diff options
30 files changed, 1056 insertions, 3 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..7eaf3d4 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,12 @@ +Explanation of package split +============================ + +We have a separate keysafe-server package so that we can autostart the +keysafe server when the package is installed, without starting the +server for desktop users (see INSTALL). This is convenient for +server administrators. + +We have a separate keysafe-bin package so that keysafe-server doesn't +pull in zenity and all its dependencies. + + -- Sean Whitton <spwhitton@spwhitton.name>, Sat, 22 Oct 2016 10:54:01 -0700 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..55f8aa3 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,40 @@ +keysafe (0.20170303-1) experimental; urgency=medium + + * New upstream release. + * Update libghc-raaz-dev dependency. + * Fix broken /usr/share/doc symlinks, TODO -> TODO.gz. + + -- Sean Whitton <spwhitton@spwhitton.name> Wed, 29 Mar 2017 21:37:26 -0700 + +keysafe (0.20170122-1) experimental; urgency=medium + + * New upstream release. + * Update Homepage: in d/control. + * Update Source: in d/copyright. + * Switch to dgit-maint-merge(7) workflow. + - Add d/source/options + - Add d/source/patch-header + + -- Sean Whitton <spwhitton@spwhitton.name> Wed, 25 Jan 2017 08:17:39 -0700 + +keysafe (0.20161107-1) experimental; urgency=medium + + * New upstream release. + + -- Sean Whitton <spwhitton@spwhitton.name> Tue, 29 Nov 2016 19:55:39 -0700 + +keysafe (0.20161022-2) experimental; urgency=medium + + * keysafe-bin no longer recommends zenity. + * keysafe now depends on tor (Closes: #843522). + * Bump build-dependencies on libghc-servant-* + * Add bump-deps-to-GHC-8.0.1-LTS-Haskell-7.8.patch + * Refresh use-_keysafe.patch + + -- Sean Whitton <spwhitton@spwhitton.name> Tue, 29 Nov 2016 17:49:49 -0700 + +keysafe (0.20161022-1) experimental; urgency=medium + + * Initial release (Closes: #834869). + + -- Sean Whitton <spwhitton@spwhitton.name> Sun, 23 Oct 2016 13:39:53 -0700 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..862de2f --- /dev/null +++ b/debian/control @@ -0,0 +1,131 @@ +Source: keysafe +Maintainer: Sean Whitton <spwhitton@spwhitton.name> +Priority: optional +Section: utils +Build-Depends: debhelper (>= 10), + ghc, + libghc-argon2-dev (>= 1.2), + libghc-argon2-dev (<< 1.3), + libghc-monadrandom-dev (>= 0.4), + libghc-monadrandom-dev (<< 0.5), + libghc-safesemaphore-dev (>= 0.10), + libghc-safesemaphore-dev (<< 0.11), + libghc-aeson-dev (>= 0.11), + libghc-aeson-dev (<< 0.12), + libghc-async-dev (>= 2.1), + libghc-async-dev (<< 2.2), + libghc-bloomfilter-dev (>= 2.0), + libghc-bloomfilter-dev (<< 2.1), + libghc-disk-free-space-dev (>= 0.1), + libghc-disk-free-space-dev (<< 0.2), + libghc-exceptions-dev (>= 0.8), + libghc-exceptions-dev (<< 0.9), + libghc-fast-logger-dev (>= 2.4), + libghc-fast-logger-dev (<< 2.5), + libghc-http-client-dev (>= 0.4), + libghc-http-client-dev (<< 0.5), + libghc-lifted-base-dev (>= 0.2), + libghc-lifted-base-dev (<< 0.3), + libghc-network-dev (>= 2.6), + libghc-network-dev (<< 2.7), + libghc-optparse-applicative-dev (>= 0.12), + libghc-optparse-applicative-dev (<< 0.13), + libghc-raaz-dev (>= 0.1.1), + libghc-raaz-dev (<< 0.1.1+~), + libghc-random-dev (>= 1.1), + libghc-random-dev (<< 1.2), + libghc-random-shuffle-dev (>= 0.0), + libghc-random-shuffle-dev (<< 0.1), + libghc-readline-dev (>= 1.0), + libghc-readline-dev (<< 1.1), + libghc-secret-sharing-dev (>= 1.0), + libghc-secret-sharing-dev (<< 1.1), + libghc-servant-dev (>= 0.8), + libghc-servant-dev (<< 0.9), + libghc-servant-client-dev (>= 0.8), + libghc-servant-client-dev (<< 0.9), + libghc-servant-server-dev (>= 0.8), + libghc-servant-server-dev (<< 0.9), + libghc-socks-dev (>= 0.5), + libghc-socks-dev (<< 0.6), + libghc-split-dev (>= 0.2), + libghc-split-dev (<< 0.3), + libghc-stm-dev (>= 2.4), + libghc-stm-dev (<< 2.5), + libghc-text-dev (>= 1.2), + libghc-text-dev (<< 1.3), + libghc-token-bucket-dev (>= 0.1), + libghc-token-bucket-dev (<< 0.2), + libghc-unbounded-delays-dev (>= 0.1), + libghc-unbounded-delays-dev (<< 0.2), + libghc-unix-compat-dev (>= 0.4), + libghc-unix-compat-dev (<< 0.5), + libghc-utf8-string-dev (>= 1.0), + libghc-utf8-string-dev (<< 1.1), + libghc-wai-dev (>= 3.2), + libghc-wai-dev (<< 3.3), + libghc-warp-dev (>= 3.2), + libghc-warp-dev (<< 3.3), + libghc-zxcvbn-c-dev (>= 1.0), + libghc-zxcvbn-c-dev (<< 1.1), +Standards-Version: 3.9.8 +Homepage: https://keysafe.branchable.com/ +Vcs-Git: https://git.spwhitton.name/keysafe +Vcs-Browser: https://git.spwhitton.name/keysafe + +Package: keysafe-bin +Architecture: any +Section: misc +Depends: ${shlibs:Depends}, + ${misc:Depends}, +Suggests: git-annex, +Description: keysafe's shared, architecture-dependent files + This package contains the keysafe binary. Keysafe is a program to + back up your secret encryption keys, such as OpenPGP/GPG private + keys, to cloud servers. + . + Instead of installing this package directly, you should install + either keysafe or keysafe-server. See those packages for a full + description of Keysafe. + +Package: keysafe +Architecture: all +Section: misc +Depends: ${misc:Depends}, + keysafe-bin, +# we require a hard dependency on zenity due to keysafe.autostart + zenity, + tor, +Enhances: git-annex, propellor +Description: securely back up secret keys to cloud servers + Keysafe is a program to back up your secret encryption keys, such as + OpenPGP/GPG private keys, to cloud servers. Keys are split up into + several shards, only one of which is sent to each cloud server. This + way, it is impossible for any one server to access the whole secret + key by itself. + . + A password is used to encrypt the shards. Keysafe's design ensures + that it is infeasibly expensive to crack the password. + . + This package should be installed by desktop users. To set up a + Keysafe server, you should install keysafe-server. + +Package: keysafe-server +Architecture: all +Section: misc +Depends: ${misc:Depends}, + keysafe-bin, + lsb-base (>= 3.0-6), + adduser, +Description: run a keysafe cloud server + Keysafe is a program to back up your secret encryption keys, such as + OpenPGP/GPG private keys, to cloud servers. Keys are split up into + several shards, only one of which is sent to each cloud server. This + way, it is impossible for any one server to access the whole secret + key by itself. + . + A password is used to encrypt the shards. Keysafe's design ensures + that it is infeasibly expensive to crack the password. + . + This package sets up a Keysafe server. If you want to use Keysafe to + back up your keys, you should install the keysafe package instead. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..1e444e7 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,703 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: keysafe +Upstream-Contact: Joey Hess <id@joeyh.name> +Source: https://keysafe.branchable.com/ + +Files: * +Copyright: (C) 2016 Joey Hess <id@joeyh.name> +License-Grant: Licensed under the GNU AGPL version 3 or higher. +License: AGPL-3+ + +Files: Utility/* +Copyright: (C) 2011-2015 Joey Hess <id@joeyh.name> +License: BSD-2-clause + +Files: debian/* +Copyright: (C) 2016 Sean Whitton <spwhitton@spwhitton.name> +License-Grant: Licensed under the GNU AGPL version 3 or higher. +License: AGPL-3+ + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY AUTHORS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License: AGPL-3+ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + . + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + . + Preamble + . + The GNU Affero General Public License is a free, copyleft license for + software and other kinds of works, specifically designed to ensure + cooperation with the community in the case of network server software. + . + The licenses for most software and other practical works are designed + to take away your freedom to share and change the works. By contrast, + our General Public Licenses are intended to guarantee your freedom to + share and change all versions of a program--to make sure it remains free + software for all its users. + . + When we speak of free software, we are referring to freedom, not + price. Our General Public Licenses are designed to make sure that you + have the freedom to distribute copies of free software (and charge for + them if you wish), that you receive source code or can get it if you + want it, that you can change the software or use pieces of it in new + free programs, and that you know you can do these things. + . + Developers that use our General Public Licenses protect your rights + with two steps: (1) assert copyright on the software, and (2) offer + you this License which gives you legal permission to copy, distribute + and/or modify the software. + . + A secondary benefit of defending all users' freedom is that + improvements made in alternate versions of the program, if they + receive widespread use, become available for other developers to + incorporate. Many developers of free software are heartened and + encouraged by the resulting cooperation. However, in the case of + software used on network servers, this result may fail to come about. + The GNU General Public License permits making a modified version and + letting the public access it on a server without ever releasing its + source code to the public. + . + The GNU Affero General Public License is designed specifically to + ensure that, in such cases, the modified source code becomes available + to the community. It requires the operator of a network server to + provide the source code of the modified version running there to the + users of that server. Therefore, public use of a modified version, on + a publicly accessible server, gives the public access to the source + code of the modified version. + . + An older license, called the Affero General Public License and + published by Affero, was designed to accomplish similar goals. This is + a different license, not a version of the Affero GPL, but Affero has + released a new version of the Affero GPL which permits relicensing under + this license. + . + The precise terms and conditions for copying, distribution and + modification follow. + . + TERMS AND CONDITIONS + . + 0. Definitions. + . + "This License" refers to version 3 of the GNU Affero General Public License. + . + "Copyright" also means copyright-like laws that apply to other kinds of + works, such as semiconductor masks. + . + "The Program" refers to any copyrightable work licensed under this + License. Each licensee is addressed as "you". "Licensees" and + "recipients" may be individuals or organizations. + . + To "modify" a work means to copy from or adapt all or part of the work + in a fashion requiring copyright permission, other than the making of an + exact copy. The resulting work is called a "modified version" of the + earlier work or a work "based on" the earlier work. + . + A "covered work" means either the unmodified Program or a work based + on the Program. + . + To "propagate" a work means to do anything with it that, without + permission, would make you directly or secondarily liable for + infringement under applicable copyright law, except executing it on a + computer or modifying a private copy. Propagation includes copying, + distribution (with or without modification), making available to the + public, and in some countries other activities as well. + . + To "convey" a work means any kind of propagation that enables other + parties to make or receive copies. Mere interaction with a user through + a computer network, with no transfer of a copy, is not conveying. + . + An interactive user interface displays "Appropriate Legal Notices" + to the extent that it includes a convenient and prominently visible + feature that (1) displays an appropriate copyright notice, and (2) + tells the user that there is no warranty for the work (except to the + extent that warranties are provided), that licensees may convey the + work under this License, and how to view a copy of this License. If + the interface presents a list of user commands or options, such as a + menu, a prominent item in the list meets this criterion. + . + 1. Source Code. + . + The "source code" for a work means the preferred form of the work + for making modifications to it. "Object code" means any non-source + form of a work. + . + A "Standard Interface" means an interface that either is an official + standard defined by a recognized standards body, or, in the case of + interfaces specified for a particular programming language, one that + is widely used among developers working in that language. + . + The "System Libraries" of an executable work include anything, other + than the work as a whole, that (a) is included in the normal form of + packaging a Major Component, but which is not part of that Major + Component, and (b) serves only to enable use of the work with that + Major Component, or to implement a Standard Interface for which an + implementation is available to the public in source code form. A + "Major Component", in this context, means a major essential component + (kernel, window system, and so on) of the specific operating system + (if any) on which the executable work runs, or a compiler used to + produce the work, or an object code interpreter used to run it. + . + The "Corresponding Source" for a work in object code form means all + the source code needed to generate, install, and (for an executable + work) run the object code and to modify the work, including scripts to + control those activities. However, it does not include the work's + System Libraries, or general-purpose tools or generally available free + programs which are used unmodified in performing those activities but + which are not part of the work. For example, Corresponding Source + includes interface definition files associated with source files for + the work, and the source code for shared libraries and dynamically + linked subprograms that the work is specifically designed to require, + such as by intimate data communication or control flow between those + subprograms and other parts of the work. + . + The Corresponding Source need not include anything that users + can regenerate automatically from other parts of the Corresponding + Source. + . + The Corresponding Source for a work in source code form is that + same work. + . + 2. Basic Permissions. + . + All rights granted under this License are granted for the term of + copyright on the Program, and are irrevocable provided the stated + conditions are met. This License explicitly affirms your unlimited + permission to run the unmodified Program. The output from running a + covered work is covered by this License only if the output, given its + content, constitutes a covered work. This License acknowledges your + rights of fair use or other equivalent, as provided by copyright law. + . + You may make, run and propagate covered works that you do not + convey, without conditions so long as your license otherwise remains + in force. You may convey covered works to others for the sole purpose + of having them make modifications exclusively for you, or provide you + with facilities for running those works, provided that you comply with + the terms of this License in conveying all material for which you do + not control copyright. Those thus making or running the covered works + for you must do so exclusively on your behalf, under your direction + and control, on terms that prohibit them from making any copies of + your copyrighted material outside their relationship with you. + . + Conveying under any other circumstances is permitted solely under + the conditions stated below. Sublicensing is not allowed; section 10 + makes it unnecessary. + . + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + . + No covered work shall be deemed part of an effective technological + measure under any applicable law fulfilling obligations under article + 11 of the WIPO copyright treaty adopted on 20 December 1996, or + similar laws prohibiting or restricting circumvention of such + measures. + . + When you convey a covered work, you waive any legal power to forbid + circumvention of technological measures to the extent such circumvention + is effected by exercising rights under this License with respect to + the covered work, and you disclaim any intention to limit operation or + modification of the work as a means of enforcing, against the work's + users, your or third parties' legal rights to forbid circumvention of + technological measures. + . + 4. Conveying Verbatim Copies. + . + You may convey verbatim copies of the Program's source code as you + receive it, in any medium, provided that you conspicuously and + appropriately publish on each copy an appropriate copyright notice; + keep intact all notices stating that this License and any + non-permissive terms added in accord with section 7 apply to the code; + keep intact all notices of the absence of any warranty; and give all + recipients a copy of this License along with the Program. + . + You may charge any price or no price for each copy that you convey, + and you may offer support or warranty protection for a fee. + . + 5. Conveying Modified Source Versions. + . + You may convey a work based on the Program, or the modifications to + produce it from the Program, in the form of source code under the + terms of section 4, provided that you also meet all of these conditions: + . + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + . + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + . + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + . + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + . + A compilation of a covered work with other separate and independent + works, which are not by their nature extensions of the covered work, + and which are not combined with it such as to form a larger program, + in or on a volume of a storage or distribution medium, is called an + "aggregate" if the compilation and its resulting copyright are not + used to limit the access or legal rights of the compilation's users + beyond what the individual works permit. Inclusion of a covered work + in an aggregate does not cause this License to apply to the other + parts of the aggregate. + . + 6. Conveying Non-Source Forms. + . + You may convey a covered work in object code form under the terms + of sections 4 and 5, provided that you also convey the + machine-readable Corresponding Source under the terms of this License, + in one of these ways: + . + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + . + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + . + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + . + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + . + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + . + A separable portion of the object code, whose source code is excluded + from the Corresponding Source as a System Library, need not be + included in conveying the object code work. + . + A "User Product" is either (1) a "consumer product", which means any + tangible personal property which is normally used for personal, family, + or household purposes, or (2) anything designed or sold for incorporation + into a dwelling. In determining whether a product is a consumer product, + doubtful cases shall be resolved in favor of coverage. For a particular + product received by a particular user, "normally used" refers to a + typical or common use of that class of product, regardless of the status + of the particular user or of the way in which the particular user + actually uses, or expects or is expected to use, the product. A product + is a consumer product regardless of whether the product has substantial + commercial, industrial or non-consumer uses, unless such uses represent + the only significant mode of use of the product. + . + "Installation Information" for a User Product means any methods, + procedures, authorization keys, or other information required to install + and execute modified versions of a covered work in that User Product from + a modified version of its Corresponding Source. The information must + suffice to ensure that the continued functioning of the modified object + code is in no case prevented or interfered with solely because + modification has been made. + . + If you convey an object code work under this section in, or with, or + specifically for use in, a User Product, and the conveying occurs as + part of a transaction in which the right of possession and use of the + User Product is transferred to the recipient in perpetuity or for a + fixed term (regardless of how the transaction is characterized), the + Corresponding Source conveyed under this section must be accompanied + by the Installation Information. But this requirement does not apply + if neither you nor any third party retains the ability to install + modified object code on the User Product (for example, the work has + been installed in ROM). + . + The requirement to provide Installation Information does not include a + requirement to continue to provide support service, warranty, or updates + for a work that has been modified or installed by the recipient, or for + the User Product in which it has been modified or installed. Access to a + network may be denied when the modification itself materially and + adversely affects the operation of the network or violates the rules and + protocols for communication across the network. + . + Corresponding Source conveyed, and Installation Information provided, + in accord with this section must be in a format that is publicly + documented (and with an implementation available to the public in + source code form), and must require no special password or key for + unpacking, reading or copying. + . + 7. Additional Terms. + . + "Additional permissions" are terms that supplement the terms of this + License by making exceptions from one or more of its conditions. + Additional permissions that are applicable to the entire Program shall + be treated as though they were included in this License, to the extent + that they are valid under applicable law. If additional permissions + apply only to part of the Program, that part may be used separately + under those permissions, but the entire Program remains governed by + this License without regard to the additional permissions. + . + When you convey a copy of a covered work, you may at your option + remove any additional permissions from that copy, or from any part of + it. (Additional permissions may be written to require their own + removal in certain cases when you modify the work.) You may place + additional permissions on material, added by you to a covered work, + for which you have or can give appropriate copyright permission. + . + Notwithstanding any other provision of this License, for material you + add to a covered work, you may (if authorized by the copyright holders of + that material) supplement the terms of this License with terms: + . + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + . + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + . + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + . + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + . + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + . + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + . + All other non-permissive additional terms are considered "further + restrictions" within the meaning of section 10. If the Program as you + received it, or any part of it, contains a notice stating that it is + governed by this License along with a term that is a further + restriction, you may remove that term. If a license document contains + a further restriction but permits relicensing or conveying under this + License, you may add to a covered work material governed by the terms + of that license document, provided that the further restriction does + not survive such relicensing or conveying. + . + If you add terms to a covered work in accord with this section, you + must place, in the relevant source files, a statement of the + additional terms that apply to those files, or a notice indicating + where to find the applicable terms. + . + Additional terms, permissive or non-permissive, may be stated in the + form of a separately written license, or stated as exceptions; + the above requirements apply either way. + . + 8. Termination. + . + You may not propagate or modify a covered work except as expressly + provided under this License. Any attempt otherwise to propagate or + modify it is void, and will automatically terminate your rights under + this License (including any patent licenses granted under the third + paragraph of section 11). + . + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly and + finally terminates your license, and (b) permanently, if the copyright + holder fails to notify you of the violation by some reasonable means + prior to 60 days after the cessation. + . + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you have + received notice of violation of this License (for any work) from that + copyright holder, and you cure the violation prior to 30 days after + your receipt of the notice. + . + Termination of your rights under this section does not terminate the + licenses of parties who have received copies or rights from you under + this License. If your rights have been terminated and not permanently + reinstated, you do not qualify to receive new licenses for the same + material under section 10. + . + 9. Acceptance Not Required for Having Copies. + . + You are not required to accept this License in order to receive or + run a copy of the Program. Ancillary propagation of a covered work + occurring solely as a consequence of using peer-to-peer transmission + to receive a copy likewise does not require acceptance. However, + nothing other than this License grants you permission to propagate or + modify any covered work. These actions infringe copyright if you do + not accept this License. Therefore, by modifying or propagating a + covered work, you indicate your acceptance of this License to do so. + . + 10. Automatic Licensing of Downstream Recipients. + . + Each time you convey a covered work, the recipient automatically + receives a license from the original licensors, to run, modify and + propagate that work, subject to this License. You are not responsible + for enforcing compliance by third parties with this License. + . + An "entity transaction" is a transaction transferring control of an + organization, or substantially all assets of one, or subdividing an + organization, or merging organizations. If propagation of a covered + work results from an entity transaction, each party to that + transaction who receives a copy of the work also receives whatever + licenses to the work the party's predecessor in interest had or could + give under the previous paragraph, plus a right to possession of the + Corresponding Source of the work from the predecessor in interest, if + the predecessor has it or can get it with reasonable efforts. + . + You may not impose any further restrictions on the exercise of the + rights granted or affirmed under this License. For example, you may + not impose a license fee, royalty, or other charge for exercise of + rights granted under this License, and you may not initiate litigation + (including a cross-claim or counterclaim in a lawsuit) alleging that + any patent claim is infringed by making, using, selling, offering for + sale, or importing the Program or any portion of it. + . + 11. Patents. + . + A "contributor" is a copyright holder who authorizes use under this + License of the Program or a work on which the Program is based. The + work thus licensed is called the contributor's "contributor version". + . + A contributor's "essential patent claims" are all patent claims + owned or controlled by the contributor, whether already acquired or + hereafter acquired, that would be infringed by some manner, permitted + by this License, of making, using, or selling its contributor version, + but do not include claims that would be infringed only as a + consequence of further modification of the contributor version. For + purposes of this definition, "control" includes the right to grant + patent sublicenses in a manner consistent with the requirements of + this License. + . + Each contributor grants you a non-exclusive, worldwide, royalty-free + patent license under the contributor's essential patent claims, to + make, use, sell, offer for sale, import and otherwise run, modify and + propagate the contents of its contributor version. + . + In the following three paragraphs, a "patent license" is any express + agreement or commitment, however denominated, not to enforce a patent + (such as an express permission to practice a patent or covenant not to + sue for patent infringement). To "grant" such a patent license to a + party means to make such an agreement or commitment not to enforce a + patent against the party. + . + If you convey a covered work, knowingly relying on a patent license, + and the Corresponding Source of the work is not available for anyone + to copy, free of charge and under the terms of this License, through a + publicly available network server or other readily accessible means, + then you must either (1) cause the Corresponding Source to be so + available, or (2) arrange to deprive yourself of the benefit of the + patent license for this particular work, or (3) arrange, in a manner + consistent with the requirements of this License, to extend the patent + license to downstream recipients. "Knowingly relying" means you have + actual knowledge that, but for the patent license, your conveying the + covered work in a country, or your recipient's use of the covered work + in a country, would infringe one or more identifiable patents in that + country that you have reason to believe are valid. + . + If, pursuant to or in connection with a single transaction or + arrangement, you convey, or propagate by procuring conveyance of, a + covered work, and grant a patent license to some of the parties + receiving the covered work authorizing them to use, propagate, modify + or convey a specific copy of the covered work, then the patent license + you grant is automatically extended to all recipients of the covered + work and works based on it. + . + A patent license is "discriminatory" if it does not include within + the scope of its coverage, prohibits the exercise of, or is + conditioned on the non-exercise of one or more of the rights that are + specifically granted under this License. You may not convey a covered + work if you are a party to an arrangement with a third party that is + in the business of distributing software, under which you make payment + to the third party based on the extent of your activity of conveying + the work, and under which the third party grants, to any of the + parties who would receive the covered work from you, a discriminatory + patent license (a) in connection with copies of the covered work + conveyed by you (or copies made from those copies), or (b) primarily + for and in connection with specific products or compilations that + contain the covered work, unless you entered into that arrangement, + or that patent license was granted, prior to 28 March 2007. + . + Nothing in this License shall be construed as excluding or limiting + any implied license or other defenses to infringement that may + otherwise be available to you under applicable patent law. + . + 12. No Surrender of Others' Freedom. + . + If conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot convey a + covered work so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you may + not convey it at all. For example, if you agree to terms that obligate you + to collect a royalty for further conveying from those to whom you convey + the Program, the only way you could satisfy both those terms and this + License would be to refrain entirely from conveying the Program. + . + 13. Remote Network Interaction; Use with the GNU General Public License. + . + Notwithstanding any other provision of this License, if you modify the + Program, your modified version must prominently offer all users + interacting with it remotely through a computer network (if your version + supports such interaction) an opportunity to receive the Corresponding + Source of your version by providing access to the Corresponding Source + from a network server at no charge, through some standard or customary + means of facilitating copying of software. This Corresponding Source + shall include the Corresponding Source for any work covered by version 3 + of the GNU General Public License that is incorporated pursuant to the + following paragraph. + . + Notwithstanding any other provision of this License, you have + permission to link or combine any covered work with a work licensed + under version 3 of the GNU General Public License into a single + combined work, and to convey the resulting work. The terms of this + License will continue to apply to the part which is the covered work, + but the work with which it is combined will remain governed by version + 3 of the GNU General Public License. + . + 14. Revised Versions of this License. + . + The Free Software Foundation may publish revised and/or new versions of + the GNU Affero General Public License from time to time. Such new versions + will be similar in spirit to the present version, but may differ in detail to + address new problems or concerns. + . + Each version is given a distinguishing version number. If the + Program specifies that a certain numbered version of the GNU Affero General + Public License "or any later version" applies to it, you have the + option of following the terms and conditions either of that numbered + version or of any later version published by the Free Software + Foundation. If the Program does not specify a version number of the + GNU Affero General Public License, you may choose any version ever published + by the Free Software Foundation. + . + If the Program specifies that a proxy can decide which future + versions of the GNU Affero General Public License can be used, that proxy's + public statement of acceptance of a version permanently authorizes you + to choose that version for the Program. + . + Later license versions may give you additional or different + permissions. However, no additional obligations are imposed on any + author or copyright holder as a result of your choosing to follow a + later version. + . + 15. Disclaimer of Warranty. + . + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY + APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT + HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY + OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM + IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF + ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + . + 16. Limitation of Liability. + . + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS + THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY + GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE + USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF + DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD + PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), + EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF + SUCH DAMAGES. + . + 17. Interpretation of Sections 15 and 16. + . + If the disclaimer of warranty and limitation of liability provided + above cannot be given local legal effect according to their terms, + reviewing courts shall apply local law that most closely approximates + an absolute waiver of all civil liability in connection with the + Program, unless a warranty or assumption of liability accompanies a + copy of the Program in return for a fee. + . + END OF TERMS AND CONDITIONS + . + How to Apply These Terms to Your New Programs + . + If you develop a new program, and you want it to be of the greatest + possible use to the public, the best way to achieve this is to make it + free software which everyone can redistribute and change under these terms. + . + To do so, attach the following notices to the program. It is safest + to attach them to the start of each source file to most effectively + state the exclusion of warranty; and each file should have at least + the "copyright" line and a pointer to where the full notice is found. + . + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + . + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + . + Also add information on how to contact you by electronic and paper mail. + . + If your software can interact with users remotely through a computer + network, you should also make sure that it provides a way for users to + get its source. For example, if your program is a web application, its + interface could display a "Source" link that leads users to an archive + of the code. There are many ways you could offer source, and different + solutions will be better for different programs; see section 13 for the + specific requirements. + . + You should also get your employer (if you work as a programmer) or school, + if any, to sign a "copyright disclaimer" for the program, if necessary. + For more information on this, and how to apply and follow the GNU AGPL, see + <http://www.gnu.org/licenses/>. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..c4a339a --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,8 @@ +[DEFAULT] +debian-branch = master +upstream-tag = %(version)s +debian-tag = debian/%(version)s + +color = on +compression = xz +compression-level = 9 diff --git a/debian/keysafe-bin.docs b/debian/keysafe-bin.docs new file mode 100644 index 0000000..1333ed7 --- /dev/null +++ b/debian/keysafe-bin.docs @@ -0,0 +1 @@ +TODO diff --git a/debian/keysafe-bin.install b/debian/keysafe-bin.install new file mode 100644 index 0000000..e57b60e --- /dev/null +++ b/debian/keysafe-bin.install @@ -0,0 +1 @@ +dist/build/keysafe/keysafe usr/bin diff --git a/debian/keysafe-bin.lintian-overrides b/debian/keysafe-bin.lintian-overrides new file mode 100644 index 0000000..f86a04f --- /dev/null +++ b/debian/keysafe-bin.lintian-overrides @@ -0,0 +1,5 @@ +# standard Haskell override +binary-or-shlib-defines-rpath + +# unprotected functions are due to Haskell's static compilation +hardening-no-fortify-functions diff --git a/debian/keysafe-bin.manpages b/debian/keysafe-bin.manpages new file mode 100644 index 0000000..3d66e51 --- /dev/null +++ b/debian/keysafe-bin.manpages @@ -0,0 +1 @@ +keysafe.1 diff --git a/debian/keysafe-server.keysafe.default b/debian/keysafe-server.keysafe.default new file mode 120000 index 0000000..4cb68ea --- /dev/null +++ b/debian/keysafe-server.keysafe.default @@ -0,0 +1 @@ +../keysafe.default
\ No newline at end of file diff --git a/debian/keysafe-server.keysafe.init b/debian/keysafe-server.keysafe.init new file mode 120000 index 0000000..1731ca4 --- /dev/null +++ b/debian/keysafe-server.keysafe.init @@ -0,0 +1 @@ +../keysafe.init
\ No newline at end of file diff --git a/debian/keysafe-server.keysafe.service b/debian/keysafe-server.keysafe.service new file mode 120000 index 0000000..a9bb8fa --- /dev/null +++ b/debian/keysafe-server.keysafe.service @@ -0,0 +1 @@ +../keysafe.service
\ No newline at end of file diff --git a/debian/keysafe-server.links b/debian/keysafe-server.links new file mode 100644 index 0000000..ce63e17 --- /dev/null +++ b/debian/keysafe-server.links @@ -0,0 +1 @@ +/usr/share/doc/keysafe-bin/TODO.gz /usr/share/doc/keysafe-server/TODO.gz diff --git a/debian/keysafe-server.postinst b/debian/keysafe-server.postinst new file mode 100755 index 0000000..57bc035 --- /dev/null +++ b/debian/keysafe-server.postinst @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +if ! getent passwd _keysafe >/dev/null; then + # --force-badname needed until #521883 resolved + adduser --system --group --disabled-login --disabled-password \ + --home /var/lib/keysafe --force-badname _keysafe +fi +mkdir -p /var/lib/keysafe +chmod 700 /var/lib/keysafe +chown -R _keysafe:_keysafe /var/lib/keysafe + +#DEBHELPER# diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm new file mode 100755 index 0000000..439d03d --- /dev/null +++ b/debian/keysafe-server.postrm @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +# ensure the server process has been killed before calling userdel(1) +#DEBHELPER# + +# delete the _keysafe user and group, after chowning the shard storage +# to root so that it does not end up owned by another system user +if [ "$1" = "purge" ]; then + if [ -d "/var/lib/keysafe" ]; then + chown -R root:root /var/lib/keysafe + fi + userdel _keysafe || true + # userdel may or may not remove the group (see USERGROUPS_ENAB in + # userdel(8)), so we make an attempt to delete it + groupdel _keysafe || true +fi + +# For the time being, at the request of upstream, we don't ever delete +# /var/lib/keysafe, even on a purge + +# Deleting this data has the potential to destroy the backups of +# people's private keys, so it probably shouldn't ever happen +# automatically + +# We might want to revisit this before uploading to sid diff --git a/debian/keysafe.install b/debian/keysafe.install new file mode 100644 index 0000000..c19fa11 --- /dev/null +++ b/debian/keysafe.install @@ -0,0 +1,2 @@ +keysafe.autostart etc/xdg/autostart +keysafe.desktop usr/share/applications/ diff --git a/debian/keysafe.links b/debian/keysafe.links new file mode 100644 index 0000000..a23ad18 --- /dev/null +++ b/debian/keysafe.links @@ -0,0 +1 @@ +/usr/share/doc/keysafe-bin/TODO.gz /usr/share/doc/keysafe/TODO.gz diff --git a/debian/keysafe.lintian-overrides b/debian/keysafe.lintian-overrides new file mode 100644 index 0000000..c501313 --- /dev/null +++ b/debian/keysafe.lintian-overrides @@ -0,0 +1,2 @@ +# see README.source +desktop-command-not-in-package usr/share/applications/keysafe.desktop usr/bin/keysafe diff --git a/debian/patches/debian-changes b/debian/patches/debian-changes new file mode 100644 index 0000000..e9e7fa1 --- /dev/null +++ b/debian/patches/debian-changes @@ -0,0 +1,40 @@ +The Debian packaging of keysafe is maintained in git, using the +merging workflow described in dgit-maint-merge(7). There isn't a +patch queue that can be represented as a quilt series. + +A detailed breakdown of the changes is available from their canonical +representation - git commits in the packaging repository. For +example, to see the changes made by the Debian maintainer in the first +upload of upstream version 1.2.3, you could use: + + % git clone https://git.dgit.debian.org/keysafe + % cd keysafe + % git log --oneline 1.2.3..debian/1.2.3-1 -- . ':!debian' + +(If you have dgit, use `dgit clone keysafe`, rather than plain `git clone`.) + +A single combined diff, containing all the changes, follows. +--- keysafe-0.20170303.orig/keysafe.init ++++ keysafe-0.20170303/keysafe.init +@@ -32,7 +32,7 @@ case "$1" in + start-stop-daemon --start --quiet --oknodo \ + --background --no-close \ + --pidfile "$PIDFILE" --make-pidfile \ +- --chuid keysafe:keysafe \ ++ --chuid _keysafe:_keysafe \ + --exec "$DAEMON" -- --server $DAEMON_PARAMS \ + > /var/log/keysafe.log + log_end_msg $? +--- keysafe-0.20170303.orig/keysafe.service ++++ keysafe-0.20170303/keysafe.service +@@ -8,8 +8,8 @@ EnvironmentFile=-/etc/default/keysafe + ExecStart=/usr/bin/keysafe --server $DAEMON_PARAMS + InaccessiblePaths=/home /etc + ReadWritePaths=/var/lib/keysafe +-User=keysafe +-Group=keysafe ++User=_keysafe ++Group=_keysafe + StandardInput=null + StandardOutput=journal + StandardError=journal diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..7bb8252 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +debian-changes diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..23fd81e --- /dev/null +++ b/debian/rules @@ -0,0 +1,34 @@ +#!/usr/bin/make -f + +# Debian's ghc cannot compile anything with -fPIC at present, so we +# have to disable PIE hardening to avoid build failures on archs like +# amd64. See discussion on debian-haskell@lists.debian.org +export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie + +# cabal likes to write to $HOME, so use Setup.hs directly +export BUILDER = ./Setup + +# -j1 in the hope of making the build reproducible (see Makefile) +export BUILDEROPTIONS = -j1 + +%: + dh $@ + +# Temporarily disable tests until upstream adds a spinner/progress +# indicator. Otherwise sbuild will time out on some archs +# override_dh_auto_test: +# ./keysafe --test + +# upstream's install-files target is not sufficient for our split into +# three binary packages, so disable it here and use dh_* tools +override_dh_auto_install: + +# GHC cannot produce debugging symbols +override_dh_strip: + dh_strip --no-automatic-dbgsym + +# ensure service name is 'keysafe' not 'keysafe-server'. This is so +# we are consistent with other distros despite our package split (see +# INSTALL) +override_dh_installinit: + dh_installinit --name=keysafe diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..0239b89 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,2 @@ +# maintainer is verifying upstream signatures on git tags +debian-watch-may-check-gpg-signature diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..ce071fb --- /dev/null +++ b/debian/source/options @@ -0,0 +1,2 @@ +single-debian-patch +auto-commit diff --git a/debian/source/patch-header b/debian/source/patch-header new file mode 100644 index 0000000..a44b830 --- /dev/null +++ b/debian/source/patch-header @@ -0,0 +1,16 @@ +The Debian packaging of keysafe is maintained in git, using the +merging workflow described in dgit-maint-merge(7). There isn't a +patch queue that can be represented as a quilt series. + +A detailed breakdown of the changes is available from their canonical +representation - git commits in the packaging repository. For +example, to see the changes made by the Debian maintainer in the first +upload of upstream version 1.2.3, you could use: + + % git clone https://git.dgit.debian.org/keysafe + % cd keysafe + % git log --oneline 1.2.3..debian/1.2.3-1 -- . ':!debian' + +(If you have dgit, use `dgit clone keysafe`, rather than plain `git clone`.) + +A single combined diff, containing all the changes, follows. diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..7f913e2 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,2 @@ +Test-Command: keysafe --test +Depends: @ diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..0563d27 --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://hackage.haskell.org/package/keysafe/distro-monitor .*-([0-9\.]+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) diff --git a/keysafe.init b/keysafe.init index 4aa1348..3332309 100644 --- a/keysafe.init +++ b/keysafe.init @@ -32,7 +32,7 @@ case "$1" in start-stop-daemon --start --quiet --oknodo \ --background --no-close \ --pidfile "$PIDFILE" --make-pidfile \ - --chuid keysafe:keysafe \ + --chuid _keysafe:_keysafe \ --exec "$DAEMON" -- --server $DAEMON_PARAMS \ > /var/log/keysafe.log log_end_msg $? diff --git a/keysafe.service b/keysafe.service index 1ae5f4a..85cfcbb 100644 --- a/keysafe.service +++ b/keysafe.service @@ -8,8 +8,8 @@ EnvironmentFile=-/etc/default/keysafe ExecStart=/usr/bin/keysafe --server $DAEMON_PARAMS InaccessiblePaths=/home /etc ReadWritePaths=/var/lib/keysafe -User=keysafe -Group=keysafe +User=_keysafe +Group=_keysafe StandardInput=null StandardOutput=journal StandardError=journal |