installed to open the HTTP port,
+ and removed afterwards.
+ .
+ lacme-accountd is the first (account key manager) component. It is the only
+ component with access to the account key.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..51440e8
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,15 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: native package
+
+Files: *
+Copyright: © 2015 Guilhem Moulin <guilhem@fripost.org>
+License: GPL-3+
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in file "/usr/share/common-licenses/GPL-3".
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..4daf79f
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+upstream-branch = master
+debian-branch = debian
+upstream-tag = upstream/%(version)s
+debian-tag = debian/%(version)s
+pristine-tar = False
diff --git a/debian/lacme-accountd.install b/debian/lacme-accountd.install
new file mode 100644
index 0000000..9070589
--- /dev/null
+++ b/debian/lacme-accountd.install
@@ -0,0 +1,2 @@
+lacme-accountd /usr/bin
+config/lacme-accountd.conf /etc/lacme
diff --git a/debian/lacme-accountd.manpages b/debian/lacme-accountd.manpages
new file mode 100644
index 0000000..953a66d
--- /dev/null
+++ b/debian/lacme-accountd.manpages
@@ -0,0 +1 @@
+lacme-accountd.1
diff --git a/debian/lacme.dirs b/debian/lacme.dirs
new file mode 100644
index 0000000..47f5aa9
--- /dev/null
+++ b/debian/lacme.dirs
@@ -0,0 +1 @@
+etc/lacme/lacme-certs.conf.d
diff --git a/debian/lacme.install b/debian/lacme.install
new file mode 100644
index 0000000..3525aa2
--- /dev/null
+++ b/debian/lacme.install
@@ -0,0 +1,5 @@
+lacme /usr/sbin
+client webserver /usr/lib/lacme
+config/lacme-certs.conf config/lacme.conf /etc/lacme
+snippets/apache2.conf snippets/nginx.conf /etc/lacme
+certs/lets-encrypt-x[1-4]-cross-signed.pem /usr/share/lacme
diff --git a/debian/lacme.manpages b/debian/lacme.manpages
new file mode 100644
index 0000000..e438c58
--- /dev/null
+++ b/debian/lacme.manpages
@@ -0,0 +1 @@
+lacme.1
diff --git a/debian/patches/0001-Mention-the-Debian-BTS-in-the-manpages.patch b/debian/patches/0001-Mention-the-Debian-BTS-in-the-manpages.patch
new file mode 100644
index 0000000..d43231c
--- /dev/null
+++ b/debian/patches/0001-Mention-the-Debian-BTS-in-the-manpages.patch
@@ -0,0 +1,47 @@
+From 736780d04831312953466c1a69f339af0ec7f2a9 Mon Sep 17 00:00:00 2001
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Thu, 1 Dec 2016 00:49:17 +0100
+Subject: [PATCH] Mention the Debian BTS in the manpages.
+
+---
+ lacme-accountd.md | 6 ++++++
+ lacme.md | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/lacme-accountd.md b/lacme-accountd.md
+index 4d3e1a5..fd5d360 100644
+--- a/lacme-accountd.md
++++ b/lacme-accountd.md
+@@ -130,6 +130,12 @@ execute [`lacme`(1)] remotely:
+ ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \
+ sudo lacme --socket=/path/to/remote.sock new-cert
+
++Bugs and feedback
++=================
++
++Bugs or feature requests for `lacme-accountd` should be filed with the
++Debian project's bug tracker at <<https://www.debian.org/Bugs/>>.
++
+ See also
+ ========
+
+diff --git a/lacme.md b/lacme.md
+index b086fe7..8d85075 100644
+--- a/lacme.md
++++ b/lacme.md
+@@ -387,6 +387,12 @@ Examples
+ ~$ sudo lacme new-cert
+ ~$ sudo lacme revoke-cert /path/to/server/certificate.pem
+
++Bugs and feedback
++=================
++
++Bugs or feature requests for `lacme` should be filed with the Debian
++project's bug tracker at <<https://www.debian.org/Bugs/>>.
++
+ See also
+ ========
+
+--
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..98a1097
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Mention-the-Debian-BTS-in-the-manpages.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides
new file mode 100644
index 0000000..264ad5e
--- /dev/null
+++ b/debian/source.lintian-overrides
@@ -0,0 +1,2 @@
+# this repository is also upstream
+debian-watch-file-is-missing
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)