diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 342 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/control | 119 | ||||
| -rw-r--r-- | debian/copyright | 212 | ||||
| -rw-r--r-- | debian/gbp.conf | 10 | ||||
| -rw-r--r-- | debian/keytab-backend.dirs | 2 | ||||
| -rw-r--r-- | debian/keytab-backend.docs | 2 | ||||
| -rw-r--r-- | debian/keytab-backend.install | 5 | ||||
| -rwxr-xr-x | debian/rules | 38 | ||||
| -rw-r--r-- | debian/source/format | 1 | ||||
| -rw-r--r-- | debian/upstream/signing-key.asc | 138 | ||||
| -rw-r--r-- | debian/wallet-client.docs | 3 | ||||
| -rw-r--r-- | debian/wallet-client.install | 4 | ||||
| -rw-r--r-- | debian/wallet-server.dirs | 1 | ||||
| -rw-r--r-- | debian/wallet-server.docs | 11 | ||||
| -rw-r--r-- | debian/wallet-server.examples | 4 | ||||
| -rw-r--r-- | debian/wallet-server.install | 12 | ||||
| -rw-r--r-- | debian/watch | 3 |
18 files changed, 908 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..ff67c9d --- /dev/null +++ b/debian/changelog @@ -0,0 +1,342 @@ +wallet (1.4-1) UNRELEASED; urgency=medium + + * New upstream release. + - Substantial improvements to the Active Directory support. This + includes several changes to configuration options and new behavior + for principal naming and directory attributes. Review the upstream + documentation if you are using the experimental Active Directory + support. + - Install new contrib/ad-keytab script as /usr/bin/ad-keytab. + - Retrieve krb5.conf settings using the correct default realm. + * Update debhelper compatibility level to V11. + - Remove explicit autoreconf sequence configuration. + - Remove now-unnecessary --parallel flags. + * Update standards version to 4.1.4. + - Use https URLs for Vcs-* fields in debian/control. + - Use https URL for debian/copyright Format field. + - Change Priority: extra to optional since extra has been retired. + * Set Rules-Requires-Root: no. + * Set C_TAP_VERBOSE for better test output. + * Bump watch file version to 4 and use an https URL. + * Add upstream-vcs-tag pattern to debian/gbp.conf. + * Refresh upstream signing key. + + -- Russ Allbery <rra@debian.org> Sun, 03 Jun 2018 16:57:41 -0700 + +wallet (1.3-1) unstable; urgency=medium + + * New upstream release. + - Initial experimental support for Active Directory as the KDC by + setting KEYTAB_KRBTYPE to AD. + - New nested ACL scheme to group other ACLs. + - New external ACL scheme that runs an external command. + - New variation on the ldap-attr ACL scheme, ldap-attr-root, that + requires the principal end in /root and removes that part of the + principal name when checking LDAP. + - New password object type that generates a new, random password if no + password was previously stored. + - New update wallet command that always updates the contents of an + object before returning it, even if it is marked unchanging. In the + long term, the unchanging flag will be replaced by this distinction + between get and update. + - New acl replace wallet command that changes all objects owned by one + ACL to be owned by a different ACL. This currently only handles + owner, not the more specific ACLs. + - All ACL operations now refer to the ACL by name instead of ID. + - New report for unstored objects. + - New report to list all object types and ACL schemes. + - New report to list all ACLs that nest another ACL. + - New report that dumps all object history. + - Displays of ACLs and ACL entries are now sorted correctly. + * Add explicit build dependency on libmodule-build-perl, since it is no + no longer provided by the perl package. + * Change the branch layout to follow DEP-14. + * Run wrap-and-sort -ast on the package. + * Remove explicit setting of xz as the Debian source package compression + type. This is now the default. + * Refresh upstream signing key. + + -- Russ Allbery <rra@debian.org> Sun, 17 Jan 2016 20:25:41 -0800 + +wallet (1.2-1) unstable; urgency=medium + + * New upstream release. + - New object types duo-radius, duo-ldap, and duo-rdp. + - New rename command for file objects. + * Add a gbp.conf file to reflect the branch layout and settings of the + normal packaging repository. + * Update standards version to 3.9.6 (no changes required). + + -- Russ Allbery <rra@debian.org> Mon, 08 Dec 2014 21:13:21 -0800 + +wallet (1.1-1) unstable; urgency=medium + + * New upstream release. + - New object type, duo, which creates a UNIX integration with the Duo + Security cloud multifactor authentication service. + - The owner and getacl commands now return the name of the ACL. + - The date passed to expires can be any date format understood by + Date::Parse. + - wallet-rekey now works properly with keytabs containing multiple + principals and does not store new principals in a separate file + first. + - Fix setting enctype restrictions on keytab objects and populate the + reference table for valid enctypes on database creation. + - Fix Wallet::Config documentation of ldap_map_principal. + - Generate a long, random password when creating new principals in the + Heimdal KDC to avoid problems with password quality checks. + - Remove erroneous foreign key constraints between the object history + and objects table, an incorrect linkage in the ACL history table, + and add indices for object type, name, and ACL. + - Use DateTime objects uniformly in the database layer. + - ACL renames are now recorded in the ACL history. + - Fix wallet-backend parsing of the expires command to expect only one + argument. + - Fix ordering of table drops during wallet-admin destroy to honor + foreign key reference constraints. + - The initial ADMIN ACL creation is no longer documented in history. + * Document in the wallet-server package description that a DBD::* module + and corresponding DateTime::Format::* module are required. (There + isn't a way to fully represent the required dependency.) + * Rebuild Autoconf and Automake files during the build. + * Define AUTOMATED_TESTING to enable some additional Perl tests. + * Adjust debian/rules for the new Module::Build Perl build system. + * Drop now-unneeded dh_builddeb override for xz compression. + * Enable uscan verification of the GnuPG signatures on upstream + releases in debian/watch. + * Update standards version to 3.9.5 (no changes required). + + -- Russ Allbery <rra@debian.org> Wed, 16 Jul 2014 17:08:35 -0700 + +wallet (1.0-5) unstable; urgency=low + + * Cherry-pick upstream commit to randomize the password used for initial + Kerberos principal creation when talking to a Heimdal KDC. + + -- Russ Allbery <rra@debian.org> Thu, 09 Jan 2014 14:05:19 -0800 + +wallet (1.0-4) unstable; urgency=low + + * Cherry-pick upstream commit to fix wallet-rekey when used with keytabs + that contain multiple principals. + * Cherry-pick upstream commit to fix the skipped test count for the + ldap-attr verifier test. + * Add libauthen-sasl-perl and libnet-ldap-perl to Build-Depends for the + test suite. + + -- Russ Allbery <rra@debian.org> Mon, 06 Jan 2014 21:27:50 -0800 + +wallet (1.0-3) unstable; urgency=low + + * Cherry-pick upstream commits to fix ACL history entries with + PostgreSQL, an incorrect foreign key constraint for the object + history, and bugs in handling of enctype restrictions for keytabs. + * Move the DateTime::Format::* Perl modules for various databases to + Depends from Recommends and add the Pg and MySQL versions as + alternatives. + + -- Russ Allbery <rra@debian.org> Tue, 05 Nov 2013 13:17:51 -0800 + +wallet (1.0-2) unstable; urgency=low + + * Cherry-pick upstream commits to fix the t/admin.t test with the + squeeze version of DBIx::Class. + + -- Russ Allbery <rra@debian.org> Fri, 29 Mar 2013 13:58:42 -0700 + +wallet (1.0-1) unstable; urgency=low + + * New upstream release. + - New wallet-admin upgrade command to upgrade the schema to the latest + version. This should be run manually after upgrading the server. + - Owners of wallet objects are now allowed to destroy them by default. + - New ACL type ldap-attr to check whether the caller has an attribute + in an LDAP directory (needs libauthen-sasl-perl and libnet-ldap-perl + and only works with GSS-API binds). + - New object type wa-keyring to store WebAuth keyrings (needs + libwebauth-perl). + - New acl check command that returns whether the named ACL exists. + - New comments field for objects and wallet commands to set and + retrieve it. + * Switch to xz compression for the upstream and Debian tarballs and + binary packages. + * Update debhelper compatibility level to V9. + - Enable all hardening build flags. + - Enable parallel builds. + * Check for any files left uninstalled by dh_install. + * Tag all packages as Multi-Arch: foreign. + * Move single-debian-patch to local-options and patch-header to + local-patch-header so that they only apply to the packages I build and + NMUs get regular version-numbered patches. + * Convert debian/copyright to copyright-format 1.0. + * Update standards version to 3.9.4. + - Indicate the Debian packaging branch in the Vcs-Git header. + + -- Russ Allbery <rra@debian.org> Wed, 27 Mar 2013 20:06:21 -0700 + +wallet (0.12-1) unstable; urgency=low + + * New upstream release. + - New wallet-rekey client program to rekey a keytab. + - New ACL type krb5-regex for the server. + - New objects unused wallet-report report. + - New acls duplicate wallet-report report. + - Add a help command to wallet-report. + * Don't install wallet-summary in /usr/sbin in the wallet-server package + and instead install it in /usr/share/doc/wallet-server/examples. This + program is Stanford-specific and would require extensive changes for + other sites. + * Install the other contrib scripts except convert-srvtab-db to the + examples directory for wallet-server. + * Switch to 3.0 (quilt) source format. Force a single Debian patch and + include a custom patch header explaining that it is a rollup of any + fixes cherry-picked from upstream and breaking those patches out + separately would be work for no gain. + * Update standards version to 3.9.1 (no changes required). + + -- Russ Allbery <rra@debian.org> Wed, 25 Aug 2010 18:49:48 -0700 + +wallet (0.11-1) unstable; urgency=low + + * New upstream release. + - Verify that deleted ACLs are not referenced. + - Add Wallet::Config verify_acl_name function to check ACL names. + - Add audit command to wallet-report to check for naming violations. + - Add acl unused report to wallet-report. + + -- Russ Allbery <rra@debian.org> Mon, 08 Mar 2010 10:59:00 -0800 + +wallet (0.10-1) unstable; urgency=low + + * New upstream release. + - Add support for Heimdal KDCs as well as MIT Kerberos KDCs. New + mandatory configuration setting KEYTAB_KRBTYPE which must be set to + either MIT or Heimdal. + - Remove kaserver synchronization support and kasetkey. + - wallet -S now generates a srvtab based on the DES key of the keytab + and does not enable synchronization. No synchronization targets are + supported now. + - The wallet client and wallet-backend server can now handle store of + files containing nuls provided that the server uses remctl 2.14 and + the remctl configuration is updated to use stdin=last. + - Correctly store data that begins with a dash. + - Do not log the data passed to store. + - New wallet-report script and multiple additional database reports. + - Report ACL names as well as numbers in object history. + * Update debhelper compatibility level to V7. + - Use debhelper rule minimization with overrides. + - Add ${misc:Depends} to dependencies. + * Clarify in long description that keytab-backend is only needed for MIT + Kerberos. + * Move wallet-server's dependency on krb5-user to Recommends, since it's + only needed for keytab support, and allow libheimdal-kadm5-perl as an + alternative. + * Recommend remctl-server 2.14 or later for improved store support. + * Add Homepage, Vcs-Git, and Vcs-Browser control fields. + * Add a watch file. + * Update standards version to 3.8.4 (no changes required). + + -- Russ Allbery <rra@debian.org> Sun, 21 Feb 2010 21:13:40 -0800 + +wallet (0.9-1) unstable; urgency=low + + * New upstream release. + - The wallet client now supports -f and stdin for store. + - kasetkey supports enable, disable, and examine. + - Stop setting Stanford-specific server defaults. + * The test suite no longer needs libio-string-perl. + * Use a separate stamp file for configure and install and use touch $@ + to create stamp files. + * Update debhelper compatibility level to V5 (no changes required). + + -- Russ Allbery <rra@debian.org> Thu, 24 Apr 2008 16:09:19 -0700 + +wallet (0.8-1) unstable; urgency=low + + * New upstream version. + - Fix protocol mismatch between client and server. + - Add file object support to the wallet server. + - Correctly handle empty objects in the wallet client. + - Add -q flag to wallet-backend to suppress syslog logging. + - Add class registration to the wallet-admin utility. + - Updated design documentation. + + -- Russ Allbery <rra@debian.org> Wed, 13 Feb 2008 13:59:06 -0800 + +wallet (0.7-1) unstable; urgency=low + + * New upstream version. + - Add exists and autocreate wallet server interfaces. + - Implement autocreation on the client instead of the server. + - Make create once again an ADMIN-only function. + - Always generate the srvtab from the newly downloaded keys. + - Pass kadmin.local ktadd its options in the correct order. + - Check naming policy before checking default ACLs. + - Work around a bug in Net::Remctl with explicit undef arguments. + - Correctly enable syslog logging in wallet-backend. + - Fix the remctl configuration for keytab-backend. + * Create /var/lib/keytabs in the keytab-backend package. + + -- Russ Allbery <rra@debian.org> Fri, 08 Feb 2008 11:22:54 -0800 + +wallet (0.6-1) unstable; urgency=low + + * New upstream version. + - Safer handling of file creation with -f in the client. + - The client can get configuration from krb5.conf. + - Support get in the client without -f. + - Client support for merging keys into an existing keytab. + - New client -u option to obtain new Kerberos credentials. + - New wallet-admin command-line utility for the server. + - The server supports enforcing a local object naming policy. + - New wallet-report script (currently Stanford-specific). + * Change hard-coded wallet server to wallet.stanford.edu. + * Add --enable-reduced-depends to configure to eliminate unnecessary + shared library dependencies. + + -- Russ Allbery <rra@debian.org> Mon, 28 Jan 2008 15:17:25 -0800 + +wallet (0.5-2) unstable; urgency=low + + * Hard-code lsdb-new.stanford.edu as the wallet server name for the time + being. + + -- Russ Allbery <rra@debian.org> Mon, 17 Dec 2007 21:17:08 -0800 + +wallet (0.5-1) unstable; urgency=low + + * New upstream release. + - Allow more valid arguments to wallet-backend. + - Load Perl modules for object types and ACL verifiers properly. + - Correctly implement clearing attribute values. + - Fix keytab principal validation to allow periods. + - When writing files from the client, remove old backup files. + - Check default creation ACLs before the ADMIN ACL. + + -- Russ Allbery <rra@debian.org> Thu, 06 Dec 2007 22:26:55 -0800 + +wallet (0.4-1) unstable; urgency=low + + * New upstream release. + - Globally cache ACL verifiers. + - Add the netdb-root ACL verifier, which requires root instances. + - Determine object and ACL scheme classes from the database. + - Coding style fixes and cleanup. + * Update debian/copyright using the information from LICENSE. + * Update standards version to 3.7.3 (no changes required). + + -- Russ Allbery <rra@debian.org> Wed, 05 Dec 2007 17:01:20 -0800 + +wallet (0.3-1) unstable; urgency=low + + * New upstream release. + * Initial packaging of all components of wallet. + + -- Russ Allbery <rra@debian.org> Fri, 30 Nov 2007 20:30:30 -0800 + +wallet (0.1-1) unstable; urgency=low + + * Initial release building only kasetkey. + + -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 16:07:05 -0800 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..84b3c8a --- /dev/null +++ b/debian/control @@ -0,0 +1,119 @@ +Source: wallet +Section: net +Priority: optional +Maintainer: Russ Allbery <rra@debian.org> +Bugs: mailto:rra@debian.org +Build-Depends: + debhelper (>= 11), + libauthen-sasl-perl, + libcrypt-generatepassword-perl, + libdatetime-format-sqlite-perl, + libdatetime-perl, + libdbd-sqlite3-perl, + libdbi-perl, + libdbix-class-perl, + libheimdal-kadm5-perl, + libipc-run-perl, + libjson-perl, + libkrb5-dev, + libmodule-build-perl, + libnet-dns-perl, + libnet-duo-perl, + libnet-ldap-perl, + libnet-remctl-perl, + libperl6-slurp-perl, + libremctl-dev, + libsql-translator-perl, + libtest-minimumversion-perl, + libtest-pod-perl, + libtest-strict-perl, + libtimedate-perl, + libwebauth-perl, + perl, + sqlite3, +Rules-Requires-Root: no +Standards-Version: 4.1.4 +Homepage: https://www.eyrie.org/~eagle/software/wallet/ +Vcs-Git: https://git.eyrie.org/git/kerberos/wallet.git -b debian/master +Vcs-Browser: https://git.eyrie.org/?p=kerberos/wallet.git + +Package: keytab-backend +Architecture: all +Multi-Arch: foreign +Depends: + krb5-admin-server, + perl, + remctl-server, + ${misc:Depends}, + ${perl:Depends}, +Description: Provide existing MIT Kerberos keytabs via remctl + keytab-backend is a service that runs under remctld and allows + authenticated clients to download Kerberos keytabs from an MIT Kerberos + KDC without changing the key stored in the Kerberos KDC. It must run on + the same host as the Kerberos KDC and uses kadmin.local to extract the + existing key. It applies additional ACLs to limit which keys may be + extracted in this way. This interface is not needed for Heimdal. + +Package: wallet-client +Architecture: any +Multi-Arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Description: Kerberos-authenticated secure data management client + The wallet is a system for managing secure data, authorization rules to + retrieve or change that data, and audit rules for documenting actions + taken on that data. Objects of various types may be stored in the + wallet or generated on request and retrieved by authorized users. The + wallet tracks ACLs, metadata, and trace information. It uses Kerberos + authentication. One of the object types it supports is Kerberos keytabs, + making it suitable as a user-accessible front-end to Kerberos kadmind + with richer ACL and metadata operations. + . + This package contains the wallet client, which talks to a remote wallet + server to store, download, and manage objects. + +Package: wallet-server +Architecture: all +Multi-Arch: foreign +Depends: + libdatetime-format-sqlite-perl | libdatetime-format-mysql-perl | libdatetime-format-pg-perl, + libdatetime-perl, + libdbd-sqlite3-perl | libdbd-mysql-perl | libdbd-pg-perl, + libdbi-perl, + libdbix-class-perl, + libsql-translator-perl, + libtimedate-perl, + remctl-server, + ${misc:Depends}, + ${perl:Depends}, +Recommends: + krb5-user | libheimdal-kadm5-perl, + remctl-server (>= 2.14), +Suggests: + libauthen-sasl-perl, + libcrypt-generatepassword-perl, + libipc-run-perl, + libjson-perl, + libnet-duo-perl, + libnet-ldap-perl, + libnet-remctl-perl, + libperl6-slurp-perl, + libwebauth-perl (>= 4.4.0), +Description: Kerberos-authenticated secure data management server + The wallet is a system for managing secure data, authorization rules to + retrieve or change that data, and audit rules for documenting actions + taken on that data. Objects of various types may be stored in the + wallet or generated on request and retrieved by authorized users. The + wallet tracks ACLs, metadata, and trace information. It uses Kerberos + authentication. One of the object types it supports is Kerberos keytabs, + making it suitable as a user-accessible front-end to Kerberos kadmind + with richer ACL and metadata operations. + . + This package contains the wallet server, which runs under remctl, + maintains the database of object metadata and secure objects, and + responds to requests from the wallet client. + . + This package requires a DBD::* module (libdbd-*-perl) and corresponding + DateTime::Format::* module (libdatetime-format-*-perl) for the same + underlying database driver. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..dc8d574 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,212 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Contact: Russ Allbery <eagle@eyrie.org> +Source: https://www.eyrie.org/~eagle/software/wallet/ +Copyright: 2014, 2016, 2018 Russ Allbery <eagle@eyrie.org> + 2006-2010, 2012-2015 + The Board of Trustees of the Leland Stanford Junior University +License: Expat + +Files: * +Copyright: 2000-2002, 2004-2018 Russ Allbery <eagle@eyrie.org> + 2001-2015 The Board of Trustees of the Leland Stanford Junior University + 2015-2016 Dropbox, Inc. +License: Expat + +Files: Makefile.in +Copyright: 1994-2017 Free Software Foundation, Inc. + 2006-2008, 2010, 2013-2014 + The Board of Trustees of the Leland Stanford Junior University + 2016, 2018 Russ Allbery <eagle@eyrie.org> +License: FSF-unlimited and Expat + +Files: aclocal.m4 +Copyright: 1996-2017 Free Software Foundation, Inc. +License: FSF-unlimited + +Files: build-aux/ar-lib build-aux/compile build-aux/depcomp + build-aux/missing +Copyright: 1996-2017 Free Software Foundation, Inc. +License: GPL-2+ with Autoconf exception or Expat + +Files: build-aux/install-sh +Copyright: 1994 X Consortium +License: X11 + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to permit + persons to whom the Software is furnished to do so, subject to the + following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR + OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + . + Except as contained in this notice, the name of the X Consortium shall + not be used in advertising or otherwise to promote the sale, use or other + dealings in this Software without prior written authorization from the X + Consortium. + +Files: client/wallet-rekey.1 client/wallet-rekey.pod client/wallet.1 + client/wallet.pod docs/design docs/design-acl docs/design-api + docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup + docs/stanford-naming perl/t/data/README portable/asprintf.c + portable/dummy.c portable/krb5-extra.c portable/krb5.h portable/macros.h + portable/mkstemp.c portable/reallocarray.c portable/setenv.c + portable/stdbool.h portable/system.h portable/uio.h tests/README + tests/config/README tests/data/cppcheck.supp tests/portable/asprintf-t.c + tests/portable/mkstemp-t.c tests/portable/setenv-t.c util/macros.h +Copyright: 2000-2006, 2010, 2014-2018 Russ Allbery <eagle@eyrie.org> + 2006-2014 The Board of Trustees of the Leland Stanford Junior University +License: all-permissive + Copying and distribution of this file, with or without modification, are + permitted in any medium without royalty provided the copyright notice and + this notice are preserved. This file is offered as-is, without any + warranty. + +Files: configure +Copyright: 1992-1996, 1998-2012 Free Software Foundation, Inc. +License: FSF-configure + This script is free software; the Free Software Foundation gives unlimited + permission to copy, distribute and modify it. + +Files: configure.ac m4/clang.m4 m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 + m4/lib-depends.m4 m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4 + m4/vamacros.m4 +Copyright: 2005-2014 + The Board of Trustees of the Leland Stanford Junior University + 2014-2016, 2018 Russ Allbery <eagle@eyrie.org> +License: unlimited + This file is free software; the authors give unlimited permission to copy + and/or distribute it, with or without modifications, as long as this + notice is preserved. + +Files: m4/cc-flags.m4 m4/perl.m4 util/messages.c util/messages.h + util/xmalloc.c util/xmalloc.h +Copyright: 1991, 1994-2003 The Internet Software Consortium and Rich Salz + 1998-2003 The Internet Software Consortium + 2004-2006, 2009, 2011, 2016 Internet Systems Consortium, Inc. + 2008-2010, 2012-2014 + The Board of Trustees of the Leland Stanford Junior University + 2015-2018 Russ Allbery <eagle@eyrie.org> +License: ISC + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +Files: portable/krb5-profile.c +Copyright: 1985-2005 the Massachusetts Institute of Technology +License: MIT-Kerberos + Export of this software from the United States of America may require + a specific license from the United States Government. It is the + responsibility of any person or organization contemplating export to + obtain such a license before exporting. + . + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. Furthermore if you modify this software you must label + your software as modified software and not distribute it in such a + fashion that it might be confused with the original MIT software. + M.I.T. makes no representations about the suitability of this software + for any purpose. It is provided "as is" without express or implied + warranty. + . + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + . + Individual source code files are copyright MIT, Cygnus Support, + OpenVision, Oracle, Sun Soft, FundsXpress, and others. + . + Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, + and Zephyr are trademarks of the Massachusetts Institute of Technology + (MIT). No commercial use of these trademarks may be made without + prior written permission of MIT. + . + "Commercial use" means use of a name in a product or other for-profit + manner. It does NOT prevent a commercial firm from referring to the + MIT trademarks in order to convey information (although in doing so, + recognition of their trademark status should be given). + +Files: portable/snprintf.c tests/portable/snprintf-t.c +Copyright: 1995 Patrick Powell + 2000-2006, 2018 Russ Allbery <eagle@eyrie.org> + 2001 Hrvoje Niksic + 2009-2010 The Board of Trustees of the Leland Stanford Junior University +License: Powell-snprintf + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to permit + persons to whom the Software is furnished to do so, subject to the + following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +License: FSF-unlimited + This file is free software; the Free Software Foundation gives unlimited + permission to copy and/or distribute it, with or without modifications, as + long as this notice is preserved. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +License: GPL-2+ with Autoconf exception + This file is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your + option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program. If not, see <http://www.gnu.org/licenses/>. + . + As a special exception to the GNU General Public License, if you + distribute this file as part of a program that contains a configuration + script generated by Autoconf, you may include it under the same + distribution terms that you use for the rest of that program. +Comment: The option described in the license has been accepted and these + files are distributed under the same terms as the package as a whole, as + described at the top of this file. You can find the GPL version 2 in + /usr/share/common-licenses/GPL-2 on Debian systems. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..224e797 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,10 @@ +# The standard packaging repository for wallet shares the repository with +# upstream development using the DEP-14 layout. + +[DEFAULT] +debian-branch = debian/master +upstream-branch = upstream/latest +pristine-tar = True + +[import-orig] +upstream-vcs-tag = release/%(version)s diff --git a/debian/keytab-backend.dirs b/debian/keytab-backend.dirs new file mode 100644 index 0000000..c601e1a --- /dev/null +++ b/debian/keytab-backend.dirs @@ -0,0 +1,2 @@ +/etc/remctl/acl +/var/lib/keytabs diff --git a/debian/keytab-backend.docs b/debian/keytab-backend.docs new file mode 100644 index 0000000..724e084 --- /dev/null +++ b/debian/keytab-backend.docs @@ -0,0 +1,2 @@ +README +TODO diff --git a/debian/keytab-backend.install b/debian/keytab-backend.install new file mode 100644 index 0000000..52a736e --- /dev/null +++ b/debian/keytab-backend.install @@ -0,0 +1,5 @@ +config/allow-extract etc/krb5kdc +config/keytab etc/remctl/conf.d +debian/tmp/etc/remctl/acl/keytab +debian/tmp/usr/sbin/keytab-backend +debian/tmp/usr/share/man/man8/keytab-backend.8 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..514fdb5 --- /dev/null +++ b/debian/rules @@ -0,0 +1,38 @@ +#!/usr/bin/make -f + +# Add hardening build flags. +export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow,+pie + +# The additional flags to pass to Build.PL, picked up by the upstream build +# system. +export WALLET_PERL_FLAGS := --installdirs vendor --create_packlist 0 + +# Enable some additional Perl tests. +export AUTOMATED_TESTING = 1 + +# Tell C TAP Harness to report the verbose output from all tests. +export C_TAP_VERBOSE = 1 + +%: + dh $@ + +override_dh_auto_configure: + dh_auto_configure -- --enable-reduced-depends + +# Install the remctl configuration as part of the build. +override_dh_auto_install: + dh_auto_install + install -d debian/tmp/etc/remctl/acl + install -m 0644 config/keytab.acl debian/tmp/etc/remctl/acl/keytab + install -m 0644 config/wallet-report.acl \ + debian/tmp/etc/remctl/acl/wallet-report + +# Override install to check for missing installed files. +override_dh_install: + dh_install --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS + +override_dh_compress: + dh_compress -X examples diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..24bbc5a --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,138 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBEofRrIBEADCOmbclGLGH2uSCQSM3xkvEwdB52ps8bMnrzujnsgjfw7crs8l +DUjfcOxOVsLlgClntMxaVx764j1IXYF9smAheFfbWD/06gS+lkeuOjYSa1GEfmZG +aqZbhfs5EZRKu1BynfrTRlj2L0XPcYcHM8tUTJsr7t4f7CWw1hmnZpm/vshj3xOG +MfEXe1t3nJAEIQi3AcCPrT2QP/PvkT0oglIpw6l0+gQnPwLZoc3OCnP7io0TPY96 +ZPpSlsPVgYpEvQSkygoNTjTOtuLJYyv7EpHBF0SU3xRs/73t5F5a28gQPIMMACw6 +CxhOvqqfFfKfOmm4xInwL7jmDz6UxSONzUNLh7T8OAGcGQx9rRDdssuw5krN3jhy +0VfHpeXij0H5nVdxTbfNusflxPBMFfqV9z1aiY/bklqbcA+GfOBSXoXkGvixi1qk +k3ZaddDQIBl5yv951EkVAelNwzABVKMeIi8RkpVdBVONj3+2Yg5+6oF9KfZc++KM +eUXmPIESNaz2YEmN5VEnHBhqHs4v+rUzAZXJo0g3lv5hMEsoqCxu+w4uVR7e+AbT +dIHnydQxCNkG31ywslUZPR9QP92NleIqgXY/nL1eDXBb9EGoxBSHD99KgavFB+xp ++dgmzpo8UzOpVM+1xvTAOLHZ+jwW9hGCx1ALpKvWI2qYeW3j+N3LsyGI5wARAQAB +tB5SdXNzIEFsbGJlcnkgPGVhZ2xlQGV5cmllLm9yZz6JAkAEEwEIACoCGwMFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4ACGQEFAlfdkzkFCRNh5wcACgkQ0V0xOIIAQXOF +og//XvypcBeU6YeBnNIvgnyzUE/hcWLvbMNFWVQGHou4UtMt+B9FPxmr5WO+K3X+ +6rYkqNCYDe1IZUC6rRIuzC8+yEFY39vNcWl6fwatkI8Uq/rWhMxHxRPIshc2RA5t +p4O9kZorY2Sk9ihiWYUc6s8nhjGinpJQ11p8wGvkvFzgPXO/wpw6LZpytS5SoIZH +S/IyqNS/19DCphIaFdaY6XH3btHCoreshpzAJFh8XPcMf5AS14bOya2XDi9kV3c/ +wWMe2YakHFNmF0eJ9c025FTz4WXB61OuTtNNO1vksm3YSOBaI9Z0svFJJ52uzj+a +ddHtdjBoisT8G5MzUH64bYgj+uKGkbiRDDdBvOtSb8yS2grx4f8Wg8wjIBCeLbWo +XuJyInmO3ctO8Pr8lHoWzR07cE1VkmEdhYAkgdBIktKBr6i+0keBR7irZyu6/HdW +bWEmFeD8qi+UyMZeAu0rlelpLKfNhKBiR9qfl/3YAjK4Hbzth1d1sCn7w3jGyIBu +s5TrLXBveqchcr86lf82zS/crf1sSlFPzP+7XD/WP/s0xwyUcJ7IMS8BDyD14w5z +ZvOuWiCfEhdRBzrhGE+kTq/0KhRfl3nF+F094AcJLtt4bPLAw2SvEREzbA4v9cHu +fDhMIj969u+mayPqA2ZKWQr9JYx/XmJ42XHZP0tPg/jK60O0H1J1c3MgQWxsYmVy +eSA8cnJhQHN0YW5mb3JkLmVkdT6JAj0EEwEIACcCGwMCHgECF4AFCwkIBwMFFQoJ +CAsFFgIDAQAFAlfdk1AFCRNh5wcACgkQ0V0xOIIAQXN3Xg//WKk1nmC5S5idtHkf +bSlC1eSLq2o2ci/JpIY41Z9XaydixhudKl1OPIRoCzuWNyWrGKVxEtZYF5NG0lMK +IevrLRzM99WpA0D8U8H0syC4zKbIotpWuPNUoomI/+UcsAq0MR2KJ26x3It7lKa2 +3TWTpfLYXD0DqWXkqx/vLEoRV+GGA4Ogf2AoYRqMMUOWzYufBDpv41rJ0x3GF699 +4a4sx88IV528FvpyLaXGVBpBW5Aqyrn7Vln+E9n4LiZF3TAhzCL2Xmti6exqqF2+ +4WbUWnK/2U/SC3w9jWIG7NhkQ8HTBjd1XvPUwuIAxyI6NoNs1jFDNrMKQqtZAg4U +OlRjl3eafnlDtejBOXXmIkV2zFYewdxNAlTfWxM0C44tMsMtRNd2XA/oSePs1ZgO +04MXtY3N9Pg5zC4D/Mj/psUcPooKg3DhqE/Vza72cZ2o8hRW8DjKqrHyUmwoT+5C +C+iYAweA7kaWiLEQVQ6Gkj6izubPt05xwt8A2/+1gwSbJxtnYgaW7+fs0L1RvH0G +nGUoEIdELyT5apH35a3OwJ7+SFQHbevbEAYex2t2OiK/QuRh2gUIDGDVs6EDwIgr +0lxpJpWljLA6u6BcLvvDkYT1x87GOoAOP/JXF9WNril6Lt4C4Xb9gFWpQimUUyF4 +0ENJPGi3ySwLrjAmp+LDZuZtulG0HVJ1c3MgQWxsYmVyeSA8cnJhQGRlYmlhbi5v +cmc+iQI9BBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJX3ZNQBQkT +YecHAAoJENFdMTiCAEFz2B8QALLKMz3l64/JbAcNuFt82yRBfa6W0gsNXX1wOV9q +xbcyRNKxhPqihN6OXTLtUyAFas/bFbK+o4hlzecrKzKylliwUK0BhtjRQRP79u71 +kZc5K5HxWsFTMD45hKVGB8FaDIKUqmQRdMIFEAbzTBZDyTV3FlV2PAXe9hoUS6v7 +ofAQZvYhXKVj0l3epzIb+lMfQmh+l+T44V/3TmITkrsKjhqlgm8R9zFysUE2tFKS +RBXT949KKwAlRybJ/mCpZVc3R+dH28MigSu0g4WcyWVtK+4HhlLRK67DnT6v89mU +DzpW1x2tV694Im5n9iftuWI/XaiQ+u26XqPJXUlX+fep1+0Ja8Yb6BLIZNAweTIj +6if8YnPUP3w3cY92QOprLrL/PVDLhXvn+rGt0s6X2/rmA5ae/0wA5WZOUVm1UHls +qv9X7oaU6VJ2Z4PA2oTimkCBnL+AGBEeBJcwCaQEpN3Aa58abZWwCf/mjU+VSLG/ +mE181sJQzenKfTQhsA7/ZV7rvurnfnMd5TMHR27qZLGkB7CyKHv+aSjkklVtTCUW +0q68RweRJr2/9gojIqPvyUchuGnBlJDx6KAXJxhvYSTJrwA+H78XnA6AeuL+Qn+N +tIL9veJquayxFq0hpt8tLhs6EAcNHumMafYgf2hqA+uj1i2/Tb25VEUbdpCIssZO +BTW7tCpSdXNzIEFsbGJlcnkgPGVhZ2xlQHdpbmRsb3JkLnN0YW5mb3JkLmVkdT6J +AkEEMAEIACsFAlPu130kHSBTeXN0ZW0gYW5kIGFkZHJlc3Mgbm8gbG9uZ2VyIGV4 +aXN0AAoJENFdMTiCAEFz6+cP/0LpJNgtaFQTc6EASrZJepp0qR4jSEj0rAxwuQtK +iFPRM0t9mBrGRLCwWDGssGpUmH5s2xbrg+f80gMPL85CFO2NzRdAX9vak+J53Di6 +dn4f1MrAQouQPt/53R8txN6cyerp3Fyk66j8KVLZSu17crpLxJ7GHTN8UPjHHhmj +EFxSI7VifM9/9RlKeGY1Tj6+fn8SKRPDJwEE2HwoSDhmmvFbqDJQe/fk7TaaG/G6 +F+iTASFsiqdwK5ffDT1Yi18K3eaCHcuIbgXb0qXHH7hYxIgXQuAOL6t6LQmRz5HC +upCjUBx9W25AJLTogenj2hgNbBe8LDbbELI5Foxn4Dhb+6dpepvCEAfUirxYiKHc +RsZB0E8D6qObQUgXmUZ45Z43jJf9Wk8LPVxnN6Lny3DVrGgE5r7sr/QyzDjRuDQg +Rsa9uXpv7rX2KYKpyZStvgA5SM+XdYTyaIlDgGiTIVjNWkb+3LAzrHXV8CvDSn7F +CuvpOax+z1+cJXnFFDFOrHN/tC/8w2U29L+fmJRCeJhj7MKjT/IobkdyuS2juBDg +r7QDmsHcI07ElbZGp4zjKnZYx42hkgVyjJBIcUdU3UGazTsnmF9t7Ek8JrZNannR +u1KC6rgOc8tP/FsVJmllgnr57CXazF++kLy7qwqgw2T9EA89WMtkakKLyMoit86C +E40TtCJSdXNzIEFsbGJlcnkgPHJyYUBjcy5zdGFuZm9yZC5lZHU+iQI9BBMBCAAn +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJX3ZNQBQkTYecHAAoJENFdMTiC +AEFzV0kP/3qNPGkGvHAq4fwTI9Bvp/OFrALKfsYMeAnYpo86+P5RCwS8kr2YAr/s +nPCIWRmnD8xjUVGZPKw2LBX7PliR901NH+JK9MbkLS0+pyYFbg0o+mRchlcnqNbz +jrAlttYNY7BLxFPti4+aXFljdwnS4onKCdu/vfaswPOrXuNcO6iS3LPbANEzbyRz +0FUx/e7T2coSDY49ys4pobYjeXoclz689EyfRkihHjK8zXBxWyQcE/5M6iDa9r2I +w/uYdi+sTJTLUm04ysTkx48DC0uw1fa17TG5oREw4+WGNrzHGrtq+iuZPwTRg+Gv +ispiDRJAUjFUG1VrGN5joCW5yGpgwgrsyjMa1fC5amfxI3SU/vO7xD2ln8C1Ky8W +MIE9bi2fBZ/yQz6CfoswOUCoXZ4zFg7nPRNIzgmf0O2P+vyT4j9joBeaqR10nr7N +r8fhDfqLsGmZSNoQvS+CewGfvBWTSA0EbpgXaLcQPnPeIrEQpRLiBjPWVHwFlyAB +OtCWoKZANMW5udUilU2NOSJQNf9+m33pduly8g5Ii6eWdNbguKFuUlz0r4wTgtPC +WHBAukYZte5vzeJMG2s37FIIc9N55DFYQ13l4hLmeuSKax2DEz2e/OkywhQBOZdM +Z8Xf0jcrF8eYrY0bZHUpu3f9jhxaUvXbWhvc3kSh4k12zdpPkX9ZtBtSdXNzIEFs +bGJlcnkgPHJyYUBjcGFuLm9yZz6JAj0EEwEIACcFAlgRjnYCGwMFCRNh5wcFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ0V0xOIIAQXMX9BAAgs5C0IWOMQ8mympm +q7SOzhvK8eUAEtwqu8wCMv851NEcSlKm/eHzzRJxmwQZluP+5O6+DNIjE0K+soRs +uLGPmQJjg3eDHyPNqTi9MJyl4EbLZSanccamy3qLF38xYU8Ptl97Uo0TAqcrasQU +Af6UJT3X/kVk6V+sucNF448KGmjb+GGKQrOJu5jeHaBc3HkMO5IO3iohtksWoPz/ +DvMRHqzWIzoc4zo5ZEE5sfuOjqKcSthY2vGnFYsBMYj+cPXMmmVTz1hhpoG/zyWz +3gm93kc3bVPVTED//cuua9DHxDXAGOq41j380JzWpbisPzlljzUZtXOn2pHLVci9 +L/2SWeW9HUARNc8wLVONbLvVzSyHGT1YiYppvkYZatyEY2zByd8UwHqRvHlN5VVC +LZTrpREHq/3AtBLQNXQR5vTMreK+TuUGjZVbtDIB0oHKxzSPb0ITOSd/Ukfly47d +Q6VEkmDEy0lWF68fG7NV5rzsX7H49/iK6DqeEr0PksA5Kn4lMleNA9rPrlmdjg+W +XjUJkzunY5nfr/yZyTQvwFvrC28IpGbsVmiG1bOUixirfBagkZ8KjJvsyQdUa3Yi +D023ZIQ1gNSRL6Pau/ls+cMXOWaMyL1ddemcqw4IUF/fYy8VtwrVB0ZSe8+OoUby +g+TZy382SJ2MUvJI6oSJdQWnova5Ag0ESh9K6gEQALZuDF62F028dT9/ChFHuJN+ +vH7Qwb4PQG960gXxe9n7FQ4nfVuBR953ismuJlckDN5RJ6gu0iXDAi5lXxEswynk ++YGz8MeIfWRFuNcOzHEFa2Z6XFbVk3+LVVPVHTvx2CD8t/4ZjeSJgDp4UWb6+jVP +tHbUPaC9hKsZ1SKbORJA/eXyReLwDPKlCuyxu+EbMqLOOCl082NOjzItu1WlKhli +ky4eSJxXZ3ad8C/BroxMj+3+QsMso/zafmpRFeGLc/7t8Sa+uUve7+k5gfubclHN +G9J1paGLHGVKiKuP6x3qjDqV8LTzjlclbPG0nUfAqRtLPbPR5AeqViY1JBHv+Xub +/3bSWUtMOan97QdkfeakWmIbmVEgW0n43gnklHIqJX69cUgF0HZdVKiJpyMl3rQF +2NbYDMzzzzVjZ0lOqMukDh+Asl5W46ayM9MDldn6rQZYizTjvY5Qpv9N5bWbJxI3 +dnr2YszCpeCvgNS7feCg9YIga5JSnMX4Knn3Mk6JritKKm9m252jKroJpwJFYTjx +6w8q126UaNr0iH+6/ZcVYq1eXP3CrDDphy7d19C4foWib0KnjQg9z9VMbVD3mb1r +v4Pq7tN8mFGgGt3MQIrmxigbCwgErniLOx8J7i/gozFyYhAOkM8zqBgIQCaWYei/ +SkYhr+eKMu75VWnJPrsHABEBAAGJAiUEGAEIAA8CGwwFAlfdk2IFCRNh4vgACgkQ +0V0xOIIAQXOcww/9Ee8qSiXONyHWROBw/rMG+hPuj/uhgMmE1Ekia8yI744iMQ63 +L/wIjOte6FZ+aLhQ4kohXqj4HkgX1PKVVQzF2oSEn2V8GgiTP+UJ/NN/BRKNn/U1 +aO2dtHnvYEWMSclKxSsd1z+dwS9EIFMkto/JVQyUOXZnd8vir7KMorjxYk1dAe0b +sL+DGPQV+6zKFtotrBaCBmrbj+r5iE9XsbnvFQN2o1NwQc3S9+OhO8Fwsm2yCSGC +EDOxnbGpnMv5GvWmEX1hp01UZRauTJawsNKjZXKAESIpJtvK9oRyfKWuwhJHnAv6 +F2Vag96sIsCrCr/kpEgR2m/csaHxaqmfPMr9IEd17IGE3Q9kJUbTnDbRWiNj7Vy5 +2T+T8e/ptY6LCdA6ypxOMH2i2+p6yc5jk1WI3x3UaxsiXw0g9wI3z9DKy4pplbLE +8LyvCJCWbmRMAb+pOodhJpVbep4qtWSxsYC7bCZShjXuIdjHDtGPChxfAn0XWeMC +NXnUVvBZheDBvwrQS/Ura0KuggeDNgF5keHXJ9CNdUYN2mYhVbpxL/2OeIopcfvW +ElLLQL5q6pMXZveqexu0xXsck3QeC3emRDhQt3afmHVJNcUi14tQ1PRl5y6G+yP8 +UhjApWTgXIznjWH1gIU9QczZYBLWyZP90YHwUaWYeL6zhEwufD3WzAlsuRO5AQ0E +TJP4JAEIAMAX+3WIpAzDwNrBrP4ZKvVnxWHznj4AdnDjnDBaOlovWUUQThWqgNdz +pngcM8almlJd/kp6gWNHQ/lI4Pro1Y+XwJQiNjt/IMAVc1zWf7/eUdztW3+4i7ZM +MEYDrgiXTPWvijKFOOzl2NmntBShaJPtQXItamem8h5KyCD4yt8w3khLGTpcVEUp +KGkHa/9uanCXiGWdXnCms37ejy5rk2l46g18pj7dAHbJfEMqSJkjS2uHvNPZdVRq +GuiAopdozf1FVMA0pkuiKRI/7je7z825Q1xRkE8jRUBdPjZ3/I6wdq2w/vB1LBr3 +wV6listhedbXhwmND98bCSs5juoS9q0AEQEAAYkDWwQYAQgAJgIbAhYhBOeENk6N +3nuzcPvZ6tFdMTiCAEFzBQJarZuVBQkP+tbxASnAXSAEGQEIAAYFAkyT+CQACgkQ +fYAxXFc23nUqAQgAv9KrkxT53DPqHklBDsiA355Z/xl789bd2oUEFFskAeyXGoIi +tds2S6iTbCTBizzTu8l1Vo41U9AIuHGNjvUHRwrFlAb8aaXiRAia/IJeBvI9kuWu +ArX5y63Qt/TN1dJVXVm72s2LqbYWSeAYSwD0lbJ+nfeH9ALT/celYk7ZCSiQB0g8 +dRFJBNsBVkRTnM7RScULr3Q9RXHrJK9dcPCbfQjCuAxhI9d93F1iSn3J/+V3rgZR +XZUdItUuWixwwi0FEz+gYj/POaZ4GtTbGpF9D1lR1OzWNbbDE0slsFPBdEL/qNV0 +LD/XfRdZh2cEWzfx5YoOzP+eD8SYC90hHkL2kwkQ0V0xOIIAQXNhzQ/9HklMn5DX +MJQUCBgFlc7sOwv3XHfMamUOA+cpCSO74HxnvXPDZLfdaYdJuWkm3vO3Z2BvkopI +pHZiaJSoIoBZdQNWSlsnqLAYDZVQYjjV3WvSOh3NcsPOaOo6bJkGUVn8KFsc16uN +xhptPEQ0fiOIciv0rbasVccVWUySML1gOPb5eeCwpl2pf1/mn5n9aU8bOu7tjkFG +9BVZqu0yDwwo+e/rF3/THp3Bqr6wx4bUbGPSqaUKeb5ZGz39hrdgrUQMHOeed/DJ +iPhNe2SI1KjJ+AK2UphzrasWbERveGGy7jojtf79QQ12RDWInk8HtQHpKUoGGa/N +kk3CZ+Bnn8QW1dlHFzI2T99ZOuxkPjZaBOgbDr+SgasWHl8Rv2fKjpSeR8FwNr4m +9T84jvG+U3RfMwNkrEU31rlPEPSl2R/6CC+YctqXFSmDSjrktQAeeiEPLWr8I3Q2 +Pjdr/GFLwwoFUbmdh80bdMogkrDA3Nt9xxIIjjqwXFMRmN+wZF2NrREyogP8Zqgf +bniMC3pS1nkj2XB3ljYbyClagLO3SGoY+n+U6QxVEkM9aYjfwYKssGgPtdVA1amM +DXxhVUL4QlndETnaLY9LEPf+SNWew1MJ6H35Oh2AKU9rlTP8NQ0iPkc2HH9nimkO +CcB+Qe3zuHD4+pGEhQ0WklUBPEJ1qTg6WFM= +=5bZl +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/wallet-client.docs b/debian/wallet-client.docs new file mode 100644 index 0000000..50f33da --- /dev/null +++ b/debian/wallet-client.docs @@ -0,0 +1,3 @@ +README +THANKS +TODO diff --git a/debian/wallet-client.install b/debian/wallet-client.install new file mode 100644 index 0000000..1807636 --- /dev/null +++ b/debian/wallet-client.install @@ -0,0 +1,4 @@ +debian/tmp/usr/bin/wallet +debian/tmp/usr/bin/wallet-rekey +debian/tmp/usr/share/man/man1/wallet-rekey.1 +debian/tmp/usr/share/man/man1/wallet.1 diff --git a/debian/wallet-server.dirs b/debian/wallet-server.dirs new file mode 100644 index 0000000..0e856f2 --- /dev/null +++ b/debian/wallet-server.dirs @@ -0,0 +1 @@ +/etc/wallet diff --git a/debian/wallet-server.docs b/debian/wallet-server.docs new file mode 100644 index 0000000..11a4e9c --- /dev/null +++ b/debian/wallet-server.docs @@ -0,0 +1,11 @@ +README +THANKS +TODO +docs/design +docs/design-acl +docs/design-api +docs/netdb-role-api +docs/notes +docs/objects-and-schemas +docs/setup +docs/stanford-naming diff --git a/debian/wallet-server.examples b/debian/wallet-server.examples new file mode 100644 index 0000000..bb13c59 --- /dev/null +++ b/debian/wallet-server.examples @@ -0,0 +1,4 @@ +contrib/used-principals +contrib/wallet-contacts +contrib/wallet-summary +contrib/wallet-unknown-hosts diff --git a/debian/wallet-server.install b/debian/wallet-server.install new file mode 100644 index 0000000..7343228 --- /dev/null +++ b/debian/wallet-server.install @@ -0,0 +1,12 @@ +config/wallet etc/remctl/conf.d +contrib/ad-keytab usr/bin +debian/tmp/etc/remctl/acl/wallet-report +debian/tmp/usr/sbin/wallet-admin +debian/tmp/usr/sbin/wallet-backend +debian/tmp/usr/sbin/wallet-report +debian/tmp/usr/share/man/man3/*.3pm +debian/tmp/usr/share/man/man8/wallet-admin.8 +debian/tmp/usr/share/man/man8/wallet-backend.8 +debian/tmp/usr/share/man/man8/wallet-report.8 +debian/tmp/usr/share/perl5 +debian/tmp/usr/share/wallet diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..517ad15 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=pgpsigurlmangle=s/$/.asc/ \ + https://archives.eyrie.org/software/kerberos/wallet-(.*)\.tar\.gz |