diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 102 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/control | 64 | ||||
| -rw-r--r-- | debian/copyright | 178 | ||||
| -rw-r--r-- | debian/kasetkey.install | 2 | ||||
| -rw-r--r-- | debian/keytab-backend.dirs | 2 | ||||
| -rw-r--r-- | debian/keytab-backend.install | 5 | ||||
| -rwxr-xr-x | debian/rules | 109 | ||||
| -rw-r--r-- | debian/wallet-client.install | 2 | ||||
| -rw-r--r-- | debian/wallet-server.dirs | 1 | ||||
| -rw-r--r-- | debian/wallet-server.docs | 6 | ||||
| -rw-r--r-- | debian/wallet-server.install | 10 |
12 files changed, 482 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..71721fd --- /dev/null +++ b/debian/changelog @@ -0,0 +1,102 @@ +wallet (0.9-1) unstable; urgency=low + + * New upstream release. + - The wallet client now supports -f and stdin for store. + - kasetkey supports enable, disable, and examine. + - Stop setting Stanford-specific server defaults. + * The test suite no longer needs libio-string-perl. + * Use a separate stamp file for configure and install and use touch $@ + to create stamp files. + * Update debhelper compatibility level to V5 (no changes required). + + -- Russ Allbery <rra@debian.org> Thu, 24 Apr 2008 16:09:19 -0700 + +wallet (0.8-1) unstable; urgency=low + + * New upstream version. + - Fix protocol mismatch between client and server. + - Add file object support to the wallet server. + - Correctly handle empty objects in the wallet client. + - Add -q flag to wallet-backend to suppress syslog logging. + - Add class registration to the wallet-admin utility. + - Updated design documentation. + + -- Russ Allbery <rra@debian.org> Wed, 13 Feb 2008 13:59:06 -0800 + +wallet (0.7-1) unstable; urgency=low + + * New upstream version. + - Add exists and autocreate wallet server interfaces. + - Implement autocreation on the client instead of the server. + - Make create once again an ADMIN-only function. + - Always generate the srvtab from the newly downloaded keys. + - Pass kadmin.local ktadd its options in the correct order. + - Check naming policy before checking default ACLs. + - Work around a bug in Net::Remctl with explicit undef arguments. + - Correctly enable syslog logging in wallet-backend. + - Fix the remctl configuration for keytab-backend. + * Create /var/lib/keytabs in the keytab-backend package. + + -- Russ Allbery <rra@debian.org> Fri, 08 Feb 2008 11:22:54 -0800 + +wallet (0.6-1) unstable; urgency=low + + * New upstream version. + - Safer handling of file creation with -f in the client. + - The client can get configuration from krb5.conf. + - Support get in the client without -f. + - Client support for merging keys into an existing keytab. + - New client -u option to obtain new Kerberos credentials. + - New wallet-admin command-line utility for the server. + - The server supports enforcing a local object naming policy. + - New wallet-report script (currently Stanford-specific). + * Change hard-coded wallet server to wallet.stanford.edu. + * Add --enable-reduced-depends to configure to eliminate unnecessary + shared library dependencies. + + -- Russ Allbery <rra@debian.org> Mon, 28 Jan 2008 15:17:25 -0800 + +wallet (0.5-2) unstable; urgency=low + + * Hard-code lsdb-new.stanford.edu as the wallet server name for the time + being. + + -- Russ Allbery <rra@debian.org> Mon, 17 Dec 2007 21:17:08 -0800 + +wallet (0.5-1) unstable; urgency=low + + * New upstream release. + - Allow more valid arguments to wallet-backend. + - Load Perl modules for object types and ACL verifiers properly. + - Correctly implement clearing attribute values. + - Fix keytab principal validation to allow periods. + - When writing files from the client, remove old backup files. + - Check default creation ACLs before the ADMIN ACL. + + -- Russ Allbery <rra@debian.org> Thu, 06 Dec 2007 22:26:55 -0800 + +wallet (0.4-1) unstable; urgency=low + + * New upstream release. + - Globally cache ACL verifiers. + - Add the netdb-root ACL verifier, which requires root instances. + - Determine object and ACL scheme classes from the database. + - Coding style fixes and cleanup. + * Update debian/copyright using the information from LICENSE. + * Update standards version to 3.7.3 (no changes required). + + -- Russ Allbery <rra@debian.org> Wed, 05 Dec 2007 17:01:20 -0800 + +wallet (0.3-1) unstable; urgency=low + + * New upstream release. + * Initial packaging of all components of wallet. + + -- Russ Allbery <rra@debian.org> Fri, 30 Nov 2007 20:30:30 -0800 + +wallet (0.1-1) unstable; urgency=low + + * Initial release building only kasetkey. + + -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 16:07:05 -0800 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..cfd2669 --- /dev/null +++ b/debian/control @@ -0,0 +1,64 @@ +Source: wallet +Section: net +Priority: extra +Maintainer: Russ Allbery <rra@debian.org> +Build-Depends: debhelper (>= 5), libdbi-perl, libdbd-sqlite3-perl, + libkrb5-dev, libremctl-dev, libtest-pod-perl, perl, + libopenafs-dev [i386 powerpc sparc alpha s390 ia64 hppa amd64 ppc64] +Standards-Version: 3.7.3 + +Package: kasetkey +Architecture: i386 powerpc sparc alpha s390 ia64 hppa amd64 ppc64 +Depends: ${shlibs:Depends} +Description: Set AFS kaserver keys and generate srvtabs + kasetkey can create or delete principals in an AFS kaserver, randomize + or change the keys of principals, and generate srvtabs for principals. + It's intended for automated generation of service srvtabs and for + synchronization between Kerberos v5 keytabs and Kerberos v4 keys in an + AFS kaserver. It only works with an AFS kaserver KDC. + +Package: keytab-backend +Architecture: all +Depends: krb5-admin-server, perl, remctl-server +Description: Provide existing Kerberos keytabs via remctl + keytab-backend is a service that runs under remctld and allows + authenticated clients to download Kerberos keytabs without changing the + key stored in the Kerberos KDC. It must run on the same host as the + Kerberos KDC and uses kadmin.local to extract the existing key. It + applies additional ACLs to limit which keys may be extracted in this + way. + +Package: wallet-client +Architecture: any +Depends: ${shlibs:Depends} +Description: Kerberos-authenticated secure data management client + The wallet is a system for managing secure data, authorization rules to + retrieve or change that data, and audit rules for documenting actions + taken on that data. Objects of various types may be stored in the + wallet or generated on request and retrieved by authorized users. The + wallet tracks ACLs, metadata, and trace information. It uses Kerberos + authentication. One of the object types it supports is Kerberos keytabs, + making it suitable as a user-accessible front-end to Kerberos kadmind + with richer ACL and metadata operations. + . + This package contains the wallet client, which talks to a remote wallet + server to store, download, and manage objects. + +Package: wallet-server +Architecture: all +Depends: krb5-user, libdbi-perl, libdbd-sqlite3-perl | libdbd-mysql-perl, + remctl-server, ${perl:Depends} +Suggests: libauthen-krb5-perl, libnet-remctl-perl +Description: Kerberos-authenticated secure data management server + The wallet is a system for managing secure data, authorization rules to + retrieve or change that data, and audit rules for documenting actions + taken on that data. Objects of various types may be stored in the + wallet or generated on request and retrieved by authorized users. The + wallet tracks ACLs, metadata, and trace information. It uses Kerberos + authentication. One of the object types it supports is Kerberos keytabs, + making it suitable as a user-accessible front-end to Kerberos kadmind + with richer ACL and metadata operations. + . + This package contains the wallet server, which runs under remctl, + maintains the database of object metadata and secure objects, and + responds to requests from the wallet client. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..f5bff22 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,178 @@ +Packaged for Debian by Russ Allbery <rra@debian.org> 2007-03-08 + +It was downloaded from: + + <http://www.eyrie.org/~eagle/software/wallet/> + +Upstream author: + + Russ Allbery <rra@stanford.edu> + +Debian packaging copyright: + + Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. + University. + + All files and modifications related to Debian packaging are covered + under the same license terms as the rest of the package. + +Copyright: + +The wallet package as a whole is: + + Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. + University. All rights reserved. + +and covered under the following license: + + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose and without fee is hereby granted, + provided that the above copyright notice appear in all copies and that + both that copyright notice and this permission notice appear in + supporting documentation, and that the name of Stanford University not + be used in advertising or publicity pertaining to distribution of the + software without specific, written prior permission. Stanford + University makes no representations about the suitability of this + software for any purpose. It is provided "as is" without express or + implied warranty. + + THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +All individual files with no other license statement are covered under +this license. Some files have additional copyright dates from earlier +releases or may be owned by other copyright holders as noted in those +files. + +Collected copyright notices for the entire package: + + Copyright 1994, 1998, 1999, 2000, 2002, 2003, 2004, 2005, 2006, 2007, + 2008 Board of Trustees, Leland Stanford Jr. University + Copyright 2000, 2001, 2004 Russ Allbery <rra@stanford.edu> + Copyright 2004, 2005, 2006 + by Internet Systems Consortium, Inc. ("ISC") + Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + 2002, 2003 by The Internet Software Consortium and Rich Salz + Copyright 1995 Patrick Powell + Copyright 1996, 1997 Brandon Long <blong@fiction.net> + Copyright 1998 Thomas Roessler <roessler@guug.de> + Copyright 1998 Michael Elkins <me@cs.hmc.edu> + Copyright 1998 Andrew Tridgell <tridge@samba.org> + Copyright 2000, 2005 Hrvoje Niksic <hniksic@xemacs.org> + Copyright 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. + Copyright 1994 X Consortium + +The file portable/snprintf.c is covered by the following license: + + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions + +The files portable/asprintf.c, portable/dummy.c and util/concat.c have +been placed in the public domain by their author. + +The files tests/libtest.c, tests/libtest.h, tests/portable/snprintf-t.c, +tests/util/concat-t.c, tests/util/messages-t.c, tests/util/xmalloc-t, +and tests/util/xmalloc.c are covered by the following copyright and +license: + + Copyright (c) 2004, 2005, 2006 + by Internet Systems Consortium, Inc. ("ISC") + Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + 2002, 2003 by The Internet Software Consortium and Rich Salz + + This code is derived from software contributed to the Internet Software + Consortium by Rich Salz. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files Makefile.in and aclocal.m4 are generated by GNU Automake and +covered by the following copyright and license: + + Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, + 2003, 2004, 2005, 2006 Free Software Foundation, Inc. + This file is free software; the Free Software Foundation + gives unlimited permission to copy and/or distribute it, + with or without modifications, as long as this notice is preserved. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. + +The file configure is generated by GNU Autoconf and is covered by the +following copyright and license: + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, + 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. + This configure script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it. + +The files build-aux/compile, build-aux/depcomp, and build-aux/missing are +taken from GNU Automake and are covered by the following copyright and +license: + + Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 + Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any + later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + As a special exception to the GNU General Public License, if you + distribute this file as part of a program that contains a configuration + script generated by Autoconf, you may include it under the same + distribution terms that you use for the rest of that program. + +For the wallet distribution, the option described in the last paragraph +has been accepted and these files are distributed under the same terms as +the wallet package as a whole, as described at the top of this file. You +can find the GPL version 2 in /usr/share/common-licenses/GPL-2 on Debian +systems. + +The file build-aux/install-sh is covered by the following copyright and +license: + + Copyright (C) 1994 X Consortium + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR + OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + + Except as contained in this notice, the name of the X Consortium shall + not be used in advertising or otherwise to promote the sale, use or + other dealings in this Software without prior written authorization + from the X Consortium. diff --git a/debian/kasetkey.install b/debian/kasetkey.install new file mode 100644 index 0000000..99cdcd8 --- /dev/null +++ b/debian/kasetkey.install @@ -0,0 +1,2 @@ +debian/tmp/usr/sbin/kasetkey +debian/tmp/usr/share/man/man8/kasetkey.8 diff --git a/debian/keytab-backend.dirs b/debian/keytab-backend.dirs new file mode 100644 index 0000000..c601e1a --- /dev/null +++ b/debian/keytab-backend.dirs @@ -0,0 +1,2 @@ +/etc/remctl/acl +/var/lib/keytabs diff --git a/debian/keytab-backend.install b/debian/keytab-backend.install new file mode 100644 index 0000000..8d16b5d --- /dev/null +++ b/debian/keytab-backend.install @@ -0,0 +1,5 @@ +debian/tmp/usr/sbin/keytab-backend +debian/tmp/usr/share/man/man8/keytab-backend.8 + +config/allow-extract etc/krb5kdc +config/keytab etc/remctl/conf.d diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..73d4f09 --- /dev/null +++ b/debian/rules @@ -0,0 +1,109 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# GNU copyright 1997 to 1999 by Joey Hess. +# Further updates by Russ Allbery <rra@debian.org> + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# Used only for the man page. +VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2 \ + | cut -d- -f1) + +# Tell Autoconf the correct system types. We need to know the host +# architecture to determine whether setpag is available. +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) + SYSTEM = --build $(DEB_HOST_GNU_TYPE) +else + SYSTEM = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +# Set up compiler flags. +CFLAGS = -Wall -g +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + CFLAGS="$(CFLAGS)" ./configure $(SYSTEM) --prefix=/usr \ + --mandir=\$${prefix}/share/man --with-kaserver \ + --enable-reduced-depends + touch $@ + +build: build-arch build-indep +build-arch: build-stamp +build-indep: +build-stamp: configure-stamp + dh_testdir + $(MAKE) + $(MAKE) check + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f configure-stamp build-stamp install-stamp + [ ! -f Makefile ] || $(MAKE) distclean + dh_clean + +install: install-stamp +install-stamp: build-stamp + dh_testdir + dh_testroot + dh_clean + cd $(CURDIR)/perl && perl Makefile.PL INSTALLDIRS=vendor + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + DH_OPTIONS= dh_installdirs + DH_OPTIONS= dh_install --fail-missing + install -m 0644 config/keytab.acl \ + $(CURDIR)/debian/keytab-backend/etc/remctl/acl/keytab + touch $@ + +binary: binary-arch binary-indep + +binary-arch: DH_OPTIONS=-a +binary-arch: install-stamp + dh_testdir + dh_testroot + dh_installchangelogs NEWS + dh_installdocs -A README TODO + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: DH_OPTIONS=-i +binary-indep: install-stamp + dh_testdir + dh_testroot + dh_installchangelogs NEWS + dh_installdocs -A README TODO + dh_installman + dh_link + dh_strip + dh_compress + dh_perl + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +.PHONY: build build-arch build-indep clean binary-arch binary-indep binary +.PHONY: install diff --git a/debian/wallet-client.install b/debian/wallet-client.install new file mode 100644 index 0000000..ec2d8c7 --- /dev/null +++ b/debian/wallet-client.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/wallet +debian/tmp/usr/share/man/man1/wallet.1 diff --git a/debian/wallet-server.dirs b/debian/wallet-server.dirs new file mode 100644 index 0000000..0e856f2 --- /dev/null +++ b/debian/wallet-server.dirs @@ -0,0 +1 @@ +/etc/wallet diff --git a/debian/wallet-server.docs b/debian/wallet-server.docs new file mode 100644 index 0000000..db7ea6a --- /dev/null +++ b/debian/wallet-server.docs @@ -0,0 +1,6 @@ +docs/design +docs/design-acl +docs/design-api +docs/netdb-role-api +docs/notes +docs/setup diff --git a/debian/wallet-server.install b/debian/wallet-server.install new file mode 100644 index 0000000..a12d813 --- /dev/null +++ b/debian/wallet-server.install @@ -0,0 +1,10 @@ +debian/tmp/usr/sbin/wallet-admin +debian/tmp/usr/sbin/wallet-backend +debian/tmp/usr/share/man/man3/*.3pm +debian/tmp/usr/share/man/man8/wallet-admin.8 +debian/tmp/usr/share/man/man8/wallet-backend.8 +debian/tmp/usr/share/perl5 + +config/wallet etc/remctl/conf.d +contrib/wallet-report usr/sbin +contrib/wallet-report.8 usr/share/man/man8 |