diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-07-30 10:38:27 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-07-30 10:38:27 +0200 |
| commit | 7e669bcf6b6336ec429da949bcb4aa456971dba2 (patch) | |
| tree | d19912f950d1cac1c38b857b7d5bdaba2289544e | |
| download | anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.tar.gz anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.tar.bz2 anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.zip | |
folding history in preparation of GNU Anastasis v0.0.0 release
486 files changed, 93322 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f10bbe4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,127 @@ +*~ +Makefile +Makefile.in +aclocal.m4 +anastasis_config.h +anastasis_config.h.in +anastasis_config.h.in~ +autom4te.cache/ +compile +config.guess +config.log +config.status +config.sub +configure +contrib/uncrustify.sh +depcomp +doc/Makefile +install-sh +libtool +ltmain.sh +missing +src/Makefile +src/Makefile.in +m4/*.m4 +po/POTFILES +po/Makevars.template +po/anastasis.pot +po/remove-potcdate.sed +po/stamp-po +**/.deps/ +**/.libs/ +src/stasis/Makefile +src/stasis/Makefile.in +src/stasis/libanastasis_plugin_db_postgres.la +src/stasis/plugin_anastasis_postgres.lo +src/stasis/plugin_anastasis_postgres.o +src/stasis/.deps/ +src/backend/Makefile +src/backend/Makefile.in +src/include/Makefile +src/include/Makefile.in +src/testing/test_anastasis_api_home/.local/share/taler/exchange/live-keys/ +src/testing/test_anastasis_api_home/.local/share/taler/exchange/revocations/ +src/testing/test_anastasis_api_home/.local/share/taler/exchange/wirefees/ +src/testing/test_anastasis_api_home/.local/share/taler/auditors/ +src/testing/test_anastasis_api_home/.local/share/taler/auditor/ +src/testing/test_anastasis_api_home/.local/share/taler/taler-exchange-secmod-*/ +src/testing/test_anastasis_api_home/.local/share/taler/exchange/offline-keys/*.pub +src/util/child_management_test.txt +**/*.log +src/lib/*.in +**/*.o +**/*.la +**/*.lo +**/*.trs +**/Makefile +**/Makefile.in +stamp-h1 +test-driver +uncrustify.cfg +doc/Makefile.in +m4/libtool.m4 +m4/ltoptions.m4 +m4/ltsugar.m4 +m4/ltversion.m4 +m4/lt~obsolete.m4 +*.swp +src/lib/.libs +*.lo +*.o +*.la +src/util/.deps/ +src/backend/.deps/ +src/backend/.idea/ +src/backend/.libs/ +src/stasis/.libs/ +src/backend/anastasis-httpd +doc/Makefile.in +src/include/Makefile.in + +A +A + +src/stasis/anastasis-dbinit +src/stasis/test_anastasis_db-postgres +src/stasis/test_anastasis_db-postgres.log +src/stasis/test_anastasis_db-postgres.trs +src/stasis/test-suite.log +src/util/test-suite.log +src/util/test_anastasis_crypto.log +src/util/test_anastasis_crypto +src/util/test_anastasis_crypto.trs +src/lib/test_anastasisrest_api +src/lib/vgcore.* +src/util/vgcore.* +src/statis/vgcore.* +src/lib/valgrind*.txt +src/stasis/valgrind*.txt +src/util/valgrind*.txt +src/lib/test_anastasis +src/cli/anastasis-splitter +src/cli/anastasis-assembler +src/cli/.deps/ +src/cli/.deps/anastasis-cli-splitter.Po +src/cli/.deps/anastasis-cli-assembler.Po +src/cli/.libs/ +src/cli/.libs/anastasis-assembler +src/cli/.libs/anastasis-splitter + +doc/thesis/*.aux +doc/thesis/*.bcf +doc/thesis/*.log +doc/thesis/*.xml +doc/thesis/*.toc +doc/thesis/*.pdf +doc/thesis/*.blg +doc/thesis/*.lot +doc/thesis/*.lof +doc/thesis/*.blg +doc/thesis/*.bbl +doc/thesis/*.gzsrc/cli/anastasis-reducer +contrib/anastasis.tag +src/util/anastasis-config +src/util/test_anastasis_child_management +src/include/anastasis_error_codes.h +src/lib/test_anastasis_api_home/ +doc/anastasis.info diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..16d1fe5 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "contrib/gana"] + path = contrib/gana + url = git://git.gnunet.org/gana diff --git a/ABOUT-NLS b/ABOUT-NLS new file mode 100644 index 0000000..3cc8286 --- /dev/null +++ b/ABOUT-NLS @@ -0,0 +1,1379 @@ +1 Notes on the Free Translation Project +*************************************** + +Free software is going international! The Free Translation Project is a +way to get maintainers of free software, translators, and users all +together, so that free software will gradually become able to speak many +languages. A few packages already provide translations for their +messages. + + If you found this 'ABOUT-NLS' file inside a distribution, you may +assume that the distributed package does use GNU 'gettext' internally, +itself available at your nearest GNU archive site. But you do _not_ +need to install GNU 'gettext' prior to configuring, installing or using +this package with messages translated. + + Installers will find here some useful hints. These notes also +explain how users should proceed for getting the programs to use the +available translations. They tell how people wanting to contribute and +work on translations can contact the appropriate team. + +1.1 INSTALL Matters +=================== + +Some packages are "localizable" when properly installed; the programs +they contain can be made to speak your own native language. Most such +packages use GNU 'gettext'. Other packages have their own ways to +internationalization, predating GNU 'gettext'. + + By default, this package will be installed to allow translation of +messages. It will automatically detect whether the system already +provides the GNU 'gettext' functions. Installers may use special +options at configuration time for changing the default behaviour. The +command: + + ./configure --disable-nls + +will _totally_ disable translation of messages. + + When you already have GNU 'gettext' installed on your system and run +configure without an option for your new package, 'configure' will +probably detect the previously built and installed 'libintl' library and +will decide to use it. If not, you may have to to use the +'--with-libintl-prefix' option to tell 'configure' where to look for it. + + Internationalized packages usually have many 'po/LL.po' files, where +LL gives an ISO 639 two-letter code identifying the language. Unless +translations have been forbidden at 'configure' time by using the +'--disable-nls' switch, all available translations are installed +together with the package. However, the environment variable 'LINGUAS' +may be set, prior to configuration, to limit the installed set. +'LINGUAS' should then contain a space separated list of two-letter +codes, stating which languages are allowed. + +1.2 Using This Package +====================== + +As a user, if your language has been installed for this package, you +only have to set the 'LANG' environment variable to the appropriate +'LL_CC' combination. If you happen to have the 'LC_ALL' or some other +'LC_xxx' environment variables set, you should unset them before setting +'LANG', otherwise the setting of 'LANG' will not have the desired +effect. Here 'LL' is an ISO 639 two-letter language code, and 'CC' is +an ISO 3166 two-letter country code. For example, let's suppose that +you speak German and live in Germany. At the shell prompt, merely +execute 'setenv LANG de_DE' (in 'csh'), 'export LANG; LANG=de_DE' (in +'sh') or 'export LANG=de_DE' (in 'bash'). This can be done from your +'.login' or '.profile' file, once and for all. + + You might think that the country code specification is redundant. +But in fact, some languages have dialects in different countries. For +example, 'de_AT' is used for Austria, and 'pt_BR' for Brazil. The +country code serves to distinguish the dialects. + + The locale naming convention of 'LL_CC', with 'LL' denoting the +language and 'CC' denoting the country, is the one use on systems based +on GNU libc. On other systems, some variations of this scheme are used, +such as 'LL' or 'LL_CC.ENCODING'. You can get the list of locales +supported by your system for your language by running the command +'locale -a | grep '^LL''. + + Not all programs have translations for all languages. By default, an +English message is shown in place of a nonexistent translation. If you +understand other languages, you can set up a priority list of languages. +This is done through a different environment variable, called +'LANGUAGE'. GNU 'gettext' gives preference to 'LANGUAGE' over 'LANG' +for the purpose of message handling, but you still need to have 'LANG' +set to the primary language; this is required by other parts of the +system libraries. For example, some Swedish users who would rather read +translations in German than English for when Swedish is not available, +set 'LANGUAGE' to 'sv:de' while leaving 'LANG' to 'sv_SE'. + + Special advice for Norwegian users: The language code for Norwegian +bokma*l changed from 'no' to 'nb' recently (in 2003). During the +transition period, while some message catalogs for this language are +installed under 'nb' and some older ones under 'no', it's recommended +for Norwegian users to set 'LANGUAGE' to 'nb:no' so that both newer and +older translations are used. + + In the 'LANGUAGE' environment variable, but not in the 'LANG' +environment variable, 'LL_CC' combinations can be abbreviated as 'LL' to +denote the language's main dialect. For example, 'de' is equivalent to +'de_DE' (German as spoken in Germany), and 'pt' to 'pt_PT' (Portuguese +as spoken in Portugal) in this context. + +1.3 Translating Teams +===================== + +For the Free Translation Project to be a success, we need interested +people who like their own language and write it well, and who are also +able to synergize with other translators speaking the same language. +Each translation team has its own mailing list. The up-to-date list of +teams can be found at the Free Translation Project's homepage, +'http://translationproject.org/', in the "Teams" area. + + If you'd like to volunteer to _work_ at translating messages, you +should become a member of the translating team for your own language. +The subscribing address is _not_ the same as the list itself, it has +'-request' appended. For example, speakers of Swedish can send a +message to 'sv-request@li.org', having this message body: + + subscribe + + Keep in mind that team members are expected to participate _actively_ +in translations, or at solving translational difficulties, rather than +merely lurking around. If your team does not exist yet and you want to +start one, or if you are unsure about what to do or how to get started, +please write to 'coordinator@translationproject.org' to reach the +coordinator for all translator teams. + + The English team is special. It works at improving and uniformizing +the terminology in use. Proven linguistic skills are praised more than +programming skills, here. + +1.4 Available Packages +====================== + +Languages are not equally supported in all packages. The following +matrix shows the current state of internationalization, as of Jun 2014. +The matrix shows, in regard of each package, for which languages PO +files have been submitted to translation coordination, with a +translation percentage of at least 50%. + + Ready PO files af am an ar as ast az be bg bn bn_IN bs ca crh cs + +---------------------------------------------------+ + a2ps | [] [] [] | + aegis | | + anubis | | + aspell | [] [] [] | + bash | [] [] [] | + bfd | | + binutils | [] | + bison | | + bison-runtime | [] | + buzztrax | [] | + ccd2cue | | + ccide | | + cflow | | + clisp | | + coreutils | [] [] | + cpio | | + cppi | | + cpplib | [] | + cryptsetup | [] | + datamash | | + denemo | [] [] | + dfarc | [] | + dialog | [] [] [] | + dico | | + diffutils | [] | + dink | [] | + direvent | | + doodle | [] | + dos2unix | | + dos2unix-man | | + e2fsprogs | [] [] | + enscript | [] | + exif | [] | + fetchmail | [] [] | + findutils | [] | + flex | [] | + freedink | [] [] | + fusionforge | | + gas | | + gawk | [] | + gcal | [] | + gcc | | + gdbm | | + gettext-examples | [] [] [] [] [] | + gettext-runtime | [] [] [] | + gettext-tools | [] [] | + gjay | | + glunarclock | [] [] [] | + gnubiff | [] | + gnubik | [] | + gnucash | () () [] | + gnuchess | | + gnulib | [] | + gnunet | | + gnunet-gtk | | + gold | | + gphoto2 | [] | + gprof | [] | + gramadoir | | + grep | [] [] [] | + grub | [] | + gsasl | | + gss | | + gst-plugins-bad | [] [] | + gst-plugins-base | [] [] [] | + gst-plugins-good | [] [] [] | + gst-plugins-ugly | [] [] [] | + gstreamer | [] [] [] [] | + gtick | [] | + gtkam | [] [] | + gtkspell | [] [] [] [] [] | + guix | | + guix-packages | | + gutenprint | [] | + hello | [] | + help2man | | + help2man-texi | | + hylafax | | + idutils | | + iso_15924 | [] | + iso_3166 | [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + iso_639_5 | | + jwhois | | + kbd | [] | + klavaro | [] [] [] [] [] | + ld | [] | + leafpad | [] [] [] [] | + libc | [] [] [] | + libexif | () | + libextractor | | + libgnutls | [] | + libgphoto2 | [] | + libgphoto2_port | [] | + libgsasl | | + libiconv | [] [] | + libidn | [] | + liferea | [] [] [] [] | + lilypond | [] [] | + lordsawar | [] | + lprng | | + lynx | [] [] | + m4 | [] | + mailfromd | | + mailutils | | + make | [] | + man-db | [] [] | + man-db-manpages | | + midi-instruments | [] [] [] | + minicom | [] | + mkisofs | [] | + myserver | [] | + nano | [] [] [] | + opcodes | | + parted | [] | + pies | | + pnmixer | | + popt | [] | + procps-ng | | + procps-ng-man | | + psmisc | [] | + pspp | [] | + pushover | [] | + pwdutils | | + pyspread | | + radius | [] | + recode | [] [] [] | + recutils | | + rpm | | + rush | | + sarg | | + sed | [] [] [] [] | + sharutils | [] | + shishi | | + skribilo | | + solfege | [] [] | + solfege-manual | | + spotmachine | | + sudo | [] [] | + sudoers | [] [] | + sysstat | [] | + tar | [] [] [] | + texinfo | [] [] | + texinfo_document | [] [] | + tigervnc | [] | + tin | | + tin-man | | + tracgoogleappsa... | | + trader | | + util-linux | [] | + ve | | + vice | | + vmm | | + vorbis-tools | [] | + wastesedge | | + wcd | | + wcd-man | | + wdiff | [] [] | + wget | [] | + wyslij-po | | + xboard | | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +---------------------------------------------------+ + af am an ar as ast az be bg bn bn_IN bs ca crh cs + 4 0 2 5 3 11 0 8 25 3 3 1 55 4 74 + + da de el en en_GB en_ZA eo es et eu fa fi fr + +--------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] [] [] | + aegis | [] [] [] [] | + anubis | [] [] [] [] [] | + aspell | [] [] [] [] [] [] [] | + bash | [] [] [] | + bfd | [] [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] [] [] [] [] | + bison-runtime | [] [] [] [] [] [] [] [] | + buzztrax | [] [] [] [] | + ccd2cue | [] [] [] [] | + ccide | [] [] [] [] [] [] | + cflow | [] [] [] [] [] | + clisp | [] [] [] [] [] | + coreutils | [] [] [] [] [] | + cpio | [] [] [] [] [] | + cppi | [] [] [] [] [] | + cpplib | [] [] [] [] [] [] | + cryptsetup | [] [] [] [] [] | + datamash | [] [] [] [] | + denemo | [] | + dfarc | [] [] [] [] [] [] | + dialog | [] [] [] [] [] [] [] [] [] | + dico | [] [] [] [] | + diffutils | [] [] [] [] [] [] | + dink | [] [] [] [] [] [] | + direvent | [] [] [] [] | + doodle | [] [] [] [] | + dos2unix | [] [] [] [] [] | + dos2unix-man | [] [] [] | + e2fsprogs | [] [] [] [] [] | + enscript | [] [] [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] () [] [] [] [] [] | + findutils | [] [] [] [] [] [] [] [] | + flex | [] [] [] [] [] [] | + freedink | [] [] [] [] [] [] [] [] | + fusionforge | [] [] [] | + gas | [] [] [] | + gawk | [] [] [] [] [] | + gcal | [] [] [] [] | + gcc | [] | + gdbm | [] [] [] [] [] | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] | + gjay | [] [] [] [] | + glunarclock | [] [] [] [] [] | + gnubiff | () [] [] () | + gnubik | [] [] [] [] [] | + gnucash | [] () () () () () () | + gnuchess | [] [] [] [] | + gnulib | [] [] [] [] [] [] [] | + gnunet | [] | + gnunet-gtk | [] | + gold | [] [] [] | + gphoto2 | [] () [] [] | + gprof | [] [] [] [] [] [] | + gramadoir | [] [] [] [] [] | + grep | [] [] [] [] [] [] [] | + grub | [] [] [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] [] [] | + gtick | [] () [] [] [] | + gtkam | [] () [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] | + guix | [] [] | + guix-packages | | + gutenprint | [] [] [] [] | + hello | [] [] [] [] [] [] [] [] | + help2man | [] [] [] [] [] [] [] | + help2man-texi | [] [] [] | + hylafax | [] [] | + idutils | [] [] [] [] [] | + iso_15924 | [] () [] [] () [] () | + iso_3166 | [] () [] [] [] [] () [] () | + iso_3166_2 | [] () () () | + iso_4217 | [] () [] [] [] () [] () | + iso_639 | [] () [] [] () [] () | + iso_639_3 | () () () | + iso_639_5 | () () () | + jwhois | [] [] [] [] [] | + kbd | [] [] [] [] [] [] | + klavaro | [] [] [] [] [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] [] | + libc | [] [] [] [] [] | + libexif | [] [] () [] [] | + libextractor | [] | + libgnutls | [] [] [] [] | + libgphoto2 | [] () [] | + libgphoto2_port | [] () [] [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] [] [] | + libidn | [] [] [] [] [] | + liferea | [] () [] [] [] [] [] | + lilypond | [] [] [] [] [] [] | + lordsawar | [] [] | + lprng | | + lynx | [] [] [] [] [] [] | + m4 | [] [] [] [] [] [] | + mailfromd | [] | + mailutils | [] [] [] [] | + make | [] [] [] [] [] | + man-db | [] [] [] [] | + man-db-manpages | [] [] | + midi-instruments | [] [] [] [] [] [] [] [] [] | + minicom | [] [] [] [] [] | + mkisofs | [] [] [] | + myserver | [] [] [] [] | + nano | [] [] [] [] [] [] [] | + opcodes | [] [] [] [] [] | + parted | [] [] [] | + pies | [] | + pnmixer | [] [] | + popt | [] [] [] [] [] [] | + procps-ng | [] [] | + procps-ng-man | [] [] | + psmisc | [] [] [] [] [] [] [] | + pspp | [] [] [] | + pushover | () [] [] [] | + pwdutils | [] [] [] | + pyspread | [] [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] | + recutils | [] [] [] [] | + rpm | [] [] [] [] [] | + rush | [] [] [] | + sarg | [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] [] [] | + skribilo | [] [] [] | + solfege | [] [] [] [] [] [] [] [] | + solfege-manual | [] [] [] [] [] | + spotmachine | [] [] [] [] [] | + sudo | [] [] [] [] [] [] | + sudoers | [] [] [] [] [] [] | + sysstat | [] [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] [] | + texinfo_document | [] [] [] [] | + tigervnc | [] [] [] [] [] [] | + tin | [] [] [] [] | + tin-man | [] | + tracgoogleappsa... | [] [] [] [] [] | + trader | [] [] [] [] [] [] | + util-linux | [] [] [] [] | + ve | [] [] [] [] [] | + vice | () () () | + vmm | [] [] | + vorbis-tools | [] [] [] [] | + wastesedge | [] | + wcd | [] [] [] [] | + wcd-man | [] | + wdiff | [] [] [] [] [] [] [] | + wget | [] [] [] [] [] [] | + wyslij-po | [] [] [] [] | + xboard | [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] [] | + +--------------------------------------------------+ + da de el en en_GB en_ZA eo es et eu fa fi fr + 119 131 32 1 6 0 94 95 22 13 4 102 139 + + ga gd gl gu he hi hr hu hy ia id is it ja ka kk + +-------------------------------------------------+ + a2ps | [] [] [] [] | + aegis | [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] | + binutils | [] [] [] | + bison | [] | + bison-runtime | [] [] [] [] [] [] [] [] | + buzztrax | | + ccd2cue | [] | + ccide | [] [] | + cflow | [] [] [] | + clisp | | + coreutils | [] [] | + cpio | [] [] [] [] [] [] | + cppi | [] [] [] [] [] | + cpplib | [] [] | + cryptsetup | [] | + datamash | | + denemo | [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] | + dink | [] | + direvent | [] | + doodle | [] [] | + dos2unix | [] [] | + dos2unix-man | | + e2fsprogs | [] [] | + enscript | [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] | + findutils | [] [] [] [] [] [] [] | + flex | [] | + freedink | [] [] [] [] | + fusionforge | | + gas | [] | + gawk | [] () [] | + gcal | | + gcc | | + gdbm | | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] | + gettext-tools | [] [] [] | + gjay | [] | + glunarclock | [] [] [] [] [] [] | + gnubiff | [] [] () | + gnubik | [] [] [] | + gnucash | () () () () () | + gnuchess | | + gnulib | [] [] [] [] [] | + gnunet | | + gnunet-gtk | | + gold | [] [] | + gphoto2 | [] [] [] [] | + gprof | [] [] [] [] | + gramadoir | [] [] [] | + grep | [] [] [] [] [] [] [] | + grub | [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] | + gst-plugins-base | [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] [] | + guix | | + guix-packages | | + gutenprint | [] [] [] | + hello | [] [] [] [] [] | + help2man | [] [] [] | + help2man-texi | | + hylafax | [] | + idutils | [] [] | + iso_15924 | [] [] [] [] [] [] | + iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | [] [] | + iso_4217 | [] [] [] [] [] [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + iso_639_5 | | + jwhois | [] [] [] [] | + kbd | [] [] [] | + klavaro | [] [] [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] () | + libc | [] [] [] [] [] | + libexif | [] | + libextractor | | + libgnutls | [] | + libgphoto2 | [] [] | + libgphoto2_port | [] [] | + libgsasl | [] [] [] [] | + libiconv | [] [] [] [] [] [] [] | + libidn | [] [] [] [] | + liferea | [] [] [] [] [] | + lilypond | [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] | + m4 | [] [] [] [] [] | + mailfromd | | + mailutils | | + make | [] [] [] [] | + man-db | [] [] | + man-db-manpages | [] [] | + midi-instruments | [] [] [] [] [] [] [] [] [] | + minicom | [] [] [] | + mkisofs | [] [] | + myserver | [] | + nano | [] [] [] [] [] [] | + opcodes | [] [] [] | + parted | [] [] [] [] [] | + pies | | + pnmixer | [] [] | + popt | [] [] [] [] [] [] [] [] [] [] | + procps-ng | | + procps-ng-man | | + psmisc | [] [] [] [] | + pspp | [] [] | + pushover | [] | + pwdutils | [] | + pyspread | | + radius | [] | + recode | [] [] [] [] [] [] [] | + recutils | | + rpm | [] | + rush | [] | + sarg | | + sed | [] [] [] [] [] [] [] | + sharutils | | + shishi | | + skribilo | [] | + solfege | [] [] | + solfege-manual | | + spotmachine | | + sudo | [] [] [] [] | + sudoers | [] [] [] | + sysstat | [] [] [] [] | + tar | [] [] [] [] [] [] | + texinfo | [] [] [] | + texinfo_document | [] [] [] | + tigervnc | | + tin | | + tin-man | | + tracgoogleappsa... | [] [] [] [] | + trader | [] [] | + util-linux | [] | + ve | [] | + vice | () () | + vmm | | + vorbis-tools | [] [] | + wastesedge | [] | + wcd | | + wcd-man | | + wdiff | [] [] [] | + wget | [] [] [] [] | + wyslij-po | [] [] [] | + xboard | | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] | + +-------------------------------------------------+ + ga gd gl gu he hi hr hu hy ia id is it ja ka kk + 35 2 47 4 8 2 60 71 2 6 81 11 87 57 0 3 + + kn ko ku ky lg lt lv mk ml mn mr ms mt nb ne nl + +--------------------------------------------------+ + a2ps | [] [] | + aegis | [] | + anubis | [] [] [] | + aspell | [] [] | + bash | [] [] | + bfd | | + binutils | | + bison | [] | + bison-runtime | [] [] [] [] [] [] | + buzztrax | | + ccd2cue | | + ccide | [] [] | + cflow | [] | + clisp | [] | + coreutils | [] [] | + cpio | [] | + cppi | | + cpplib | [] | + cryptsetup | [] | + datamash | [] [] | + denemo | | + dfarc | [] [] | + dialog | [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] | + dink | [] | + direvent | [] | + doodle | [] | + dos2unix | [] [] | + dos2unix-man | [] | + e2fsprogs | [] | + enscript | [] | + exif | [] [] [] | + fetchmail | [] | + findutils | [] [] | + flex | [] | + freedink | [] [] | + fusionforge | | + gas | | + gawk | [] | + gcal | | + gcc | | + gdbm | | + gettext-examples | [] [] [] [] [] [] | + gettext-runtime | [] [] [] | + gettext-tools | [] | + gjay | | + glunarclock | [] [] | + gnubiff | [] | + gnubik | [] [] | + gnucash | () () () () () () () [] | + gnuchess | [] [] | + gnulib | [] | + gnunet | | + gnunet-gtk | | + gold | | + gphoto2 | [] | + gprof | [] [] | + gramadoir | [] | + grep | [] [] | + grub | [] [] [] | + gsasl | [] | + gss | | + gst-plugins-bad | [] [] [] | + gst-plugins-base | [] [] [] | + gst-plugins-good | [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | [] [] [] | + gtick | [] | + gtkam | [] [] | + gtkspell | [] [] [] [] [] [] [] | + guix | | + guix-packages | | + gutenprint | [] | + hello | [] [] [] | + help2man | [] | + help2man-texi | | + hylafax | [] | + idutils | [] | + iso_15924 | () [] [] | + iso_3166 | [] [] [] () [] [] [] [] [] [] | + iso_3166_2 | () [] | + iso_4217 | () [] [] [] | + iso_639 | [] [] () [] [] [] [] | + iso_639_3 | [] () [] | + iso_639_5 | () | + jwhois | [] [] | + kbd | [] | + klavaro | [] [] | + ld | | + leafpad | [] [] [] [] [] | + libc | [] [] | + libexif | [] | + libextractor | [] | + libgnutls | [] [] | + libgphoto2 | [] | + libgphoto2_port | [] | + libgsasl | [] | + libiconv | [] [] | + libidn | [] | + liferea | [] [] [] | + lilypond | [] | + lordsawar | | + lprng | | + lynx | [] | + m4 | [] | + mailfromd | | + mailutils | | + make | [] [] | + man-db | [] | + man-db-manpages | [] | + midi-instruments | [] [] [] [] [] [] [] | + minicom | [] | + mkisofs | [] | + myserver | | + nano | [] [] [] | + opcodes | [] | + parted | [] [] | + pies | | + pnmixer | [] | + popt | [] [] [] [] [] | + procps-ng | | + procps-ng-man | | + psmisc | [] | + pspp | [] [] | + pushover | | + pwdutils | [] | + pyspread | | + radius | [] | + recode | [] [] | + recutils | [] | + rpm | [] | + rush | [] | + sarg | | + sed | [] [] | + sharutils | [] | + shishi | | + skribilo | | + solfege | [] [] | + solfege-manual | [] | + spotmachine | [] | + sudo | [] [] [] | + sudoers | [] [] [] | + sysstat | [] [] | + tar | [] [] [] | + texinfo | [] | + texinfo_document | [] | + tigervnc | [] | + tin | | + tin-man | | + tracgoogleappsa... | [] [] [] | + trader | [] | + util-linux | [] | + ve | [] | + vice | [] | + vmm | [] | + vorbis-tools | [] | + wastesedge | [] | + wcd | [] | + wcd-man | [] | + wdiff | [] | + wget | [] [] | + wyslij-po | [] | + xboard | [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +--------------------------------------------------+ + kn ko ku ky lg lt lv mk ml mn mr ms mt nb ne nl + 5 15 4 6 0 13 23 3 3 3 4 11 2 42 1 125 + + nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + +------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] | + aegis | [] [] | + anubis | [] [] [] | + aspell | [] [] [] [] [] [] [] | + bash | [] [] [] [] [] [] | + bfd | [] [] | + binutils | [] [] | + bison | [] [] [] | + bison-runtime | [] [] [] [] [] [] [] [] | + buzztrax | [] | + ccd2cue | [] [] | + ccide | [] [] [] | + cflow | [] [] [] | + clisp | [] | + coreutils | [] [] [] [] | + cpio | [] [] [] | + cppi | [] [] [] | + cpplib | [] [] [] | + cryptsetup | [] [] [] | + datamash | [] [] | + denemo | | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] | + dico | [] | + diffutils | [] [] [] | + dink | | + direvent | [] [] [] | + doodle | [] [] | + dos2unix | [] [] [] [] | + dos2unix-man | [] [] | + e2fsprogs | [] | + enscript | [] [] [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] [] [] [] | + freedink | [] [] [] [] [] | + fusionforge | | + gas | | + gawk | [] | + gcal | | + gcc | | + gdbm | [] [] [] | + gettext-examples | [] [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] [] [] | + gjay | [] | + glunarclock | [] [] [] [] [] [] | + gnubiff | [] | + gnubik | [] [] [] [] | + gnucash | () () () () () [] | + gnuchess | [] [] | + gnulib | [] [] [] [] [] | + gnunet | | + gnunet-gtk | | + gold | | + gphoto2 | [] [] [] [] [] | + gprof | [] [] [] [] | + gramadoir | [] [] | + grep | [] [] [] [] [] [] | + grub | [] [] [] [] [] | + gsasl | [] [] [] | + gss | [] [] [] [] | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] | + guix | | + guix-packages | | + gutenprint | [] [] | + hello | [] [] [] [] [] [] | + help2man | [] [] [] [] | + help2man-texi | [] | + hylafax | | + idutils | [] [] [] | + iso_15924 | [] () [] [] [] [] | + iso_3166 | [] [] [] [] () [] [] [] [] [] [] [] [] | + iso_3166_2 | [] () [] | + iso_4217 | [] [] () [] [] [] [] [] | + iso_639 | [] [] [] () [] [] [] [] [] [] | + iso_639_3 | [] () | + iso_639_5 | () [] | + jwhois | [] [] [] [] | + kbd | [] [] | + klavaro | [] [] [] [] [] | + ld | | + leafpad | [] [] [] [] [] [] [] [] | + libc | [] [] [] | + libexif | [] () [] | + libextractor | [] | + libgnutls | [] | + libgphoto2 | [] | + libgphoto2_port | [] [] [] [] [] | + libgsasl | [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | [] [] [] | + liferea | [] [] [] [] () [] [] | + lilypond | | + lordsawar | | + lprng | [] | + lynx | [] [] | + m4 | [] [] [] [] [] | + mailfromd | [] | + mailutils | [] | + make | [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] [] | + midi-instruments | [] [] [] [] [] [] [] [] | + minicom | [] [] [] [] | + mkisofs | [] [] [] | + myserver | [] [] | + nano | [] [] [] [] [] [] | + opcodes | | + parted | [] [] [] [] [] [] | + pies | [] | + pnmixer | [] | + popt | [] [] [] [] [] [] | + procps-ng | [] | + procps-ng-man | [] | + psmisc | [] [] [] [] | + pspp | [] [] | + pushover | | + pwdutils | [] | + pyspread | [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] [] | + recutils | [] [] | + rpm | [] | + rush | [] [] [] | + sarg | [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] | + shishi | [] [] | + skribilo | [] | + solfege | [] [] [] | + solfege-manual | [] [] | + spotmachine | [] [] | + sudo | [] [] [] [] [] [] | + sudoers | [] [] [] [] | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] | + texinfo | [] [] [] | + texinfo_document | [] [] | + tigervnc | [] [] [] | + tin | [] | + tin-man | | + tracgoogleappsa... | [] [] [] [] | + trader | [] [] | + util-linux | [] [] | + ve | [] [] [] | + vice | | + vmm | | + vorbis-tools | [] [] [] | + wastesedge | | + wcd | | + wcd-man | | + wdiff | [] [] [] [] [] | + wget | [] [] [] [] [] | + wyslij-po | [] [] [] [] | + xboard | [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] | + +------------------------------------------------+ + nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + 7 3 6 114 1 12 88 32 82 3 40 45 7 101 + + sv sw ta te tg th tr uk ur vi wa wo zh_CN + +----------------------------------------------+ + a2ps | [] [] [] [] [] | + aegis | [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] | + bison-runtime | [] [] [] [] [] [] | + buzztrax | [] [] [] | + ccd2cue | [] [] [] | + ccide | [] [] [] [] | + cflow | [] [] [] [] | + clisp | | + coreutils | [] [] [] | + cpio | [] [] [] [] [] | + cppi | [] [] [] [] | + cpplib | [] [] [] [] [] | + cryptsetup | [] [] [] | + datamash | [] [] [] | + denemo | [] | + dfarc | [] [] | + dialog | [] [] [] [] [] [] | + dico | [] | + diffutils | [] [] [] [] [] | + dink | [] | + direvent | [] [] | + doodle | [] [] | + dos2unix | [] [] [] [] | + dos2unix-man | [] [] [] | + e2fsprogs | [] [] [] [] | + enscript | [] [] [] [] | + exif | [] [] [] [] [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] | + flex | [] [] [] [] | + freedink | [] [] [] | + fusionforge | | + gas | [] | + gawk | [] [] [] | + gcal | [] [] [] | + gcc | [] | + gdbm | [] [] | + gettext-examples | [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] | + gettext-tools | [] [] [] [] [] | + gjay | [] [] [] | + glunarclock | [] [] [] [] | + gnubiff | [] [] | + gnubik | [] [] [] [] | + gnucash | () () () () [] | + gnuchess | [] [] [] | + gnulib | [] [] [] [] | + gnunet | | + gnunet-gtk | | + gold | [] [] | + gphoto2 | [] [] [] [] | + gprof | [] [] [] [] | + gramadoir | [] [] [] | + grep | [] [] [] [] [] | + grub | [] [] [] [] | + gsasl | [] [] [] [] | + gss | [] [] [] | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] | + gtkam | [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] | + guix | | + guix-packages | | + gutenprint | [] [] [] [] | + hello | [] [] [] [] [] [] | + help2man | [] [] [] | + help2man-texi | [] | + hylafax | [] | + idutils | [] [] [] | + iso_15924 | [] () [] [] () [] | + iso_3166 | [] [] () [] [] () [] [] | + iso_3166_2 | () [] [] () [] | + iso_4217 | [] () [] [] () [] | + iso_639 | [] [] [] () [] [] () [] [] | + iso_639_3 | [] () [] [] () | + iso_639_5 | () [] () | + jwhois | [] [] [] [] | + kbd | [] [] [] [] | + klavaro | [] [] [] [] [] [] | + ld | [] [] [] [] [] | + leafpad | [] [] [] [] [] [] | + libc | [] [] [] [] [] | + libexif | [] [] () | + libextractor | [] [] | + libgnutls | [] [] [] [] | + libgphoto2 | [] [] [] | + libgphoto2_port | [] [] [] [] | + libgsasl | [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | () [] [] [] | + liferea | [] [] [] [] [] | + lilypond | [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] | + m4 | [] [] [] | + mailfromd | [] [] | + mailutils | [] | + make | [] [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] | + midi-instruments | [] [] [] [] [] [] | + minicom | [] [] | + mkisofs | [] [] [] | + myserver | [] | + nano | [] [] [] [] | + opcodes | [] [] [] | + parted | [] [] [] [] [] | + pies | [] [] | + pnmixer | [] [] [] | + popt | [] [] [] [] [] [] [] | + procps-ng | [] [] | + procps-ng-man | [] | + psmisc | [] [] [] [] | + pspp | [] [] [] | + pushover | [] | + pwdutils | [] [] | + pyspread | [] | + radius | [] [] | + recode | [] [] [] [] | + recutils | [] [] [] | + rpm | [] [] [] [] | + rush | [] [] | + sarg | | + sed | [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] [] | + skribilo | [] [] | + solfege | [] [] [] [] | + solfege-manual | [] | + spotmachine | [] [] [] | + sudo | [] [] [] [] [] | + sudoers | [] [] [] [] | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] | + texinfo | [] [] [] | + texinfo_document | [] | + tigervnc | [] [] [] | + tin | [] | + tin-man | | + tracgoogleappsa... | [] [] [] [] [] | + trader | [] | + util-linux | [] [] [] [] | + ve | [] [] [] [] | + vice | () () | + vmm | | + vorbis-tools | [] [] | + wastesedge | | + wcd | [] [] [] | + wcd-man | [] | + wdiff | [] [] [] [] | + wget | [] [] [] | + wyslij-po | [] [] | + xboard | [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] | + +----------------------------------------------+ + sv sw ta te tg th tr uk ur vi wa wo zh_CN + 106 1 4 3 0 13 51 115 1 125 7 1 100 + + zh_HK zh_TW + +-------------+ + a2ps | | 30 + aegis | | 9 + anubis | | 19 + aspell | | 29 + bash | [] | 23 + bfd | | 11 + binutils | | 12 + bison | [] | 18 + bison-runtime | [] | 38 + buzztrax | | 9 + ccd2cue | | 10 + ccide | | 17 + cflow | | 16 + clisp | | 10 + coreutils | | 18 + cpio | | 20 + cppi | | 17 + cpplib | [] | 19 + cryptsetup | | 14 + datamash | | 11 + denemo | | 5 + dfarc | | 17 + dialog | [] | 42 + dico | | 6 + diffutils | | 22 + dink | | 10 + direvent | | 11 + doodle | | 12 + dos2unix | [] | 18 + dos2unix-man | | 9 + e2fsprogs | | 15 + enscript | | 21 + exif | | 27 + fetchmail | | 19 + findutils | | 29 + flex | [] | 19 + freedink | | 24 + fusionforge | | 3 + gas | | 5 + gawk | | 13 + gcal | | 8 + gcc | | 2 + gdbm | | 10 + gettext-examples | [] [] | 40 + gettext-runtime | [] [] | 35 + gettext-tools | [] | 24 + gjay | | 9 + glunarclock | [] | 27 + gnubiff | | 9 + gnubik | | 19 + gnucash | () | 6 + gnuchess | | 11 + gnulib | | 23 + gnunet | | 1 + gnunet-gtk | | 1 + gold | | 7 + gphoto2 | [] | 19 + gprof | | 21 + gramadoir | | 14 + grep | [] | 31 + grub | | 21 + gsasl | [] | 19 + gss | | 17 + gst-plugins-bad | | 21 + gst-plugins-base | | 27 + gst-plugins-good | | 32 + gst-plugins-ugly | | 34 + gstreamer | [] | 32 + gtick | | 19 + gtkam | | 24 + gtkspell | [] [] | 48 + guix | | 2 + guix-packages | | 0 + gutenprint | | 15 + hello | [] | 30 + help2man | | 18 + help2man-texi | | 5 + hylafax | | 5 + idutils | | 14 + iso_15924 | [] | 23 + iso_3166 | [] [] | 58 + iso_3166_2 | | 9 + iso_4217 | [] [] | 28 + iso_639 | [] [] | 46 + iso_639_3 | | 10 + iso_639_5 | | 2 + jwhois | [] | 20 + kbd | | 17 + klavaro | | 30 + ld | [] | 15 + leafpad | [] | 39 + libc | [] | 24 + libexif | | 10 + libextractor | | 5 + libgnutls | | 13 + libgphoto2 | | 10 + libgphoto2_port | [] | 19 + libgsasl | | 18 + libiconv | [] | 29 + libidn | | 17 + liferea | | 29 + lilypond | | 11 + lordsawar | | 3 + lprng | | 3 + lynx | | 19 + m4 | [] | 22 + mailfromd | | 4 + mailutils | | 6 + make | | 19 + man-db | | 15 + man-db-manpages | | 10 + midi-instruments | [] | 43 + minicom | [] | 17 + mkisofs | | 13 + myserver | | 9 + nano | [] | 30 + opcodes | | 12 + parted | [] | 23 + pies | | 4 + pnmixer | | 9 + popt | [] | 36 + procps-ng | | 5 + procps-ng-man | | 4 + psmisc | [] | 22 + pspp | | 13 + pushover | | 6 + pwdutils | | 8 + pyspread | | 6 + radius | | 9 + recode | | 31 + recutils | | 10 + rpm | [] | 13 + rush | | 10 + sarg | | 4 + sed | [] | 35 + sharutils | | 13 + shishi | | 7 + skribilo | | 7 + solfege | | 21 + solfege-manual | | 9 + spotmachine | | 11 + sudo | | 26 + sudoers | | 22 + sysstat | | 23 + tar | [] | 30 + texinfo | | 17 + texinfo_document | | 13 + tigervnc | | 14 + tin | [] | 7 + tin-man | | 1 + tracgoogleappsa... | [] | 22 + trader | | 12 + util-linux | | 13 + ve | | 14 + vice | | 1 + vmm | | 3 + vorbis-tools | | 13 + wastesedge | | 3 + wcd | | 8 + wcd-man | | 3 + wdiff | [] | 23 + wget | | 21 + wyslij-po | | 14 + xboard | | 10 + xdg-user-dirs | [] [] | 68 + xkeyboard-config | [] | 28 + +-------------+ + 89 teams zh_HK zh_TW + 166 domains 7 42 2809 + + Some counters in the preceding matrix are higher than the number of +visible blocks let us expect. This is because a few extra PO files are +used for implementing regional variants of languages, or language +dialects. + + For a PO file in the matrix above to be effective, the package to +which it applies should also have been internationalized and distributed +as such by its maintainer. There might be an observable lag between the +mere existence a PO file and its wide availability in a distribution. + + If Jun 2014 seems to be old, you may fetch a more recent copy of this +'ABOUT-NLS' file on most GNU archive sites. The most up-to-date matrix +with full percentage details can be found at +'http://translationproject.org/extra/matrix.html'. + +1.5 Using 'gettext' in new packages +=================================== + +If you are writing a freely available program and want to +internationalize it you are welcome to use GNU 'gettext' in your +package. Of course you have to respect the GNU Lesser General Public +License which covers the use of the GNU 'gettext' library. This means +in particular that even non-free programs can use 'libintl' as a shared +library, whereas only free software can use 'libintl' as a static +library or use modified versions of 'libintl'. + + Once the sources are changed appropriately and the setup can handle +the use of 'gettext' the only thing missing are the translations. The +Free Translation Project is also available for packages which are not +developed inside the GNU project. Therefore the information given above +applies also for every other Free Software Project. Contact +'coordinator@translationproject.org' to make the '.pot' files available +to the translation teams. @@ -0,0 +1,3 @@ +Christian Grothoff +Dennis Neufeld +Dominik Meister @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +<http://www.gnu.org/licenses/>. diff --git a/COPYING.AGPL b/COPYING.AGPL new file mode 100644 index 0000000..dba13ed --- /dev/null +++ b/COPYING.AGPL @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +<http://www.gnu.org/licenses/>. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..1c4cf10 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,8 @@ +Fri 30 Jul 2021 09:56:51 AM CEST + Preparing for first release. -CG + +Mon 05 Apr 2021 08:09:30 PM CEST + Add gettext support to build system. -CG + +Tue 18 Jun 2019 04:19:29 PM CEST + Initial project setup. -CG @@ -0,0 +1,368 @@ +Installation Instructions +************************* + + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell command './configure && make && make install' +should configure, build, and install this package. The following +more-detailed instructions are generic; see the 'README' file for +instructions specific to this package. Some packages provide this +'INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The 'configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that +you can run in the future to recreate the current configuration, and a +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). + + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. + + If you need to do unusual things to compile the package, please try +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can +be considered for the next release. If you are using the cache, and at +some point 'config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. + + The simplest way to compile this package is: + + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. + + Running 'configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type 'make' to compile the package. + + 3. Optionally, type 'make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type 'make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the 'make install' phase executed with root + privileges. + + 5. Optionally, type 'make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior 'make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type 'make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide 'make + distcheck', which can by used by developers to test that all other + targets like 'make install' and 'make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the 'configure' script does not know about. Run './configure --help' +for details on some of the pertinent environment variables. + + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU 'make'. 'cd' to the +directory where you want the object files and executables to go and run +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. + + With a non-GNU 'make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use 'make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the 'lipo' tool if you have problems. + +Installation Names +================== + + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to 'configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +'make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, 'make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. + + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. + + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the +package recognizes. + + For packages that use the X Window System, 'configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of 'make' will be. For these packages, running './configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with 'make V=1'; while running './configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with 'make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its '<wchar.h>' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. + + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features 'configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, 'configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option '--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with '--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to 'configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the 'configure' command line, using 'VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified 'gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: + + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash + +'configure' Invocation +====================== + + 'configure' recognizes the following options to control how it +operates. + +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. + +'--help=short' +'--help=recursive' + Print a summary of the options unique to this package's + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. + +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' + script, and exit. + +'--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally 'config.cache'. FILE defaults to '/dev/null' to + disable caching. + +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. + +'--quiet' +'--silent' +'-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to '/dev/null' (any error + messages will still be shown). + +'--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + 'configure' can determine that directory automatically. + +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. + +'--no-create' +'-n' + Run the configure checks, but stop before creating any output + files. + +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..9d2a8f8 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,25 @@ +# This Makefile is in the public domain + +if DOC_ONLY +if ENABLE_DOC + SUBDIRS = . doc po +else + SUBDIRS = . po +endif +else +if ENABLE_DOC + SUBDIRS = . contrib src doc po +else + SUBDIRS = . contrib src doc po +endif +endif + +@DX_RULES@ + +ACLOCAL_AMFLAGS = -I m4 +EXTRA_DIST = config.rpath \ + AUTHORS \ + COPYING.AGPL \ + contrib/gnunet.tag \ + contrib/uncrustify.cfg \ + contrib/uncrustify_precommit @@ -0,0 +1,42 @@ +============= +GNU ANASTASIS +============= + +This package includes the Anastasis core logic. The code is released +under the GNU Affero General Public License (v3 or later). See +COPYING for details. + +Description +=========== + +GNU Anastasis is a key backup and recovery tool from the GNU project. +This package includes the backend run by the Anastasis providers as +well as libraries for clients and a command-line interface. + +Dependencies +============ + +libjansson : MIT License +libgcrypt : LGPL +postgresql : PostgreSQL License +libgnunet* : GPLv3+, +libtaler* : GPLv3+ +GNU recutils: GPLv3+ (when building from Git) + + +Directory structure +=================== + +src/include/ includes installed (public) headers +src/util/ implements helper and crypto routines +src/backend/ contains the REST service +src/stasis/ implements the database logic for the backend +src/authorization/ contains various authorization plugins +src/restclient/ implements a REST client for the backend +src/lib/ implements the main client-side backup and recovery logic +src/testing/ contains test cases for 'src/restclient/' and 'src/lib/' +src/reducer/ implements a reducer API on top of 'src/lib/' +src/cli/ includes a reducer-based command-line interface +contrib/ contains resource files, like what identity attributes to ask for +doc/ contains documentation files, like TeXinfo +po/ internationalization via GNU gettext diff --git a/bootstrap b/bootstrap new file mode 100755 index 0000000..a7414cd --- /dev/null +++ b/bootstrap @@ -0,0 +1,35 @@ +#!/bin/sh + +if ! git --version >/dev/null; then + echo "git not installed" + exit 1 +fi + +echo "$0: Updating submodules" +echo | git submodule update --init + +git submodule update --init + +./contrib/gana-update.sh + +# This is more portable than `which' but comes with +# the caveat of not(?) properly working on busybox's ash: +existence() +{ + command -v "$1" >/dev/null 2>&1 +} + + +if existence uncrustify; then + echo "Installing uncrustify hook and configuration" + # Install uncrustify format symlink (if possible) + ln -s contrib/uncrustify.cfg uncrustify.cfg 2> /dev/null + # Install pre-commit hook (if possible) + ln -s ../../contrib/uncrustify_precommit .git/hooks/pre-commit 2> /dev/null +else + echo "Uncrustify not detected, hook not installed. Please install uncrustify if you plan on doing development" +fi + + +echo "$0: Running autoreconf" +autoreconf -if diff --git a/config.rpath b/config.rpath new file mode 100755 index 0000000..98183ff --- /dev/null +++ b/config.rpath @@ -0,0 +1,684 @@ +#! /bin/sh +# Output a system dependent set of variables, describing how to set the +# run time search path of shared libraries in an executable. +# +# Copyright 1996-2016 Free Software Foundation, Inc. +# Taken from GNU libtool, 2001 +# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# The first argument passed to this file is the canonical host specification, +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld +# should be set by the caller. +# +# The set of defined variables is at the end of this script. + +# Known limitations: +# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer +# than 256 bytes, otherwise the compiler driver will dump core. The only +# known workaround is to choose shorter directory names for the build +# directory and/or the installation directory. + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a +shrext=.so + +host="$1" +host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + +# Code taken from libtool.m4's _LT_CC_BASENAME. + +for cc_temp in $CC""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` + +# Code taken from libtool.m4's _LT_COMPILER_PIC. + +wl= +if test "$GCC" = yes; then + wl='-Wl,' +else + case "$host_os" in + aix*) + wl='-Wl,' + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) + ;; + hpux9* | hpux10* | hpux11*) + wl='-Wl,' + ;; + irix5* | irix6* | nonstopux*) + wl='-Wl,' + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + ecc*) + wl='-Wl,' + ;; + icc* | ifort*) + wl='-Wl,' + ;; + lf95*) + wl='-Wl,' + ;; + nagfor*) + wl='-Wl,-Wl,,' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + wl='-Wl,' + ;; + ccc*) + wl='-Wl,' + ;; + xl* | bgxl* | bgf* | mpixl*) + wl='-Wl,' + ;; + como) + wl='-lopt=' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + wl= + ;; + *Sun\ C*) + wl='-Wl,' + ;; + esac + ;; + esac + ;; + newsos6) + ;; + *nto* | *qnx*) + ;; + osf3* | osf4* | osf5*) + wl='-Wl,' + ;; + rdos*) + ;; + solaris*) + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + wl='-Qoption ld ' + ;; + *) + wl='-Wl,' + ;; + esac + ;; + sunos4*) + wl='-Qoption ld ' + ;; + sysv4 | sysv4.2uw2* | sysv4.3*) + wl='-Wl,' + ;; + sysv4*MP*) + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + wl='-Wl,' + ;; + unicos*) + wl='-Wl,' + ;; + uts4*) + ;; + esac +fi + +# Code taken from libtool.m4's _LT_LINKER_SHLIBS. + +hardcode_libdir_flag_spec= +hardcode_libdir_separator= +hardcode_direct=no +hardcode_minus_L=no + +case "$host_os" in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; +esac + +ld_shlibs=yes +if test "$with_gnu_ld" = yes; then + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + # Unlike libtool, we use -rpath here, not --rpath, since the documented + # option of GNU ld is called -rpath, not --rpath. + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + case "$host_os" in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + cygwin* | mingw* | pw32* | cegcc*) + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + haiku*) + ;; + interix[3-9]*) + hardcode_direct=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + netbsd*) + ;; + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + else + ld_shlibs=no + fi + ;; + esac + ;; + sunos4*) + hardcode_direct=yes + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + esac + if test "$ld_shlibs" = no; then + hardcode_libdir_flag_spec= + fi +else + case "$host_os" in + aix3*) + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + else + aix_use_runtimelinking=no + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + fi + hardcode_direct=yes + hardcode_libdir_separator=':' + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + fi + # Begin _LT_AC_SYS_LIBPATH_AIX. + echo 'int main () { return 0; }' > conftest.c + ${CC} ${LDFLAGS} conftest.c -o conftest + aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + fi + if test -z "$aix_libpath"; then + aix_libpath="/usr/lib:/lib" + fi + rm -f conftest.c conftest + # End _LT_AC_SYS_LIBPATH_AIX. + if test "$aix_use_runtimelinking" = yes; then + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + else + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + fi + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + bsdi[45]*) + ;; + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec=' ' + libext=lib + ;; + darwin* | rhapsody*) + hardcode_direct=no + if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then + : + else + ld_shlibs=no + fi + ;; + dgux*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + freebsd2.[01]*) + hardcode_direct=yes + hardcode_minus_L=yes + ;; + freebsd* | dragonfly*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + hpux9*) + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + hpux10*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + hpux11*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + ;; + *) + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + irix5* | irix6* | nonstopux*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + netbsd*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + newsos6) + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + *nto* | *qnx*) + ;; + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + else + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + osf3*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + osf4* | osf5*) + if test "$GCC" = yes; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + # Both cc and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + hardcode_libdir_separator=: + ;; + solaris*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + sunos4*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + ;; + sysv4) + case $host_vendor in + sni) + hardcode_direct=yes # is this really true??? + ;; + siemens) + hardcode_direct=no + ;; + motorola) + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + ;; + sysv4.3*) + ;; + sysv4*MP*) + if test -d /usr/nec; then + ld_shlibs=yes + fi + ;; + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + ;; + sysv5* | sco3.2v5* | sco5v6*) + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator=':' + ;; + uts4*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + *) + ld_shlibs=no + ;; + esac +fi + +# Check dynamic linker characteristics +# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. +# Unlike libtool.m4, here we don't care about _all_ names of the library, but +# only about the one the linker finds when passed -lNAME. This is the last +# element of library_names_spec in libtool.m4, or possibly two of them if the +# linker has special search rules. +library_names_spec= # the last element of library_names_spec in libtool.m4 +libname_spec='lib$name' +case "$host_os" in + aix3*) + library_names_spec='$libname.a' + ;; + aix[4-9]*) + library_names_spec='$libname$shrext' + ;; + amigaos*) + case "$host_cpu" in + powerpc*) + library_names_spec='$libname$shrext' ;; + m68k) + library_names_spec='$libname.a' ;; + esac + ;; + beos*) + library_names_spec='$libname$shrext' + ;; + bsdi[45]*) + library_names_spec='$libname$shrext' + ;; + cygwin* | mingw* | pw32* | cegcc*) + shrext=.dll + library_names_spec='$libname.dll.a $libname.lib' + ;; + darwin* | rhapsody*) + shrext=.dylib + library_names_spec='$libname$shrext' + ;; + dgux*) + library_names_spec='$libname$shrext' + ;; + freebsd[23].*) + library_names_spec='$libname$shrext$versuffix' + ;; + freebsd* | dragonfly*) + library_names_spec='$libname$shrext' + ;; + gnu*) + library_names_spec='$libname$shrext' + ;; + haiku*) + library_names_spec='$libname$shrext' + ;; + hpux9* | hpux10* | hpux11*) + case $host_cpu in + ia64*) + shrext=.so + ;; + hppa*64*) + shrext=.sl + ;; + *) + shrext=.sl + ;; + esac + library_names_spec='$libname$shrext' + ;; + interix[3-9]*) + library_names_spec='$libname$shrext' + ;; + irix5* | irix6* | nonstopux*) + library_names_spec='$libname$shrext' + case "$host_os" in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; + *) libsuff= shlibsuff= ;; + esac + ;; + esac + ;; + linux*oldld* | linux*aout* | linux*coff*) + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + library_names_spec='$libname$shrext' + ;; + knetbsd*-gnu) + library_names_spec='$libname$shrext' + ;; + netbsd*) + library_names_spec='$libname$shrext' + ;; + newsos6) + library_names_spec='$libname$shrext' + ;; + *nto* | *qnx*) + library_names_spec='$libname$shrext' + ;; + openbsd*) + library_names_spec='$libname$shrext$versuffix' + ;; + os2*) + libname_spec='$name' + shrext=.dll + library_names_spec='$libname.a' + ;; + osf3* | osf4* | osf5*) + library_names_spec='$libname$shrext' + ;; + rdos*) + ;; + solaris*) + library_names_spec='$libname$shrext' + ;; + sunos4*) + library_names_spec='$libname$shrext$versuffix' + ;; + sysv4 | sysv4.3*) + library_names_spec='$libname$shrext' + ;; + sysv4*MP*) + library_names_spec='$libname$shrext' + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + library_names_spec='$libname$shrext' + ;; + tpf*) + library_names_spec='$libname$shrext' + ;; + uts4*) + library_names_spec='$libname$shrext' + ;; +esac + +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' +escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` +shlibext=`echo "$shrext" | sed -e 's,^\.,,'` +escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` + +LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF + +# How to pass a linker flag through the compiler. +wl="$escaped_wl" + +# Static library suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally "so"). +shlibext="$shlibext" + +# Format of library name prefix. +libname_spec="$escaped_libname_spec" + +# Library names that the linker finds when passed -lNAME. +library_names_spec="$escaped_library_names_spec" + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec" + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator="$hardcode_libdir_separator" + +# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the +# resulting binary. +hardcode_direct="$hardcode_direct" + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L="$hardcode_minus_L" + +EOF diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..65ae2c8 --- /dev/null +++ b/configure.ac @@ -0,0 +1,349 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. +# +# This configure file is in the public domain + +AC_PREREQ([2.69]) +AC_INIT([anastasis], [0.0.0], [taler-bug@gnu.org]) +AC_CONFIG_SRCDIR([src/backend/anastasis-httpd.c]) +AC_CONFIG_HEADERS([anastasis_config.h]) +# support for non-recursive builds +AM_INIT_AUTOMAKE([subdir-objects 1.9 tar-pax]) + +# pretty build rules +AM_SILENT_RULES([yes]) + +AC_CONFIG_MACRO_DIR([m4]) + +AC_PROG_AWK +AC_PROG_CC_C99 +AC_PROG_OBJC +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_MAKE_SET +AM_PROG_CC_C_O + +LT_INIT([disable-static dlopen]) + +DX_INIT_DOXYGEN([anastasis],,, +DX_PS_FEATURE(OFF), +DX_PDF_FEATURE(OFF), +DX_RTF_FEATURE(OFF), +DX_CHI_FEATURE(OFF), +DX_XML_FEATURE(OFF)) + +AC_MSG_CHECKING([whether to compile documentation ONLY]) +AC_ARG_ENABLE([only-doc], + [AS_HELP_STRING([--enable-only-doc], [only compile Taler documentation])], + [doc_only=${enableval}], + [doc_only=no]) +AC_MSG_RESULT($doc_only) +AM_CONDITIONAL([DOC_ONLY], [test "$doc_only" = "yes"]) + + +# Not indented as it covers most of the file... +AS_IF([test "x$doc_only" != xyes],[ + + +# Checks for programs. +AC_PROG_CC +AC_PROG_CC_C99 + +# check for gettext +AM_GNU_GETTEXT([external]) +AM_GNU_GETTEXT_VERSION([0.19.8]) + + +CFLAGS="-Wall $CFLAGS" + +# Checks for header files. +AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h]) + +ANASTASIS_LIB_LDFLAGS="-export-dynamic -no-undefined" +ANASTASIS_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined" + +AC_SUBST(TALER_LIB_LDFLAGS) +AC_SUBST(TALER_PLUGIN_LDFLAGS) + + +# check for libgnurl +# libgnurl +LIBGNURL_CHECK_CONFIG(,7.34.0,gnurl=1,gnurl=0) +AS_IF([test "x$gnurl" = x1],[ + AM_CONDITIONAL(HAVE_LIBGNURL, true) + AC_DEFINE([HAVE_LIBGNURL],[1],[Have libgnurl]) +],[ + AM_CONDITIONAL(HAVE_LIBGNURL, false) +]) + +# libcurl-gnutls +LIBCURL_CHECK_CONFIG(,7.34.0,[curl=true],[curl=false]) +AS_IF([test "x$curl" = xtrue], + [LDFLAGS="-L$with_libcurl/lib $LDFLAGS" + CPPFLAGS="-I$with_libcurl/include $CPPFLAGS" + AC_CHECK_HEADERS([curl/curl.h], + [AC_CHECK_DECLS(CURLINFO_TLS_SESSION, + [curl=true], + [curl=false], + [[#include <curl/curl.h>]])], + [curl=false]) + # need libcurl-gnutls.so, everything else is not acceptable + AC_CHECK_LIB([curl-gnutls], + [curl_easy_getinfo],, + [curl=false])]) + # cURL must support CURLINFO_TLS_SESSION, version >= 7.34 + +# Check for curl/curl.h and gnurl/curl.h so we can use #ifdef +# HAVE_CURL_CURL_H later (the above LIBCURL_CHECK_CONFIG accepted +# *either* header set). +AC_CHECK_HEADERS([curl/curl.h],, + curl=false + AC_CHECK_HEADERS([gnurl/curl.h],, + gnurl=false)) + +# libgnurl +AS_IF([test "x$gnurl" = "x0"], + [AS_IF([test "x$curl" = "x0"], + [AC_MSG_NOTICE([NOTICE: libgnurl not found. taler-bank support will not be compiled.])], + [AC_MSG_NOTICE([WARNING: libgnurl not found, trying to use libcurl-gnutls instead.])])]) + +AS_IF([test x$curl = xfalse], + [AM_CONDITIONAL(HAVE_LIBCURL, false) + AS_IF([test "x$gnurl" = "x0"], + [AC_MSG_WARN([GNU Taler requires libcurl-gnutls >= 7.34])])], + [AM_CONDITIONAL(HAVE_LIBCURL, true) + AC_DEFINE([HAVE_LIBCURL],[1],[Have CURL])]) + +# gcov compilation +AC_MSG_CHECKING(whether to compile with support for code coverage analysis) +AC_ARG_ENABLE([coverage], + AS_HELP_STRING([--enable-coverage], + [compile the library with code coverage support]), + [use_gcov=${enableval}], + [use_gcov=no]) +AC_MSG_RESULT($use_gcov) +AM_CONDITIONAL([USE_COVERAGE], [test "x$use_gcov" = "xyes"]) + + +# Check for GNUnet's libgnunetutil. +libgnunetutil=0 +AC_MSG_CHECKING([for libgnunetutil]) +AC_ARG_WITH(gnunet, + [AS_HELP_STRING([--with-gnunet=PFX], [base of GNUnet installation])], + [AC_MSG_RESULT([given as $with_gnunet])], + [AC_MSG_RESULT(not given) + with_gnunet=yes]) +AS_CASE([$with_gnunet], + [yes], [], + [no], [AC_MSG_ERROR([--with-gnunet is required])], + [LDFLAGS="-L$with_gnunet/lib $LDFLAGS" + CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"]) +AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_util_lib.h], + [AC_CHECK_LIB([gnunetutil], + [GNUNET_SCHEDULER_run], + [libgnunetutil=1])], + [], + [#ifdef HAVE_GNUNET_PLATFORM_H + #include <gnunet/platform.h> + #endif]) +AS_IF([test $libgnunetutil != 1], + [AC_MSG_ERROR([[ +*** +*** You need libgnunetutil to build this program. +*** This library is part of GNUnet, available at +*** https://gnunet.org +*** ]])]) + + +# test for postgres +AX_LIB_POSTGRESQL([9.3]) +AS_IF([test "x$found_postgresql" = "xyes"],[postgres=true]) +AM_CONDITIONAL(HAVE_POSTGRESQL, test x$postgres = xtrue) + + + + +# Check for Taler's libtalerutil +libtalerutil=0 +AC_MSG_CHECKING([for libtalerutil]) +AC_ARG_WITH(exchange, + [AS_HELP_STRING([--with-exchange=PFX], [base of Taler EXCHANGE installation])], + [AC_MSG_RESULT([given as $with_exchange])], + [AC_MSG_RESULT(not given) + with_exchange=yes]) +AS_CASE([$with_exchange], + [yes], [], + [no], [AC_MSG_ERROR([--with-exchange is required])], + [LDFLAGS="-L$with_exchange/lib $LDFLAGS" + CPPFLAGS="-I$with_exchange/include $CPPFLAGS $POSTGRESQL_CPPFLAGS"]) + +CPPFLAGS="$CPPFLAGS $POSTGRESQL_CPPFLAGS" +LDFLAGS="$LDFLAGS -L/usr/local/lib" + +AC_CHECK_HEADERS([taler/taler_util.h], + [AC_CHECK_LIB([talerutil], + [TALER_b2s], + [libtalerutil=1], + [AC_MSG_ERROR([libtalerutil not found])])], + [AC_MSG_ERROR([taler/taler_util.h not found])], + [#include <taler/platform.h>]) + +# Check for Taler's libtalermerchant +libtalermerchant=0 +AC_MSG_CHECKING([for libtalermerchant]) +AC_ARG_WITH(merchant, + [AS_HELP_STRING([--with-merchant=PFX], [base of Taler MERCHANT installation])], + [AC_MSG_RESULT([given as $with_merchant])], + [AC_MSG_RESULT(not given) + with_merchant=yes]) +AS_CASE([$with_merchant], + [yes], [], + [no], [AC_MSG_ERROR([--with-merchant is required])], + [LDFLAGS="-L$with_merchant/lib $LDFLAGS" + CPPFLAGS="-I$with_merchant/include $CPPFLAGS $POSTGRESQL_CPPFLAGS"]) + +AC_CHECK_HEADERS([taler/taler_merchant_service.h], + [AC_CHECK_LIB([talermerchant], + [TALER_MERCHANT_parse_pay_uri], + [libtalermerchant=1], + [AC_MSG_ERROR([libtalermerchant not found])])], + [AC_MSG_ERROR([taler/taler_merchant_service.h found])], + [#include <taler/platform.h>]) + + + + +# check for libmicrohttpd +microhttpd=0 +AC_MSG_CHECKING([for microhttpd]) +AC_ARG_WITH([microhttpd], + [AS_HELP_STRING([--with-microhttpd=PFX], [base of microhttpd installation])], + [AC_MSG_RESULT([given as $with_microhttpd])], + [AC_MSG_RESULT([not given]) + with_microhttpd=yes]) +AS_CASE([$with_microhttpd], + [yes], [], + [no], [AC_MSG_ERROR([--with-microhttpd is required])], + [LDFLAGS="-L$with_microhttpd/lib $LDFLAGS" + CPPFLAGS="-I$with_microhttpd/include $CPPFLAGS"]) +AC_CHECK_LIB(microhttpd,MHD_start_daemon, + [AC_CHECK_HEADER([microhttpd.h],[microhttpd=1])]) +AS_IF([test $microhttpd = 0], + [AC_MSG_ERROR([[ +*** +*** You need libmicrohttpd to build this program. +*** ]])]) + +jansson=0 +PKG_CHECK_MODULES([JANSSON], [jansson >= 2.3], + [LDFLAGS="$JANSSON_LIBS $LDFLAGS" + CPPFLAGS="$JANSSON_CFLAGS $CPPFLAGS"], + [AC_MSG_ERROR([[ +*** +*** You need libjansson to build this program. +***]])]) + + +# Require minimum libgcrypt version +need_libgcrypt_version=1.6.1 +AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"], + [minimum version of libgcrypt required]) +AM_PATH_LIBGCRYPT([$need_libgcrypt_version]) + +# logging +extra_logging=0 +AC_ARG_ENABLE([logging], + AS_HELP_STRING([--enable-logging@<:@=value@:>@],[Enable logging calls. Possible values: yes,no,verbose ('yes' is the default)]), + [AS_IF([test "x$enableval" = "xyes"], [], + [test "x$enableval" = "xno"], [AC_DEFINE([GNUNET_CULL_LOGGING],[],[Define to cull all logging calls])], + [test "x$enableval" = "xverbose"], [extra_logging=1] + [test "x$enableval" = "xveryverbose"], [extra_logging=2]) + ], []) +AC_DEFINE_UNQUOTED([GNUNET_EXTRA_LOGGING],[$extra_logging],[1 if extra logging is enabled, 2 for very verbose extra logging, 0 otherwise]) + +# version info +AC_PATH_PROG(gitcommand, git) +AC_MSG_CHECKING(for source being under a VCS) +git_version= +AS_IF([test ! "X$gitcommand" = "X"], +[ + git_version=$(cd $srcdir ; git rev-list --full-history --all --abbrev-commit | head -n 1 2>/dev/null) +]) +AS_IF([test "X$git_version" = "X"], + [ + vcs_name="no" + vcs_version="\"release\"" + ], + [ + vcs_name="yes, git-svn" + vcs_version="\"git-$git_version\"" + ]) +AC_MSG_RESULT($vcs_name) + +AC_MSG_CHECKING(VCS version) +AC_MSG_RESULT($vcs_version) +AC_DEFINE_UNQUOTED(VCS_VERSION, [$vcs_version], [VCS revision/hash or tarball version]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT64_T +AC_TYPE_INTMAX_T +AC_TYPE_UINTMAX_T + +# Checks for library functions. +AC_CHECK_FUNCS([strdup]) + + +AC_ARG_ENABLE([[doc]], + [AS_HELP_STRING([[--disable-doc]], [do not build any documentation])], , + [enable_doc=yes]) +test "x$enable_doc" = "xno" || enable_doc=yes +AM_CONDITIONAL([ENABLE_DOC], [test "x$enable_doc" = "xyes"]) + + +],[ # this is about the doc-only if on top of the file + +# logic if doc_only is set, make sure conditionals are still defined +AM_CONDITIONAL([HAVE_POSTGRESQL], [false]) +AM_CONDITIONAL([HAVE_LIBCURL], [false]) +AM_CONDITIONAL([HAVE_LIBGNURL], [false]) +AM_CONDITIONAL([USE_COVERAGE], [false]) +AM_CONDITIONAL([ENABLE_DOC], [true]) + + +# end of 'doc_only' +]) + + +# should experimental code be compiled (code that may not yet compile / have passing test cases)? +AC_MSG_CHECKING(whether to compile experimental code) +AC_ARG_ENABLE([experimental], + [AS_HELP_STRING([--enable-experimental], [enable compiling experimental code])], + [enable_experimental=${enableval}], + [enable_experimental=no]) +AC_MSG_RESULT($enable_experimental) +AM_CONDITIONAL([HAVE_EXPERIMENTAL], [test "x$enable_experimental" = "xyes"]) + + +AC_CONFIG_FILES([ +Makefile +contrib/Makefile +doc/Makefile +doc/doxygen/Makefile +po/Makefile.in +src/Makefile +src/authorization/Makefile +src/backend/Makefile +src/cli/Makefile +src/include/Makefile +src/lib/Makefile +src/util/Makefile +src/reducer/Makefile +src/restclient/Makefile +src/stasis/Makefile +src/testing/Makefile +]) +AC_OUTPUT diff --git a/contrib/Makefile.am b/contrib/Makefile.am new file mode 100644 index 0000000..4304bcf --- /dev/null +++ b/contrib/Makefile.am @@ -0,0 +1,31 @@ +# This Makefile.am is in the public domain +# Process this file with automake to produce Makefile.in + +SUBDIRS = . + +pkgdatadir= $(prefix)/share/anastasis/ + +EXTRA_DIST = \ + $(pkgdata_DATA) \ + pogen.sh \ + gana.sh \ + gana-update.sh \ + gnunet.tag \ + microhttpd.tag + +pkgdata_DATA = \ + redux.al.json \ + redux.be.json \ + redux.ch.json \ + redux.cz.json \ + redux.de.json \ + redux.dk.json \ + redux.in.json \ + redux.it.json \ + redux.jp.json \ + redux.sk.json \ + redux.us.json \ + redux.xx.json \ + redux.xy.json \ + redux.countries.json \ + provider-list.json diff --git a/contrib/gana b/contrib/gana new file mode 160000 +Subproject 0f1eb8555b89056fe62e093211e53a1f9ba85d5 diff --git a/contrib/gana-update.sh b/contrib/gana-update.sh new file mode 100755 index 0000000..94b2719 --- /dev/null +++ b/contrib/gana-update.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Helper script to recompute error codes based on submodule +# Run from exchange/ main directory. +set -eu + +# Generate taler-error-codes.h in gana and copy it to +# src/include/taler_error_codes.h +cd contrib/gana/gnu-taler-error-codes +make +cd ../../.. +cat contrib/gana/gnu-taler-error-codes/taler_error_codes.h | sed -e "s/GNU_TALER_ERROR_CODES_H/GNU_ANASTASIS_ERROR_CODES_H/" -e "s/taler_error_codes.h/anastasis_error_codes.h/" > src/include/anastasis_error_codes.h diff --git a/contrib/gana.sh b/contrib/gana.sh new file mode 100755 index 0000000..30dc799 --- /dev/null +++ b/contrib/gana.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# Helper script to update to latest GANA +# Run from exchange/ main directory. +set -eu + +cd contrib/gana +git pull origin master +cd ../.. + +exec ./contrib/gana-update.sh diff --git a/contrib/gnunet.tag b/contrib/gnunet.tag new file mode 100644 index 0000000..f270ba5 --- /dev/null +++ b/contrib/gnunet.tag @@ -0,0 +1,235 @@ +<?xml version='1.0' encoding='UTF-8' standalone='yes' ?> +<tagfile> + <compound kind="file"> + <name>gnunet_util_lib.h</name> + <path></path> + <filename>gnunet_util_lib.h</filename> + <member kind="define"> + <type>#define</type> + <name>GNUNET_YES</name> + <anchorfile>gnunet_util_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_OK</name> + <anchorfile>gnunet_util_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_NO</name> + <anchorfile>gnunet_util_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_SYSERR</name> + <anchorfile>gnunet_util_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_TIME_UNIT_FOREVER_ABS</name> + <anchorfile>gnunet_util_lib.h</anchorfile> + <arglist></arglist> + </member> + </compound> + + <compound kind="file"> + <name>gnunet_common.h</name> + <path></path> + <filename>gnunet_db_lib.h</filename> + <member kind="define"> + <type>#define</type> + <name>GNUNET_free</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(ptr)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_free_non_null</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(ptr)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_malloc_large</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(size)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_realloc</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(ptr, size)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_new</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(type)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_malloc</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(size)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_new_array</name> + <anchorfile>gnunet_common.h</anchorfile> + <arglist>(n, type)</arglist> + </member> + </compound> + + <compound kind="file"> + <name>gnunet_strings_lib.h</name> + <path></path> + <filename>gnunet_strings_lib.h</filename> + <member kind="function"> + <type>#define</type> + <name>GNUNET_STRINGS_filename_expand</name> + <anchorfile>gnunet_strings_lib.h</anchorfile> + <arglist>(const char *name)</arglist> + </member> + </compound> + + <compound kind="file"> + <name>gnunet_db_lib.h</name> + <path></path> + <filename>gnunet_db_lib.h</filename> + <member kind="define"> + <type>#define</type> + <name>GNUNET_DB_STATUS_SUCCESS_ONE_RESULT</name> + <anchorfile>gnunet_db_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_DB_STATUS_SUCCESS_NO_RESULTS</name> + <anchorfile>gnunet_db_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_DB_STATUS_HARD_ERROR</name> + <anchorfile>gnunet_db_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_DB_STATUS_SOFT_ERROR</name> + <anchorfile>gnunet_db_lib.h</anchorfile> + <arglist></arglist> + </member> + </compound> + <compound kind="file"> + <name>gnunet_pq_lib.h</name> + <path></path> + <filename>gnunet_pq_lib.h</filename> + <member kind="define"> + <type>#define</type> + <name>GNUNET_PQ_query_param_auto_from_type</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>(x)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <name>GNUNET_PQ_result_spec_end</name> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <name>GNUNET_SQ_result_spec_absolute_time_nbo</name> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <name>GNUNET_PQ_result_spec_auto_from_type</name> + <arglist>(name, dst)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_PQ_ResultSpec</type> + <name>GNUNET_PQ_result_spec_absolute_time</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>(const char *name, struct GNUNET_TIME_Absolute *at)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_PQ_ResultSpec</type> + <name>GNUNET_PQ_result_spec_absolute_time_nbo</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>(const char *name, struct GNUNET_TIME_AbsoluteNBO *at)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <name>GNUNET_PQ_PREPARED_STATEMENT_END</name> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <name>GNUNET_PQ_EXECUTE_STATEMENT_END</name> + <arglist></arglist> + </member> + <member kind="function"> + <type>struct GNUNET_PQ_QueryParam</type> + <name>GNUNET_PQ_query_param_absolute_time</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>(const struct GNUNET_TIME_Absolute *x)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_PQ_QueryParam</type> + <name>GNUNET_PQ_query_param_absolute_time_nbo</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>(const struct GNUNET_TIME_AbsoluteNBO *x)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_SQ_QueryParam</type> + <name>GNUNET_SQ_query_param_absolute_time</name> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <arglist>(const struct GNUNET_TIME_Absolute *x)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_SQ_QueryParam</type> + <name>GNUNET_SQ_query_param_absolute_time_nbo</name> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <arglist>(const struct GNUNET_TIME_Absolute *x)</arglist> + </member> + <member kind="function"> + <type>struct GNUNET_SQ_QueryParam</type> + <name>GNUNET_PQ_query_param_absolute_time_nbo</name> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <arglist>(const struct GNUNET_TIME_AbsoluteNBO *x)</arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_PQ_query_param_end</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>GNUNET_SQ_query_param_end</name> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <arglist></arglist> + </member> + <member kind="typedef"> + <type>int</type> + <name>GNUNET_PQ_ResultConverter</name> + <anchorfile>gnunet_pq_lib.h</anchorfile> + <arglist>)(void *cls, PGresult *result, int row, const char *fname, size_t *dst_size, void *dst)</arglist> + </member> + <member kind="typedef"> + <type>int</type> + <name>GNUNET_SQ_ResultConverter</name> + <anchorfile>gnunet_sq_lib.h</anchorfile> + <arglist>)(void *cls, sqlite3_stmt *result, unsigned int column, size_t *dst_size, void *dst)</arglist> + </member> + </compound> +</tagfile> diff --git a/contrib/microhttpd.tag b/contrib/microhttpd.tag new file mode 100644 index 0000000..5ae125e --- /dev/null +++ b/contrib/microhttpd.tag @@ -0,0 +1,122 @@ +<?xml version='1.0' encoding='UTF-8' standalone='yes' ?> +<tagfile> + <compound kind="file"> + <name>microhttpd_lib.h</name> + <path></path> + <filename>microhttpd.h</filename> + <member kind="define"> + <type>#define</type> + <name>MHD_YES</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_NO</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_OK</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_BAD_REQUEST</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_URI_TOO_LONG</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_PAYLOAD_TOO_LARGE</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_REQUEST_TIMEOUT</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_ACCEPTED</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_NOT_FOUND</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_NO_CONTENT</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_GONE</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_PRECONDITION_FAILED</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_CONFLICT</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_FORBIDDEN</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_SERVICE_UNAVAILABLE</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_FAILED_DEPENDENCY</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_HTTP_INTERNAL_SERVER_ERROR</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="define"> + <type>#define</type> + <name>MHD_OPTION_NOTIFY_COMPLETED</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist></arglist> + </member> + <member kind="typedef"> + <type>int</type> + <name>MHD_AccessHandlerCallback</name> + <anchorfile>microhttpd.h</anchorfile> + <arglist>)(void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls)</arglist> + </member> + </compound> +</tagfile> diff --git a/contrib/pogen.sh b/contrib/pogen.sh new file mode 100755 index 0000000..89140ea --- /dev/null +++ b/contrib/pogen.sh @@ -0,0 +1,3 @@ +#!/bin/sh +find src -name "*.c" | sort > po/POTFILES.in +find contrib -name "*.json" | sort >> po/POTFILES.in diff --git a/contrib/provider-list.json b/contrib/provider-list.json new file mode 100644 index 0000000..37200a4 --- /dev/null +++ b/contrib/provider-list.json @@ -0,0 +1,22 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "anastasis_provider": [ + { + "url" : "http://localhost:8086/", + "currency" : "TESTKUDOS" + }, + { + "url" : "http://localhost:8087/", + "currency" : "TESTKUDOS" + }, + { + "url" : "http://localhost:8088/", + "currency" : "TESTKUDOS" + }, + { + "url" : "http://localhost:8089/", + "currency" : "TESTKUDOS" + } + ] +} diff --git a/contrib/redux.al.json b/contrib/redux.al.json new file mode 100644 index 0000000..bb4360e --- /dev/null +++ b/contrib/redux.al.json @@ -0,0 +1,33 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "nid_number", + "label": "Numri i Identitetit", + "label_i18n":{ + "en": "Identity Number", + "al": "Numri i Identitetit" + }, + "widget": "anastasis_gtk_ia_nid_al", + "uuid": "256e5d30-d65e-481b-9ac4-55f5ac03b24a", + "validation-regex": "^[0-9A-T][0-9](((0|5)[0-9])|10|11|51|52)[0-9]{3}[A-W]$", + "validation-logic": "AL_NID_check" + } + ] +} diff --git a/contrib/redux.be.json b/contrib/redux.be.json new file mode 100644 index 0000000..821a3eb --- /dev/null +++ b/contrib/redux.be.json @@ -0,0 +1,39 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "nrn_number", + "label": "National Register Number", + "label_i18n":{ + "en": "National Register Number" + }, + "widget": "anastasis_gtk_ia_nid_be", + "uuid": "0452f99a-06f7-48bd-8ac0-2e4ed9a24560", + "validation-regex": "^[0-9]{11}$", + "validation-logic": "BE_NRN_check" + } + ] +} diff --git a/contrib/redux.ch.json b/contrib/redux.ch.json new file mode 100644 index 0000000..48e8e7a --- /dev/null +++ b/contrib/redux.ch.json @@ -0,0 +1,40 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "ahv_number", + "label": "AHV number", + "label_i18n":{ + "de_DE":"AHV-Nummer", + "de_CH":"AHV-Nummer" + }, + "widget": "anastasis_gtk_ia_ahv", + "uuid" : "1da87570-ba16-4f62-8a7e-cbda92f51591", + "validation-regex": "^(756).[0-9]{4}.[0-9]{4}.[0-9]{2}|(756)[0-9]{10}$", + "validation-logic": "CH_AHV_check" + } + ] +} diff --git a/contrib/redux.countries.json b/contrib/redux.countries.json new file mode 100644 index 0000000..aaaf134 --- /dev/null +++ b/contrib/redux.countries.json @@ -0,0 +1,166 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "countries": [ + { + "code" : "al", + "name" : "Albania", + "continent" : "Europe", + "name_i18n" : { + "de_DE": "Albanien", + "en_UK": "Albania" + }, + "currency": "ALL", + "call_code" : "+355" + }, + { + "code" : "be", + "name" : "Belgium", + "continent" : "Europe", + "name_i18n" : { + "de_DE": "Belgien", + "en_UK": "Belgium" + }, + "currency": "EUR", + "call_code" : "+32" + }, + { + "code" : "ch", + "name" : "Switzerland", + "continent" : "Europe", + "name_i18n" : { + "de_DE": "Schweiz", + "de_CH": "Schwiiz", + "fr_FR": "Suisse", + "en_UK": "Swiss" + }, + "currency": "CHF", + "call_code" : "+41" + }, + { + "code" : "cz", + "name" : "Czech Republic", + "continent" : "Europe", + "name_i18n" : { + "en_UK": "Czech Republic" + }, + "currency": "CZK", + "call_code" : "+420" + }, + { + "code" : "de", + "name" : "Germany", + "continent" : "Europe", + "continent_i18n" : { "de_DE" : "Europa" }, + "name_i18n" : { + "de_DE": "Deutschland", + "de_CH": "Deutschland", + "fr_FR": "Allemagne", + "en_UK": "Germany" + }, + "currency": "EUR", + "call_code" : "+49" + }, + { + "code" : "dk", + "name" : "Denmark", + "continent" : "Europe", + "continent_i18n" : { "de_DE" : "Europa" }, + "name_i18n" : { + "en_UK": "Denmark" + }, + "currency": "DKK", + "call_code" : "+45" + }, + { + "code" : "in", + "name" : "India", + "continent" : "India", + "continent_i18n" : { "en_EN" : "India" }, + "name_i18n" : { + "de_DE": "Indien", + "de_CH": "Indien", + "fr_FR": "l'Inde", + "en_UK": "India" + }, + "currency": "INR", + "call_code" : "+91" + }, + { + "code" : "it", + "name" : "Italy", + "continent" : "Europe", + "name_i18n" : { + "de_DE": "Italien", + "en_UK": "Italy" + }, + "currency": "EUR", + "call_code" : "+39" + }, + { + "code" : "jp", + "name" : "Japan", + "continent" : "Asia", + "continent_i18n" : { "en_EN" : "Japan" }, + "name_i18n" : { + "de_DE": "Japan", + "de_CH": "Japan", + "en_UK": "Japan" + }, + "currency": "JPY", + "call_code" : "+81" + }, + { + "code" : "sl", + "name" : "Slovakia", + "continent" : "Europe", + "name_i18n" : { + "en_UK": "Slovakia" + }, + "currency": "EUR", + "call_code" : "+421" + }, + { + "code" : "us", + "name" : "United States of America (USA)", + "continent" : "North America", + "continent_i18n" : { "de_DE" : "Nordamerika" }, + "name_i18n" : { + "de_DE": "Vereinigte Staaten von Amerika (USA)", + "de_CH": "Vereinigte Staaten von Amerika (USA)", + "fr_FR": "États-Unis d'Amérique (USA)", + "en_UK": "United States of America (USA)" + }, + "currency": "USD", + "call_code" : "+1" + }, + { + "code" : "xx", + "name" : "Testland", + "continent" : "Testcontinent", + "continent_i18n" : { "de_DE" : "Testkontinent" }, + "name_i18n" : { + "de_DE": "Testlandt", + "de_CH": "Testlandi", + "fr_FR": "Testpais", + "en_UK": "Testland" + }, + "currency": "TESTKUDOS", + "call_code" : "+00" + }, + { + "code" : "xy", + "name" : "Demoland", + "continent" : "Testcontinent", + "continent_i18n" : { "de_DE" : "Testkontinent" }, + "name_i18n" : { + "de_DE":"Demolandt", + "de_CH":"Demolandi", + "fr_FR": "Demopais", + "en_UK": "Demoland" + }, + "currency": "KUDOS", + "call_code" : "+01" + } + ] +} diff --git a/contrib/redux.cz.json b/contrib/redux.cz.json new file mode 100644 index 0000000..e7118a8 --- /dev/null +++ b/contrib/redux.cz.json @@ -0,0 +1,33 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "birth_number", + "label": "Birth Number", + "label_i18n":{ + "en": "Birth Number", + "cz": "rodné číslo" + }, + "widget": "anastasis_gtk_ia_birthnumber_cz", + "uuid": "03e3a05b-1192-44f1-ac36-7425512eee1a", + "validation-regex": "^[0-9]{2}(((0|2|5|7)[0-9])|10|11|31|32|51|52|81|82)/[0-9]{3}[0-9]?$", + "validation-logic": "CZ_BN_check" + } + ] +} diff --git a/contrib/redux.de.json b/contrib/redux.de.json new file mode 100644 index 0000000..862a463 --- /dev/null +++ b/contrib/redux.de.json @@ -0,0 +1,54 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "tax_number", + "label": "Taxpayer identification number", + "label_i18n":{ + "de_DE": "Steuerliche Identifikationsnummer", + "en": "German taxpayer identification number" + }, + "widget": "anastasis_gtk_ia_tax_de", + "uuid": "dae48f85-e3ff-47a4-a4a3-ed981ed8c3c6", + "validation-regex": "^[0-9]{11}$", + "validation-logic": "DE_TIN_check" + }, + { + "type": "string", + "name": "social_security_number", + "label": "Social security number", + "label_i18n":{ + "de_DE": "Deutsche Sozialversicherungsnummer", + "en": "German Social security number" + }, + "widget": "anastasis_gtk_ia_ssn_de", + "uuid": "d5e2aa79-1c88-4cf4-a4d2-252508b38e05", + "validation-regex": "^[0-9]{8}[[:upper:]][0-9]{3}$", + "validation-logic": "DE_SVN_check", + "optional" : true + } + ] +} diff --git a/contrib/redux.dk.json b/contrib/redux.dk.json new file mode 100644 index 0000000..29c7c6c --- /dev/null +++ b/contrib/redux.dk.json @@ -0,0 +1,32 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "cpr_number", + "label": "CPR-nummer", + "label_i18n":{ + "en": "CPR Number", + "dk": "CPR-nummer" + }, + "widget": "anastasis_gtk_ia_cpr_dk", + "uuid": "38f13a4d-4302-4ada-ada1-c3ff4a8ff689", + "validation-regex": "^(0[1-9]|[1-2][0-9]|30|31)((0[1-9]|10|11|12))[0-9]{2}-[0-9A-Z]{4}$" + } + ] +} diff --git a/contrib/redux.in.json b/contrib/redux.in.json new file mode 100644 index 0000000..a53035c --- /dev/null +++ b/contrib/redux.in.json @@ -0,0 +1,39 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "aadhar_number", + "label": "Aadhar number", + "label_i18n":{ + "en": "Aadhar number" + }, + "widget": "anastasis_gtk_ia_aadhar_in", + "uuid": "55afe97a-98bc-48d1-bb37-a9658be3fdc9", + "validation-regex": "^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$", + "validation-logic": "IN_AADHAR_check" + } + ] +} diff --git a/contrib/redux.it.json b/contrib/redux.it.json new file mode 100644 index 0000000..f744497 --- /dev/null +++ b/contrib/redux.it.json @@ -0,0 +1,33 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "fiscal_code", + "label": "Codice fiscale", + "label_i18n":{ + "it": "Codice fiscale", + "en": "Fiscal code" + }, + "widget": "anastasis_gtk_ia_cf_it", + "uuid": "88f53c51-52ad-4d63-a163-ec042589f925", + "validation-regex": "^[[:upper:]]{6}[0-9]{2}[A-EHLMPRT](([0-24-6][0-9])|(30|31|70|71))[A-MZ][0-9]{3}[A-Z]$", + "validation-logic": "IT_CF_check" + } + ] +} diff --git a/contrib/redux.jp.json b/contrib/redux.jp.json new file mode 100644 index 0000000..2a80cdf --- /dev/null +++ b/contrib/redux.jp.json @@ -0,0 +1,39 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "my_number", + "label": "My number", + "label_i18n":{ + "en": "My number", + "jp": "マイナンバー" + }, + "widget": "anastasis_gtk_ia_my_jp", + "uuid": "90848f42-a83e-4226-8186-329696c14152", + "validation-regex": "^[0-9]{12}$" + } + ] +} diff --git a/contrib/redux.sk.json b/contrib/redux.sk.json new file mode 100644 index 0000000..e2acef7 --- /dev/null +++ b/contrib/redux.sk.json @@ -0,0 +1,33 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "birth_number", + "label": "Birth Number", + "label_i18n":{ + "en": "Birth Number", + "sk": "rodné číslo" + }, + "widget": "anastasis_gtk_ia_birthnumber_sk", + "uuid": "1cd372fe-2cea-4928-9f29-66f2bdd8555c", + "validation-regex": "^[0-9]{2}(((0|2|5|7)[0-9])|10|11|31|32|51|52|81|82)/[0-9]{3}[0-9]?$", + "validation-logic": "CZ_BN_check" + } + ] +} diff --git a/contrib/redux.us.json b/contrib/redux.us.json new file mode 100644 index 0000000..17e7556 --- /dev/null +++ b/contrib/redux.us.json @@ -0,0 +1,38 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "birthplace", + "label": "Birthplace", + "widget": "anastasis_gtk_ia_birthplace", + "uuid" : "4c822e8e-89c6-11eb-95c4-8b077ad8489f" + }, + { + "type": "string", + "name": "social_security_number", + "label": "Social security number", + "label_i18n":{ + "en": "US Social security number" + }, + "widget": "anastasis_gtk_ia_ssn_us", + "uuid": "310a138c-b0b7-4985-b8b8-d00e765e9f9b", + "validation-regex": "^d{3}-d{2}-d{4}$" + } + ] +} diff --git a/contrib/redux.xx.json b/contrib/redux.xx.json new file mode 100644 index 0000000..b28af81 --- /dev/null +++ b/contrib/redux.xx.json @@ -0,0 +1,29 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "sq_number", + "label": "Square number", + "widget": "anastasis_gtk_xx_square", + "uuid" : "ed790bca-89bf-11eb-96f2-233996cf644e", + "validation-regex": "^[0-9]+$", + "validation-logic": "XX_SQUARE_check" + } + ] +} diff --git a/contrib/redux.xy.json b/contrib/redux.xy.json new file mode 100644 index 0000000..2091d9a --- /dev/null +++ b/contrib/redux.xy.json @@ -0,0 +1,29 @@ +{ + "license": "GPLv3+", + "SPDX-License-Identifier": "GPL3.0-or-later", + "required_attributes": [ + { + "type": "string", + "name": "full_name", + "label": "Full name", + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + }, + { + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "widget": "anastasis_gtk_ia_birthdate", + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + }, + { + "type": "string", + "name": "prime_number", + "label": "Prime number", + "widget": "anastasis_gtk_xx_prime", + "uuid" : "39190a95-cacb-4412-8bae-1f7da3f980b4", + "validation-regex": "^[0-9]+$", + "validation-logic": "XY_PRIME_check" + } + ] +} diff --git a/contrib/uncrustify.cfg b/contrib/uncrustify.cfg new file mode 100644 index 0000000..8c9df2c --- /dev/null +++ b/contrib/uncrustify.cfg @@ -0,0 +1,95 @@ +input_tab_size = 2 +output_tab_size = 2 + +indent_columns = 2 +indent_with_tabs = 0 +indent_case_brace = 2 +indent_label=-16 + +code_width=80 +#cmd_width=80 + +# Leave most comments alone for now +cmt_indent_multi=false +sp_cmt_cpp_start=add + +sp_not=add + +sp_func_call_user_paren_paren=remove +sp_inside_fparen=remove +sp_after_cast=add + +ls_for_split_full=true +ls_func_split_full=true +ls_code_width=true + +# Arithmetic operations in wrapped expressions should be at the start +# of the line. +pos_arith=lead + +# Fully parenthesize boolean exprs +mod_full_paren_if_bool=true + +# Braces should be on their own line +nl_fdef_brace=add +nl_enum_brace=add +nl_struct_brace=add +nl_union_brace=add +nl_if_brace=add +nl_brace_else=add +nl_elseif_brace=add +nl_while_brace=add +nl_switch_brace=add + +# no newline between "else" and "if" +nl_else_if=remove + +nl_func_paren=remove +nl_assign_brace=remove + +# No extra newlines that cause noisy diffs +nl_start_of_file=remove +nl_after_func_proto = 2 +nl_after_func_body = 3 +# If there's no new line, it's not a text file! +nl_end_of_file=add +nl_max_blank_in_func = 3 +nl_max = 3 + +sp_inside_paren = remove + +sp_arith = add +sp_arith_additive = add + +# We want spaces before and after "=" +sp_before_assign = add +sp_after_assign = add + +# we want "char *foo;" +sp_after_ptr_star = remove +sp_between_ptr_star = remove + +# we want "if (foo) { ... }" +sp_before_sparen = add + +sp_inside_fparen = remove +sp_inside_sparen = remove + +# add space before function call and decl: "foo (x)" +sp_func_call_paren = add +sp_func_proto_paren = add +sp_func_proto_paren_empty = add +sp_func_def_paren = add +sp_func_def_paren_empty = add + +# We'd want it for "if ( (foo) || (bar) )", but not for "if (m())", +# so as uncrustify doesn't give exactly what we want => ignore +sp_paren_paren = ignore +sp_inside_paren = remove +sp_bool = force + +nl_func_type_name = force +#nl_branch_else = add +nl_else_brace = add +nl_elseif_brace = add +nl_for_brace = add diff --git a/contrib/uncrustify_precommit b/contrib/uncrustify_precommit new file mode 100755 index 0000000..2487333 --- /dev/null +++ b/contrib/uncrustify_precommit @@ -0,0 +1,35 @@ +#!/bin/sh + +# use as .git/hooks/pre-commit + +exec 1>&2 + +RET=0 +changed=$(git diff --cached --name-only) +crustified="" + +for f in $changed; +do + if echo $f | grep \\.[c,h]\$ > /dev/null + then + # compare result of uncrustify with changes + # + # only change any of the invocations here if + # they are portable across all cmp and shell + # implementations ! + uncrustify -q -c uncrustify.cfg -f $f | cmp -s $f - + if test $? = 1 ; + then + crustified=" $crustified $f" + RET=1 + fi + fi +done + +if [ $RET = 1 ]; +then + echo "Run" + echo "uncrustify --no-backup -c uncrustify.cfg ${crustified}" + echo "before committing." +fi +exit $RET diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000..7dcd9f0 --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,13 @@ +.debhelper/ +*.substvars +*.log +libanastasis/ +libanastasis-dev/ +anastasis-httpd/ +anastasis-cli/ +*.debhelper +autoreconf.after +autoreconf.before +debhelper-build-stamp +files +tmp/
\ No newline at end of file diff --git a/debian/anastasis-cli.install b/debian/anastasis-cli.install new file mode 100644 index 0000000..6921bea --- /dev/null +++ b/debian/anastasis-cli.install @@ -0,0 +1,2 @@ +usr/bin/anastasis-reducer +usr/share/man/man1/anastasis-reducer.1 diff --git a/debian/anastasis-httpd.README.Debian b/debian/anastasis-httpd.README.Debian new file mode 100644 index 0000000..f2e608c --- /dev/null +++ b/debian/anastasis-httpd.README.Debian @@ -0,0 +1,10 @@ +anastasis +-------------- + +This package is a backend to operate an Anastasis provider. + +This package is integrated with Apache or Nginx, automatically +deploying a configuration for the backend to the respective +Web server at the "/anastasis/" endpoint. + + -- Christian Grothoff <grothoff@gnu.org> Fri 01 Apr 2021 11:37:14 AM CET diff --git a/debian/anastasis-httpd.config b/debian/anastasis-httpd.config new file mode 100644 index 0000000..7ea8a7b --- /dev/null +++ b/debian/anastasis-httpd.config @@ -0,0 +1,38 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +_USERNAME=anastasis-httpd +_GROUPNAME=www-data + +db_input low anastasis/reconfigure-webserver || true +db_go + +# Set permissions for sqlite3 file +# (for when we support sqlite3 in the future) +dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" +dbc_dbfile_perms="0600" + +dbc_psql_createdb_encoding="UTF8" + +# Set MySQL encoding to UTF8, just in case MySQL +# support is added in the future. +dbc_mysql_createdb_encoding="UTF8" + +# Try to get it to use UNIX domain sockets, if possible. +# (Note: doesn't seem to do much, still uses username+PW+TCP +# on my system :-( dbconfig documentation sucks.). +dbc_authmethod_user=ident +dbc_authmethod_admin=ident + +dbc_dbuser=${_USERNAME} + + +if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/config.pgsql + dbc_go anastasis "$@" +fi + +db_stop diff --git a/debian/anastasis-httpd.install b/debian/anastasis-httpd.install new file mode 100644 index 0000000..a97180b --- /dev/null +++ b/debian/anastasis-httpd.install @@ -0,0 +1,13 @@ +usr/bin/ +usr/lib/*/anastasis/ +usr/lib/*/libanastasisauthorization.* +usr/lib/*/libanastasisdb.* +usr/share/man/man5/* +usr/share/man/man1/anastasis-httpd.1 +usr/share/man/man1/anastasis-config.1 +usr/share/anastasis/* +usr/share/anastasis/sql/* +usr/share/anastasis/config.d/* +debian/etc/* /etc/ +debian/conf/* etc/anastasis/ +debian/db/install/* usr/share/dbconfig-common/scripts/anastasis/install/ diff --git a/debian/anastasis-httpd.postinst b/debian/anastasis-httpd.postinst new file mode 100644 index 0000000..77acf49 --- /dev/null +++ b/debian/anastasis-httpd.postinst @@ -0,0 +1,93 @@ +#!/bin/bash + +set -e + +_USERNAME=anastasis-httpd +_GROUPNAME=www-data + +# Set permissions for sqlite3 file +# (for when we support sqlite3 in the future) +dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" +dbc_dbfile_perms="0600" + +# 1st argument will be the SECURITYTOKEN to use. +apache_install() { + echo -n "Starting Apache setup..." + mkdir -p /etc/apache2/conf-available + if [ ! -f /etc/apache2/conf-available/anastasis.conf ]; then + echo -n "..." + cat /etc/anastasis/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/apache2/conf-available/anastasis.conf + fi + echo "Done" +} + +# 1st argument will be the SECURITYTOKEN to use. +nginx_install() { + echo -n "Starting Nginx setup..." + mkdir -p /etc/nginx/conf-available + if [ ! -f /etc/nginx/conf-available/anastasis.conf ]; then + echo -n "..." + cat /etc/anastasis/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/nginx/conf-available/anastasis.conf + fi + echo "Done" +} + +. /usr/share/debconf/confmodule + +case "${1}" in +configure) + db_start + db_version 2.0 + + # Read default values + CONFIG_FILE="/etc/default/anastasis" + TALER_HOME="/var/lib/taler/" + + echo " User setup" + # Creating taler users if needed + if ! getent passwd ${_USERNAME} >/dev/null; then + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_USERNAME} + fi + + # Setup postgres database (needs dbconfig-pgsql package) + if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postinst.pgsql + dbc_pgsql_createdb_encoding="UTF8" + dbc_go anastasis "$@" + fi + + cat >"/etc/systemd/system/anastasis-httpd.service" <<EOF +EOF + + # Configure Webserver + echo " Configuring Webserver" + db_get anastasis/reconfigure-webserver + webservers="$RET" + for webserver in $webservers; do + webserver=${webserver%,} + if [ "$webserver" = "nginx" ]; then + nginx_install "$SECRET" + else + apache_install "$SECRET" + fi + done + echo "Done." + + db_stop + + # Cleaning + echo "All done." + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + + *) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/anastasis-httpd.postrm b/debian/anastasis-httpd.postrm new file mode 100644 index 0000000..fc96f0e --- /dev/null +++ b/debian/anastasis-httpd.postrm @@ -0,0 +1,72 @@ +#!/bin/sh + +set -e + +pathfind() { + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$*" ]; then + IFS="$OLDIFS" + return 0 + fi + done + IFS="$OLDIFS" + return 1 +} + +apache_remove() { + if [ diff /etc/anastasis/apache.conf /etc/apache2/conf-available/anastasis.conf ] >/dev/null 2>&1; then + rm -f /etc/apache2/conf-available/anastasis.conf + fi +} + +nginx_remove() { + if [ diff /etc/taler-exchange/nginx.conf /etc/apache2/conf-available/taler-exchange.conf ] >/dev/null 2>&1; then + rm -f /etc/nginx/conf-available/anastasis.conf + fi +} + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi + +if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postrm.pgsql + dbc_go anastasis "$@" +fi + +if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then + if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_version 2.0 + db_get anastasis/reconfigure-webserver + webservers="$RET" + for webserver in $webservers; do + webserver=${webserver%,} + if [ "$webserver" = "nginx" ]; then + nginx_remove + else + apache_remove + fi + done + fi +fi + +case "${1}" in +purge) + rm -f /var/lib/anastasis/master-api-key.txt + rm -rf /var/lib/anastasis/httpd/ + ;; +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; + +\ + *) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/anastasis-httpd.prerm b/debian/anastasis-httpd.prerm new file mode 100644 index 0000000..570b20f --- /dev/null +++ b/debian/anastasis-httpd.prerm @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi +. /usr/share/dbconfig-common/dpkg/prerm + +if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/prerm.pgsql + dbc_go anastasis "$@" +fi + +db_stop +exit 0 diff --git a/debian/anastasis-httpd.service b/debian/anastasis-httpd.service new file mode 100644 index 0000000..ab764cc --- /dev/null +++ b/debian/anastasis-httpd.service @@ -0,0 +1,8 @@ +[Unit] +Description=Anastasis key recovery backend + +[Service] +User=anastasis-httpd +Type=simple +Restart=on-failure +ExecStart=/usr/bin/anastasis-httpd -c /etc/taler/taler.conf diff --git a/debian/anastasis-httpd.templates b/debian/anastasis-httpd.templates new file mode 100644 index 0000000..1b1db15 --- /dev/null +++ b/debian/anastasis-httpd.templates @@ -0,0 +1,7 @@ +Template: anastasis/reconfigure-webserver +Type: multiselect +Choices: apache2, nginx +Default: apache2, nginx +_Description: Web server to reconfigure automatically: + Please choose the web server that should be automatically configured + as a frontend for anastasis-httpd. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..ea5ab8a --- /dev/null +++ b/debian/changelog @@ -0,0 +1,37 @@ +anastasis (0.0.0-5) unstable; urgency=low + + * Fixes in packaging files. + + -- Florian Dold <dold@taler.net> Mon, 26 Jul 2021 11:16:02 +0200 + +anastasis (0.0.0-4) unstable; urgency=low + + * Fix quoting bug. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 21 Jul 2021 14:02:10 +0100 + +anastasis (0.0.0-3) unstable; urgency=low + + * Update to latest upstream code with minor design improvements. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 20 Jul 2021 14:02:10 +0100 + +anastasis (0.0.0-2) unstable; urgency=low + + * Improved reducer structure to address UX issues. + * Added ability to name secrets. + * Modified API to allow applications to more easily control expiration. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 14 Jul 2021 00:00:00 +0000 + +anastasis (0.0.0-1) unstable; urgency=low + + * Various fixes in packaging and code logic. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 24 Jun 2021 00:00:00 +0000 + +anastasis (0.0.0-0) unstable; urgency=medium + + * Initial Release. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 01 Apr 2021 00:00:00 +0000 diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf new file mode 100644 index 0000000..1d73ed1 --- /dev/null +++ b/debian/conf/apache.conf @@ -0,0 +1,11 @@ +<!-- + Make sure to enable the following Apache modules before + integrating this into your configuration: + + # a2enmod proxy + # a2enmod proxy_http +--> + +<Location "/anastasis/"> +ProxyPass "unix:/var/lib/anastasis/httpd/anastasis.sock|http://example.com/" +</Location> diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf new file mode 100644 index 0000000..6828f0b --- /dev/null +++ b/debian/conf/nginx.conf @@ -0,0 +1,8 @@ +location /anastasis/ { + proxy_pass http://unix:/var/lib/anastasis/httpd/anastasis.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Proto "https"; + +}
\ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..532c623 --- /dev/null +++ b/debian/control @@ -0,0 +1,77 @@ +Source: anastasis +Section: net +Priority: optional +Maintainer: Christian Grothoff <grothoff@gnu.org> +Build-Depends: + autoconf (>=2.59), + automake (>=1.11.1), + autopoint, + debhelper-compat (= 13), + gettext, + libgnunet-dev, + libtalerexchange-dev, + libtalermerchant-dev, + libpq-dev (>=9.5), + libsqlite3-dev (>=3.8), + pkg-config, + po-debconf, + libqrencode-dev, + uuid-dev, + zlib1g-dev +Build-Conflicts: + autoconf2.13, + automake1.4 +Standards-Version: 4.5.0 +Vcs-Git: https://salsa.debian.org/debian/anastasis.git +Vcs-browser: https://salsa.debian.org/debian/anastasis +Homepage: https://anastasis.lu/ + +Package: libanastasis +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + lsb-base, + netbase, + ${misc:Depends}, + ${shlibs:Depends} +Description: libraries to talk to an Anastasis provider. + +Package: anastasis-httpd +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + libtalerexchange (>= 0.9.0), + adduser, + lsb-base, + netbase, + apache2 | nginx | httpd, + postgresql, + dbconfig-pgsql | dbconfig-no-thanks, + ${misc:Depends}, + ${shlibs:Depends} +Description: GNU's key escrow provider. + +Package: anastasis-cli +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + libanastasis (>= 0.0.0), + ${misc:Depends}, + ${shlibs:Depends} +Description: Command-line interface for the Anastasis key escrow provider service. + +Package: libanastasis-dev +Section: libdevel +Architecture: any +Depends: + libtalermerchant-dev (>= 0.9.0), + libtalerexchange-dev (>= 0.9.0), + libgnunet-dev (>=0.14.0), + ${misc:Depends}, + ${shlibs:Depends} +Description: libraries to talk to a GNU Anastasis provider (development) + . + This package contains the development files. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..555d608 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,699 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: GNU Taler +Upstream-Contact: Christian Grothoff <christian@grothoff.org> +Source: https://taler.net/ + +Files: * +Copyright: + (C) 2013-2020 Taler Systems SA +License: AGPL-3+ +Comment: Many contributors are mentioned in AUTHORS + +Files: debian/* +Copyright: + (C) 2020 Christian Grothoff <grothoff@gnu.org> +License: GPL-3+ + +Files: debian/po/* +Copyright: +License: GPL-3+ + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + . + The complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-3 file. + +License: AGPL-3+ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + . + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + . + Preamble + . + The GNU Affero General Public License is a free, copyleft license for + software and other kinds of works, specifically designed to ensure + cooperation with the community in the case of network server software. + . + The licenses for most software and other practical works are designed + to take away your freedom to share and change the works. By contrast, + our General Public Licenses are intended to guarantee your freedom to + share and change all versions of a program--to make sure it remains free + software for all its users. + . + When we speak of free software, we are referring to freedom, not + price. Our General Public Licenses are designed to make sure that you + have the freedom to distribute copies of free software (and charge for + them if you wish), that you receive source code or can get it if you + want it, that you can change the software or use pieces of it in new + free programs, and that you know you can do these things. + . + Developers that use our General Public Licenses protect your rights + with two steps: (1) assert copyright on the software, and (2) offer + you this License which gives you legal permission to copy, distribute + and/or modify the software. + . + A secondary benefit of defending all users' freedom is that + improvements made in alternate versions of the program, if they + receive widespread use, become available for other developers to + incorporate. Many developers of free software are heartened and + encouraged by the resulting cooperation. However, in the case of + software used on network servers, this result may fail to come about. + The GNU General Public License permits making a modified version and + letting the public access it on a server without ever releasing its + source code to the public. + . + The GNU Affero General Public License is designed specifically to + ensure that, in such cases, the modified source code becomes available + to the community. It requires the operator of a network server to + provide the source code of the modified version running there to the + users of that server. Therefore, public use of a modified version, on + a publicly accessible server, gives the public access to the source + code of the modified version. + . + An older license, called the Affero General Public License and + published by Affero, was designed to accomplish similar goals. This is + a different license, not a version of the Affero GPL, but Affero has + released a new version of the Affero GPL which permits relicensing under + this license. + . + The precise terms and conditions for copying, distribution and + modification follow. + . + TERMS AND CONDITIONS + . + 0. Definitions. + . + "This License" refers to version 3 of the GNU Affero General Public License. + . + "Copyright" also means copyright-like laws that apply to other kinds of + works, such as semiconductor masks. + . + "The Program" refers to any copyrightable work licensed under this + License. Each licensee is addressed as "you". "Licensees" and + "recipients" may be individuals or organizations. + . + To "modify" a work means to copy from or adapt all or part of the work + in a fashion requiring copyright permission, other than the making of an + exact copy. The resulting work is called a "modified version" of the + earlier work or a work "based on" the earlier work. + . + A "covered work" means either the unmodified Program or a work based + on the Program. + . + To "propagate" a work means to do anything with it that, without + permission, would make you directly or secondarily liable for + infringement under applicable copyright law, except executing it on a + computer or modifying a private copy. Propagation includes copying, + distribution (with or without modification), making available to the + public, and in some countries other activities as well. + . + To "convey" a work means any kind of propagation that enables other + parties to make or receive copies. Mere interaction with a user through + a computer network, with no transfer of a copy, is not conveying. + . + An interactive user interface displays "Appropriate Legal Notices" + to the extent that it includes a convenient and prominently visible + feature that (1) displays an appropriate copyright notice, and (2) + tells the user that there is no warranty for the work (except to the + extent that warranties are provided), that licensees may convey the + work under this License, and how to view a copy of this License. If + the interface presents a list of user commands or options, such as a + menu, a prominent item in the list meets this criterion. + . + 1. Source Code. + . + The "source code" for a work means the preferred form of the work + for making modifications to it. "Object code" means any non-source + form of a work. + . + A "Standard Interface" means an interface that either is an official + standard defined by a recognized standards body, or, in the case of + interfaces specified for a particular programming language, one that + is widely used among developers working in that language. + . + The "System Libraries" of an executable work include anything, other + than the work as a whole, that (a) is included in the normal form of + packaging a Major Component, but which is not part of that Major + Component, and (b) serves only to enable use of the work with that + Major Component, or to implement a Standard Interface for which an + implementation is available to the public in source code form. A + "Major Component", in this context, means a major essential component + (kernel, window system, and so on) of the specific operating system + (if any) on which the executable work runs, or a compiler used to + produce the work, or an object code interpreter used to run it. + . + The "Corresponding Source" for a work in object code form means all + the source code needed to generate, install, and (for an executable + work) run the object code and to modify the work, including scripts to + control those activities. However, it does not include the work's + System Libraries, or general-purpose tools or generally available free + programs which are used unmodified in performing those activities but + which are not part of the work. For example, Corresponding Source + includes interface definition files associated with source files for + the work, and the source code for shared libraries and dynamically + linked subprograms that the work is specifically designed to require, + such as by intimate data communication or control flow between those + subprograms and other parts of the work. + . + The Corresponding Source need not include anything that users + can regenerate automatically from other parts of the Corresponding + Source. + . + The Corresponding Source for a work in source code form is that + same work. + . + 2. Basic Permissions. + . + All rights granted under this License are granted for the term of + copyright on the Program, and are irrevocable provided the stated + conditions are met. This License explicitly affirms your unlimited + permission to run the unmodified Program. The output from running a + covered work is covered by this License only if the output, given its + content, constitutes a covered work. This License acknowledges your + rights of fair use or other equivalent, as provided by copyright law. + . + You may make, run and propagate covered works that you do not + convey, without conditions so long as your license otherwise remains + in force. You may convey covered works to others for the sole purpose + of having them make modifications exclusively for you, or provide you + with facilities for running those works, provided that you comply with + the terms of this License in conveying all material for which you do + not control copyright. Those thus making or running the covered works + for you must do so exclusively on your behalf, under your direction + and control, on terms that prohibit them from making any copies of + your copyrighted material outside their relationship with you. + . + Conveying under any other circumstances is permitted solely under + the conditions stated below. Sublicensing is not allowed; section 10 + makes it unnecessary. + . + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + . + No covered work shall be deemed part of an effective technological + measure under any applicable law fulfilling obligations under article + 11 of the WIPO copyright treaty adopted on 20 December 1996, or + similar laws prohibiting or restricting circumvention of such + measures. + . + When you convey a covered work, you waive any legal power to forbid + circumvention of technological measures to the extent such circumvention + is effected by exercising rights under this License with respect to + the covered work, and you disclaim any intention to limit operation or + modification of the work as a means of enforcing, against the work's + users, your or third parties' legal rights to forbid circumvention of + technological measures. + . + 4. Conveying Verbatim Copies. + . + You may convey verbatim copies of the Program's source code as you + receive it, in any medium, provided that you conspicuously and + appropriately publish on each copy an appropriate copyright notice; + keep intact all notices stating that this License and any + non-permissive terms added in accord with section 7 apply to the code; + keep intact all notices of the absence of any warranty; and give all + recipients a copy of this License along with the Program. + . + You may charge any price or no price for each copy that you convey, + and you may offer support or warranty protection for a fee. + . + 5. Conveying Modified Source Versions. + . + You may convey a work based on the Program, or the modifications to + produce it from the Program, in the form of source code under the + terms of section 4, provided that you also meet all of these conditions: + . + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + . + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + . + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + . + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + . + A compilation of a covered work with other separate and independent + works, which are not by their nature extensions of the covered work, + and which are not combined with it such as to form a larger program, + in or on a volume of a storage or distribution medium, is called an + "aggregate" if the compilation and its resulting copyright are not + used to limit the access or legal rights of the compilation's users + beyond what the individual works permit. Inclusion of a covered work + in an aggregate does not cause this License to apply to the other + parts of the aggregate. + . + 6. Conveying Non-Source Forms. + . + You may convey a covered work in object code form under the terms + of sections 4 and 5, provided that you also convey the + machine-readable Corresponding Source under the terms of this License, + in one of these ways: + . + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + . + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + . + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + . + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + . + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + . + A separable portion of the object code, whose source code is excluded + from the Corresponding Source as a System Library, need not be + included in conveying the object code work. + . + A "User Product" is either (1) a "consumer product", which means any + tangible personal property which is normally used for personal, family, + or household purposes, or (2) anything designed or sold for incorporation + into a dwelling. In determining whether a product is a consumer product, + doubtful cases shall be resolved in favor of coverage. For a particular + product received by a particular user, "normally used" refers to a + typical or common use of that class of product, regardless of the status + of the particular user or of the way in which the particular user + actually uses, or expects or is expected to use, the product. A product + is a consumer product regardless of whether the product has substantial + commercial, industrial or non-consumer uses, unless such uses represent + the only significant mode of use of the product. + . + "Installation Information" for a User Product means any methods, + procedures, authorization keys, or other information required to install + and execute modified versions of a covered work in that User Product from + a modified version of its Corresponding Source. The information must + suffice to ensure that the continued functioning of the modified object + code is in no case prevented or interfered with solely because + modification has been made. + . + If you convey an object code work under this section in, or with, or + specifically for use in, a User Product, and the conveying occurs as + part of a transaction in which the right of possession and use of the + User Product is transferred to the recipient in perpetuity or for a + fixed term (regardless of how the transaction is characterized), the + Corresponding Source conveyed under this section must be accompanied + by the Installation Information. But this requirement does not apply + if neither you nor any third party retains the ability to install + modified object code on the User Product (for example, the work has + been installed in ROM). + . + The requirement to provide Installation Information does not include a + requirement to continue to provide support service, warranty, or updates + for a work that has been modified or installed by the recipient, or for + the User Product in which it has been modified or installed. Access to a + network may be denied when the modification itself materially and + adversely affects the operation of the network or violates the rules and + protocols for communication across the network. + . + Corresponding Source conveyed, and Installation Information provided, + in accord with this section must be in a format that is publicly + documented (and with an implementation available to the public in + source code form), and must require no special password or key for + unpacking, reading or copying. + . + 7. Additional Terms. + . + "Additional permissions" are terms that supplement the terms of this + License by making exceptions from one or more of its conditions. + Additional permissions that are applicable to the entire Program shall + be treated as though they were included in this License, to the extent + that they are valid under applicable law. If additional permissions + apply only to part of the Program, that part may be used separately + under those permissions, but the entire Program remains governed by + this License without regard to the additional permissions. + . + When you convey a copy of a covered work, you may at your option + remove any additional permissions from that copy, or from any part of + it. (Additional permissions may be written to require their own + removal in certain cases when you modify the work.) You may place + additional permissions on material, added by you to a covered work, + for which you have or can give appropriate copyright permission. + . + Notwithstanding any other provision of this License, for material you + add to a covered work, you may (if authorized by the copyright holders of + that material) supplement the terms of this License with terms: + . + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + . + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + . + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + . + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + . + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + . + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + . + All other non-permissive additional terms are considered "further + restrictions" within the meaning of section 10. If the Program as you + received it, or any part of it, contains a notice stating that it is + governed by this License along with a term that is a further + restriction, you may remove that term. If a license document contains + a further restriction but permits relicensing or conveying under this + License, you may add to a covered work material governed by the terms + of that license document, provided that the further restriction does + not survive such relicensing or conveying. + . + If you add terms to a covered work in accord with this section, you + must place, in the relevant source files, a statement of the + additional terms that apply to those files, or a notice indicating + where to find the applicable terms. + . + Additional terms, permissive or non-permissive, may be stated in the + form of a separately written license, or stated as exceptions; + the above requirements apply either way. + . + 8. Termination. + . + You may not propagate or modify a covered work except as expressly + provided under this License. Any attempt otherwise to propagate or + modify it is void, and will automatically terminate your rights under + this License (including any patent licenses granted under the third + paragraph of section 11). + . + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly and + finally terminates your license, and (b) permanently, if the copyright + holder fails to notify you of the violation by some reasonable means + prior to 60 days after the cessation. + . + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you have + received notice of violation of this License (for any work) from that + copyright holder, and you cure the violation prior to 30 days after + your receipt of the notice. + . + Termination of your rights under this section does not terminate the + licenses of parties who have received copies or rights from you under + this License. If your rights have been terminated and not permanently + reinstated, you do not qualify to receive new licenses for the same + material under section 10. + . + 9. Acceptance Not Required for Having Copies. + . + You are not required to accept this License in order to receive or + run a copy of the Program. Ancillary propagation of a covered work + occurring solely as a consequence of using peer-to-peer transmission + to receive a copy likewise does not require acceptance. However, + nothing other than this License grants you permission to propagate or + modify any covered work. These actions infringe copyright if you do + not accept this License. Therefore, by modifying or propagating a + covered work, you indicate your acceptance of this License to do so. + . + 10. Automatic Licensing of Downstream Recipients. + . + Each time you convey a covered work, the recipient automatically + receives a license from the original licensors, to run, modify and + propagate that work, subject to this License. You are not responsible + for enforcing compliance by third parties with this License. + . + An "entity transaction" is a transaction transferring control of an + organization, or substantially all assets of one, or subdividing an + organization, or merging organizations. If propagation of a covered + work results from an entity transaction, each party to that + transaction who receives a copy of the work also receives whatever + licenses to the work the party's predecessor in interest had or could + give under the previous paragraph, plus a right to possession of the + Corresponding Source of the work from the predecessor in interest, if + the predecessor has it or can get it with reasonable efforts. + . + You may not impose any further restrictions on the exercise of the + rights granted or affirmed under this License. For example, you may + not impose a license fee, royalty, or other charge for exercise of + rights granted under this License, and you may not initiate litigation + (including a cross-claim or counterclaim in a lawsuit) alleging that + any patent claim is infringed by making, using, selling, offering for + sale, or importing the Program or any portion of it. + . + 11. Patents. + . + A "contributor" is a copyright holder who authorizes use under this + License of the Program or a work on which the Program is based. The + work thus licensed is called the contributor's "contributor version". + . + A contributor's "essential patent claims" are all patent claims + owned or controlled by the contributor, whether already acquired or + hereafter acquired, that would be infringed by some manner, permitted + by this License, of making, using, or selling its contributor version, + but do not include claims that would be infringed only as a + consequence of further modification of the contributor version. For + purposes of this definition, "control" includes the right to grant + patent sublicenses in a manner consistent with the requirements of + this License. + . + Each contributor grants you a non-exclusive, worldwide, royalty-free + patent license under the contributor's essential patent claims, to + make, use, sell, offer for sale, import and otherwise run, modify and + propagate the contents of its contributor version. + . + In the following three paragraphs, a "patent license" is any express + agreement or commitment, however denominated, not to enforce a patent + (such as an express permission to practice a patent or covenant not to + sue for patent infringement). To "grant" such a patent license to a + party means to make such an agreement or commitment not to enforce a + patent against the party. + . + If you convey a covered work, knowingly relying on a patent license, + and the Corresponding Source of the work is not available for anyone + to copy, free of charge and under the terms of this License, through a + publicly available network server or other readily accessible means, + then you must either (1) cause the Corresponding Source to be so + available, or (2) arrange to deprive yourself of the benefit of the + patent license for this particular work, or (3) arrange, in a manner + consistent with the requirements of this License, to extend the patent + license to downstream recipients. "Knowingly relying" means you have + actual knowledge that, but for the patent license, your conveying the + covered work in a country, or your recipient's use of the covered work + in a country, would infringe one or more identifiable patents in that + country that you have reason to believe are valid. + . + If, pursuant to or in connection with a single transaction or + arrangement, you convey, or propagate by procuring conveyance of, a + covered work, and grant a patent license to some of the parties + receiving the covered work authorizing them to use, propagate, modify + or convey a specific copy of the covered work, then the patent license + you grant is automatically extended to all recipients of the covered + work and works based on it. + . + A patent license is "discriminatory" if it does not include within + the scope of its coverage, prohibits the exercise of, or is + conditioned on the non-exercise of one or more of the rights that are + specifically granted under this License. You may not convey a covered + work if you are a party to an arrangement with a third party that is + in the business of distributing software, under which you make payment + to the third party based on the extent of your activity of conveying + the work, and under which the third party grants, to any of the + parties who would receive the covered work from you, a discriminatory + patent license (a) in connection with copies of the covered work + conveyed by you (or copies made from those copies), or (b) primarily + for and in connection with specific products or compilations that + contain the covered work, unless you entered into that arrangement, + or that patent license was granted, prior to 28 March 2007. + . + Nothing in this License shall be construed as excluding or limiting + any implied license or other defenses to infringement that may + otherwise be available to you under applicable patent law. + . + 12. No Surrender of Others' Freedom. + . + If conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot convey a + covered work so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you may + not convey it at all. For example, if you agree to terms that obligate you + to collect a royalty for further conveying from those to whom you convey + the Program, the only way you could satisfy both those terms and this + License would be to refrain entirely from conveying the Program. + . + 13. Remote Network Interaction; Use with the GNU General Public License. + . + Notwithstanding any other provision of this License, if you modify the + Program, your modified version must prominently offer all users + interacting with it remotely through a computer network (if your version + supports such interaction) an opportunity to receive the Corresponding + Source of your version by providing access to the Corresponding Source + from a network server at no charge, through some standard or customary + means of facilitating copying of software. This Corresponding Source + shall include the Corresponding Source for any work covered by version 3 + of the GNU General Public License that is incorporated pursuant to the + following paragraph. + . + Notwithstanding any other provision of this License, you have + permission to link or combine any covered work with a work licensed + under version 3 of the GNU General Public License into a single + combined work, and to convey the resulting work. The terms of this + License will continue to apply to the part which is the covered work, + but the work with which it is combined will remain governed by version + 3 of the GNU General Public License. + . + 14. Revised Versions of this License. + . + The Free Software Foundation may publish revised and/or new versions of + the GNU Affero General Public License from time to time. Such new versions + will be similar in spirit to the present version, but may differ in detail to + address new problems or concerns. + . + Each version is given a distinguishing version number. If the + Program specifies that a certain numbered version of the GNU Affero General + Public License "or any later version" applies to it, you have the + option of following the terms and conditions either of that numbered + version or of any later version published by the Free Software + Foundation. If the Program does not specify a version number of the + GNU Affero General Public License, you may choose any version ever published + by the Free Software Foundation. + . + If the Program specifies that a proxy can decide which future + versions of the GNU Affero General Public License can be used, that proxy's + public statement of acceptance of a version permanently authorizes you + to choose that version for the Program. + . + Later license versions may give you additional or different + permissions. However, no additional obligations are imposed on any + author or copyright holder as a result of your choosing to follow a + later version. + . + 15. Disclaimer of Warranty. + . + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY + APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT + HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY + OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM + IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF + ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + . + 16. Limitation of Liability. + . + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS + THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY + GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE + USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF + DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD + PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), + EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF + SUCH DAMAGES. + . + 17. Interpretation of Sections 15 and 16. + . + If the disclaimer of warranty and limitation of liability provided + above cannot be given local legal effect according to their terms, + reviewing courts shall apply local law that most closely approximates + an absolute waiver of all civil liability in connection with the + Program, unless a warranty or assumption of liability accompanies a + copy of the Program in return for a fee. + . + END OF TERMS AND CONDITIONS + . + How to Apply These Terms to Your New Programs + . + If you develop a new program, and you want it to be of the greatest + possible use to the public, the best way to achieve this is to make it + free software which everyone can redistribute and change under these terms. + . + To do so, attach the following notices to the program. It is safest + to attach them to the start of each source file to most effectively + state the exclusion of warranty; and each file should have at least + the "copyright" line and a pointer to where the full notice is found. + . + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + . + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + . + Also add information on how to contact you by electronic and paper mail. + . + If your software can interact with users remotely through a computer + network, you should also make sure that it provides a way for users to + get its source. For example, if your program is a web application, its + interface could display a "Source" link that leads users to an archive + of the code. There are many ways you could offer source, and different + solutions will be better for different programs; see section 13 for the + specific requirements. + . + You should also get your employer (if you work as a programmer) or school, + if any, to sign a "copyright disclaimer" for the program, if necessary. + For more information on this, and how to apply and follow the GNU AGPL, see + <http://www.gnu.org/licenses/>. diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql new file mode 100755 index 0000000..d61008c --- /dev/null +++ b/debian/db/install/pgsql @@ -0,0 +1,78 @@ +#!/bin/sh + +set -eu + +# get database settings from dbconfig-common and configure +# for ADMINISTRATIVE access +if [ -f /etc/dbconfig-common/anastasis.conf ]; then + . /etc/dbconfig-common/anastasis.conf + case "$dbc_dbtype" in + pgsql) + anastasis-config -w \ + -c /etc/anastasis.conf \ + -s "stasis-postgres" \ + -o "CONFIG" \ + -V "postgres:///$dbc_dbname" + anastasis-config -w \ + -c /etc/anastasis.conf \ + -s "anastasis" \ + -o "DB" \ + -V "postgres" + ;; + sqlite3) + # Later: use something like: + # sqlite:///$DATA_DIR/merchant.db + # But for now, sqlite is unsupported: + echo "Unsupported database type $dbc_type." + exit 1 + ;; + "") + ;; + *) + echo "Unsupported database type $dbc_type." + exit 1 + ;; + esac +fi + +# Run database initialization logic +sudo -u postgres anastasis-dbinit -c /etc/anastasis.conf + + +# get database settings from dbconfig-common and configure +# for service access! +if [ -f /etc/dbconfig-common/anastasis.conf ]; then + . /etc/dbconfig-common/anastasis.conf + case "$dbc_dbtype" in + pgsql) + echo "GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO \"$dbc_dbuser\";" \ + | sudo -u postgres psql "postgres:///$dbc_dbname" + echo "GRANT SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO \"$dbc_dbuser\";" \ + | sudo -u postgres psql "postgres:///$dbc_dbname" + + anastasis-config -w \ + -c /etc/anastasis.conf \ + -s "stasis-postgres" \ + -o "CONFIG" \ + -V "postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname" + anastasis-config -w \ + -c /etc/anastasis.conf \ + -s "anastasis" \ + -o "DB" \ + -V "postgres" + ;; + sqlite3) + # Later: use something like: + # sqlite:///$DATA_DIR/merchant.db + # But for now, sqlite is unsupported: + echo "Unsupported database type $dbc_type." + exit 1 + ;; + "") + ;; + *) + echo "Unsupported database type $dbc_type." + exit 1 + ;; + esac +fi diff --git a/debian/etc/taler/conf.d/anastasis.conf b/debian/etc/taler/conf.d/anastasis.conf new file mode 100644 index 0000000..96b66b3 --- /dev/null +++ b/debian/etc/taler/conf.d/anastasis.conf @@ -0,0 +1,2 @@ +[anastasis] +DATABASE = postgres diff --git a/debian/libanastasis-dev.install b/debian/libanastasis-dev.install new file mode 100644 index 0000000..38d21e9 --- /dev/null +++ b/debian/libanastasis-dev.install @@ -0,0 +1,2 @@ +usr/include +usr/lib/*/libanastasistesting.*
\ No newline at end of file diff --git a/debian/libanastasis.docs b/debian/libanastasis.docs new file mode 100644 index 0000000..62deb04 --- /dev/null +++ b/debian/libanastasis.docs @@ -0,0 +1 @@ +AUTHORS diff --git a/debian/libanastasis.install b/debian/libanastasis.install new file mode 100644 index 0000000..482c865 --- /dev/null +++ b/debian/libanastasis.install @@ -0,0 +1,4 @@ +usr/lib/*/libanastasis.so* +usr/lib/*/libanastasis*.so* +usr/share/anastasis/redux.* +usr/share/info/anastasis* diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..c70621f --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] anastasis.templates diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6d2058a --- /dev/null +++ b/debian/rules @@ -0,0 +1,39 @@ +#!/usr/bin/make -f + +SHELL := sh -e + +include /usr/share/dpkg/architecture.mk + +%: + dh ${@} + +override_dh_auto_configure-arch: + dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure) + +override_dh_auto_configure-indep: + +override_dh_auto_build-indep: + +override_dh_auto_test: + # Disabling test suite, incomplete + +override_dh_auto_install-arch: + dh_auto_install + + # Removing useless files + rm -f debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/*.la \ + debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/anastasis/*.la \ + debian/tmp/usr/share/doc/anastasis/COPYING + +override_dh_auto_install-indep: + +override_dh_auto_clean: + dh_auto_clean + +# Remove files already present in libtalerexchange from main taler-exchange package +override_dh_install: + dh_install + cd debian/libanastasis-dev; find . -type f,l -exec rm -f ../anastasis-httpd/{} \; + cd debian/anastasis-cli; find . -type f -exec rm -f ../anastasis-httpd/{} \; + cd debian/libanastasis-dev; find . -type f,l -exec rm -f ../libanastasis/{} \; + cd debian/libanastasis; find . -type f,l -exec rm -f ../anastasis-httpd/{} \; diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..e928a91 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,3 @@ +extend-diff-ignore = "^(config\.sub|config\.guess|Makefile)$" + + diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..be7ec13 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,4 @@ +Bug-Submit: https://bugs.taler.net/ +Documentation: https://docs.taler.net/ +Repository: git.taler.net/anastasis.git +Repository-Browse: https://git.taler.net/anastasis.git diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..d70f731 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,637 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFSG/g0BEADfUtc2WA8+OWiNVuNuaU5CIFB/6Netaem0tXAc5VF8c/Dr/Bbt +eSG4ZAWgCGioO/sqQ08XbYSdot1/zybFqAaD2Tlz99+GFLDYSMSDv6SkaAww0cGb +objkAO3h1ojeR8gwj2+V2DuM9VLsmB0ITH3zXlLg1wbDUeIpOtk12DWqOTFN0v6x +hV3JVdFsMmiM21iyo14FIxZmRTJulrwQFi/LcrUR7kDSjuwv3GzmVy6KSArri6fS +Zec4os6WJM69+N3kV3SwoWxjikfUodaF+kOMXRyfEDX2ebyvveIvMl2BxNu7JUnF +Y0AHXnxeNbfkpLCuFnH4cVvK14I+hHOa/JTnF77f7sWb+E0588YLL7geWucJfw94 +OzM1z4l/BLSyYiY3PJWRUHwkY7FV3cQGgTfrvbX3afa9Vi2bKHbgsgnOpe55FFJT +RhZlGJMrgeNsoRKeivFaSa3HLhkV56VG268IM7iao+soVfeWKTOOSQGVeG6VrY7M +UjhNfBbYfuSOW9CdF3p3XbI8DF68id0OQRUIihS42+kSGCZVY31Mx8+bZj+7+Qhs +hZrARdrdmDg5IvJykEpn7aKpfyhf1sCfu/gwrpZ90IcaYoeafk6qWcf8JL+5VYHe +wWjfZ7pFtlurt+hlrdNbqDQ9oHtIsevbgsPlh40BZ0kv2vLK5b+hQ5gd3QARAQAB +tCtDaHJpc3RpYW4gR3JvdGhvZmYgPGNocmlzdGlhbkBncm90aG9mZi5vcmc+iQI4 +BBMBAgAiBQJUhv4NAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCTnmvh +4p/DzBgKEACH0CAulDnMvk5hh9Ndu2QvHDAfKWtoj2NsMFw8YCC+Jb5PqmDL8Ddn +ddRWrVxEfYf2DnHQI/wiy0HUJaZQstyHUbENtC2kC+HtQAiQlZyb6qL2ByuQfg8Z +bSJYc7hdwSPRt52qXTMh6TPAzoHEWeEWUmYtQTsRna55A6Zo8HnKzLmspq03kx8w +MjO/xtfRzToQNNTNh3Yg5F59sMUqiycrJxuF+y2L3jQLphEWg+yXjak3ruX3Rc4H +pBqdPV36LQ5K+BZp8bzb0Ph2BDZ3t7SFI3SzCAlPl+R+lBtElwe367db+rRo4YPA +bPchWXgZ7GIq+t7mVr4dffePEkdFVP8obR8mRtnnhx9Jvsi+6HYSsiBZ/csj1kRO +XdtTrY56nc0maWLqVdvrwDlfrWNZxc7doUWBz0nB7VenzDIuBPCiV+jbafXNtNlu +drjt0RYGvmnad3TMXxQbJsSmpDjSPAeZfaPtZC77BKt4yY2TvQJL9ZuPh7v59UXB +wjJAiEP1YacANHExTqk1ShTVy6QNALN0eGifWkogmCtve5rQ1gkqN9TmqnCPGeyZ +NVzz4j1W/imMRq7+MOVJcpBv0SWDpeFt13efnajdy4xFPUNXVhuIzE2CzcwdAq4f +KG8QLvFnMN5yUo7kcjxAf4WMFkeuo8ofQNHMcFFvBaqMFWR1I0b347QoQ2hyaXN0 +aWFuIEdyb3Rob2ZmIDxncm90aG9mZkBnbnVuZXQub3JnPokCOAQTAQIAIgUCVIcH +1gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQk55r4eKfw8y6NxAAwzuB +TvWUsBtnVjFas0n5SRdhtUnTUtAJ8z9Qe2Ab+ljao7cA4WG6OLcWYs/kd3tEUoLo +XFERwmtRFbExKwVPcx1ffqdJhid9dK4bLd0OeKV3UElQFPMLXio4IUaF/k59HZXV +X6MEXWDR2G/oNUXrg3Ole8mVd/093UDDoODE42W2RgBeammE5gfE6H7r+cbbKqF5 +I9Ie9ahDBGwW5HpI2cGFt+WsJaBXyBFxQDOnemQRw0PkyaE2TfkRgL0s4qxkyoYU +vdbw7CfeA2qD4lramkJueXAcWGWP1DA0nxpbL5GQ6hnk/mi/7gZ7yztyop2DwrWE +W1c2hLWida/grGZJwfXg7hu5Ls1RzCPB5Mqg/wmkynOapOWtvLz73G5LqWc7K6iQ +7v3twg9enCUrcISzO/fglaf4oQ1EvMhogUu+kTn8DqiOp4lsPqLYu6Bonm90CMZ0 +amMQ1G+lDntJrxnK8MXa4p9Urb3FvR1YIa7zeDMfhHNVLO0jnK8m3S+iC4LvczCU +xSXpj4ri+gBmS5syd5t7k7tdFpKphukY+H1Obe7wczbRXY9xOt+40jB9hYJM9wLY +a2nePvbTAZbyV6czSb2GdhMwCFyzWDgiOQo4c+Q4LkiASWHNRM04MAj0L+MNEIOW +opPQ3tuAx2oIbHV6yNy9ZO/JvPJI3bwc7t35hM20MENocmlzdGlhbiBHcm90aG9m +ZiA8Y2hyaXN0aWFuLmdyb3Rob2ZmQGlucmlhLmZyPokCNgQwAQgAIBYhBNhCO8sy +bHkHAzkpx5Oea+Hin8PMBQJZpUuHAh0AAAoJEJOea+Hin8PMyskP/jTGxVE4/9Yx +BbqbfDlm399nP7JPdMK4rD8ERx87mlxoFWHKaRoyOf6pjHWfEGGOFReuDtVlmb5o +RYflLjo224ehMur+Xudc65X5b5FExqv8maDXKRor2QI7X/JIB8wGxiXWQop3COiL +lCqmI8a6RtMaoM3n+cxKcDumDNpckDgnWgtUolGsaJx8NmbeS/p4o1TYVsXwf2Du +gdeoxEJSYUr7gZBxzI2VW0auG89sQ0/iuE5MvXthoYeECMyFazBBhkJWTtLCU+UE +ZggLa7r1bBFVT0W87cXZ8dWYkWISJos+h70kwnjk9EFTqGlzaCgNG6GX8QqBnhOm +zIEo7sp+i8PGsv5G0vnQeE8oVg3wxeY1xrUU5f6JBeLmIIoeG5ivC6rFzBGcV1qL +uQ/mnhuo6SiP6kWXtKKsF2QuJHsDBnnDyLDJX9IVqumXeoTsqM18PJrv4JDOjeBJ +wSny33ms6vOcub5CEmjrhDWLp7pgTWzIcH0fPqVxS9qop7HtMZOw0lGkyBHQLMjn +o1/EDDE/FyUCzYhAlkvV0/3kgDSpXWRzKHb5MJmct0Z4HwfD6io4ZWkJUKqrNun9 +oDms16tKqfc3e+bylHHzM3io2rh0BfVgzot9uub8q9WWoeiRh4hwl5OUzs/+f0yA +ab/9D4yGDi0fFO2tt8zz76UW+tTTRDqdtCVDaHJpc3RpYW4gR3JvdGhvZmYgPGdy +b3Rob2ZmQGdudS5vcmc+iQJOBBMBCAA4FiEE2EI7yzJseQcDOSnHk55r4eKfw8wF +AljtD1oCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQk55r4eKfw8ybEBAA +ooVs3RYP9sPdDUNdgDXtB6DxlR0kchRlWWr/HR1bRztKiV52atrAextg3PCDcKdB +G+tdHyCkdLdtFH+wmfPXTfsmr8KiCYdZq3xq/siFSN2jARNShk46fZinosvvieNg ++NOUJXg0QKy5LdgCgWKJzqwK7rS3k/BvEeXsVUGsgJVWF1757cHJPQs/eSs4LjEk +XT+ga1HuFhM2G9LePbsBVi87Unh2uv+uQuD+Ya8FHlXW2+IMdupTODQdqxtlYO7l +iPK76h9yxjeCPJ26WZ1UHrG8h1a2wwyTxrpcbMYbMOZW2TjLzLB9H/lGcWN+VomU +eymr1w9HuUPEMrKn1jNmk7LXWJOS1okvEOyV7NT7EBEJbQpzrdCLP9wUNZTciUsO +51OO82JlnznWtzQ5DN+XeReTR2rxh/utUZszy8aqyAytkwpxO7dXBr8EOMMjZ62G +44svOHrDuORfzgozlcRR3EQ9a0uR7nLkF2PM2pSr025ds1OneSKhxXXo2UGRhiaN +5IqbfpwhHlVywrrCjZYjvvou+O9BWvslcqzBkUsQrU/Umu/XaTx3hRf+UFqmDBdW +fd2u6nQEP8YR7kL9b/KhA9CH6QDOCo+0RJwj6TRA22R8qvbXXGB3XlQ3X5gvHo7U +L+HKDhM7RLGfKWEtKGmH+glrWlG/hBdAnj1iadjOp7G0LkNocmlzdGlhbiBHcm90 +aG9mZiA8Y2hyaXN0aWFuLmdyb3Rob2ZmQGJmaC5jaD6JAk4EEwEIADgWIQTYQjvL +Mmx5BwM5KceTnmvh4p/DzAUCWaVLdAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIX +gAAKCRCTnmvh4p/DzLdBEACnbI7USar/n5GHIVVu+nA8rw5fs3qHhSVUv7zQiCkC +kwZS5yGYC4/wo0B6IdEXnEFmijnLhCzcLlwWPqoqzI7ZLbrhxg9duPT+ntBIIuYH +/+Nr9DIZub5MsKuwSCFcSopch9VFojauBPOnXYfxZr0UI+bY0DpLUu9tgrA6nmJe +x9Mre5RYS0pxIMv3ZlHXsW+PkJ1dVJisqJ7sr5XfkADTBm+Q94L1F4Jq30ftkan9 +C2zjj8jHurwnKaP+8/bHDQTHxGHpAUc7clw/dS3iuFo79rRerlLdEdLnmziBu1YL +VwU9CRS5H9GkGbC4XWrobBHaLu12GXZQLgLFiO4JETxkh428yAyXOcPV8YDVORU7 +49xgx+gWSIGAdv4qwjH/xov6JMYGacmzfxWUHmNlW5CBJ7P5Rc6ktKqXffCdiSRw +NX0F16LeiFxFNeSFFXK3jQfrIDdh2qmcv3bELmgJtMSorBBMecx4XZINXixLT+NO +Qh8B/pKUXbS9+jvngQORIuDcZxtc81DJP1V7jOU+X9ywpSoX8bJoFDAA36Zn57/Y +wTxo++6kM4i1WX4XF9NCH5HVlWHDcwQuAOkpEIGV5p0cNbm17VSPrMorr0W4IHeW +OUoFyOlBGWSmXBRwI0iF+nE1XUj8iKirQ3TaUZrWTZPgt4/+mdCUNqqooj5jytR2 +wLkCDQRUhv4NARAAoi0SvMUnd5XSZVSmbwfge2p9KeGVVcaz99fgrUTgCwfovVd1 +MEXh8FCtxja4xZiuwSGUARuPAXpzhcK1L9vai25GV+y4SALp3wg1/GrsHtEsm+wm +7AeIq0utXnjfnUzfliIIKwt0aGW/zGp/8rHNKh7JVUo0mPSMQfe+6tE2XOnuGDHj +1ZyZalmBjVLJYMwsI0tfAzU1fa0MOSnhvyP5TFFj6PWKSajEOsFuIR/zceZFtJbN +24lbXYwohBDBY2Ajb0y8uYBi/h350UY2mwjKHYM3mxJD3AogWIBz5HD+ueWGUTBp +KwLYmN7zVxDMdL7FqGonSw9NV1XxJ3IN1DYPPdFKStRIUiSMzyj/pp6410ms+N1M +tPXDIDdcOcmNHqcnkWqBYHXGi+sYyFpe+825N75dotpEipCnIcTCBjn3RdqFOzT4 ++airtL7eOkzmooqtPwvNO+4Uza8+W1PLibXqXWqD0uyi1Wn29asF+uOEfNA4TpTX +T6Df5B1X88eoHccCpPUhiNqs7dX1ye78m9oicD9IoXj3PZ0le2tHXuFclXjuffpO +W6Wt+rbqMrFp4LA4H4UXafai9B5F1JMp+xdK+V0YUT0aQSZwdHyvNsGReRnuuZKH +be0xokpVM+ndra2EpsV0C3csoDOWyu7yjUyFeTfAlYBb8rn8WuLnT8xzSJEAEQEA +AYkCHwQYAQIACQUCVIb+DQIbDAAKCRCTnmvh4p/DzKGQD/wLhO70IEI06MqaP41i +m4X7suk4zGOAcBXAcsZONq450CA/WHvoMKFoCPHfoC4e1jsoifG8+emfTQhWKwW3 +a5G/H90a8lY8pH9tqkVUPds5m6fbWf16xkWUQpH8QQyLwhBIF8onclrDWAHPflpn +Wp+wso1vxN+WRh5vL1k8dpQLUkOBmE1ovl79/z1zzOYDkOWdQ1crU2EbOXalCmOA +SmiFhWiYk2aosBxbzGX0JKX5NyIUzz56i9vDYqjkDFYcMMx1Z9YXsvTjglMwnIfw +PmvBBgQlwqg+LOts7XF0ZoBZ3NBLpIES0wheVjXtG/T7kZey7XABVbxK2B4mIRFI +vXnHbTEGzSyY7hLCshyCMQTDCoHDOKiNZmteqhHU4zXVgyhrxkYG9iIDj9yb6PCj +aFwgp42rz0lLqTgmpDEIrz1MaCglhTB68wTsHYx3SH+ClNGmgWTa8dS+l/s0hgE+ +WknVGn6ShMkdyYLn3QxTRhZSmRv2hG7AYSemtLxi4lLoJ3kDHLMYAponhzxLYOtc +8IyNrrRU4Tj4keG2ssHSkC9kDIMqzX53ObGkVWN6Rvu+pmZ9iumrNqI/4PyrPi3m +OE7ooIkh1L/MEu2cLNWaTG5QmOK0VtYN+3G2qzcjKEpQPIDgRdZ6i7fO6jgb0iy1 +UJUbAoLQgUTaX99KUKeyCuiGUA== +=17vI +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFj7l1QBEAC7WLUVNL9eQM9EpD4eTTBxs9W8IvCnZs3nT8cNm/a0rMBx4Vfk ++TKtI4tPbJRoM0GPMEUy0cyIztm7kSCcxJTgm8OIjIqloH0kL3YKqryQ0d1NHdgI +z6zgBKLvbldG8+vQensMQm9D2xCDeBQGWACyyvtXsU35PeTmbW7GmYc9d2bwDWLH +poO7GdMOQYETP8VOPUxtRoyJ2oSTPkHt/TFIAKEIEuVwPb4e+0XoRNdkdEebcjKv +FW9hLJG4Cy5ur0GrQs21KlT/Yoz65MgK3jNrb9WJG8XBVAYxUq95FjD88ECIskRY +KU8PM117MujSCOARh+jYUwG/m4Cz2atP3UOVkBGor21T9GF+KACiO/FTQboout0Y ++mwxyJkWQC+dZyg6oeZDa0mxCj1TO/1o9E/drgrxya3i9P5WVp8Ab6vAV9tk0jtd +O7gqqqJGwW4hSBbcaYcZrST14EE7Xhc90f4lI8wYB1opC9lNstIbCF/5WPZBr3JQ +/VQTdqk+b6W2XtpPqrPN9D43/aAlr7phgLlQWoUQYsYTjkx/CvrxK2davLtuvlov +yzNZzsA/tm7+CBquY1rnaZfy+d61gsPj+9VXYc0edUPCCGPKI5m7XztFCAYRG6av +yJT0vVsZDaXYwkSrx54D/rLGF/1dBavWApikLQER+CVyzO4dAJ9oGh+XNQARAQAB +tAxuZzBAZnNmZS5vcmeJAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgMCAQACHgEC +F4AWIQSojIrdEpgo1+rALlLiL5u/7jSFiAUCWnZKwAUJBVOD6wAKCRDiL5u/7jSF +iHgoD/49sgbWjXHVCa2O/bs5OWb0QaF1WMS+4fJkemkuvb4HqyzreSYPim6yIbx8 +/X2MaNeSvOZCMAvLKFfkqWm2B6Jngvxf+ZtVWrK895QXQoOZd5E91qb/zR0g/T5H +K0GviRWAvL52+P2yfj7tswOq1Txdes+azwd6+yYUC1Fue50q/psoxXhfKib5NjPp +4OGnx2YotAAdYrMBSQXDd5xYEt2OtzqwlQ8tsU+zeymzicPMEK2HdqBWRub4Y1O2 +bYmQ983iak/mrXBxOx6kbjXZBoMrYG/27JF/W8nrxLLIBqWvuWmnQcjs+5AQETdq +be5+wsu2hiLtyi576vsvlR3kz4XYntD2Uhe7xJ7uR970suk5/fYSr5XpF0Cj0NCu +9iFr/VTyFLKW2Wb9oiUbriE4jvlfIgw7JeT1C/3aRkbjyqDd9zwDHIFPQwBca0BL +pAKyjGjx4QNDiTTZLvj0JL88Deikc/RVqn8AgjsuviVX/5xiQ8wX54UKiz4WpfY7 +ENgBkogg0WF8raxSHihBRlrcA2otlw+UUz64Uw6R4yMmemUEBl6/VMr/vB7+KykP +Jxek8hb53fHEpCDcmniiwLK3ZaQz/VQ4HarCVVucc/oFB3XZuR55P1zhfcXf9JpS +I5wvCmpkInPqav1aSKVLFdZY3eOlew7p/1aQNeF+ZaftGdLLX7QObmcwQGtyb3Nv +cy5vcmeJAkQEMAEKAC4WIQSojIrdEpgo1+rALlLiL5u/7jSFiAUCWyLJ/RAdIGRv +bWFpbiBleHBpcmVkAAoJEOIvm7/uNIWINNIP/1mJWlL6HfVJUy5L2mzsvdJZ3B/7 +9FZqb0YnP13HzPkPHjPKYgSAHRa8rGqn9UY/1nA5wYqXbnAqZJahO/zik9vd607Q +kKZuYahqnymQOihNI4eWB99uSIdxrMGwh/HzJVzE8fhZld19az9KcVGf9KOl7Pl8 +be87mP6qkInrEt6QoyvrXwcZU6fOpEDRje4GGGRFry9FyLFE1UcICMpU2thSukym +ziaamww7HjWtrw55cU7PaY+qWqH+MwLuyqt5jHGEsMaQHhkZCGHJn6sQ7Ci6DyhY +JpOUgPgDzeTCzLIJrxrAiK6lwGel4aj6JhoXvQaYUZId27l/W9ItrhCRp9kDXza7 +yYoLO0ekqtpN/WpBWuXatwTaLk/zeJFdYdpQ+Hk7dlgTWhTPWhwQaUTbP8jqtjzG +I7/Gq5EIG6r+6j/WFcKg7D4MrYQel9q9Sgx9oGLEtZgteK0wo+A3U2oIPugXWQeE +5alpSIurNcsEAFowrGf/qd2JzImoI1zaJQbz0o/h5cxTOuWH3CbbPQ3BBSrM8Sqy +evMFsfaAOpIqL3n69rlHaxn1cHaRYM8JcazFlp89pbqZ1Q4ZRFp7+8oO+KPThg5g +sqizrOxKjXnWJX78qczBIEzD+KHGn4avsRgIsT1Ciz+ctjUiJvAZ4bcHpLwY3SFW +jxpvlruI/XlZm6FjtA9uZzBAbGliZXJ0YWQucHeJAmcEMAEKAFEWIQSojIrdEpgo +1+rALlLiL5u/7jSFiAUCWUKqDjMdIFRoaXMgZG9tYWluIGlzIHNjaGVkdWxlZCBm +b3IgdGVybWluYXRpb24gaW4gMjAxOC4ACgkQ4i+bv+40hYiREA//SsIg/4Gfl4B/ +346bW5Gezh/Y0VqinNqFu/XG9HAuQ0AWNxr5hbFWNAZWEb2NUMiy+lMhNtJQYqpY +Vsxmfcv1lM1xd+kyeOAjEdLI/TnnxrKI+eN8RgWNvtnfDoukOFm+aDP9DiyMdciS +1GYgy/SrPnp+jxAMvjZ48prZPy8zEAiU0uBvYYlSHt4YqEr2XfJr1Sh2gs/ZYLE0 +2/8HKkEPAWYPk6dqeh1HITA4WOGPq4k+nTK/uHmm8WPVbsz8syOXGudn+vP6X4Lw +7adoufVTbbr/0KP1N0f5kzk2WVL1y7l24W14ixQWQSH1GwcItj1Oin42JJ2ezHkr +FVMCCbR8QhJxOlg+VCQkfHsY+gnbQGLW3bcMfQSXpLR8w/octEgOSkDHUTw93aNy +IBZyZy6IlUVgjsUq+G9naQr2Jj44B7LaRYyanQFbuDT/vZ3nx1k4VvjzIXpMcLGr +Jiq6keOSqVgVeBdSRcqVKwJEzmwmVVPPWsw1efaOID/CINAHvhe2h13CPFWQCGPS +pk64NN1vEqxi1uGP4QdBrlLbVweusLNOHo9wksriSbs+Xj47n+Tr1gx1XezRYf13 +VhaaHYolbKYMR8fheCzMNgNw2VuP0RnYgIpVkk3p0roAqoWzlPIUjQnKxVoA9ITY +MAPefuhM4qhRnW92egjSbHqOMj0PPS60Em5nQHByYWdtYXRpcXVlLnh5eokCVQQw +AQoAPxYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJZQqpNIR0gVGhpcyBkb21haW4g +aXMgYmVpbmcgZmFkZWQgb3V0LgAKCRDiL5u/7jSFiNxrD/4n75Ymlm0fLwG4B8U8 +w3xidcxS6yewOyZJKYrVtd7MDFrOHf89FytCvXDj4LbGP/KfCyHTvUBaQEFUYM9g +1sx7v5m5V5SijHMCg3zJ63Lrxe5/lWM/O6Y5jiRtilOqzDI5CGqEHDohVbzfULZd +9izyWQcZ3CGye7yrdp6LYDw/cMqgh1d56kuMXYyLcXgrUXeH9wQkaw1TJfWPSCvI +JfESu/PJQ4TviBXZRfBuvDnjjbdYXvOCR3vQhSSuU8SX7f6wYNEBkWEj4Maj/HWJ +x+442yzCzYb+Ix4ChJfjCLRtXs9OYcu4jT/9gxkPQISmjpjLGfSG5XcNcHirqxcs +poT23LkSxB2pvtCw1MwAJHtk2o155Q2ZB+Kfu0fL74A/EpsilOHSym62ELkrude3 +Cy3x3kGFbRkwZd2tXbVlhgbnsl+YznXV+Mmx+pAoPvPtuzy/17yAbqhR5N5u3rC6 +hbZME/YCkoMns4+Dcab8iCxJl/UYYeCGwllbPMlzzvZ2SjRofNJ/5hydGg+dcPN/ +f7Nuh7bwN57vUSEatHdpqehi7avC7v1l6Xgijf1cN7nCM2JvDg9tR5G+fTOnQaU4 +0tpWYQNSpsYdLTs+M7QEzfH+jfS7tEhtdmyUkwWWudzKLPmSIVKYqWNytiJuFXdK +j5+3tSfFLiCd3/piKn240L+GDbQTbmcwQHByYWdtYXRpcXVlLnh5eokCWAQwAQoA +QhYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJZUuYtJB0gYWRkcmVzc2VzIHdpbGwg +YmUgbm8gbG9uZ2VyIGFjdGl2ZQAKCRDiL5u/7jSFiCDvEACM2rM9zS7DUPHQ+dCF +hH9c6ZcfdFQ0lzCT6DEZJs/PKhX0Ofgm/7BZm5zNotWaPyphHNspFrIv90EwPpBu +XZfPbmewDpYxOuUMTCnHVMLzIXCmKqro1K6ofi9CvAm1kx0k/xKjB3c7XITnABy6 +sUhEKVojI6f4IgwkSYFZgT6E/GOV5jJYRyVUB49cXYQx5vvWj5yVTmTTDf1IUEsk +ZpW74+zFt3WA4TJUugAarXPiEPPrcgkHDLAa9oPatyqAd4QU+0oaQuJC4GYfkIHk +6fxZg0Mw+oKUjJEE0+o/WGv3SWSmd66urRcVxHASI6okeffz5ufGaYJNZTaHMmy6 +ztJJWfplhMe3wxLxZ1S7L3l947GbHgWXrC31kDY1D2LY5/7pr7R38B94CXbX2EIf +ORWg4eUWvVfuPZ5Ew1TmUwcDS2w4EeS2psGfmUDbne5m4nn0iPPykXtw28ZbH7bN +n9rTwW3yVIdyiDUvGlV63Os4tHVtbrFADKd1meFaMmg1gagdYof4lB50Vh5ChD6o +7GkSvOshY7f4KNEfZLqCPTXmJKd3XLfb0eNY1APCYm8GI30K8OT8cdJwy3+zA7Oj +/Duvo95pCyXx0+4xpo2eM2XPDdeVdMOkpGyFnKo3ApRMW5HHkw7sdpaNDwmtV9Wk +RMBRAKXkvjnirKO6ZxTaIBUDIrQUa3Jvc29zQGF1dGlzdGljaS5vcmeJAlQEEwEK +AD4CGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQSojIrdEpgo1+rALlLiL5u/ +7jSFiAUCWnZKwAUJBVOD6wAKCRDiL5u/7jSFiHKcEACK34todRbyC37pvOGKYSU0 +WJGtVGSCxE6fOQzUb+G5n8oq/mLg50IiQL+BPd6flRBABrJ9RDi/z4i6tmgoE8u4 +t7oTj6vuF0XLhzbQ8wUS2CgWMuf7S4s9UN9yUG+zbATPpdYXo+m6hDYJxulmv9VA +Xwc2k9acspsk9TCRgooHucpj/iTvFO4Qlg8AiVvLRsNd1dB0FMBMOs/Pa0LoZvOr +oJZlFZdtVKZ7IMsgTfmLpRKrVR3LxJ7S1+7TGI96KGSBmB90QSBSWxwm4nsV5R5S +q8vEPyb92XLJc1+j5GALcwhzX5gZ6bLqKFAO9OcFhB9ETSuujf4ksmLdntAj+DEI +I2d+s8bFapg5p9/fVfrT4BExTh3yScOxG1UPAJNTQ/bXGFYKxh2cNzaYdbxli+xe +nGwZivmpspM594I5dE3GfPdmiTQ7Mm0BTFa7A5xi/ftGICm0xS07UJ5eDWP3gVz/ +XmfVPhh8RUAGJgoOShDOO0CMG8+oYI4SRLMYI0pRB+ujCwRJnROOw4u9ATBVnLgQ +H134ZNx0P+PIPHHQcotmjtYrko5Wg4hOvVGVjBkD8CCiPn4VhdcgM5RiKBnYe10D +cEtLpjxTHD81X3X4hziuq70UiW9myBjsyPY5KgozeICN+GmXXdZTJYs6WWudAwgD +9BA7vpBDKk7JYqdwKTJVU7QUbmcwQGluZm90cm9waXF1ZS5vcmeJAlQEEwEKAD4C +GwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQSojIrdEpgo1+rALlLiL5u/7jSF +iAUCWnZKwAUJBVOD6wAKCRDiL5u/7jSFiAH1D/0f9ocmx5BsIiQL7j/o0zQrOpi7 +vL7RIT3ZT/UOlOiqBHlvgTAa6FyIfjxrvBDwQp6PiEnCikWmCJcHbYnEeiJoXSui +TigmzgEbgQ7nzrZGWozwvVsmdH5XpcdGTuR2mJaUYJyNHSvPKL9pneIMGmxI7VIy +blO8IXGXO+TMre4bGXqTmYCYMPmfqWCTBSorXWsdBth2S23Rum5d2RWK7alVrw5+ +uAgnAo7xz7e/o8P/+UuaFaJixgbyCpf8MC4FTYIU+rayjGbAN80lr1khMrXYvhfM +9KS5CADrqncBBUZwHA4Bk+Rs9ZEm+q4EJl0lXFf3m+FSN1K4KXAxQQMrDUf/YxD7 +FNqUS9T6KloGZOdRYhZmzz4b1zXT9dCuHjtO2V809M+kpLJbIYu0PKMzyB6Lizli +1Un0yFKb9CbZ/pVWOMLppKfZ9Sngkz+6Ppng8PMBFwO9eEwNaPP8wFH8IO7PMvqH +MaoiMnNMeIFfSd1jIYvKdsFb33jcXFG+C4sYi066a83oxTmd9euKs+9jKzQDKqAX ++TxK+UK7W9KVbgx/9jrQ9UrGnucV50fcG2gowZrKaKvYj2jKKiGTCspKufL1fsM+ +WXjKH3M4uNeGKLyfo0c55ACBV1/C7mzHcJNuLYgfFYAgstdSiFZb6T/oN2DA8kp3 +IVirL3252Iw6mTgm/LQXam9icy5uZ0BwcmFnbWF0aXF1ZS54eXqJAloEMAEKAEQW +IQSojIrdEpgo1+rALlLiL5u/7jSFiAUCWUKpXiYdIFRoaXMgZW1haWwgYWRkcmVz +cyBoYXMgYmVlbiByZXZva2VkLgAKCRDiL5u/7jSFiH7OD/0T9sIrJiH9/JC3QGzU +a2iYvMwcHulbODqP+dugZzG0o+GrUWTF41KCpNxsSBaKJhXvpKmzTMArw29Z4fhi +gMVkW+E459httukG+L4AMGmfr+xQ97wsp8bTDGq6Hi/ifhICCCDI9PKsxTCmdJZQ +EVkwZqxq/mvpg112rYaDr4TvX6kFIi8mEGt/bNSxRY6WK+NMetr/QLtsWlcDsRB2 +/vuVCo7B7/KdEG4vFPpavaK9BSW9pJhzyjuUEAa2pPj8aXC/TlnhyArRoJxEWyWl +Tc+Z4w6W4pXGedhFt6aqDbkyWvl3IXuA63nTCRqC0FD5h66Nn0ilfD2XQOBshBrP +DN8xw5Dddty0b3pFCVrzS6l/mgBumZumLJYGHNCcvEZJO8IlIdhQcGVGwNxqiOLA +EeCvTEwnRdopwGUHEsqi8x5N4+oTdbeUMlapotIC/wZLNHhUINySj1SW4TAS38/M +s7wNm2ytXbM3ZHtkKSYaqrh/WfG1YXOhUtexRvajIh+JfNve0B6Z9mv1IQ3xx7t7 +ihzPjQxFJakDT42IudEcrreRYPAIQVtD4KnDyfowHnj6U++d8BZS7F3XrtsvEbN9 +/hL7NmmMUSUd7WO0v+kuCXRNM4tujv/+d9X96UgY5IXGC80KFzkfrXPIm79Grbzl +AxGw/pIyClyb0dYbg5qfJQMdQrQZY29udGFjdC5uZzBAY3J5cHRvbGFiLm5ldIkC +VAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAwIBAAIeAQIXgBYhBKiMit0SmCjX6sAu +UuIvm7/uNIWIBQJadkrABQkFU4PrAAoJEOIvm7/uNIWILaYP/jng5jmn273qBGR5 +UktjTB/K6MDUXPXlL60yfgpgO65Qw1LdfgpuM+sKeukFS/z/tUo2BRiUdJcLoeMY +Fwcx/5bV4/ZsaYV9++8EZTEgCFazEi6HGcou254QXvisRP0Ig6F2yAoU2UHvvebs +1UPJXt0KTV3C+CNVA4Tb/sZiVxDCuxnomlIzvtYjM+sw5qjyuj8AO50qDYEBBLxI +fUVq98bXwV/wE+SNoVxZsPGQIYbd6SNNZ3rOU7rAW6l5GlvMBT/uZ2BleZsbVs5r +OaGmb8HN63D67eqDR8wIUeCmXv1iokq7qabtI1TJslJ+Ip7cMrglTRS9qmPfPobZ +syx7wjZ0BPNGUercbRzc8zG9jdAxW4CNxuLBVGhZYV9bjUJKVABET8zao3h4lIpq +gFJCnh3DTnlm0BQ2wOZj8qHQmrnZo8d9Wc6xwmVegbOAfN26ituwW/wcd6wWqbhs +AmlpHWjmiFF9shpJK2N6ouwK6r9llMzlXQsP1ysXJhb9xus95vkNW7u1/u9PRGwH +www0hM0x4c9UheF+pn1nsLfQQPlUeFQxXxrY+dx8eVlPsDvJTAKaY4zPlGdrkBBf +Yp7u8PL6PxZPwgEXKDrgjanqtQUsQjseyZPbqWZticcWx2cWTQak83MkEat39nIA +fU+cctUoxdFKCsk95JOwxFl9eIgDtBxuZzBAbm8tcmVwbHkucHJhZ21hdGlxdWUu +eHl6iQJYBDABCgBCFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllS5i0kHSBhZGRy +ZXNzZXMgd2lsbCBiZSBubyBsb25nZXIgYWN0aXZlAAoJEOIvm7/uNIWIK5wP/Aja +q+jDthUY6ODVc3RGgu07oIwBVbcXRn1OPv1gxRDXTSz/8+g5fJL+vq75GxHW3kFj +mhXZ8VcR3OjzkuBWXeY6bfI3CDg7QcS2rdUHq+fSjJyZVQpVpQOmoCrhV4lm8Cub +KVbD8mk0H5kJCHEkp2mIBnosTc/7zwVO/oa7qNuMkgVsffzwe5hsA9fTSu1htEUd +W8t+5Sv3VO/Lg31dxnQFhgZ1BuRQjP/vCjRt+pGC3gpxV28tWwzyj+2xz2iTkOUB +9UWKPAOzxHdbPgsOMSe4fi2csk5FOSA+UJXlCmq13reBC5t0XfaRG5BoK6bWKRzR +DPnwoZUKI2Vf8MXIJITC0tk4RzHnWCkArtZCKfOz5QjBPtf1hO1NLr69xULUk1ir +yq5P9h4VL4k8LY45e+NW7CpITZSuquCfn6+Bs9zIyW/czFppaxWHq/9Q/Z7+IpwV +IKywfbrJP0cm9OPTyxzLp1TyCLKCpMP2iPUdxLSfM+IIvkLZMPTU+1MCJR8S99Ny +hXM0jI8W22adumYZtCYWsGveEFCrWmGu6xFRpmkF+5d0YBXnUYToyOPgTQydpDfi +2OMB82U7ow8wkOBDhN7Ky8+2pfNli/p0/XXacNSQShqNmiZ5kkUpX26Y/ErDmR3l +DVDQ7A+nEzh0ISXCMRYrHdGtl6KSNhgEQLhCc/C7tB1uZzBAbm8tcmVwbHkuaW5m +b3Ryb3BpcXVlLm9yZ4kCNgQwAQoAIBYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJa +QQajAh0gAAoJEOIvm7/uNIWINdYQALg1RmGkiKGeEcun2srGci96rFmE5HiAqfkr +K+QeDHuX8nUd/uqtVF9L3jYDqyuSyPHRE4JAbT/XmZaXy5rzlJ3LJcJ+EqumeWKh +1ee1+UXvC6ONH1WASSFmAnX2VySmuzLvTK+L7M0aCyZ/NSGfETSvAD4R3I+LqdPm +jv/X3SwiO+aiZbuaSw38Kp/E64QOhvj2n0/Z4mcyeMZBw2h+kc4uan6+2P74sfE8 +8dnV9L0eWI8f9MZ/0cN0s/Yey+WfHhSxEjUz8nRwaZk87rJ38kyzUpZUL+EZJavD +MsT3GvALsspDwsvXUw53hBt/bdql7l68wfV7/A/Rc7JqlvRk1DHNaCTj33Jea/ca +jTLxwvRTRoK9oc92wdFhChagbztSO/YozNwEUC+qqYhR6n7vVkhq+onCuaL67tIM +E8HZhdvC4d330026n01FwmC+tDt61QiFugsON8xp+KLulLm0eTZL0NM9e9jPLXlz +RwcpXzSw2dhz8nRmXgAXKWuKRTO5MXFygXpXnAT0eC7gkpNOBhSnauAiHVXBpGKf +HdiosfXT4KcslB+GvCsqRnWltXbzowAnW2HZkenRnR03RGUNm4igNmmcfG89QiKr +tAQURVZ0FytKuRrRNC1zKGz5s/qNdjSU6pm5xHUWz4XBOxIWjf8tXxvgv/WVvpvR +uXioD2M7tAluZzBAbjAuaXOJAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgMCAQAC +HgECF4AWIQSojIrdEpgo1+rALlLiL5u/7jSFiAUCWnZKwAUJBVOD6wAKCRDiL5u/ +7jSFiJUpD/9Ym/U03uqoJX724xdaeXd123dIzbpPlPUA99Apst0KrtE4uBOHJCO0 +1LyJyLz/cDneOJR9Xko8s9qGnhVfjfEJmDxP3ynAsFRQDd1gZWdjqJt8aQB8MlEf +DvrK3Z85f+oU94nZxhTkUhpWbh3mifhxim4aVidfsZQTWMd3Akz/W09j5UPR+VzO +APdoqPahb2GSBvsSMeN9G9wCKAsoHOAzw7fIz+CCdRBheJh7SfH8D66RKZVNL334 +DdgLXtlhYkPxhNBhqcJD8oFsu7/p0efRME11YKPT2yqrXkYbv5gSMMpbmvW7YNez +SGnux0qmGKpw/oCvvEyNuDwmrR9DDXNFtq1hOpf1ii7XZZAyaQHaB+iShVdfIWpP +q6lkLl4UThoN5ZbEsJuYGiZA05vyw6oWr5x51Ii+keicidGtlljtv2c6HIL942QP +3vVcOIYtRKAWX3g83MIupHxB68kfXt70l5a+QHxB/rNRnt+CJdi3dcrKOVIWeBUO +tasPKkNmPUOcHUtKQE9Yd45YKi78QCrmxflsIbbkQBdOkeqPCXN5bC+N+ocPLYXX +GFi00yjwTTh4XEJDjbPSarXCVtOt1cm/9164WStI5da0DPxqaJdiRgGYxJs94YsF +QnoG84NqQ4mFWGHXxp3aPpRp+xpFOmy89PPJXd/aE13R7VONGzLtqbQMbmcwQGNy +YXNoLmN4iQJUBBMBCgA+FiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlp6NKACGwMF +CQVTg+sFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AACgkQ4i+bv+40hYgK5A/7Bwi7 +jwlSEPbsO5FXXb46SdLuQSNV5yscV+HH4i8vrbDXuPNnSgci7eJ4nMvLvx5TNiju +8f+NFfczv0q3AttTdHNy9qgUI0pUGDktMt5L4ZFJLFCKXYNzjFukAjkm8ynX/MbX +SLvu1qvZsgZGykcT77qkEVext3QaUOcv8rNJy7kZMF0tvxY+h3wFTdwisg4YRrIZ +6XWHsbmCvmPCwqxWPIzKZGqlRr7nQyb8rYdnk4Lam+shG8UtJt+2Gk5ZPI0XDB2z +TkZ14uqFyQV1foIQAhIzwcbjpBWAGUo4Ppo1RSgN/ixShyEwNM5uWUbfdtYUawkT +pcVnRe74AUCTCHBl7A9FzbWwn8+4xPrfAEfkvZ89GYKq0JxDAXgCjmzmwShcTZjP +Jc3vBpZLEOTnnNEipseL9Shb4kdK6WUeIlSTkuxYomgidcLRcOYK8+Pze3A1zwOE +5LSKpDMucvq9bGCveRONQeHCQE+zzY7lUBPohXj0HT215+YX2r4dqz5KYSWjRAXO +hM7ZfUK7sRlqsnye5iLUVNQj9LJM+LcXHOOiFVpqyHk4iqVYDNsdhjsMu6Xl/uOJ +j0kHED43ResOMZa4n60bYNSmj8p7ar3eNdTRR6FEYkz9EeWdw0GMVEwceJo7bX1o +D/VxpTIYX3IYVvna2vX1r23ERN5V3lLx2DrjpzC0Dm5nMEBnbnVuZXQub3JniQJU +BBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAFiEEqIyK3RKYKNfqwC5S +4i+bv+40hYgFAlp2SsAFCQVTg+sACgkQ4i+bv+40hYiiYQ//UnNfHDFJ0YwJVmKe +xyhkt5VX/Sjs79c83d64ULQJSCWNlZYvmozZNitAzNs9lwSLIL3Bz7+uxXe1RlFV +pPXTZMHNT2ONP9o8bmrSr0tx52RW/8ZcAgdXR9GUCBbYfJkda45qk5mP3igExb4i +EQ5DjW1yQBe3GTOUjgpClKsgfXd0x4SFDnJYh4NEsT8VTAaAMuFLF+O4rz00woGq +BXO10P77Vh1XW3b5YGaMmh2JemoaG+9qKHZ6wyk2E8mh582AtBMYXMgMAwtRyCty +WUlQhDdRNzo7oyspZuWOK0NARouWF3t3JjfNDqTyF2sN06Es+EwG0H9+NiQxcDWD +WveQG0J7Ny1a0dPiVT//HmTakgFBC6ErPB0r5Z+gHx876EORLw3YBOZzxatbdD+y +2Dvho9i4WVmh53bB5gLrcmtWsIvHC9L34CrQDi9M5XLNrIcrRnkWttiNsH3LgCZT +C6PTaXyN99shpRUcuaeK5sIpyf7yEiUBD6Tg2ctF+SifwAoKccTW51wCzfuqFCNg +BGO98cjdpo//oMMXrQgEFBFEJggrjWX92bMVoS8yBKRyygwoFRadb9VtdE9E3252 +HPxbL9WThhHB79qoYWoDlPVbeyi98sVpr+/rvo/Td4Mj+Zh2BZ+ZVfVQwcMx712T +cwXQrflzKtg2Zz+gINqFwaM0giu0Dm5nMEByaXNldXAubmV0iQJUBBMBCgA+FiEE +qIyK3RKYKNfqwC5S4i+bv+40hYgFAlqINbgCGwMFCQVTg+sFCwkIBwMFFQoJCAsF +FgMCAQACHgECF4AACgkQ4i+bv+40hYhsnA/+OQEYgEwAhmmSx84vUPLyCzDuJNPw +qjNRH0EjRDWM4ea/iAhnTdYN4GQoJcIS7jZdD0saVCzteWn2cP8Mu68IzcSjOq0t +jdNSuyM5aCNpd/BV08RM00sOAxGdBiG68cJ2FlYqHYZ47BzxlRtxSKHaC4GxQMtR +lNIcYdSq1++y26Fb0L8/DhiRmzCCxG76Aklg2zV10Zj7ao0Bk9I/sO3HdWPyxZRQ +ST0a26bOOonqKT9AQJuupI9qTL2o212KrVTm/pBQBrBG1TFVm25F4vNg13qvVqNo +nl7f+tWDIo8hh4/+mFP1SSiwop6agO7suRA4GaBRuklaTeYsc2wle5SpZ4dBCYPZ +OC5wAiBPnNKfr2CZxk7NyPji447UfbMj6SFYhLBfQVvnqCazx6G8YOyjWFFqerbv +4U61ODscpG5Ri03qkHv2z1roTo+GhvEhf5ru+UgGXh8A4Iu57YOcmqpM85qiwwDQ ++xCRm3xWrqk21q4svxS25Z4DsuXdRGb9qskYdQTFwh57TQ+f1EWdBEDsQAUAA/po +ZWM7pQ9s4f2HhwdrBy/qvlDSk7GjfVquuKKu2/JzX6L7YIkFZPiQmPBfKmPVK7GX +fVvyQs5RpPXr+vcoRFHDWx9GfB9OFJzpsKbkMsFw1RgyQ1d5YAoWbIb9XzCJBFmU +pwTVHO/GxAPdIce0EXg2ZTY3MzBAZ21haWwuY29tiQJFBDABCgAvFiEEqIyK3RKY +KNfqwC5S4i+bv+40hYgFAltyhdkRHSBhZGRyZXNzIGRlbGV0ZWQACgkQ4i+bv+40 +hYhT4g//Yqu0cvNTgdxvbZ9ckmQvLDAQOiNTkjmMO3C9jMSJRWXYFyz7FXbrutzg +AZmEW/CkM4zOlXra1A8BrWsAnV5b/j6X91F69TsVbMne1YScftHEs4V8K213XHwk +J5+4BKLG+IGf3+Hjgx2Tz4tj1jX6TzDJ3+W3nJpCmOO5JDWnQlNweYcv4YjU01aq +zI3HMuULKYsHvv6XJpcnFiu/MY4+zcJCbDHxmB77itxHaeayTCbXinSTrblvsuzG +DHornawq53NAGh6YF/9/RljoAqx55AZCUN0crfR5gNOKEx0QTEF7NenifiFxxS8c +QoR77rPTG19EVP1wQFC44brPeKNphDRKCAa7Mst1gMeWfPFm6Uz4osxYye2dhlNc +Ho1pU0fCRTE8cHPNmrSyRBQ4Tvfd7gXX7/KnfwGDQZ2Dcmjb167Er1InAho8eYqX +8xye0kj3pRJAk3VaYPARzPRalEX3rix+BcQTRqm4H11or8e2nMRXrt/B1x1sAYYu +Tn/x+ut1Atk4NpLrNapDdB+byQt2l0vRqv10zV9ZnQh1AU1wXiaZEwFcSn+KxQVX +9zsY/LV4kn26RngPreeveXFIXW5FCKNVbNVhJCHR3K0z/egyTU0l5CgsrqbMoW7K +8ZM/AxSQaNY2b7LmujBbSpLigqPpcfULpZaClp5D5NDPreunQA+0GG5nMEB3ZS5t +YWtlLnJpdHVhbC5uMC5pc4kCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAwIBAAIe +AQIXgBYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJadkrABQkFU4PrAAoJEOIvm7/u +NIWIF+kP/RpsEcwAdvWsUi70Eu+ME18bWnH9Io9p3mxz/wDoaTh/Ej+J549hKCMz +BZAubB8ud189JyYzQv0CUqDbD+1STa3Da8LCz2uAN3Kuo5+gR8m0vCxE7pRjoemM +f+HYYGoTsUCVKtN54Voar/3htjMq2sQ8bh1HKdkgKSys169Pz20Fo1auz8t0Y05u +JRJbMMHWplbXEA9aX/VRelIMWjvUOtAFu8Rp/dngAVcwGG+xqb7vm1AM0Mdhm0He +a08v8HtvdHKHRc3SkHmrVO4WYBHJALSRn/7oTt2DxTARHe6Qp7QBIXN1u7Ajja00 +4K7hmhJixVBZjWolDFg6i2viqkVe+6n0GUcqOs0AEjnkDJKMg2AXzIggo9c3qZmg +VbcO4xYB2acbusHYSEP+B8tugpNxREWydOU6w18hoVPth0oD7v/gWfY7PmYZnQAu +CUOKbwz/jT0s69VXqwtaaCi6TjkzYIOFy8zl08stEsgwN0bXujk6X6vZu6u6tkyT +QJIjObYi1NoFqDtH1UQG3IsQLJ0zN3KoBOB7JjfofF3Ytz4uKdAuA9hVaaAJ/QWn +EUAAWHKH4KV0arRlYT/GVf0cqkt62NaDxql72u1Fh9B1zx8FCufgLrVlbhyX6RP3 +x9K+Ax9qjLvbCW1+ch1Kl9K4qVLF5MpgorZt1SA/c/UH6Y8e+xiytBlOaWxzIEdp +bGxtYW5uIDxuZzBAbjAucG0+iQI2BDABCgAgFiEEqIyK3RKYKNfqwC5S4i+bv+40 +hYgFAl0sdMUCHSAACgkQ4i+bv+40hYj9mA//SstcJPuIznSOzxBOncaG2iNTl+8Y +8OAuXovLF9RIBSz6LCszjdgXdXRuXrTOLKonZFrnCC4T9gPLyu+Mp2GKrwNhN2/s +bcHJzrWJ3Yr4eaDSHEaiLZHsFQUgAKfZUMWMXT/ATVLsWDPhhB6jGVTk8jjXvoMx +7ylGDpux4QNl19YSJ6mqFRv46qWkZBlUwKDXBb3QwaLG68rMRRba9phYcKpQVCHf +7lIXYh1Ds8JoEQcyBkpWolBxl24f9CUgYvPd6ZACNXrodTBr3bGXiCAlceWggKwK +tbjwoWYCA1OgQpt7F+OeQ3S8i5yHwFpJx8d7/d3fd2lArMRGJ6wliBwuh6fhN4tZ +T278HqRaHNfXwWt3N2nUGBbYIiurJNSKqTRV5EQykCh06Du36FSfAguq3OAA+Q7/ +uQMBP4eYanhiP1TpPt4HQVIEFV3N914o8DXnifBOhTieW9Uwa+ltUegyiVhTvmH+ +RwHwcp70rWJ+xrV3jS5B8HV8yybx/c7sJioygYhiIQ1SSzuWb1yJT+etYZ4P6D1X +WdvDFA3zxt7DxrxHarSQGNzbxYSkwkWmQ0LtaZLmEdkgdETZbTgn8xfvdV2g6uQM +mJizGZvP/u4jD9sLR3nVnFXlL/WrC6lBR3UkHNiMAp3FT0W/HNZBof2KDMHhmhWn +Q0pOSoRW2XMXvUm0Hk5pbHMgR2lsbG1hbm4gPGdpbGxtYW5uQG4wLmlzPokCNgQw +AQoAIBYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJdLHTFAh0gAAoJEOIvm7/uNIWI +7vYP/R/Ds5wvuIXk5d4rgvr5OIJAwDUdYu8NbFITt6wE8o8G1eJFajE6t05xqp7N +blYqLykQUH4LEajn8B5qDrepgOQEpYlzhFhASWSzE2yh7H6fiynFpDeXGeh1bLsR +9fswKOAg7Ch4UrN+K3Fx2rt7ivOaRcsMhSK9TLFyR8gcSIUSWE4s+YgGtGGD/IzC +LL5i36AulJotVfI67N+RxTJieW9y5KPXYzNo/04Yn+aQrQWVn0Hxf1+QWNEGo1c5 +AO2L09Wzy3bpEw4VlckE27YiKcxnqXt5PtoStbhIw7GtRl2CpMZHj6OXJnlzTntx +/J6A7Ys4MFcjJEu5VhjVDYnKKe1ksxvp9QOONzz3t2VoC443V54QLV9qY1UNxXTZ +C2zGJ9YgOIfIfIP55kc/x051++rBAWianmIyFs3MqVAPXoIdOXm436TfrI3Uk5b6 ++RH08dpkCYbUEoh1y4fjFHj4MUuWyxo1ByghHfn6J0BEF6hfqvL/WfQPhtvUY+K1 +OikdiwGYh/lzjiSuTT+W68ltzM0J4sF35XELAvL/7QutCCBFKXHfto/LtlUjnxnw +FRoLg1Kq2LuXrKFoeCcbhzJuMF88dKD1Rf2r6hwqmZDLjupP7CsSvN5iC9vtaGz0 +33HkfiKNCh6lQ41UBy57n/iquiHZLZh1Pr4OgadnQIwHhlcFtB5OaWxzIEdpbGxt +YW5uIDxnaWxsbWFubkBuMC5wbT6JAjYEMAEKACAWIQSojIrdEpgo1+rALlLiL5u/ +7jSFiAUCXSx0xQIdIAAKCRDiL5u/7jSFiP+IEACuGt+Fmo//CdHBB5HM1KSkGtHC +9VuQAVMCE6RxGHcDrG4vCAeSeUTF/s64F9D2zLEJdBg1WUZbDSEKdsz33CCxEiMp +XcvWCjI+SSwPs78kKoIhYTwYW9dWE5exfJ7878pMCQMCq/UReZyQptiICW1AwOuM +7xp3Qbk/VcTYtxC0UJ8VGhr6sEzjgO6JOxKBhCNcLFOD+3O96MXFYuitu/v8Awm4 +Z+XeDe0FH0IALx5+3yWVbj/sPoMx3kgf09BZ59a0KgDrmDPlrdAjavk54DSXfuOm +GXAOJgBMCRc30rHsGnB2UiiTNZu0BG34s7yc+s1Wdv65i9CJ1OhcmGcLRjNDq13N +IY7lyRaKsE5XMrj5e6gIr7I8wKONRQZBt8bE2nI8xUkdHBshTfmna1pXkBDO3qRK +3zK1iyyVYirm6zPjT9KNiQ8AFQquQayYxEqR9RbQOUhcTtz12mopY3+FEz71hvte +dogldkuPq9hMBpeBNWw2IYYtXPvbuf9soyvn2JhPlY+T5BO1m1Ys9rrAueUUIRb5 +3jZSWCX+sHGatrt7WdV00QxZF57zfeB0axKKLToAE85R1imNEZF1TyRqMzxsQbWO +HJ4WgA4J3NpdbFpWe+Al47qoLxT6pPJbWiNZpj4p0189itQNEA7g2nfz47LBjZYv +lyyIXMIlZe4t6rkpO7QjTmlscyBHaWxsbWFubiA8Z2lsbG1hbm5AZ251bmV0Lm9y +Zz6JAjYEMAEKACAWIQSojIrdEpgo1+rALlLiL5u/7jSFiAUCXSx0xQIdIAAKCRDi +L5u/7jSFiJBcD/4ilWSQRaxbgWms9PXZ4HTvfrFEb2TTn86BYiYxEN3aT7xk1Tor +6bzEmLVkhraN2NKgaYgCFt1/Wzzo9N4o9Ojtq6ES3SFx0ZSpnlIU6YaLB++710gj +mP9KW8sBcGrNBYa0eisZuwqM68GApGDxbdzqo9K7O3alYdf6UsmTal7iWHCRCz4d +RShxFYWJbOk842rL8e1AWkF6nvWIq+7/eKLYyD5XAIXKw/ZB/hlcdgd8m0eO4pZ7 +s+fhuaVPFryVzAlAnLQRdMStUo8VeGbOqFCfS0ZB2cPt/D5d8xRvnaCeSae3xMLp +sytCjDFz53fSTx62ZiwqOZoncPmjZDzw26vOaX4Y3fVB6cQKYRGke7V7pagIeH5N +W60mruk2IVoA/lgOSZmNT7/iVojHpYQnbaIZZRx0a+VjfgtNjcVouo9Hkll14397 +vPRMLszDHmpvG6/WAcFkG8uJjRihqwVzY+gsAKP5r94IQpQ6rKVCJYxmko5xpYOD +g+FRnt21GQ3XzUnOjdD+9ayPULA8sm3/IYraP6k2hB3SCKhMpEjno8otabv9h0M3 +FlN8qxJbXKWmMS3Ttq1DxpK5JwJ5jaBE9WfeDtXM1cnCju+qzlYSXogje9dc508s +wSIO1PLzTYFCanCDUKqNaNX5OqvjtUWslKc/hUPdqtptolGvrXiGhnrc1bQpTmls +cyBHaWxsbWFubiA8Z2lsbG1hbm5AaW5mb3Ryb3BpcXVlLm9yZz6JAjYEMAEKACAW +IQSojIrdEpgo1+rALlLiL5u/7jSFiAUCXSx0xQIdIAAKCRDiL5u/7jSFiInyD/9m +/qoOIXFmAKlGjNVs2nYaP6vQCCAzcOm1WrwP6DYoeG1JWjNlFr0kKhJa/mzR0hFY +b2+49+Er06l7N0txPRcUhoD/8kKTIx8ljX27icd7BpD52XBqLfnX3Th3OHJA5CtZ +epQ4/bgUqXkHqUPsmVQHyjlq7liYIlZWwMBfA+L6eLF4MQhcnIoHkfVLyHvJ3B07 +VpJAH5wBBC3NEaPTCAeHbXdSY7vVea3kSZZ+dHcmcIcpBcFFTggruGlPdBfUlt8/ +aeRdfAause3xkQ3/n7wTXugYPRcIM1MsDmHuFaADWEx9eEEg0WY+Fb9TD02iwTyj +n2zISITI4k/FGIW+8bG+qrE5EDxVxeuociVNi76byaPN3Wx2JhDq8nKtfVWLCbZN +NN0HYpgfoHYUtFR7SCDbHvL0MVW607Alyubxo5n/WN6RC6jxmFaE1CZpl1jVp5cx +/Uw5NBv5OwQzd/OqLiTXisM0Jou20c777XRL8nTrFniW2ym38xDkC7q17yhDPesU ++00TR0PWO7RFpw1mzxggGXxmuxA+OZeR/fHdc6CpGmEj8YlpeOOoRw/58/w1LwQr ++zKUzuNo0wKvcn+K0rHoSVOX5O3XAxTg2FRpa48YCY2U4kUH6RITHZRg+Eh5LHHs +Yj4ow1BsIfW9VAzHkt7b0MxdWsUwqFuXtsaMAg2HGLQObmcwQE5ldEJTRC5vcmeJ +AlcEEwEKAEECGwMFCQVTg+sFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQSojIrd +Epgo1+rALlLiL5u/7jSFiAUCXSx1iQIZAQAKCRDiL5u/7jSFiIP0D/4i40WiFeRM +E3l9El3UOE/AsoldFGSfzXtkfad5X9arry4C4UFRFcQ3OtJnGvfW3Nr/mMNa6w+x +3z4KnQRqhx8hw3dvQXHZQUjOEAQMg2K5ns38Wixk0OD5Mmqv9qyImwm5A7MOZt5p +uZqGv21YS8BXQsMw+CLXRsapNAqI4N454bDBoA+l34tOiN4jPgG0jBy9aPZKWh+7 +nLHIn/DJ7xxT9Z3P7gSPcv8cwEumiBA4x79Ac9YszhafMiqwkk3b20DGjAyXZmEK +l2annmwce/u3P8oQd/+hmcprQZMgh1vxA0wm9yQZ2zUZXAYZASVew9v4KdNVJE+g +wKfJd4TiPrOkKoll91ikGCY38PPfLCyvGobdrE2LW+6ApQtcTrKu8nzkCGdZiyZ/ +SE2gHMOrYAmCpDH6ujD0z76ywo3a3Ta3njId3S+LTPtpBJNq7jRgXJPTw2OVjt23 +7QrM0QbNTvbjy5OR60BSFhvd4F7LCzhM1b/T9P8oFf+uO2hQxtLnNqdYR4idIRFP +gXjD5dYpEfTOp1dZviiWqXm6jJFsLJy3FtRvtICLzram0nSO3xA0bB0QH6MqDp4c +4kcZ8JEunBvsOkIVlzT83CGrBCOaydw+1d3wheFQItPOydVrqVtH+0rGHUTpapL7 +BXttYTzl6n7YIpNDqBufZcWhmqBF2FPTWLQWdGVrLm5vLmthdHplQGdtYWlsLmNv +bYkCVAQTAQoAPhYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJc3Zx9AhsDBQkFU4Pr +BQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJEOIvm7/uNIWIZ0YP/RM+jV5mCCf9 +Yj4KIZ7u4FTUQ4k9KqfvEw134efgZAR5n3+3MvG09glEunMaeoGQDZ3E7qHJs9MT +cSA8RSfXT/Xp5+dDDpobV7TKzV5heTK6+PjsKH1KlvT3mTDcnRFnwRMQaK6BP1KB +bLTpxW6kDFD50OChVC+iEBunkgplVl593KLLkqeAmuIzThKIbZLOT6H+bGthSu+V +IGLp8MfVtjw4dflK0TbvyIVQRVxqQPv/egKIaLAQwah+21svfXib2tJ5kxKlFVbC +K9IpTcBXljiS7ZQo7/Ok1Z4IyySMeA9CpRZjL0zSygNpHwk8Ml8UcNmcvd1Jbe94 +jUOJk6YIOhAs2LkzxoZdzuxx2RrB4kTHBkM+zMKSJGMXspIdelTOYfjOPvS+wb55 +QobWo6tey4z5LEWt1ymeGTs3pCnAY6Y9FNV2x3+MExhFK9AumKXgfTa9H0ew36wf +Iju4oAMVWHk6nz+Mv5IwwcFGiH4QZNLZj0r0F0dAelngphersaPZLK3sjqlZNY0L +atQn8BOZoY8n9JN++JPIwq0LZH5k8Fp5mcGcOVNukXghj59kpXDLJTxnlzdqAQ+R +9ank2vf9K6aEkzfg+7zjd2r/gkaluTfELmu2SE2zOPKQqwPI3+k+LU7TGAMOVFQv +wnqwjo4JWx53R2sfHzJiLIeefZ2dGtDRtAluZzBAbjAucG2JAlQEEwEKAD4WIQSo +jIrdEpgo1+rALlLiL5u/7jSFiAUCXSx09AIbAwUJBVOD6wULCQgHAwUVCgkICwUW +AwIBAAIeAQIXgAAKCRDiL5u/7jSFiH+hD/9Cp3c2QVCVfEF+eKIPwyKB5jgbmY15 +rsBb75xcNAYK73O4DrYn69a0GdiazxYghafQeg8FOLmxF5XB5e1vvzXOTe0cEOaO +nnsr/0JhTU9CHIaLeOtgNI6XTF3RQ/r4pxmZ/kIpsHzjrc5t5SlOnGdcElkhT5mi +YpeLywJyBjwJvnTQr6ks8QF4RGgUpp8V04we2vCkdsuSGzcCDm40NyDfEeLa8tCp +h93almEtDFI3gcXHr7JiAxj0yxVWi0KaejwphwnudxWu8kyfQUEAKmn+J9gOkOXs +vTMvRc1f3z12QRSWd6DnZzL9EctDbYXgG7F55me1zLBSCuZP7rj3gw1VfW5+XFEH +Giq8hqf/V/e7Gq6Dtx5NpAj7TCmBOUOAL80Z5jjOaPSBhALlE0RLuFF4OMQm+hg7 +2tZC06AUJQKmEtdxWt96DKe2lD3pNdsb54T3mxjdgHyO6sxDYHeMGu+D6OhP+L1Q +WnPnkv4hrsjEnbbHUp98nbiGA53NWTLllsHXmWIkeokau1VmF6ad45z+d2Dtjgo4 +kphux0lYAOqHV6zL0DfTT2MyCpm38dHpHEKzAQVaeppeCetg8HXOMdvbe7b5Tsk4 +HQNryD5B2PD3elvD09amc5SAske2z5ZSYKdjDnrNjUhOESRb5eDEE0b9f5wYzQxW +qV10dXdgccCIfbQNbmcwQHRhbGVyLm5ldIkCVAQTAQoAPhYhBKiMit0SmCjX6sAu +UuIvm7/uNIWIBQJdLHbsAhsDBQkFU4PrBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA +AAoJEOIvm7/uNIWIbAsQALJNb8HvAPNySloMN8tkBy6jjfzndJGq0JkA5rhT4Zu0 +U3rolSXoo3RC4uXK9vWQXAzE0H9csmC0+4JquXOIJ6Rbm5oRRwtX51MdLJKxb+L5 +kuqkkIbFgnqjWNCqAKB5IRnI4nHroqBwi7ZUWAvR9SXsFT7jNFv/DK0stTf7OEs0 +XsZfwnVZlGzn26JSeFrQEYyJB0/ecrcKZVohge0/FMi6LddjfiJqR8dREiW/mNZS +lzxWyteluxd1CzIhPUCoJfLJu9g1BFZv5kjurVUsoXcNomYvQksT4mNEVj/wwIPk +yJZZ6vAQHts3kDy1rRSiJCOShG305m+jc98wRBKhr+YJf+bZzBtMf+Rgfgav1ywx +3fh8kzds+hFCektsPzGp4CgyT4jdn4Rh3QdqjMH5ah5rWbwxA8G0q8duXc7UUsog +lMmmXiNiUD7Bg/TJoQPmL1Pj+RPgqH2xeVwnSSwDCfr/U2tHxBpgB55KfrH92U18 +EfW4oW+w2UUhaBEZyrruKdaPUhv8gtx8YEEarWKi6w0e31KXmyPvqS5GnjOZ9PX3 +RtBHQkqg7iiUBBPz9TM+kMX5oHuKymv9w7aVMNPmnT6jKlFJur/hkBn9yxfAWWyV +yEBAuMW04YjSYRbxjbvH+0Bh0cDpK9bTp6maCLnP15IIOmz6a8uH3M3y00wf5elA +tA5naWxsbWFubkBuMC5pc4kCVAQTAQoAPhYhBKiMit0SmCjX6sAuUuIvm7/uNIWI +BQJdLHTXAhsDBQkFU4PrBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJEOIvm7/u +NIWI7Q8P/3IB/0RHO/oRz/1bclxGuCJYFZ/xa+SEnnE/XjAYvQAUn1jSfkdC8yRX +3Lq2s321hjo0xQXgst0zV4adPOfSyGKFoodnO5mFY6a5pYq2CdFGmuQ6pQD+/OvQ +O4PLLbtC3z6EtA2GGSlXgNTz0krqjaUX9FwBlbzgNoycFQrhVwx9PpXKDlORjgYU +4m/VjOi0f0yLzZ7BWDrenw45Brv6zZuFjfqxSHV+u6ecGpnEx4GjB7o0w8MGV/v2 +XZm2p591cJ4agmewjQhfBLP6D+fw20ENsTxgvYYCX+k7dTeFRSrKyariSy702ryu +QYsh3c9+0EDomQOA0PH5/063f7msXNNwn9MsGqXQJ8umHDRnmC0aMdzQG5m8Orsg +ZnPBRhvQmDuQRUVworotAqqEfoQ2WWFedNxRUgd3dClaDts5Uc65Tzzd8JA+zYIo +byKqE9fP3vtPhO1y3+BV2W3YLsmgQtVInzPJq0HBjPXuulFN73eA1PJanRT0n8Al +730Y10CKmxAMP+pQ416OrYUHwFSCAD5v8EL6AET/NgnI4d19imyoAcjR/W4MyNTx +YXRlQ8v38Av1B6pvNC3/9ktPtyf6RRY8GVhMVQ7DUSLm2JOVx9vQj2jYM9a79i1+ +sx5OfDGnSnFfQgg+koqyiR82KSqwIZImiDhWWyDkVfnWxY9TvuaxtA5naWxsbWFu +bkBuMC5wbYkCVAQTAQoAPhYhBKiMit0SmCjX6sAuUuIvm7/uNIWIBQJdLHUDAhsD +BQkFU4PrBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJEOIvm7/uNIWI6ykQALBm +K4s0xRE8T+MzxoeSV0gM+bQPqcBJW0FzTFHMOw8U0iJU3kDd/DolliEj2qSnyzxW +Wp5WJVAp9UVyDxRb9MVp5l1qsniAkyeOVknFD6xbMOohY+5AYgwb6TzwIXXyKxCq +O3nLE/qzTQE8WI4uLU+PXFQW2KkWY1+XzSGDGtP7c25mA+Rsy46Q9KskEe2S5m/j +/Xt44pTU1AeMMdN4b4PzM8X60tlHAa/mLg06RT838cQEtJvYJn4nUj595f1aNmqW +2OQ8AYa9AWBTaQRZls+zSQ3pDp0vEn7pvAn4gJ0cC2CLE86HaloIgBYUeXfc78u3 +XXn9RGdvgNJ9wKI541YLaH+GS+tezXP7qHtVeoLjqYve840Oj/D0fA+HqfnR0AjY +h4aYc034ShiVUlEfWv2JjvRLIn7QegT1GSW17CftVmp7Na9UyYtizYra4bTVTaUJ +fh2oKAfLwQRaAxq0knboBkFbXlvLBLgLks6o0hok39VWcaikd9veT8c1QlGID7FU +Inleo/RAMaI1uJyZgCoXtlmCBz2/cOolTn+YeVfa26x4Yemy+habFkKoeVobwl/8 +1LN1q1L2CJn0sPB6xfNwIKEyab3Nx5CeQIuXZIk4Zi+wwkD8Y1K5SlNW/shEpQCd +/bPrxvf32IOIfTSOnwK93MQc01r1Z2R3BRc664/dtBNnaWxsbWFubkBnbnVuZXQu +b3JniQJUBBMBCgA+FiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAl0sdSECGwMFCQVT +g+sFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AACgkQ4i+bv+40hYgRXBAAm9A7Go5a +2PINqMnVob2qJ+uwe+CXnvCnAkIagshn/MXZ3s0+SEyDsK8+zpSXw9IZ62kYPaqG +Ao9FrB2sQXPfrhWw74OKcHG5GcT3ep49PUV2CcmyGzFV+YoJm7lsy4wbrl4i4PpY +ijrkT6mICwXFjWaKakEbFKlnKDvGHEWvPLCJhWCszsfnfbqcRKwUykmEmwiD/Te+ +B2H4iavQbgzY1y2UPxCKZFWEhp9IMVGaZFW5H/H6XwzAGNWiOBLSsEQenN1C8TQR +UgLN64oAuFtt2KY5SQCVnI+cHnHZzBq0Mpi5WdLhQfhXZh7lr+EzMuOlvqQg0zTz +yH9jgXuh0Hi92Hx7ctzFtCK4DPNatMLlxQbo4TAseqBIy0ltQaIqrn0V1Qp0Tvnj +jIT/maKfcJZrmCQQT5vsEgPNlsaK5R2pNDWjg3QtvK2+AtavSf3/d08fDIlneNlC +/8E6XfZ0+0jJdEw2axyFymNhD3uDPEZ9Zo9ZCQQ/lwP1fqjVQhxrWLcSWdpGnhlu +VWd4pJ9VB2HdXdbKYmyNakmFTbmTeu1CwePcS65mzEs4Eoq2CRxf3t8t3525cQWT +MG6CPm8pRC7iueDVS6O+qnlV6BARr7wBinp9X2+uG2M9+P7JIBioFc7DCG0DIjDE +ykq8ZGR5E4+Zv1cUBTWsw2N9EjF5rxvDbnO0GWdpbGxtYW5uQGluZm90cm9waXF1 +ZS5vcmeJAlQEEwEKAD4WIQSojIrdEpgo1+rALlLiL5u/7jSFiAUCXSx1VQIbAwUJ +BVOD6wULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAAKCRDiL5u/7jSFiIO+D/9foiQJ +w9fpkXQQD6gP5fPZmgKuM0OHRuw6pEF26JgJFxtrDSx5SPbQxs4PlqavmXk0fbtz +jWHd8w9X661yf890XxnzSSRZNItCfc7P/DZYTK48YN/13qv30zl5UlZv9p7Zca/f +2C8VKICIJrSgbWNhW9Ctgh8r3pWCHA1rwtOWvwiKoyrQmG1/L9juOH4SlXtbeT/B +/xxZxwq3EILVZl5rA0zVI9Qf326ElbDfLwxzpFCaSNVPB1HNSyBRSEdMe3s30IQ6 +LYBDM2ZqQJW1LOUhJIiiEyYTMfTpQROmAQ8k7GuGVPt1YekPjPdn7kyZdW/kbJAE +CLT4isHgdi+O3PVIUUZn2ZZG2abUnPEdDPuT5lKS5FUfBUcWlHX0jtmtMsQwOwJo +isNo9fS+8TRsWyGrNxO3L9KEu8ZSZK6frGMvJ+y6nJW0F6yTFVikUEMxYoHRZ+A0 +krenG9/ypHEAi54tSAhKLg/t0yae01M9rZn4YuztWdgu8uIEW9JA4tWDXyqJj7r8 +YZ8/A3oK9qiFRXdZ7oS8njnQzmi8fjFTWiTp7l3z9MHn6+DFwYJMN9adx2lgUvHg +1Cc9fVOuYt6rSTEwURzJSOc+3uFxH1Cc6MI6b6CiZDe2ulHBh726ng+/8rFKhk4o +z5BtRWCYPwDrkYok5VeAkdOgFvPrxvZXOKuvq7kCDQRY+5dUARAAvoopO5WMdMk0 +DY5su+KR4V3fR2byaCSoZjbirSZanAUj7PYa4qM8EcJ3zj4FsZDPymKPo/J5XIa5 +Cn2mj9K9n9Y3vVf+tUIl6/lKuJxkBsPSqzM/6gltWb0oA5QkBFX7+pZTW2pURbWo +vpv6H1aMQJoYyBdbSx+Zu5d/6cVPwO1ZXPiNDcWiHdLVeFMNqL4LHdgMk+igzfQP +22XTOMUB1CCF8umaR3qkrmyZsJZe4XyJQC709QENHqsUQwfz2grGA8pvKo/ZPImT +sjDydc9EsHzwwTkD0t08b1ft7aseuYjrY7/cP8vWwYUaNTrLwZHcEv91gV0aIjE0 +U2tpV21Vm4p3f15kqRUPfP8lUiI0inFTp3pu/+4cTBJCmASSQyvoSTlwtGdmDgWF +L+x7Db//xtvIvfmibVcazcL4eoaI9FKqZvMyxySLYXbibBO+G/g4aQHDCycyFOp8 +dtJ/skOb1ADufFHXnzkEUKJ+5H4YN1Qklw9WT9YwvY/vWcOI2chVD+L8x4+H/LMg +7OBjVQIySlYHK1qvFSFgM2nNhMwxbtUMSpzXrfpJRdUZ76LZu3IqcV+WHCrCwxIZ +n6CJ5QXC1423B38GsUterRzI7K9ug5Wvq4yuRrAK2MjgcgpOjsVv9wMwxQ4APtR/ +hQbXN4rLAXhrj0QcUMnEP4W7gqBXTVMAEQEAAYkCNgQYAQoAIAIbDBYhBKiMit0S +mCjX6sAuUuIvm7/uNIWIBQJZOVxvAAoJEOIvm7/uNIWIWsIP/jAYpQcV/fn/DVs2 +vBfGTgFVKyaYIQJvXxVpapcytKWngWwb01K6r7x1d4vIrUbmAhDbA6n9Tv+NWgIY +H1O67431TZPOP+iXRTSJyRLopcJXY8xrNFd2tviQ4sglo2sH4l8gar9zXOSh68a2 +foSzLb9ZCsaNnvwFagnNXLwzBFGM+v/U0xkwU2xU65sh/TiyQ1DKgG6JQ4v0TtGb +ae/B0wJlOHtRXyCtrmmTshGLXQsJc8iduHyRo0we+rneG2yhy1BMig8MjQXY+8bR +P0wVW4WqRrwfykXjAtW6Qx8wU6fz46q+ve2Qhq/Ok9KpHzlGMgP6c6mThAZLW+3c +GIdQBZlFsZ2KL62C6s8ynbab7C6yCNT7k9zHAstoDNgPORx5m/mArmvUqMdXycLl +XPwlTAuA8YUsOGxEkmrZW+GGgq53uy+TQGmWqkSeO5uyWSs5yXbRf292PC6ZzAQX +xHsVFXScqibBU49ELWTqUvDUV7zMOwjQy+8VBSMrXGGsLE5tj5On+HPHi26vri5W +e5QzYrai384FSRSpdtnqqCysIQGPb+D6AgLJHdtnp+C6/0OULRrRIHF7JfVeuTde +sc2h5G07wqj7SCNBRZC5VP/0JvpdGUHfa4WGEDUCXEZiMXiIVLMblfS04pAr4qzB +1vCWqzb8xCxA+wTd8lTDFobV/pV1uQINBFk4U2wBEADgRM0G+Dnl/wlrHNb9sr3/ +yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dm +VCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFW +y8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++ +i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0 ++r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+ +7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCe +q0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJ +rUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6 +Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73R +Wj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoX +g4TIPz6gv6Bg1OiGpfseGwARAQABiQI2BBgBCgAgAhsgFiEEqIyK3RKYKNfqwC5S +4i+bv+40hYgFAlk5XBkACgkQ4i+bv+40hYiyTA//XnNjay+uK31lmven3gLQ/BRu +liydFotXRugBMExTNhBmv279krSpREbvZfFLSXshMcTDclzCY4SrjOgrXfFS8Eqd +RCnxmqVxBQsS7T2ObAMQQLp1yyFdupT2M7no5bnDWetH9c/CBZP0bZa4Ar3oFZXn +CKvs2ACef1BJ8f5vgx7noi8bpggUP6uDZF1gyyB2yLZEvlV8AWz3hN1otzkSmVgx +bvD9d+ugcqOgAMv6JpbxxiNvqMX2CVjjoBeQC5/uKCkJW51NnZzHXtDHqcKKKlbp ++WrkwxjoF05uqRDFXnnCTTC3PUrg1stYkn7M+52dAG8HAFBtReuTZoZ3AL1kdtsp +XoG8PtWHGzu1NNrPrxCL6KLn5jzjLGkWR17uGhmflKwdvRgrbWO97XhZoHaocaTE +1pbRBRhJ8bhmkw08Yaatt9qcUqJLPyj0cEeNIU0I5h9n7n1CpTyns3Ow28H4k1p9 +8Sf19UqEOaUIeGtU/Gf/7qbD8q6lmpgZ5/0/7wNoBYM5MdvfMDU0NJJ3qESLiEm6 +lCGq4nq+GsLyFmIXyTeFbsyO/Ion1WJdtrGvEgkQRuVUB8HqsFQ1b4+EJAiBTMsF +z+yxUcZJNEngQegSMaNyXFptrFrXzZHOXFADYmuTgtk5SbF0V5am4IfineWNSmM+ +nlBNsWyazlZNA3vuAvc= +=bioM +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFZlTN8BEADIXdWebdUepgP8YkULGh2EClt/q2Nkh5QB+V88ZtWVdEfz6ELb +KeKE/39yllXso20H56OfWGgcU2SF6EKdT+FDir5pDxM+RQiIjrYHLMj9MG87LBcW +65PHny6hmXtrfrWISXq7x2Si5G9pMz33jp5Dsx/IMTbTPbdK09b34S9aqIjTkpQ4 +yqByi07nkRcYgSOzx1Dr/7oatKn5/tTRQm9CQ2pqcYYD5Rqg1jcNpKRUWFX/m+LR +d3iQ6ZF/F2W9hR6BYWRUi3eJOFYX/ngWrSj3q3c3zQgPy7R/4weZRT/WYjwccHyv +LHbw3YFVLDgM2RAu2q765+3iWrH4RvYxS0eMDan7uK6q3+83KB83ofnH8IEt6PWK +3tmmQJ1vYbQDSqeLxiptPlOgoQuaJCCAFJaBIwamLZJq0BPmncDzZ3bGksROgV31 +qqFYsdKfyUnKQZZpEVsdpOz1oMK0RSlqW2j759C8E4DrsqCBoBm63lZPQsYp94s4 +gT5W2D3vfPqF3dOht6nByGVYvwh3ildcBtKcU8vctlms+izbb0p94pviM10/vIuu +AzerB4Pb8qMN8+KuSfIUtTWprD/D0NAPRBpc7Uiv8sSufldNhN+A4GdkkXe409+A +WGusKMlZO9fP3BYf+J3jDxlbRoVoEyl67dioT0QbFdhOqQt1EjJH9XT77QARAQAB +tC1NYXJ0aW4gU2NoYW56ZW5iYWNoIDxtc2NoYW56ZW5iYWNoQHBvc3Rlby5kZT6J +AlcEEwEIAEECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4ACGQEWIQQ9EQY8EPmN +FL0k0UcLCZjvhvWbagUCXkKjswUJHDOYZAAKCRALCZjvhvWbakZOEACqn3cj7vG+ +jjzbnWsohTwN9kJnvpRAtWwFw2mPYLRdFkYgBwP7AroDUS9nESzajx/sK4wUrfYk +C3hK020Bx+Elg48mdSAy9O1/gUDY24rANTnfisqtO2IILsEyd6tJJXa0XHziH3Tz +dggsCOEEICCOxLOkDi3Syk3P5yUL/OHDkLJ8nv4QJBGjjuuX09CErX2NYQnkqa0Z +MOecfTtv++jO/jAXGR6Hl3c4lf2udt6fYV9zrtSkcv/NPFvJ7P0GcxA1Xws4OftN +z/8rgz1TfVuho9mBIvvUKVT17Z80wQCTfaBNkChbHccDzaQPSDRkoG2ohvYrJveP +lKM9NfMpPqrjceaO+rx+Ft5mBU9uSL8Oo8lJ2sMsxqmEbym1Xxdm96P3D+GNjZ0H +Gnl26DprWTBHjpGSotV5rzncRh+9oTcvmzkO7hvgUGICHCGeyS3wM7qiiY2M1wHl +5ChlOv5Ske2oA+EHoMKxJQ2iJpkfeP6rHckHkVD7vDDCaiXUYrfjCb17CSOUHuPq +sdGbfHyItTM0cWpB5Jq/P6Mi9xymnxVpCeIkB2v05gszzGcF3+hLmRtdTzExilAC +zmWKXLL/mD2SvnENXLOJ5lzJCD7yQ+KkzMDPqkg4JPeinyT/MX8q2uWKa7pcOHJJ +9Hb4fMNwvUSsx01JCHrUS96JSssGiroaFLQpTWFydGluIFNjaGFuemVuYmFjaCA8 +c2NoYW56ZW5AZ251bmV0Lm9yZz6JAlQEEwEIAD4WIQQ9EQY8EPmNFL0k0UcLCZjv +hvWbagUCXJn9KQIbAwUJDSYvygULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAL +CZjvhvWbaqPbD/sGcPJJKK9siqY2o7w8zh5joKypSsJh2GZEpFMMIsIeVa1EW+ZO +fXp9YQkO9ezBKxHgtZQxZ9dHIbB8Tn3+VnLJHd9wY0aE0OTPO6GNtADJWbzx6Cec +75Ddg+WkCiTdn4MpMbF2jQKvy6nPfk7ZSbSL352VNVwrraLBjBJ3aXE+cPzXe76X +oUc8kkNICvPkMSMljR2ayGk/wd8u8O78GW/8LUMVz2cwHsnbJrEQu5WeI6LVoK/+ +kWpHDjiNhFwIg0ZjgoOl42QOEAYz2lmGAhyBhrKd7qZ0NpSoPfU1InMy9j2AoStE +hIOgdwepgXp8b71vzJEQiYMDvg6LJiANzohlJjzXQblzdu/gYaRjSNY1Rm3LV1ze +MrPMqYeFeiQEY6Hic9VrKiXczIYhbHv4lBefwUJkuTk2y237G4CyIvBvXyA0lHDU +5yumD4GDc66Rvyl9tZqKX+5Hss2dEO86QL+OcTYlPsGWq676c/T8mbdvfz+ENzy1 +iBa77WYFQkDSR1ND1f/GBE1fu7U1PuIDSo7uQarU6WJq3cQ+mtw3ncw9RfOpwqeF +GTf/2eHAW980zhyo7BIhBYxn+SMvBV96gYVS3f+Ye6vV8C6eWNaOzouIe4+dLOFx +kZAHkqCD8DaU5XalXwmeRTa5y1rzN9HMxNjfYeFrZu392myFjG55VYYG37kCDQRW +ZUzfARAAsHyOwNqnALHCpk9i+5BkyiS0tLMpgzN5LC3RzN3Dm2CEyQPWISNrr43a +FuoTMPEFkqsg0FX6LzVGZvqEtcS2E5DdvuVWJWBK+gLMxUWnm/p21ouhvLNcglYE +FlvIscYmwVwggwJYm9TBru872gTT7s6NDVSLFXxkPf3hPDWCYeaooKcRzuXZWb85 +E1HFgUOR0uZCfBtPGG/tniyqP64g40gAV88WuyN4vkF9Nh3jfpjgQ8eYzhmWAAso +EC6pBn8kjek6GnplYqkuy97FR87nXcb4d8zameC8rynlquNk9B4fsAVe36upQPJb +GMF/VYjc1ubPQeawMrpYWPZboOK+oulSPaH7AQNixBpqSxdVNw9jHNZPSGPq2yPp +pGTgI1wLWlGQlAEjBcPgEWWzWgW5os4oULn2D8i8S9pi8OhSQiteKZiojRD0q9D7 +TfSXA4XSZ75+uYxi5T3DTSSRa+pEufl5BMphVyJKvqjX+Ek6dCodUzfGE69qfKTM +Vi3peEUMVMrsM2FoB7BA4l8Z/1UhoF9jD2yrW/+oJEWsWbJcGxsskzHNGr1ntk31 +u/MC+O8O6VFuuTjfpjpbS7rsbZZRtl1u/rhoCRpURz7AillX2hhl+5U4MOnYgZQ3 +c5Xh+5+mD8C0nMGz9pg5+6XK3fRfiN6ajHLcJJeN6bXKN8Pr06MAEQEAAYkCPAQY +AQgAJgIbDBYhBD0RBjwQ+Y0UvSTRRwsJmO+G9ZtqBQJck7EABQkNHkaxAAoJEAsJ +mO+G9ZtqMt4QAJznYvhb1P2TXkq4eJ+wt0E5SWilT6+tjIooYA4p8oIDi8nl+nHH +MIo5IllAYnWXGkaxARVSzA3Ci8CoETX4hGdKnHy7hRvYR2psATapfVts1Ouj9vqu +0zDpBATJhkom5xgTjWkT1ZgVIEbVHZiNIpSgA2OI4FqpL5rDw7uvMmttyR855s3/ +ufyhAjIXJMC6/8/7JG7Cu4d2pY/tumoeLjks69hUlqsM4RptZij/sC2m0BH5JOY+ +rj8YKGlliBciUbSkoTjOTExQoipLjpwgADmKu85TAL0X0PIqvM23n4K1IjiZjmNl +9vjOwdtugOH7AYJV3RNjGLRxy4gJP+jlXL7rWEFFvL2WxSRuy1EqMRNzDlx/5xM3 +1PJsmcc6wIhyLDq40m0gdyh43Lk6EeaLjf6+QJrn2+AwTGAc3k0KOu50hLnSHPKZ +0dYfhqD6iJOkByAc+usyfHNQ2+IQWy/F+AQc+ST0p/A+xiC3D7OHbaZJM+Mmqepc +aUIt5jJ2IylxPet7yZBfV8f+6NUGGbNJy0Xd6qv2EE3osBMd0XyaEHPSxnSvGJfx +a7KJQLOr/WpfSJeZglW3fQPWwhAjeEFFBibwso/D6vXxK6x/N8axUyRiJHOmLKNp +UFEhZpET3FoAMnC3vxYynv3ooYw3oLxl1V2TVHN4s4zlDS7dkAokPX63uQINBFob +JskBEAC9bcDtSKWB85zmXbIztVQF/73mSJQBZiPfNpQqTiClsQ56qMHIUsqLw2qG +cgDj2cv8U5NPxoLQc2w6HMqcD9ASmSa6DePUPpADp7HVPZB4GnBcSu4IEjO6dlif +rH098eBoEIZzU4ghvpDzIBmfBQ5pveUGqvqt/2e2xtJug0FmpuWXYlQlV9Sj4Xar +s3sPhLekXaRZ7fDULnS14DZRuBMdRNwyhOPz5xFCK1JiahfZ6pALS9xvWyaD1Wa0 +/IhJzIA3vDGR96KJVX/EtnggWuC9csoq8QoIqwxbcbKwlceE5EGSJTpceB63z3s+ +nM2OECGlQlg1oktfLdw37QFyh5uHqEi9kJVconb1Z0vt0WtZmarzYRIJDwoIE2aC +EM1bmXijQIl/W8elcLDCL7o4m9v2fdYTk+xqJ5x165E6N4xKKL+B5zKTcOocg2rr +s1hFV/LIRUl/rYB+58WTzvorym14ZdcLiu2/xWa4M4Qc7sIu8Hk69g+zKTS22eRD +Mo0q96jNGfa/5Qu20Iz8eKK4lDsGpbbRnA7+U1ayxzTV36fxI0L5Ru7spq0rHJ3h +c88v5IG9RCyxJIug0ZbLX4+P/M0yKNDj73o1nbL81TI1tPsuUFsygN2PN+RowoVN +vmDoXlKWbT4eMfMiCbw/PCm3ZEVz/m9M3VjoRrb1T6S7DalqXQARAQABiQI8BBgB +CAAmAhsgFiEEPREGPBD5jRS9JNFHCwmY74b1m2oFAlyTsQoFCQlobNEACgkQCwmY +74b1m2qDBhAAnIyHlZGTgbiVTVBgjrIEYasPWn+59I/zULVGGe0yEvHzUoAeWoKE +MudtfIUMb6Ypcoxwo8AHVvSsCSuLWiMDysu6Y3+p9B/iNDVlCU/3eA/BjCpD5ofU +482Dyv5hpqdfv8nLehBjSnlfLnIf9b4kIAuTI1hM2kQFkM3/Eh4mfB2XJBFQxzS3 +gedWLrZoUp3qUp/BOkIroRPeu2N96d+6a9b35S17GJxWehgVjEwLZyhKCHliOYTk +k4ibMc964iDSIdjpTAszHj/dMkt82Ovv2Q7IpFB6dhd6Mb3Les02f6lNyTBixud6 +/1ADj4LzyUwYyrlF8Mhjg/vJn++gAPFRqSrY5pwwsqci4Wr1/mgrM9WQd1wnkGZp +0eM2q598b9fBgNvDnk5N8rCLqxRaxfUrvVEnCb5KbWtAwzp6GJ447KGHQRpfGN2B +yXXtekurH2tuixSWSVnCwN7oN5hqXxhA60puyVSQlRZ5oqq/DTY5Gl+8HO/6qjaa +iRD6frB32eB3/eIUHE+HhqMkVKcvoz1PUdjDO+YArRdkdREpQ7OBgqdI5/WkmDez +DZ8s/8LH7NmWyaDiYmQwZzDJw/286pTn+U0JvAvMU98tSQKD163iYcUprdkMEgWB +bm9msTujYyUbqJg/epAVjJahjtYwnCFhuJKvoIAlOXAqNksqPDoPwfU= +=tbKl +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..10ca7c1 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts="pgpmode=auto, uversionmangle=s/pre/~pre/;s/rc/~rc/" \ + https://ftp.gnu.org/gnu/@PACKAGE@/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ diff --git a/doc/.gitignore b/doc/.gitignore new file mode 100644 index 0000000..3b7342f --- /dev/null +++ b/doc/.gitignore @@ -0,0 +1,8 @@ +business.aux +business.log +business.nav +business.out +business.pdf +business.snm +business.toc +business.vrb diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..90f6797 --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,23 @@ +# This Makefile.am is in the public domain + +SUBDIRS = . doxygen + +man_MANS = \ + anastasis-httpd.1 \ + anastasis-reducer.1 \ + anastasis.conf.5 \ + anastasis-config.1 + +info_TEXINFOS = \ + anastasis.texi + +EXTRA_DIST = \ + $(info_TEXINFOS) \ + $(man_MANS) \ + anastasis-figures/anastasis-db.png \ + anastasis-figures/anastasis_reducer_backup.png \ + anastasis-figures/anastasis_truth_payment.png \ + anastasis-figures/anastasis_challenge_payment.png \ + anastasis-figures/anastasis_reducer_recovery.png \ + anastasis-figures/anastasis_challengecode.png \ + anastasis-figures/anastasis_truth.png diff --git a/doc/agpl.texi b/doc/agpl.texi new file mode 100644 index 0000000..e6ee662 --- /dev/null +++ b/doc/agpl.texi @@ -0,0 +1,698 @@ +@c The GNU Affero General Public License. +@center Version 3, 19 November 2007 + +@c This file is intended to be included within another document, +@c hence no sectioning command or @node. + +@display +Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{http://fsf.org/} + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. +@end display + +@heading Preamble + +The GNU Affero General Public License is a free, copyleft license +for software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are +designed to take away your freedom to share and change the works. By +contrast, our General Public Licenses are intended to guarantee your +freedom to share and change all versions of a program--to make sure it +remains free software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +@heading TERMS AND CONDITIONS + +@enumerate 0 +@item Definitions. + +``This License'' refers to version 3 of the GNU Affero General Public License. + +``Copyright'' also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +``The Program'' refers to any copyrightable work licensed under this +License. Each licensee is addressed as ``you''. ``Licensees'' and +``recipients'' may be individuals or organizations. + +To ``modify'' a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a ``modified version'' of +the earlier work or a work ``based on'' the earlier work. + +A ``covered work'' means either the unmodified Program or a work based +on the Program. + +To ``propagate'' a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To ``convey'' a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays ``Appropriate Legal Notices'' to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +@item Source Code. + +The ``source code'' for a work means the preferred form of the work for +making modifications to it. ``Object code'' means any non-source form +of a work. + +A ``Standard Interface'' means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The ``System Libraries'' of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +``Major Component'', in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The ``Corresponding Source'' for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +@item Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +@item Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +@item Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +@item Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +@enumerate a +@item +The work must carry prominent notices stating that you modified it, +and giving a relevant date. + +@item +The work must carry prominent notices stating that it is released +under this License and any conditions added under section 7. This +requirement modifies the requirement in section 4 to ``keep intact all +notices''. + +@item +You must license the entire work, as a whole, under this License to +anyone who comes into possession of a copy. This License will +therefore apply, along with any applicable section 7 additional terms, +to the whole of the work, and all its parts, regardless of how they +are packaged. This License gives no permission to license the work in +any other way, but it does not invalidate such permission if you have +separately received it. + +@item +If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your work +need not make them do so. +@end enumerate + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +``aggregate'' if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +@item Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +@enumerate a +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium customarily +used for software interchange. + +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a written +offer, valid for at least three years and valid for as long as you +offer spare parts or customer support for that product model, to give +anyone who possesses the object code either (1) a copy of the +Corresponding Source for all the software in the product that is +covered by this License, on a durable physical medium customarily used +for software interchange, for a price no more than your reasonable +cost of physically performing this conveying of source, or (2) access +to copy the Corresponding Source from a network server at no charge. + +@item +Convey individual copies of the object code with a copy of the written +offer to provide the Corresponding Source. This alternative is +allowed only occasionally and noncommercially, and only if you +received the object code with such an offer, in accord with subsection +6b. + +@item +Convey the object code by offering access from a designated place +(gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to copy +the object code is a network server, the Corresponding Source may be +on a different server (operated by you or a third party) that supports +equivalent copying facilities, provided you maintain clear directions +next to the object code saying where to find the Corresponding Source. +Regardless of what server hosts the Corresponding Source, you remain +obligated to ensure that it is available for as long as needed to +satisfy these requirements. + +@item +Convey the object code using peer-to-peer transmission, provided you +inform other peers where the object code and Corresponding Source of +the work are being offered to the general public at no charge under +subsection 6d. + +@end enumerate + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A ``User Product'' is either (1) a ``consumer product'', which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +``normally used'' refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +``Installation Information'' for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +@item Additional Terms. + +``Additional permissions'' are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +@enumerate a +@item +Disclaiming warranty or limiting liability differently from the terms +of sections 15 and 16 of this License; or + +@item +Requiring preservation of specified reasonable legal notices or author +attributions in that material or in the Appropriate Legal Notices +displayed by works containing it; or + +@item +Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +@item +Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +@item +Declining to grant rights under trademark law for use of some trade +names, trademarks, or service marks; or + +@item +Requiring indemnification of licensors and authors of that material by +anyone who conveys the material (or modified versions of it) with +contractual assumptions of liability to the recipient, for any +liability that these contractual assumptions directly impose on those +licensors and authors. +@end enumerate + +All other non-permissive additional terms are considered ``further +restrictions'' within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +@item Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +@item Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +@item Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An ``entity transaction'' is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +@item Patents. + +A ``contributor'' is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's ``contributor version''. + +A contributor's ``essential patent claims'' are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, ``control'' includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a ``patent license'' is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To ``grant'' such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. ``Knowingly relying'' means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is ``discriminatory'' if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +@item No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey +a covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree +to terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +@item Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users interacting +with it remotely through a computer network (if your version supports such +interaction) an opportunity to receive the Corresponding Source of your +version by providing access to the Corresponding Source from a network +server at no charge, through some standard or customary means of +facilitating copying of software. This Corresponding Source shall include +the Corresponding Source for any work covered by version 3 of the GNU +General Public License that is incorporated pursuant to the following +paragraph. + +Notwithstanding any other provision of this License, you have permission to +link or combine any covered work with a work licensed under version 3 of +the GNU General Public License into a single combined work, and to convey +the resulting work. The terms of this License will continue to apply to +the part which is the covered work, but the work with which it is combined +will remain governed by version 3 of the GNU General Public License. + +@item Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU Affero General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU Affero General Public +License ``or any later version'' applies to it, you have the option of +following the terms and conditions either of that numbered version or +of any later version published by the Free Software Foundation. If +the Program does not specify a version number of the GNU Affero General +Public License, you may choose any version ever published by the Free +Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU Affero General Public License can be used, that proxy's public +statement of acceptance of a version permanently authorizes you to +choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +@item Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +@item Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +@item Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +@end enumerate + +@heading END OF TERMS AND CONDITIONS + +@heading How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the ``copyright'' line and a pointer to where the full notice is found. + +@smallexample +@var{one line to give the program's name and a brief idea of what it does.} +Copyright (C) @var{year} @var{name of author} + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see @url{http://www.gnu.org/licenses/}. +@end smallexample + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a ``Source'' link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a ``copyright disclaimer'' for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +@url{http://www.gnu.org/licenses/}. diff --git a/doc/anastasis-config.1 b/doc/anastasis-config.1 new file mode 100644 index 0000000..bb1512d --- /dev/null +++ b/doc/anastasis-config.1 @@ -0,0 +1,123 @@ +.\" Man page generated from reStructuredText. +. +.TH "ANASTASIS-CONFIG" "1" "Jul 18, 2021" "0.0" "Anastasis" +.SH NAME +anastasis-config \- anastasis configuration file manipulation +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBanastasis\-config\fP +[\fB\-b\fP\ \fIbackend\fP\ |\ \fB––supported\-backend=\fP\fIbackend\fP] +[\fB\-c\fP\ \fIfilename\fP\ |\ \fB––config=\fP\fIfilename\fP] +[\fB\-f\fP\ |\ \fB––filename\fP] +[\fB\-F\fP\ |\ \fB––full\fP] +[\fB\-h\fP\ |\ \fB––help\fP] +[\fB\-L\fP\ \fIloglevel\fP\ |\ \fB––loglevel=\fP\fIloglevel\fP] +[\fB\-l\fP\ \fIfilename\fP\ |\ \fB––logfile=\fP\fIfilename\fP] +[\fB\-o\fP\ \fIoption\fP\ |\ \fB––option=\fP\fIoption\fP] +[\fB\-r\fP\ |\ \fB––rewrite\fP] +[\fB\-S\fP\ |\ \fB––list\-sections\fP] +[\fB\-s\fP\ \fIsection\fP\ |\ \fB––section=\fP\fIsection\fP] +[\fB\-V\fP\ \fIvalue\fP\ |\ \fB––value=\fP\fIvalue\fP] +[\fB\-v\fP\ |\ \fB––version\fP] +.SH DESCRIPTION +.sp +\fBanastasis\-config\fP can be used to read or modify Anastasis configuration files. +.INDENT 0.0 +.TP +\fB\-b\fP \fIBACKEND\fP | \fB––supported\-backend=\fP\fIBACKEND\fP +Tests whether the specified \fIBACKEND\fP is supported by the current installation. +The backend must match the name of a plugin, i.e. “namestore_postgres” for +the Postgres database backend of the “NAMESTORE” service. If \fIBACKEND\fP is +supported, anastasis\-config will return a status code of 0 (success), otherwise +77 (unsupported). When this option is specified, no other options may be +specified. Specifying this option together with other options will cause +anastasis\-config to return a status code of 1 (error). +.TP +\fB\-c\fP \fIFILENAME\fP | \fB––config=\fP\fIFILENAME\fP +Use the configuration file \fIFILENAME\fP\&. +.TP +\fB\-f\fP | \fB––filename\fP +Try to perform expansions as if the option values represent filenames (will +also be applied even if the option is not really a filename). +.TP +\fB\-F\fP | \fB––full\fP +Write the full configuration file, not just the differences to the defaults. +.TP +\fB\-h\fP | \fB––help\fP +Print short help on options. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB––loglevel=\fP\fILOGLEVEL\fP +Use \fILOGLEVEL\fP for logging. +Valid values are \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, and \fBERROR\fP\&. +.TP +\fB\-l\fP \fIFILENAME\fP | \fB––logfile=\fP\fIFILENAME\fP +Send logging output to \fIFILENAME\fP\&. +.TP +\fB\-o\fP \fIOPTION\fP | \fB––option=\fP\fIOPTION\fP +Which configuration option should be accessed or edited. Required to set a +value. If not given, all values of a given section will be printed in the +format “OPTION = VALUE”. +.TP +\fB\-r\fP | \fB––rewrite\fP +Write the configuration file even if nothing changed. Will remove all comments! +.TP +\fB\-S\fP | \fB––list\-sections\fP +List available configuration sections for use with \fB\-\-section\fP\&. +.TP +\fB\-s\fP \fISECTION\fP | \fB––section=\fP\fISECTION\fP +Which configuration section should be accessed or edited. +Required option. +.TP +\fB\-V\fP \fIVALUE\fP | \fB––value=\fP\fIVALUE\fP +Configuration value to store in the given section under the given option. +Must only be given together with \fB\-s\fP and \fB\-o\fP options. +.INDENT 7.0 +.TP +.B Note: +Changing the configuration file with \fB\-V\fP will remove comments +and may reorder sections and remove \fB@INLINE@\fP directives. +.UNINDENT +.TP +\fB\-v\fP | \fB––version\fP +Print Anastasis version number. +.UNINDENT +.SH SEE ALSO +.sp +anastasis.conf(5) +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.anastasis.lu\fP or by sending electronic +mail to <\fI\%contact@anastasis.lu\fP>. +.SH AUTHOR +Anastasis SARL +.SH COPYRIGHT +2020-2021 Anastasis SARL (AGPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/doc/anastasis-figures/anastasis-db.png b/doc/anastasis-figures/anastasis-db.png Binary files differnew file mode 100644 index 0000000..03eed9d --- /dev/null +++ b/doc/anastasis-figures/anastasis-db.png diff --git a/doc/anastasis-figures/anastasis_challenge_payment.png b/doc/anastasis-figures/anastasis_challenge_payment.png Binary files differnew file mode 100644 index 0000000..a0593eb --- /dev/null +++ b/doc/anastasis-figures/anastasis_challenge_payment.png diff --git a/doc/anastasis-figures/anastasis_challengecode.png b/doc/anastasis-figures/anastasis_challengecode.png Binary files differnew file mode 100644 index 0000000..fc30f4f --- /dev/null +++ b/doc/anastasis-figures/anastasis_challengecode.png diff --git a/doc/anastasis-figures/anastasis_reducer_backup.png b/doc/anastasis-figures/anastasis_reducer_backup.png Binary files differnew file mode 100644 index 0000000..53daf7c --- /dev/null +++ b/doc/anastasis-figures/anastasis_reducer_backup.png diff --git a/doc/anastasis-figures/anastasis_reducer_recovery.png b/doc/anastasis-figures/anastasis_reducer_recovery.png Binary files differnew file mode 100644 index 0000000..b08c763 --- /dev/null +++ b/doc/anastasis-figures/anastasis_reducer_recovery.png diff --git a/doc/anastasis-figures/anastasis_truth.png b/doc/anastasis-figures/anastasis_truth.png Binary files differnew file mode 100644 index 0000000..7f23fa2 --- /dev/null +++ b/doc/anastasis-figures/anastasis_truth.png diff --git a/doc/anastasis-figures/anastasis_truth_payment.png b/doc/anastasis-figures/anastasis_truth_payment.png Binary files differnew file mode 100644 index 0000000..70a6b3d --- /dev/null +++ b/doc/anastasis-figures/anastasis_truth_payment.png diff --git a/doc/anastasis-httpd.1 b/doc/anastasis-httpd.1 new file mode 100644 index 0000000..131be44 --- /dev/null +++ b/doc/anastasis-httpd.1 @@ -0,0 +1,78 @@ +.\" Man page generated from reStructuredText. +. +.TH "ANASTASIS-HTTPD" "1" "Jul 18, 2021" "0.0" "Anastasis" +.SH NAME +anastasis-httpd \- anastasis HTTP backend +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBanastasis\-httpd\fP +.SH DESCRIPTION +.sp +Banastasis\-httpd is a command line tool to run the Anastasis (HTTP +backend). The required configuration and database must exist before +running this command. +.sp +Its options are as follows: +.INDENT 0.0 +.TP +\fB\-C\fP | \fB–connection\-close\fP +Force each HTTP connection to be closed after each request. +.TP +\fB\-c\fP \fIFILENAME\fP | \fB––config=\fP\fIFILENAME\fP +Use the configuration and other resources for the merchant to operate +from FILENAME. +.TP +\fB\-h\fP | \fB––help\fP +Print short help on options. +.TP +\fB\-v\fP | \fB––version\fP +Print version information. +.UNINDENT +.SH SIGNALS +.sp +\fBanastasis\-httpd\fP responds to the following signals: +.INDENT 0.0 +.TP +.B \fBSIGTERM\fP +Sending a SIGTERM to the process will cause it to shutdown cleanly. +.UNINDENT +.SH SEE ALSO +.sp +anastasis\-dbinit(1), anastasis\-config(1), anastasis\-gtk(1), anastasis\-reducer(1) +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.anastasis.lu\fP or by sending +electronic mail to <\fI\%contact@anastasis.lu\fP>. +.SH AUTHOR +Anastasis SARL +.SH COPYRIGHT +2020-2021 Anastasis SARL (AGPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/doc/anastasis-reducer.1 b/doc/anastasis-reducer.1 new file mode 100644 index 0000000..8a79075 --- /dev/null +++ b/doc/anastasis-reducer.1 @@ -0,0 +1,93 @@ +.\" Man page generated from reStructuredText. +. +.TH "ANASTASIS-REDUCER" "1" "Jul 18, 2021" "0.0" "Anastasis" +.SH NAME +anastasis-reducer \- anastasis CLI frontend +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBanastasis\-reducer\fP +[\fB\-a**_*JSON*_|_\fP–arguments=\fIJSON\fP] +[\fB\-b**_|_\fP–backup] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB––config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB––help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB––loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB––logfile=\fP\fIFILENAME\fP] +[\fB\-r**_|_\fP–restore] +[\fB\-v\fP\ |\ \fB––version\fP] COMMAND +.SH DESCRIPTION +.sp +\fBanastasis\-reducer\fP is a command\-line tool to run Anastasis +key recover and backup operations using a reducer\-style interface. +The reducer will read the current state from standard input and +write the resulting state to standard output. A COMMAND must +be given on the command line. The arguments (if any) are to +be given in JSON format to the \fB\-a\fP option. A list of +commands can be found in the \&../reducer +chapter. +.INDENT 0.0 +.TP +\fB\-a\fP \fIJSON\fP | \fB––arguments=\fP\fIJSON\fP +Provide JSON inputs for the given command. +.TP +\fB\-b\fP | \fB–backup\fP +Begin fresh reducer operation for a back up operation. +.TP +\fB\-c\fP \fIFILENAME\fP | \fB––config=\fP\fIFILENAME\fP +Use the configuration from \fIFILENAME\fP\&. +.TP +\fB\-h\fP | \fB––help\fP +Print short help on options. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB––loglevel=\fP\fILOGLEVEL\fP +Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, +\fBWARNING\fP, \fBERROR\fP\&. +.TP +\fB\-l\fP \fIFILENAME\fP | \fB––logfile=\fP\fIFILENAME\fP +Send logging output to \fIFILENAME\fP\&. +.TP +\fB\-r\fP | \fB–restore\fP +Begin fresh reducer operation for a restore operation. +.TP +\fB\-v\fP | \fB––version\fP +Print version information. +.UNINDENT +.SH SEE ALSO +.sp +anastasis\-gtk(1), anastasis\-httpd(1), anastasis.conf(5). +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.anastasis.lu/\fP or by sending electronic +mail to <\fI\%contact@anastasis.lu\fP>. +.SH AUTHOR +Anastasis SARL +.SH COPYRIGHT +2020-2021 Anastasis SARL (AGPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/doc/anastasis.conf.5 b/doc/anastasis.conf.5 new file mode 100644 index 0000000..446531a --- /dev/null +++ b/doc/anastasis.conf.5 @@ -0,0 +1,151 @@ +.\" Man page generated from reStructuredText. +. +.TH "ANASTASIS.CONF" "5" "Jul 18, 2021" "0.0" "Anastasis" +.SH NAME +anastasis.conf \- anastasis configuration file +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH DESCRIPTION +.sp +The configuration file is line\-oriented. +Blank lines and whitespace at the beginning and end of a line are ignored. +Comments start with \fB#\fP or \fB%\fP in the first column +(after any beginning\-of\-line whitespace) and go to the end of the line. +.sp +The file is split into sections. +Every section begins with “[SECTIONNAME]” and +contains a number of options of the form “OPTION=VALUE”. +There may be whitespace around the \fB=\fP (equal sign). +Section names and options are \fIcase\-insensitive\fP\&. +.sp +The values, however, are \fIcase\-sensitive\fP\&. +In particular, boolean values are one of \fBYES\fP or \fBNO\fP\&. +Values can include whitespace by surrounding +the entire value with \fB"\fP (double quote). +Note, however, that there are no escape characters in such strings; +all characters between the double quotes (including other double quotes) +are taken verbatim. +.sp +Values that represent filenames can begin with a \fB/bin/sh\fP\-like +variable reference. +This can be simple, such as \fB$TMPDIR/foo\fP, or complex, +such as \fB${TMPDIR:\-${TMP:\-/tmp}}/foo\fP\&. +See \fB[PATHS]\fP (below). +.sp +Values that represent a time duration are represented as a series of one or +more \fBNUMBER UNIT\fP pairs, e.g. \fB60 s\fP, \fB4 weeks 1 day\fP, \fB5 years 2 minutes\fP\&. +.sp +Values that represent an amount are in the usual amount syntax: +\fBCURRENCY:VALUE.FRACTION\fP, e.g. \fBEUR:1.50\fP\&. +The \fBFRACTION\fP portion may extend up to 8 places. +.sp +Files containing default values for many of the options described below +are installed under \fB$ANASTASIS_PREFIX/share/taler/config.d/\fP\&. +The configuration file given with \fB\-c\fP to Anastasis binaries +overrides these defaults. +.sp +A configuration file may include another, by using the \fB@INLINE@\fP directive, +for example, in \fBmain.conf\fP, you could write \fB@INLINE@ sub.conf\fP to +include the entirety of \fBsub.conf\fP at that point in \fBmain.conf\fP\&. +.. TODO: Document ‘anastasis\-config \-V’ in light of ‘@INLINE@’ in taler\-config(1). +.SS GLOBAL OPTIONS +.sp +The following options are from the \fB[anastasis]\fP section and used by +the \fBanastasis\-httpd\fP service. +.INDENT 0.0 +.TP +.B PAYMENT_BACKEND_URL +Base\-URL of the Taler merchant backend instance to use for payments. +FIXME: How do we pass the access token? +.TP +.B ANNUAL_FEE +Annual fee to be paid for policy uploads, i.e. “EUR:1.5”. +.TP +.B TRUTH_UPLOAD_FEE +Annual fee to be paid for truth uploads, i.e. “EUR:1.5”. +.TP +.B DB +Database backend to use, only \fBpostgres\fP is supported right now. +.TP +.B UPLOAD_LIMIT_MB +Maximum upload size for policy uploads in megabytes. Default is 1. +.TP +.B ANNUAL_POLICY_UPLOAD_LIMIT +Maximum number of policies uploaded per year of service. Default is 42. +.TP +.B BUSINESS_NAME +Name of the business. +.TP +.B SERVER_SALT +Must be set to a high\-entropy random server salt that the provider must never +change after the initial configuration. +.TP +.B PORT +TCP port on which the HTTP service should listen on. +.UNINDENT +.SS Authorization options +.sp +For each active authorization plugin, options must be configured in +a section called \fB[authorization\-$PLUGIN]\fP where \fB$PLUGIN\fP is +the name of the authorization plugin. +.INDENT 0.0 +.TP +.B COST +Fee the user has to pay to obtain a challenge from this +authorization plugin during recovery. +.TP +.B ENABLED +\fByes\fP to enable this plugin, \fBno\fP to disable. +.TP +.B COMMAND +Helper command to run (only relevant for some plugins). +.UNINDENT +.SS Postgres database configuration +.sp +The following options must be in the section \fB[statis\-postgres]\fP if +\fBpostgress\fP was used for the database under \fBDB\fP in the +\fB[anastasis]\fP section. +.INDENT 0.0 +.TP +.B CONFIG +Path under which the Postgres database is that the service +should use, i.e. \fBpostgres://anastasis\fP\&. +.UNINDENT +.SH SEE ALSO +.sp +anastasis\-httpd(1), anastasis\-config(1) +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.anastasis.lu/\fP or by sending electronic +mail to <\fI\%contact@anastasis.lu\fP>. +.SH AUTHOR +Anastasis SARL +.SH COPYRIGHT +2020-2021 Anastasis SARL (AGPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/doc/anastasis.texi b/doc/anastasis.texi new file mode 100644 index 0000000..a5d8b11 --- /dev/null +++ b/doc/anastasis.texi @@ -0,0 +1,6093 @@ +\input texinfo @c -*-texinfo-*- +@c %**start of header +@setfilename anastasis.info +@documentencoding UTF-8 +@ifinfo +@*Generated by Sphinx 3.4.3.@* +@end ifinfo +@settitle Anastasis Manual +@defindex ge +@paragraphindent 0 +@exampleindent 4 +@finalout +@dircategory CATEGORY +@direntry +* MENU ENTRY: (anastasis.info). DESCRIPTION +@end direntry + +@definfoenclose strong,`,' +@definfoenclose emph,`,' +@c %**end of header + +@copying +@quotation +GNU Anastasis 0.0.0, Jul 30, 2021 + +Anastasis SARL + +Copyright @copyright{} 2020-2021 Anastasis SARL (AGPLv3+ or GFDL 1.3+) +@end quotation + +@end copying + +@titlepage +@title Anastasis Manual +@insertcopying +@end titlepage +@contents + +@c %** start of user preamble + +@c %** end of user preamble + +@ifnottex +@node Top +@top Anastasis Manual +@insertcopying +@end ifnottex + +@c %**start of body +@anchor{index doc}@anchor{0} +@c This file is part of GNU Anastasis. +@c Copyright (C) 2020-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff + +GNU Anastasis is Free Software protocol and implementation that allows +users to securely deposit @strong{core secrets} with an open set of escrow +providers and to recover these secrets if their original copies are +lost. + +Anastasis is intended for users that want to make backups of key +material, such as OpenPGP encryption keys, hard disk encryption keys +or master keys of electronic wallets. Anastasis is NOT intended to +store large amounts of secret data, it is only designed to safeguard +key material. + +Anastasis solves the issue of keeping key material both available +to the authorized user(s), and confidential from anyone else. + +With Anastasis, the @strong{core secrets} are protected from the Anastasis +escrow providers by encrypting each with a @strong{master key}. The +@strong{master key} can be split and distributed across the escrow +providers to ensure that no single escrow provider can recover the +@strong{master key} on its own. Which subset(s) of Anastasis providers +must be contacted to recover a @strong{master key} is freely configurable. + +With Anastasis, users can reliably recover their @strong{core secret}, +while Anastasis makes this difficult for everyone else. This is even +true if the user is unable to reliably remember any secret with +sufficiently high entropy: Anastasis does not simply reduce the +problem to encrypting the @strong{core secret} using some other key +material in possession of the user. + +@menu +* Documentation Overview:: + +@detailmenu + --- The Detailed Node Listing --- + +Documentation Overview + +* Introduction:: +* Installation:: +* Configuration:: +* Cryptography:: +* REST API:: +* Reducer API:: +* Authentication Methods:: +* DB Schema:: +* Design Documents:: +* Anastasis licensing information:: +* Man Pages:: +* Complete Index:: +* GNU Free Documentation License:: + +Introduction + +* User Identifiers:: +* Adversary models:: +* The recovery document:: + +Installation + +* Installing from source:: +* Installing Anastasis binary packages on Debian:: +* Installing Anastasis binary packages on Ubuntu:: + +Installing from source + +* Installing GNUnet:: +* Installing the Taler Exchange:: +* Installing the Taler Merchant:: +* Installing Anastasis:: +* Installing GNUnet-gtk:: +* Installing Anastasis-gtk:: + +Installing Anastasis binary packages on Debian + +* Installing the graphical front-end:: +* Installing the backend:: + +Installing Anastasis binary packages on Ubuntu + +* Installing the graphical front-end: Installing the graphical front-end<2>. +* Installing the backend: Installing the backend<2>. + +Configuration + +* Configuration format:: +* Using anastasis-config:: + +Cryptography + +* Key derivations:: +* Key Usage:: +* Availability Considerations:: + +Key derivations + +* Verification:: +* Encryption:: + +Key Usage + +* Encryption: Encryption<2>. +* Signatures:: + +REST API + +* HTTP Request and Response:: +* Protocol Version Ranges:: +* Common encodings:: + +Common encodings + +* Binary Data:: +* Hash codes:: +* Large numbers:: +* Timestamps:: +* Integers:: +* Objects:: +* Keys:: +* Signatures: Signatures<2>. +* Amounts:: +* Time:: +* Cryptographic primitives:: +* Signatures: Signatures<3>. +* Receiving Configuration:: +* Receiving Terms of Service:: +* Manage policy:: +* Managing truth:: + +Reducer API + +* States:: +* Backup Reducer:: +* Recovery Reducer:: +* Reducer transitions:: + +Reducer transitions + +* Initial state:: +* Common transitions:: +* Backup transitions:: +* Recovery transitions:: + +Authentication Methods + +* SMS (sms): SMS sms. +* Email verification (email): Email verification email. +* Video identification (vid): Video identification vid. +* Security question (qa): Security question qa. +* Snail mail verification (post): Snail mail verification post. + +Design Documents + +* Design Doc 001; Anastasis User Experience: Design Doc 001 Anastasis User Experience. +* Template:: + +Design Doc 001: Anastasis User Experience + +* Summary:: +* Motivation:: +* Setup Steps:: +* Show Service Status After Setup:: +* Recovery Steps:: + +Setup Steps + +* Entry point; Settings: Entry point Settings. +* Providing Identification:: +* Add Authentication Methods:: +* Confirm/Change Service Providers:: +* Defining Recovery Options:: +* Pay for Setup:: + +Recovery Steps + +* Entry point; Settings: Entry point Settings<2>. +* Providing Identification: Providing Identification<2>. +* Select Authentication Challenge:: +* Payment:: +* Enter Challenge Response:: +* Success:: + +Template + +* Summary: Summary<2>. +* Motivation: Motivation<2>. +* Requirements:: +* Proposed Solution:: +* Alternatives:: +* Drawbacks:: +* Discussion / Q&A:: + +Anastasis licensing information + +* Anastasis (git;//git.taler.net/anastasis): Anastasis git //git taler net/anastasis. +* Anastasis-gtk (git;//git.taler.net/anastasis-gtk): Anastasis-gtk git //git taler net/anastasis-gtk. +* Documentation:: + +Anastasis (git://git.taler.net/anastasis) + +* Runtime dependencies:: + +Anastasis-gtk (git://git.taler.net/anastasis-gtk) + +* Runtime dependencies: Runtime dependencies<2>. + +Man Pages + +* anastasis-config(1): anastasis-config 1. +* anastasis-gtk(1): anastasis-gtk 1. +* anastasis-httpd(1): anastasis-httpd 1. +* anastasis-reducer(1): anastasis-reducer 1. +* anastasis.conf(5): anastasis conf 5. + +anastasis-config(1) + +* Synopsis:: +* Description:: +* See Also:: +* Bugs:: + +anastasis-gtk(1) + +* Synopsis: Synopsis<2>. +* Description: Description<2>. +* See Also: See Also<2>. +* Bugs: Bugs<2>. + +anastasis-httpd(1) + +* Synopsis: Synopsis<3>. +* Description: Description<3>. +* Signals:: +* See also:: +* Bugs: Bugs<3>. + +anastasis-reducer(1) + +* Synopsis: Synopsis<4>. +* Description: Description<4>. +* See Also: See Also<3>. +* Bugs: Bugs<4>. + +anastasis.conf(5) + +* Description: Description<5>. +* SEE ALSO:: +* BUGS:: + +Description + +* GLOBAL OPTIONS:: +* Authorization options:: +* Postgres database configuration:: + +GNU Free Documentation License + +* 0. PREAMBLE: 0 PREAMBLE. +* 1. APPLICABILITY AND DEFINITIONS: 1 APPLICABILITY AND DEFINITIONS. +* 2. VERBATIM COPYING: 2 VERBATIM COPYING. +* 3. COPYING IN QUANTITY: 3 COPYING IN QUANTITY. +* 4. MODIFICATIONS: 4 MODIFICATIONS. +* 5. COMBINING DOCUMENTS: 5 COMBINING DOCUMENTS. +* 6. COLLECTIONS OF DOCUMENTS: 6 COLLECTIONS OF DOCUMENTS. +* 7. AGGREGATION WITH INDEPENDENT WORKS: 7 AGGREGATION WITH INDEPENDENT WORKS. +* 8. TRANSLATION: 8 TRANSLATION. +* 9. TERMINATION: 9 TERMINATION. +* 10. FUTURE REVISIONS OF THIS LICENSE: 10 FUTURE REVISIONS OF THIS LICENSE. +* 11. RELICENSING: 11 RELICENSING. +* ADDENDUM; How to use this License for your documents: ADDENDUM How to use this License for your documents. + +@end detailmenu +@end menu + +@node Documentation Overview,,Top,Top +@anchor{index anastasis-documentation}@anchor{1}@anchor{index documentation-overview}@anchor{2} +@chapter Documentation Overview + + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@menu +* Introduction:: +* Installation:: +* Configuration:: +* Cryptography:: +* REST API:: +* Reducer API:: +* Authentication Methods:: +* DB Schema:: +* Design Documents:: +* Anastasis licensing information:: +* Man Pages:: +* Complete Index:: +* GNU Free Documentation License:: + +@end menu + +@node Introduction,Installation,,Documentation Overview +@anchor{introduction doc}@anchor{3}@anchor{introduction introduction}@anchor{4} +@section Introduction + + +To understand how Anastasis works, you need to understand three key +concepts: user identifiers, our adversary model and the role of the +recovery document. + +@menu +* User Identifiers:: +* Adversary models:: +* The recovery document:: + +@end menu + +@node User Identifiers,Adversary models,,Introduction +@anchor{introduction user-identifiers}@anchor{5} +@subsection User Identifiers + + +To uniquely identify users, an “unforgettable” @strong{identifier} is used. This +identifier should be difficult to guess for anybody but the user. However, the +@strong{identifier} is not expected to have sufficient entropy or secrecy to be +cryptographically secure. Examples for such identifier would be a +concatenation of the full name of the user and their social security or +passport number(s). For Swiss citizens, the AHV number could also be used. + +@node Adversary models,The recovery document,User Identifiers,Introduction +@anchor{introduction adversary-models}@anchor{6} +@subsection Adversary models + + +The adversary model of Anastasis has two types of adversaries: weak +adversaries which do not know the user’s @strong{identifier}, and strong +adversaries which somehow do know a user’s @strong{identifier}. For weak +adversaries the system guarantees full confidentiality. For strong +adversaries, breaking confidentiality additionally requires that Anastasis +escrow providers must have colluded. The user is able to specify a set of +@strong{policies} which determine which Anastasis escrow providers would need to +collude to break confidentiality. These policies also set the bar for the user +to recover their core secret. + +@node The recovery document,,Adversary models,Introduction +@anchor{introduction the-recovery-document}@anchor{7} +@subsection The recovery document + + +A @strong{recovery document} includes all of the information a user needs to +recover access to their core secret. It specifies a set of @strong{escrow +methods}, which specify how the user should convince the Anastasis server +that they are “real”. Escrow methods can for example include SMS-based +verification, video identification or a security question. For each escrow +method, the Anastasis server is provided with @strong{truth}, that is data the +Anastasis operator may learn during the recovery process to authenticate the +user. Examples for truth would be a phone number (for SMS), a picture of the +user (for video identification), or the (hash of) a security answer. A strong +adversary is assumed to be able to learn the truth, while weak adversaries +must not. In addition to a set of escrow methods and associated Anastasis +server operators, the @strong{recovery document} also specifies @strong{policies}, which +describe the combination(s) of the escrow methods that suffice to obtain +access to the core secret. For example, a @strong{policy} could say that the +escrow methods (A and B) suffice, and a second policy may permit (A and C). A +different user may choose to use the policy that (A and B and C) are all +required. Anastasis imposes no limit on the number of policies in a +@strong{recovery document}, or the set of providers or escrow methods involved in +guarding a user’s secret. Weak adversaries must not be able to deduce +information about a user’s @strong{recovery document} (except for its length, which +may be exposed to an adversary which monitors the user’s network traffic). + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@node Installation,Configuration,Introduction,Documentation Overview +@anchor{installation doc}@anchor{8}@anchor{installation installation}@anchor{9} +@section Installation + + +Please install the following packages before proceeding with the +exchange compilation. + + +@itemize - + +@item +libsqlite3 >= 3.16.2 + +@item +GNU libunistring >= 0.9.3 + +@item +libcurl >= 7.26 (or libgnurl >= 7.26) + +@item +libqrencode >= 4.0.0 + +@item +GNU libgcrypt >= 1.6 + +@item +libsodium >= 1.0 + +@item +libargon2 >= 20171227 + +@item +libjansson >= 2.7 + +@item +Postgres >= 9.6, including libpq + +@item +GNU libmicrohttpd >= 0.9.71 + +@item +GNUnet >= 0.14.0 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) + +@item +GNU Taler exchange + +@item +GNU Taler merchant backend +@end itemize + +Except for the last two, these are available in most GNU/Linux distributions +and should just be installed using the respective package manager. + +@menu +* Installing from source:: +* Installing Anastasis binary packages on Debian:: +* Installing Anastasis binary packages on Ubuntu:: + +@end menu + +@node Installing from source,Installing Anastasis binary packages on Debian,,Installation +@anchor{installation installing-from-source}@anchor{a} +@subsection Installing from source + + +The following instructions will show how to install libgnunetutil and +the GNU Taler exchange from source. + +@menu +* Installing GNUnet:: +* Installing the Taler Exchange:: +* Installing the Taler Merchant:: +* Installing Anastasis:: +* Installing GNUnet-gtk:: +* Installing Anastasis-gtk:: + +@end menu + +@node Installing GNUnet,Installing the Taler Exchange,,Installing from source +@anchor{installation installing-gnunet}@anchor{b} +@subsubsection Installing GNUnet + + +Before you install GNUnet, you must download and install the dependencies +mentioned in the previous section, otherwise the build may succeed, but could +fail to export some of the tooling required by GNU Taler. + +To install GNUnet, unpack the tarball and change +into the resulting directory, then proceed as follows: + +@example +$ ./configure [--prefix=GNUNETPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +# ldconfig +@end example + +If you did not specify a prefix, GNUnet will install to @code{/usr/local}, +which requires you to run the last step as @code{root}. +The @code{ldconfig} command (also run as @code{root}) makes the +shared object libraries (@code{.so} files) +visible to the various installed programs. + +@node Installing the Taler Exchange,Installing the Taler Merchant,Installing GNUnet,Installing from source +@anchor{installation installing-the-taler-exchange}@anchor{c} +@subsubsection Installing the Taler Exchange + + +After installing GNUnet, unpack the GNU Taler exchange tarball, +change into the resulting directory, and proceed as follows: + +@example +$ ./configure [--prefix=EXCHANGEPFX] \ + [--with-gnunet=GNUNETPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +@end example + +If you did not specify a prefix, the exchange will install to @code{/usr/local}, +which requires you to run the last step as @code{root}. You have to specify +@code{--with-gnunet=/usr/local} if you installed GNUnet to @code{/usr/local} in the +previous step. + +@node Installing the Taler Merchant,Installing Anastasis,Installing the Taler Exchange,Installing from source +@anchor{installation installing-the-taler-merchant}@anchor{d} +@subsubsection Installing the Taler Merchant + + +GNU Taler merchant has these additional dependencies: + + +@itemize - + +@item +libqrencode >= 4.0.0 +@end itemize + +The following steps assume all dependencies are installed. + +First, unpack the GNU Taler merchant tarball and change into +the resulting directory. +Then, use the following commands to build and install the merchant backend: + +@example +$ ./configure [--prefix=PFX] \ + [--with-gnunet=GNUNETPFX] \ + [--with-exchange=EXCHANGEPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +@end example + +If you did not specify a prefix, the exchange will install to +@code{/usr/local}, which requires you to run the last step as @code{root}. + +You have to specify @code{--with-exchange=/usr/local} and/or +@code{--with-gnunet=/usr/local} if you installed the exchange and/or +GNUnet to @code{/usr/local} in the previous steps. + +Depending on the prefixes you specified for the installation and the +distribution you are using, you may have to edit @code{/etc/ld.so.conf}, adding +lines for @code{GNUNETPFX/lib/} and @code{EXCHANGEPFX/lib/} and @code{PFX/lib/} +(replace the prefixes with the actual paths you used). Afterwards, you should +run @code{ldconfig}. Without this step, it is possible that the linker may not +find the installed libraries and launching the Taler merchant backend would +then fail. + +@node Installing Anastasis,Installing GNUnet-gtk,Installing the Taler Merchant,Installing from source +@anchor{installation installing-anastasis}@anchor{e} +@subsubsection Installing Anastasis + + +The following steps assume all dependencies are installed. + +First, unpack the Anastasis tarball and change into +the resulting directory. +Then, use the following commands to build and install Anastasis: + +@example +$ ./configure [--prefix=PFX] \ + [--with-gnunet=GNUNETPFX] \ + [--with-exchange=EXCHANGEPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +@end example + +If you did not specify a prefix, Anastasis will be installed to +@code{/usr/local}, which requires you to run the last step as @code{root}. + +You have to specify @code{--with-exchange=/usr/local} and/or +@code{--with-gnunet=/usr/local} if you installed the exchange and/or +GNUnet to @code{/usr/local} in the previous steps. + +Depending on the prefixes you specified for the installation and the +distribution you are using, you may have to edit @code{/etc/ld.so.conf}, adding +lines for @code{GNUNETPFX/lib/} and @code{EXCHANGEPFX/lib/} and @code{PFX/lib/} +(replace the prefixes with the actual paths you used). Afterwards, you should +run @code{ldconfig}. Without this step, it is possible that the linker may not +find the installed libraries and launching the Anastasis backend would +then fail. + +@node Installing GNUnet-gtk,Installing Anastasis-gtk,Installing Anastasis,Installing from source +@anchor{installation installing-gnunet-gtk}@anchor{f} +@subsubsection Installing GNUnet-gtk + + +The following steps assume at least the GNUnet and Gtk+ dependencies are installed. + +First, unpack the gnunet-gtk tarball and change into the resulting directory. +Then, use the following commands to build and install gnunet-gtk: + +@example +$ ./configure [--prefix=$PFX] \ + [--with-gnunet=$GNUNETPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +@end example + +It is highly recommended to use the same prefix ($PFX) for gnunet-gtk that was +used for GNUnet ($GNUNETPFX). If you did not specify a prefix, gnunet-gtk +will be installed to @code{/usr/local}, which requires you to run the last step +as @code{root}. + +You have to specify @code{--with-gnunet=/usr/local} if you installed +GNUnet to @code{/usr/local} in the previous steps. + +Depending on the prefixes you specified for the installation and the +distribution you are using, you may have to edit @code{/etc/ld.so.conf}, adding +lines for @code{$GNUNETPFX/lib/} and @code{$PFX/lib/} (replace the prefixes with the +actual paths you used). Afterwards, you should run @code{ldconfig}. Without this +step, it is possible that the linker may not find the installed libraries and +launching gnunet-gtk would then fail. + +@node Installing Anastasis-gtk,,Installing GNUnet-gtk,Installing from source +@anchor{installation installing-anastasis-gtk}@anchor{10} +@subsubsection Installing Anastasis-gtk + + +The following steps assume at least the GNUnet, gnunet-gtk and Anastasis +dependencies are installed. + +First, unpack the anastasis-gtk tarball and change into the resulting +directory. Then, use the following commands to build and install +anastasis-gtk: + +@example +$ ./configure [--prefix=PFX] \ + [--with-gnunet=GNUNETPFX] \ + [--with-exchange=EXCHANGEPFX] \ + [--with-anastasis=ANASTASISPFX] +$ # Each dependency can be fetched from non standard locations via +$ # the '--with-<LIBNAME>' option. See './configure --help'. +$ make +# make install +@end example + +If you did not specify a prefix, anastasis-gtk will be installed to +@code{/usr/local}, which requires you to run the last step as @code{root}. + +You have to specify @code{-with-anastasis=/usr/local}, @code{--with-exchange=/usr/local} and/or +@code{--with-gnunet=/usr/local} if you installed the exchange and/or +GNUnet to @code{/usr/local} in the previous steps. + +Depending on the prefixes you specified for the installation and the +distribution you are using, you may have to edit @code{/etc/ld.so.conf}, adding +lines for @code{GNUNETPFX/lib/} and @code{EXCHANGEPFX/lib/} and @code{PFX/lib/} +(replace the prefixes with the actual paths you used). Afterwards, you should +run @code{ldconfig}. Without this step, it is possible that the linker may not +find the installed libraries and launching anastasis-gtk would then fail. + +@node Installing Anastasis binary packages on Debian,Installing Anastasis binary packages on Ubuntu,Installing from source,Installation +@anchor{installation installing-anastasis-binary-packages-on-debian}@anchor{11} +@subsection Installing Anastasis binary packages on Debian + + +To install the GNU Taler Debian packages, first ensure that you have +the right Debian distribution. At this time, the packages are built for +Sid, which means you should use a system which at least includes +unstable packages in its source list. We recommend using APT pinning +to limit unstable packages to those explicitly requested. To do this, +set your @code{/etc/apt/preferences} as follows: + +@example +Package: * +Pin: release a=stable +Pin-Priority: 700 + +Package: * +Pin: release a=testing +Pin-Priority: 650 + +Package: * +Pin: release a=unstable +Pin-Priority: 600 + +Package: * +Pin: release l=Debian-Security +Pin-Priority: 1000 +@end example + +A typical @code{/etc/apt/sources.list} file for this setup +which combines Debian stable with more recent packages +from testing and unstable would look like this: + +@example +deb http://ftp.ch.debian.org/debian/ buster main +deb http://security.debian.org/debian-security buster/updates main +deb http://ftp.ch.debian.org/debian/ testing main +deb http://ftp.ch.debian.org/debian/ unstable main +@end example + +Naturally, you may want to use different mirrors depending on your region. +Additionally, you must add a file to import the GNU Taler packages. Typically, +this is done by adding a file @code{/etc/apt/sources.list.d/taler.list} that +looks like this: + +@example +deb https://deb.taler.net/apt/debian sid main +@end example + +Next, you must import the Taler Systems SA public package signing key +into your keyring and update the package lists: + +@example +# wget -O - https://taler.net/taler-systems.gpg.key | apt-key add - +# apt update +@end example + +@cartouche +@quotation Note +You may want to verify the correctness of the Taler Systems key out-of-band. +@end quotation +@end cartouche + +Now your system is ready to install the official GNU Taler binary packages +using apt. + +@menu +* Installing the graphical front-end:: +* Installing the backend:: + +@end menu + +@node Installing the graphical front-end,Installing the backend,,Installing Anastasis binary packages on Debian +@anchor{installation installing-the-graphical-front-end}@anchor{12} +@subsubsection Installing the graphical front-end + + +To install the Anastasis Gtk+ frontend, you can simply run: + +@example +# apt install anastasis-gtk +@end example + +To use @code{anastasis-gtk}, you can simply run: + +@example +$ anastasis-gtk +@end example + +@node Installing the backend,,Installing the graphical front-end,Installing Anastasis binary packages on Debian +@anchor{installation installing-the-backend}@anchor{13} +@subsubsection Installing the backend + + +If you want to install the Anastasis backend-end (which normal users do not +need), you should run: + +@example +# apt install -t sid anastasis-httpd +@end example + +Note that the latter package does not perform all of the configuration work. +It does setup the user users and the systemd service scripts, but you still +must configure the database backup, HTTP reverse proxy (typically with TLS +certificates), Taler merchant backend for payments, authentication services, +prices and the terms of service. + +Sample configuration files for the HTTP reverse proxy can be found in +@code{/etc/anastasis.conf}. + +Note that the package does not complete the integration of the backend +with the HTTP reverse proxy (typically with TLS certificates). A +configuration fragment for Nginx or Apache will be placed in +@code{/etc/@{apache,nginx@}/conf-available/anastasis.conf}. + +To operate an Anastasis backend with payments, you additionally +need to install a Taler merchant backend via: + +@example +# apt install -t sid taler-merchant-httpd +@end example + +@node Installing Anastasis binary packages on Ubuntu,,Installing Anastasis binary packages on Debian,Installation +@anchor{installation installing-anastasis-binary-packages-on-ubuntu}@anchor{14} +@subsection Installing Anastasis binary packages on Ubuntu + + +To install the GNU Taler Ubuntu packages, first ensure that you have +the right Ubuntu distribution. At this time, the packages are built for +Ubuntu 20.04 LTS (Focal Fossa). + +A typical @code{/etc/apt/sources.list.d/taler.list} file for this setup +would look like this: + +@example +deb https://deb.taler.net/apt/ubuntu/ focal-fossa main +@end example + +The last line is crucial, as it adds the GNU Taler packages. + +Next, you must import the Taler Systems SA public package signing key +into your keyring and update the package lists: + +@example +# wget -O - https://taler.net/taler-systems.gpg.key | apt-key add - +# apt update +@end example + +@cartouche +@quotation Note +You may want to verify the correctness of the Taler Systems key out-of-band. +@end quotation +@end cartouche + +Now your system is ready to install the official GNU Taler binary packages +using apt. + +@menu +* Installing the graphical front-end: Installing the graphical front-end<2>. +* Installing the backend: Installing the backend<2>. + +@end menu + +@node Installing the graphical front-end<2>,Installing the backend<2>,,Installing Anastasis binary packages on Ubuntu +@anchor{installation id1}@anchor{15} +@subsubsection Installing the graphical front-end + + +To install the Anastasis front-end, you can now simply run: + +@example +# apt install -t focal-fossa anastasis-gtk +@end example + +To use @code{anastasis-gtk}, you can simply run: + +@example +$ anastasis-gtk +@end example + +@node Installing the backend<2>,,Installing the graphical front-end<2>,Installing Anastasis binary packages on Ubuntu +@anchor{installation id2}@anchor{16} +@subsubsection Installing the backend + + +If you want to install the Anastasis backend-end (which normal users do not +need), you should run: + +@example +# apt install -t focal-fossa anastasis-httpd +@end example + +Note that the latter package does not perform all of the configuration work. +It does setup the user users and the systemd service scripts, but you still +must configure the database backup, HTTP reverse proxy (typically with TLS +certificates), Taler merchant backend for payments, authentication services, +prices and the terms of service. + +Sample configuration files for the HTTP reverse proxy can be found in +@code{/etc/anastasis.conf}. + +To operate an Anastasis backend with payments, you additionally +need to install a Taler merchant backend via: + +@example +# apt install -t sid taler-merchant-httpd +@end example + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@node Configuration,Cryptography,Installation,Documentation Overview +@anchor{configuration doc}@anchor{17}@anchor{configuration configuration}@anchor{18} +@section Configuration + + +Details about the contents of the configuration file are describe in +the @code{anastasis.conf(5)} chapter. This chapter only describes the +configuration format. + +@menu +* Configuration format:: +* Using anastasis-config:: + +@end menu + +@node Configuration format,Using anastasis-config,,Configuration +@anchor{configuration configuration-format}@anchor{19} +@subsection Configuration format + + +In Taler realm, any component obeys to the same pattern to get +configuration values. According to this pattern, once the component has +been installed, the installation deploys default values in +$@{prefix@}/share/taler/config.d/, in .conf files. In order to override +these defaults, the user can write a custom .conf file and either pass +it to the component at execution time, or name it taler.conf and place +it under $HOME/.config/. + +A config file is a text file containing sections, and each section +contains its values. The right format follows: + +@example +[section1] +value1 = string +value2 = 23 + +[section2] +value21 = string +value22 = /path22 +@end example + +Throughout any configuration file, it is possible to use @code{$}-prefixed +variables, like @code{$VAR}, especially when they represent filesystem +paths. It is also possible to provide defaults values for those +variables that are unset, by using the following syntax: +@code{$@{VAR:-default@}}. However, there are two ways a user can set +@code{$}-prefixable variables: + +by defining them under a @code{[paths]} section, see example below, + +@example +[paths] +TALER_DEPLOYMENT_SHARED = $@{HOME@}/shared-data +.. +[section-x] +path-x = $@{TALER_DEPLOYMENT_SHARED@}/x +@end example + +or by setting them in the environment: + +@example +$ export VAR=/x +@end example + +The configuration loader will give precedence to variables set under +@code{[path]}, though. + +The utility @code{taler-config}, which gets installed along with the +exchange, serves to get and set configuration values without directly +editing the .conf. The option @code{-f} is particularly useful to resolve +pathnames, when they use several levels of @code{$}-expanded variables. See +@code{taler-config --help}. + +Note that, in this stage of development, the file +@code{$HOME/.config/taler.conf} can contain sections for @emph{all} the +component. For example, both an exchange and a bank can read values from +it. + +The repository @code{git://taler.net/deployment} contains examples of +configuration file used in our demos. See under @code{deployment/config}. + +@quotation + +@strong{Note} + +Expectably, some components will not work just by using default +values, as their work is often interdependent. For example, a +merchant needs to know an exchange URL, or a database name. +@end quotation + +@node Using anastasis-config,,Configuration format,Configuration +@anchor{configuration using-anastasis-config}@anchor{1a} +@subsection Using anastasis-config + + +The tool @code{anastasis-config} can be used to extract or manipulate +configuration values; however, the configuration use the well-known INI +file format and can also be edited by hand. + +Run + +@example +$ anastasis-config -s $SECTION +@end example + +to list all of the configuration values in section @code{$SECTION}. + +Run + +@example +$ anastasis-config -s $section -o $option +@end example + +to extract the respective configuration value for option @code{$option} in +section @code{$section}. + +Finally, to change a setting, run + +@example +$ anastasis-config -s $section -o $option -V $value +@end example + +to set the respective configuration value to @code{$value}. Note that you +have to manually restart the Taler backend after you change the +configuration to make the new configuration go into effect. + +Some default options will use $-variables, such as @code{$DATADIR} within +their value. To expand the @code{$DATADIR} or other $-variables in the +configuration, pass the @code{-f} option to @code{anastasis-config}. For example, +compare: + +@example +$ anastasis-config -s ACCOUNT-bank \ + -o WIRE_RESPONSE +$ anastasis-config -f -s ACCOUNT-bank \ + -o WIRE_RESPONSE +@end example + +While the configuration file is typically located at +@code{$HOME/.config/taler.conf}, an alternative location can be specified +to @code{taler-merchant-httpd} and @code{anastasis-config} using the @code{-c} +option. + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@node Cryptography,REST API,Configuration,Documentation Overview +@anchor{cryptography doc}@anchor{1b}@anchor{cryptography cryptography}@anchor{1c} +@section Cryptography + + +When a user needs to interact with Anastasis, the system first derives some key +material, but not the master secret, from the user’s @strong{identifier} using +different HKDFs. These HKDFs are salted using the respective escrow +provider’s @strong{server salt}, which ensures that the accounts for the same user +cannot be easily correlated across the various Anastasis servers. + +Each Anastasis server uses an EdDSA @strong{account key} to identify the account of +the user. The account private key is derived from the user’s @strong{identifier} using +a computationally expensive cryptographic hash function. Using an +expensive hash algorithm is assumed to make it infeasible for a weak adversary to +determine account keys by brute force (without knowing the user’s identifier). +However, it is assumed that a strong adversary performing a targeted attack can +compute the account key pair. + +The public account key is Crockford base32-encoded in the URI to identify the +account, and used to sign requests. These signatures are also provided in +base32-encoding and transmitted using the HTTP header +@code{Anastasis-Account-Signature}. + +When confidential data is uploaded to an Anastasis server, the respective +payload is encrypted using AES-GCM with a symmetric key and initialization +vector derived from the @strong{identifier} and a high-entropy @strong{nonce}. The +nonce and the GCM tag are prepended to the ciphertext before being uploaded to +the Anastasis server. This is done whenever confidential data is stored with +the server. + +The @strong{core secret} of the user is (AES) encrypted using a symmetric @strong{master +key}. Recovering this master key requires the user to satisfy a particular +@strong{policy}. Policies specify a set of @strong{escrow methods}, each of which leads +the user to a @strong{key share}. Combining those key shares (by hashing) allows +the user to obtain a @strong{policy key}, which can be used to decrypt the @strong{master +key}. There can be many policies, satisfying any of these will allow the +user to recover the master key. A @strong{recovery document} contains the +encrypted @strong{core secret}, a set of escrow methods and a set of policies. + +@menu +* Key derivations:: +* Key Usage:: +* Availability Considerations:: + +@end menu + +@node Key derivations,Key Usage,,Cryptography +@anchor{cryptography key-derivations}@anchor{1d} +@subsection Key derivations + + +EdDSA and ECDHE public keys are always points on Curve25519 and represented +using the standard 256 bit Ed25519 compact format. The binary representation +is converted to Crockford Base32 when transmitted inside JSON or as part of +URLs. + +To start, a user provides their private, unique and unforgettable +@strong{identifier} as a seed to identify their account. For example, this could +be a social security number together with their full name. Specifics may +depend on the cultural context, in this document we will simply refer to this +information as the @strong{identifier}. + +This identifier will be first hashed with Argon2, to provide a @strong{kdf_id} +which will be used to derive other keys later. The Hash must also include the +respective @strong{server_salt}. This also ensures that the @strong{kdf_id} is different +on each server. The use of Argon2 and the respective @strong{server_salt} is intended +to make it difficult to brute-force @strong{kdf_id} values and help protect the user’s +privacy. Also this ensures that the @strong{kdf_id}s on every server differs. However, +we do not assume that the @strong{identifier} or the @strong{kdf_id} cannot be +determined by an adversary performing a targeted attack, as a user’s +@strong{identifier} is likely to always be known to state actors and may +likely also be available to other actors. + +@example +kdf_id := Argon2( identifier, server_salt, keysize ) +@end example + +@strong{identifier}: The secret defined from the user beforehand. + +@strong{server_salt}: The salt from the Server. + +@strong{keysize}: The desired output size of the KDF, here 32 bytes. + +@menu +* Verification:: +* Encryption:: + +@end menu + +@node Verification,Encryption,,Key derivations +@anchor{cryptography verification}@anchor{1e} +@subsubsection Verification + + +For users to authorize “policy” operations we need an EdDSA key pair. As we +cannot assure that the corresponding private key is truly secret, such policy +operations must never be destructive: Should an adversary learn the private +key, they could access (and with the @strong{kdf_id}, decrypt) the user’s policy (but +not the core secret), or upload a new version of the +@strong{encrypted recovery document} (but not delete an existing version). + +For the generation of the private key we use the @strong{kdf_id} as the entropy source, +hash it to derive a base secret which will then be processed to fit the +requirements for EdDSA private keys. From the private key we can then +generate the corresponding public key. Here, “ver” is used as a salt for the +HKDF to ensure that the result differs from other cases where we hash +@strong{kdf_id}. + +@example +ver_secret := HKDF(kdf_id, "ver", keysize) +eddsa_priv := eddsa_d_to_a(ver_secret) +eddsa_pub := get_EdDSA_Pub(eddsa_priv) +@end example + +@strong{HKDF()}: The HKDF-function uses two phases: First we use HMAC-SHA512 for the extraction phase, then HMAC-SHA256 is used for expansion phase. + +@strong{kdf_id}: Hashed identifier. + +@strong{key_size}: Size of the output, here 32 bytes. + +@strong{ver_secret}: Derived key from the @code{kdf_id}, serves as intermediate step for the generation of the private key. + +@strong{eddsa_d_to_a()}: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value @code{eddsa_priv} is in a 32-byte array “digest”, the function clears and sets certain bits as follows: + +@example +digest[0] = (digest[0] & 0x7f) | 0x40; +digest[31] &= 0xf8; +@end example + +@strong{eddsa_priv}: The generated EdDSA private key. + +@strong{eddsa_pub}: The generated EdDSA public key. + +@node Encryption,,Verification,Key derivations +@anchor{cryptography encryption}@anchor{1f} +@subsubsection Encryption + + +For symmetric encryption of data we use AES256-GCM. For this we need a +symmetric key and an initialization vector (IV). To ensure that the +symmetric key changes for each encryption operation, we compute the +key material using an HKDF over a @code{nonce} and the @code{kdf_id}. + +@example +(iv,key) := HKDF(kdf_id, nonce, keysize + ivsize) +@end example + +@strong{HKDF()}: The HKDF-function uses two phases: First we use HMAC-SHA512 for the extraction phase, then HMAC-SHA256 is used for expansion phase. + +@strong{kdf_id}: Hashed identifier. + +@strong{keysize}: Size of the AES symmetric key, here 32 bytes. + +@strong{ivsize}: Size of the AES GCM IV, here 12 bytes. + +@strong{prekey}: Original key material. + +@strong{nonce}: 32-byte nonce, must never match “ver” (which it cannot as the length is different). Of course, we must +avoid key reuse. So, we have to use different nonces to get different keys and IVs (see below). + +@strong{key}: Symmetric key which is later used to encrypt the documents with AES256-GCM. + +@strong{iv}: IV which will be used for AES-GCM. + +@node Key Usage,Availability Considerations,Key derivations,Cryptography +@anchor{cryptography key-usage}@anchor{20} +@subsection Key Usage + + +The keys we have generated are then used to encrypt the @strong{recovery document} and +the @strong{key_share} of the user. + +@menu +* Encryption: Encryption<2>. +* Signatures:: + +@end menu + +@node Encryption<2>,Signatures,,Key Usage +@anchor{cryptography id1}@anchor{21} +@subsubsection Encryption + + +Before every encryption a 32-byte nonce is generated. +From this the symmetric key is computed as described above. +We use AES256-GCM for the encryption of the @strong{recovery document} and +the @strong{key_share}. To ensure that the key derivation for the encryption +of the @strong{recovery document} differs fundamentally from that of an +individual @strong{key share}, we use different salts (“erd” and “eks”, respectively). + +@example +(iv0, key0) := HKDF(key_id, nonce0, "erd", keysize + ivsize) +(encrypted_recovery_document, aes_gcm_tag) := AES256_GCM(recovery_document, key0, iv0) +(iv_i, key_i) := HKDF(key_id, nonce_i, "eks", [optional data], keysize + ivsize) +(encrypted_key_share_i, aes_gcm_tag_i) := AES256_GCM(key_share_i, key_i, iv_i) +@end example + +@strong{encrypted_recovery_document}: The encrypted @strong{recovery document} which contains the escrow methods, policies +and the encrypted @strong{core secret}. + +@strong{nonce0}: Nonce which is used to generate @emph{key0} and @emph{iv0} which are used for the encryption of the @emph{recovery document}. +Nonce must contain the string “ERD”. + +@strong{optional data}: Key material that optionally is contributed from the authentication method to further obfuscate the key share from the escrow provider. + +@strong{encrypted_key_share_i}: The encrypted @strong{key_share} which the escrow provider must release upon successful authentication. +Here, @strong{i} must be a positive number used to iterate over the various @strong{key shares} used for the various @strong{escrow methods} +at the various providers. + +@strong{nonce_i}: Nonce which is used to generate @emph{key_i} and @emph{iv_i} which are used for the encryption of the @strong{key share}. @strong{i} must be +the same number as specified above for @emph{encrypted_key_share_i}. Nonce must contain the string “EKS” plus the according @emph{i}. + +As a special rule, when a @strong{security question} is used to authorize access to an +@strong{encrypted_key_share_i}, then the salt “eks” is replaced with an (expensive) hash +of the answer to the security question as an additional way to make the key share +inaccessible to those who do not have the answer: + +@example +powh := POW_HASH (qsalt, answer) +ekss := HKDF("Anastasis-secure-question-uuid-salting", + powh, + uuid); +(iv_i, key_i) := HKDF(key_id, nonce_i, ekss, [optional data], keysize + ivsize) +@end example + +@strong{qsalt}: Salt value used to hash answer to satisfy the challenge to prevent the provider from determining the answer via guessing. + +@strong{answer}: Answer to the security question, in UTF-8, as entered by the user. + +@strong{powh}: Result of the (expensive, proof-of-work) hash algorithm. + +@strong{uuid}: UUID of the challenge associated with the security question and the encrypted key share. + +@strong{ekss}: Replacement salt to be used instead of “eks” when deriving the key to encrypt/decrypt the key share. + +@node Signatures,,Encryption<2>,Key Usage +@anchor{cryptography signatures}@anchor{22} +@subsubsection Signatures + + +The EdDSA keys are used to sign the data sent from the client to the +server. Everything the client sends to server is signed. The following +algorithm is equivalent for @strong{Anastasis-Policy-Signature}. + +@example +(anastasis-account-signature) := eddsa_sign(h_body, eddsa_priv) +ver_res := eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub) +@end example + +@strong{anastasis-account-signature}: Signature over the SHA-512 hash of the body using the purpose code @code{TALER_SIGNATURE_ANASTASIS_POLICY_UPLOAD} (1400) (see GNUnet EdDSA signature API for the use of purpose). + +@strong{h_body}: The hashed body. + +@strong{ver_res}: A boolean value. True: Signature verification passed, False: Signature verification failed. + +When requesting policy downloads, the client must also provide a signature: + +@example +(anastasis-account-signature) := eddsa_sign(version, eddsa_priv) +ver_res := eddsa_verifiy(version, anastasis-account-signature, eddsa_pub) +@end example + +@strong{anastasis-account-signature}: Signature over the SHA-512 hash of the body using the purpose code @code{TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD} (1401) (see GNUnet EdDSA signature API for the use of purpose). + +@strong{version}: The version requested as a 64-bit integer, 2^64-1 for the “latest version”. + +@strong{ver_res}: A boolean value. True: Signature verification passed, False: Signature verification failed. + +@node Availability Considerations,,Key Usage,Cryptography +@anchor{cryptography availability-considerations}@anchor{23} +@subsection Availability Considerations + + +Anastasis considers two main threats against availability. First, the +Anastasis server operators must be protected against denial-of-service attacks +where an adversary attempts to exhaust the operator’s resources. The API protects +against these attacks by allowing operators to set fees for all +operations. Furthermore, all data stored comes with an expiration logic, so an +attacker cannot force servers to store data indefinitely. + +A second availability issue arises from strong adversaries that may be able to +compute the account keys of some user. While we assume that such an adversary +cannot successfully authenticate against the truth, the account key does +inherently enable these adversaries to upload a new policy for the account. +This cannot be prevented, as the legitimate user must be able to set or change +a policy using only the account key. To ensure that an adversary cannot +exploit this, policy uploads first of all never delete existing policies, but +merely create another version. This way, even if an adversary uploads a +malicious policy, a user can still retrieve an older version of the policy to +recover access to their data. This append-only storage for policies still +leaves a strong adversary with the option of uploading many policies to +exhaust the Anastasis server’s capacity. We limit this attack by requiring a +policy upload to include a reference to a @strong{payment identifier} from a payment +made by the user. Thus, a policy upload requires both knowledge of the +@strong{identity} and making a payment. This effectively prevents an adversary +from using the append-only policy storage from exhausting Anastasis server +capacity. + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@node REST API,Reducer API,Cryptography,Documentation Overview +@anchor{rest doc}@anchor{24}@anchor{rest rest-api}@anchor{25} +@section REST API + + +@c This file is part of Anastasis +@c +@c Copyright (C) 2014-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff + +@menu +* HTTP Request and Response:: +* Protocol Version Ranges:: +* Common encodings:: + +@end menu + +@node HTTP Request and Response,Protocol Version Ranges,,REST API +@anchor{rest http-common}@anchor{26}@anchor{rest http-request-and-response}@anchor{27} +@subsection HTTP Request and Response + + +Certain response formats are common for all requests. They are documented here +instead of with each individual request. Furthermore, we note that clients may +theoretically fail to receive any response. In this case, the client should +verify that the Internet connection is working properly, and then proceed to +handle the error as if an internal error (500) had been returned. + +@anchor{rest any--*}@anchor{28} +@deffn {HTTP Any} ANY /* + +@strong{Request:} + +Unless specified otherwise, HTTP requests that carry a message body must +have the content type @code{application/json}. + +@*Request Headers: + +@itemize * + +@item +Content-Type@footnote{https://tools.ietf.org/html/rfc7231#section-3.1.1.5} – application/json +@end itemize + + +@strong{Response:} + +@*Response Headers: + +@itemize * + +@item +Content-Type@footnote{https://tools.ietf.org/html/rfc7231#section-3.1.1.5} – application/json +@end itemize + + + +@table @asis + +@item 200 Ok@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1}: + +The request was successful. + +@item 400 Bad request@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1}: + +One of the arguments to the request is missing or malformed. + +@item 500 Internal server error@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1}: + +This always indicates some serious internal operational error of the Anastasis +provider, such as a program bug, database problems, etc., and must not be used for +client-side problems. When facing an internal server error, clients should +retry their request after some delay. We recommended initially trying after +1s, twice more at randomized times within 1 minute, then the user should be +informed and another three retries should be scheduled within the next 24h. +If the error persists, a report should ultimately be made to the auditor, +although the auditor API for this is not yet specified. However, as internal +server errors are always reported to the exchange operator, a good operator +should naturally be able to address them in a timely fashion, especially +within 24h. +@end table + +Unless specified otherwise, all error status codes (4xx and 5xx) have a message +body with an @ref{29,,ErrorDetail} JSON object. + +@strong{Details:} + +@example +interface ErrorDetail @{ + + // Numeric error code unique to the condition, see `@w{`}gnu-taler-error-codes`@w{`} in GANA. + // The other arguments are specific to the error value reported here. + code: number; + + // Human-readable description of the error, i.e. "missing parameter", "commitment violation", ... + // Should give a human-readable hint about the error's nature. Optional, may change without notice! + hint?: string; + +@} +@end example +@end deffn + +@node Protocol Version Ranges,Common encodings,HTTP Request and Response,REST API +@anchor{rest protocol-version-ranges}@anchor{2a} +@subsection Protocol Version Ranges + + +Anastasis services expose the range of API versions they support. Clients in +turn have an API version range they support. These version ranges are written +down in the libtool version format@footnote{https://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html}. + +A protocol version is a positive, non-zero integer. A protocol version range consists of three components: + + +@enumerate + +@item +The @code{current} version. This is the latest version of the protocol supported by the client or service. + +@item +The @code{revision} number. This value should usually not be interpreted by the client/server, but serves +purely as a comment. Each time a service/client for a protocol is updated while supporting the same +set of protocol versions, the revision should be increased. +In rare cases, the revision number can be used to work around unintended breakage in deployed +versions of a service. This is discouraged and should only be used in exceptional situations. + +@item +The @code{age} number. This non-zero integer identifies with how many previous protocol versions this +implementation is compatible. An @code{age} of 0 implies that the implementation only supports +the @code{current} protocol version. The @code{age} must be less or equal than the @code{current} protocol version. +@end enumerate + +To avoid confusion with semantic versions, the protocol version range is written down in the following format: + +@example +current[:revision[:age]] +@end example + +The angle brackets mark optional components. If either @code{revision} or @code{age} are omitted, they default to 0. + +Examples: + + +@itemize * + +@item +“1” and “1” are compatible + +@item +“1” and “2” are @strong{incompatible} + +@item +“2:0:1” and “1:0:0” are compatible + +@item +“2:5:1” and “1:10:0” are compatible + +@item +“4:0:1” and “2:0:0” are @strong{incompatible} + +@item +“4:0:1” and “3:0:0” are compatible +@end itemize + +@cartouche +@quotation Note +Semantic versions@footnote{https://semver.org/} are not a good tool for this job, as we concisely want to express +that the client/server supports the last @code{n} versions of the protocol. +Semantic versions don’t support this, and semantic version ranges are too complex for this. +@end quotation +@end cartouche + +@cartouche +@quotation Warning +A client doesn’t have one single protocol version range. Instead, it has +a protocol version range for each type of service it talks to. +@end quotation +@end cartouche + +@cartouche +@quotation Warning +For privacy reasons, the protocol version range of a client should not be +sent to the service. Instead, the client should just use the two version ranges +to decide whether it will talk to the service. +@end quotation +@end cartouche + +@node Common encodings,,Protocol Version Ranges,REST API +@anchor{rest common-encodings}@anchor{2b}@anchor{rest encodings-ref}@anchor{2c} +@subsection Common encodings + + +This section describes how certain types of values are represented throughout the API. + +@menu +* Binary Data:: +* Hash codes:: +* Large numbers:: +* Timestamps:: +* Integers:: +* Objects:: +* Keys:: +* Signatures: Signatures<2>. +* Amounts:: +* Time:: +* Cryptographic primitives:: +* Signatures: Signatures<3>. +* Receiving Configuration:: +* Receiving Terms of Service:: +* Manage policy:: +* Managing truth:: + +@end menu + +@node Binary Data,Hash codes,,Common encodings +@anchor{rest base32}@anchor{2d}@anchor{rest binary-data}@anchor{2e} +@subsubsection Binary Data + + +@example +type Base32 = string; +@end example + +Binary data is generally encoded using Crockford’s variant of Base32 +(@indicateurl{http://www.crockford.com/wrmg/base32.html}), except that “U” is not excluded +but also decodes to “V” to make OCR easy. We will still simply use the JSON +type “base32” and the term “Crockford Base32” in the text to refer to the +resulting encoding. + +@node Hash codes,Large numbers,Binary Data,Common encodings +@anchor{rest hash-codes}@anchor{2f} +@subsubsection Hash codes + + +Hash codes are strings representing base32 encoding of the respective +hashed data. See @ref{2d,,base32}. + +@example +// 64-byte hash code. +type HashCode = string; +@end example + +@example +// 32-byte hash code. +type ShortHashCode = string; +@end example + +@node Large numbers,Timestamps,Hash codes,Common encodings +@anchor{rest large-numbers}@anchor{30} +@subsubsection Large numbers + + +Large numbers such as 256 bit keys, are transmitted as other binary data in +Crockford Base32 encoding. + +@node Timestamps,Integers,Large numbers,Common encodings +@anchor{rest timestamps}@anchor{31} +@subsubsection Timestamps + + +Timestamps are represented by the following structure: + +@example +interface Timestamp @{ + // Milliseconds since epoch, or the special + // value "never" to represent an event that will + // never happen. + t_ms: number | "never"; +@} +@end example + +@example +interface Duration @{ + // Duration in milliseconds or "forever" + // to represent an infinite duration. + d_ms: number | "forever"; +@} +@end example + +@node Integers,Objects,Timestamps,Common encodings +@anchor{rest integers}@anchor{32}@anchor{rest publickey}@anchor{33} +@subsubsection Integers + + +@example +// JavaScript numbers restricted to integers. +type Integer = number; +@end example + +@node Objects,Keys,Integers,Common encodings +@anchor{rest objects}@anchor{34} +@subsubsection Objects + + +@example +// JavaScript objects, no further restrictions. +type Object = object; +@end example + +@node Keys,Signatures<2>,Objects,Common encodings +@anchor{rest keys}@anchor{35} +@subsubsection Keys + + +@example +// EdDSA and ECDHE public keys always point on Curve25519 +// and represented using the standard 256 bits Ed25519 compact format, +// converted to Crockford `Base32`. +type EddsaPublicKey = string; +@end example + +@example +// EdDSA and ECDHE public keys always point on Curve25519 +// and represented using the standard 256 bits Ed25519 compact format, +// converted to Crockford `Base32`. +type EddsaPrivateKey = string; +@end example + +@node Signatures<2>,Amounts,Keys,Common encodings +@anchor{rest signature}@anchor{36}@anchor{rest signatures}@anchor{37} +@subsubsection Signatures + + +@example +// EdDSA signatures are transmitted as 64-bytes `base32` +// binary-encoded objects with just the R and S values (base32_ binary-only). +type EddsaSignature = string; +@end example + +@node Amounts,Time,Signatures<2>,Common encodings +@anchor{rest amount}@anchor{38}@anchor{rest amounts}@anchor{39} +@subsubsection Amounts + + +@example +type Amount = string; +@end example + +Amounts of currency are serialized as a string of the format +@code{<Currency>:<DecimalAmount>}. Taler treats monetary amounts as +fixed-precision numbers, with 8 decimal places. Unlike floating point numbers, +this allows accurate representation of monetary amounts. + +The following constrains apply for a valid amount: + + +@enumerate + +@item +The @code{<Currency>} part must be at most 11 characters long and may only consist +of ASCII letters (@code{a-zA-Z}). + +@item +The integer part of @code{<DecimalAmount>} may be at most 2^52. + +@item +The fractional part of @code{<DecimalAmount>} may contain at most 8 decimal digits. +@end enumerate + +@cartouche +@quotation Note +“EUR:1.50” and “EUR:10” are valid amounts. These are all invalid amounts: “A:B:1.5”, “EUR:4503599627370501.0”, “EUR:1.”, “EUR:.1”. +@end quotation +@end cartouche + +An amount that is prefixed with a @code{+} or @code{-} character is also used in certain contexts. +When no sign is present, the amount is assumed to be positive. + +@node Time,Cryptographic primitives,Amounts,Common encodings +@anchor{rest time}@anchor{3a} +@subsubsection Time + + +In signed messages, time is represented using 64-bit big-endian values, +denoting microseconds since the UNIX Epoch. @code{UINT64_MAX} represents “never”. + +@example +struct GNUNET_TIME_Absolute @{ + uint64_t timestamp_us; +@}; +struct GNUNET_TIME_AbsoluteNBO @{ + uint64_t abs_value_us__; // in network byte order +@}; +@end example + +@node Cryptographic primitives,Signatures<3>,Time,Common encodings +@anchor{rest cryptographic-primitives}@anchor{3b} +@subsubsection Cryptographic primitives + + +All elliptic curve operations are on Curve25519. Public and private keys are +thus 32 bytes, and signatures 64 bytes. For hashing, including HKDFs, Taler +uses 512-bit hash codes (64 bytes). + +@example +struct GNUNET_HashCode @{ + uint8_t hash[64]; // usually SHA-512 +@}; +@end example +@anchor{rest taler-ecdhephemeralpublickeyp}@anchor{3c} +@example +struct TALER_EcdhEphemeralPublicKeyP @{ + uint8_t ecdh_pub[32]; +@}; +@end example + +@example +struct UUID @{ + uint32_t value[4]; +@}; +@end example + +@node Signatures<3>,Receiving Configuration,Cryptographic primitives,Common encodings +@anchor{rest id1}@anchor{3d}@anchor{rest id2}@anchor{3e} +@subsubsection Signatures + + +Any piece of signed data, complies to the abstract data structure given below. + +@example +struct Data @{ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + type1_t payload1; + type2_t payload2; + ... +@}; + +/*From gnunet_crypto_lib.h*/ +struct GNUNET_CRYPTO_EccSignaturePurpose @{ + /** + + The following constraints apply for a valid amount: + + * This field is used to express the context in + * which the signature is made, ensuring that a + * signature cannot be lifted from one part of the protocol + * to another. See `src/include/taler_signatures.h` within the + * exchange's codebase (git://taler.net/exchange). + */ + uint32_t purpose; + /** + * This field equals the number of bytes being signed, + * namely 'sizeof (struct Data)'. + */ + uint32_t size; +@}; +@end example +@anchor{rest salt}@anchor{3f} +@node Receiving Configuration,Receiving Terms of Service,Signatures<3>,Common encodings +@anchor{rest config}@anchor{40}@anchor{rest receiving-configuration}@anchor{41} +@subsubsection Receiving Configuration + + +@anchor{rest get--config}@anchor{42} +@deffn {HTTP Get} GET /config + +Obtain the configuration details of the escrow provider. + +@strong{Response:} + +Returns an @ref{43,,EscrowConfigurationResponse}. +@anchor{rest escrowconfigurationresponse}@anchor{43} +@example +interface EscrowConfigurationResponse @{ + + // Protocol identifier, clarifies that this is an Anastasis provider. + name: "anastasis"; + + // libtool-style representation of the Exchange protocol version, see + // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning + // The format is "current:revision:age". + version: string; + + // Currency in which this provider processes payments. + currency: string; + + // Supported authorization methods. + methods: AuthorizationMethodConfig[]; + + // Maximum policy upload size supported. + storage_limit_in_megabytes: number; + + // Payment required to maintain an account to store policy documents for a year. + // Users can pay more, in which case the storage time will go up proportionally. + annual_fee: Amount; + + // Payment required to upload truth. To be paid per upload. + truth_upload_fee: Amount; + + // Limit on the liability that the provider is offering with + // respect to the services provided. + liability_limit: Amount; + + // Salt value with 128 bits of entropy. + // Different providers + // will use different high-entropy salt values. The resulting + // **provider salt** is then used in various operations to ensure + // cryptographic operations differ by provider. A provider must + // never change its salt value. + server_salt: string; + +@} +@end example +@anchor{rest authorizationmethodconfig}@anchor{44} +@example +interface AuthorizationMethodConfig @{ + // Name of the authorization method. + type: string; + + // Fee for accessing key share using this method. + cost: Amount; + +@} +@end example +@end deffn + +@node Receiving Terms of Service,Manage policy,Receiving Configuration,Common encodings +@anchor{rest receiving-terms-of-service}@anchor{45}@anchor{rest terms}@anchor{46} +@subsubsection Receiving Terms of Service + + +@anchor{rest get--terms}@anchor{47} +@deffn {HTTP Get} GET /terms + +Obtain the terms of service provided by the escrow provider. + +@strong{Response:} + +Returns the terms of service of the provider, in the best language +and format available based on the client’s request. +@end deffn + +@anchor{rest get--privacy}@anchor{48} +@deffn {HTTP Get} GET /privacy + +Obtain the privacy policy of the service provided by the escrow provider. + +@strong{Response:} + +Returns the privacy policy of the provider, in the best language +and format available based on the client’s request. +@end deffn + +@node Manage policy,Managing truth,Receiving Terms of Service,Common encodings +@anchor{rest id3}@anchor{49}@anchor{rest manage-policy}@anchor{4a} +@subsubsection Manage policy + + +This API is used by the Anastasis client to deposit or request encrypted +recovery documents with the escrow provider. Generally, a client will deposit +the same encrypted recovery document with each escrow provider, but provide +a different truth to each escrow provider. + +Operations by the client are identified and authorized by @code{$ACCOUNT_PUB}, which +should be kept secret from third parties. @code{$ACCOUNT_PUB} should be an account +public key using the Crockford base32-encoding. + +In the following, UUID is always defined and used according to RFC 4122@footnote{https://tools.ietf.org/html/rfc4122}. + +@anchor{rest get--policy-$ACCOUNT_PUB[?version=$NUMBER]}@anchor{4b} +@deffn {HTTP Get} GET /policy/$ACCOUNT_PUB[?version=$NUMBER] + +Get the customer’s encrypted recovery document. If @code{version} +is not specified, the server returns the latest available version. If +@code{version} is specified, returns the policy with the respective +@code{version}. The response must begin with the nonce and +an AES-GCM tag and continue with the ciphertext. Once decrypted, the +plaintext is expected to contain: + + +@itemize * + +@item +the escrow policy + +@item +the separately encrypted master public key +@end itemize + +Note that the key shares required to decrypt the master public key are +not included, as for this the client needs to obtain authorization. +The policy does provide sufficient information for the client to determine +how to authorize requests for @strong{truth}. + +The client MAY provide an @code{If-None-Match} header with an Etag. +In that case, the server MUST additionally respond with an @code{304} status +code in case the resource matches the provided Etag. + +@strong{Response}: + + +@table @asis + +@item 200 OK@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1}: + +The escrow provider responds with an @ref{4c,,EncryptedRecoveryDocument} object. + +@item 304 Not modified@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5}: + +The client requested the same resource it already knows. + +@item 400 Bad request@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1}: + +The @code{$ACCOUNT_PUB} is not an EdDSA public key. + +@item 402 Payment Required@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.3}: + +The account’s balance is too low for the specified operation. +See the Taler payment protocol specification for how to pay. + +@item 403 Forbidden@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4}: + +The required account signature was invalid. + +@item 404 Not found@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5}: + +The requested resource was not found. +@end table + +@emph{Anastasis-Version}: $NUMBER — The server must return actual version of the encrypted recovery document via this header. +If the client specified a version number in the header of the request, the server must return that version. If the client +did not specify a version in the request, the server returns latest version of the @ref{4c,,EncryptedRecoveryDocument}. + +@emph{Etag}: Set by the server to the Base32-encoded SHA512 hash of the body. Used for caching and to prevent redundancies. The server MUST send the Etag if the status code is @code{200 OK}. + +@emph{If-None-Match}: If this is not the very first request of the client, this contains the Etag-value which the client has received before from the server. +The client SHOULD send this header with every request (except for the first request) to avoid unnecessary downloads. + +@emph{Anastasis-Account-Signature}: The client must provide Base-32 encoded EdDSA signature over hash of body with @code{$ACCOUNT_PRIV}, affirming desire to download the requested encrypted recovery document. The purpose used MUST be @code{TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD} (1401). +@end deffn + +@anchor{rest post--policy-$ACCOUNT_PUB}@anchor{4d} +@deffn {HTTP Post} POST /policy/$ACCOUNT_PUB + +Upload a new version of the customer’s encrypted recovery document. +While the document’s structure is described in JSON below, the upload +should just be the bytestream of the raw data (i.e. 32-byte nonce followed +by 16-byte tag followed by the encrypted document). +If the request has been seen before, the server should do nothing, and otherwise store the new version. +The body must begin with a nonce, an AES-GCM tag and continue with the ciphertext. The format +is the same as specified for the response of the GET method. The +Anastasis server cannot fully validate the format, but MAY impose +minimum and maximum size limits. + +@strong{Request}: + +@*Query Parameters: + +@itemize * + +@item +@code{storage_duration=YEARS} – For how many years from now would the client like us to +store the recovery document? Defaults to 0 (that is, do +not extend / prolong existing storage contract). +The server will respond with a @code{402 Payment required}, but only +if the rest of the request is well-formed (account +signature must match). Clients that do not actually +intend to make a new upload but that only want to pay +may attempt to upload the latest backup again, as this +option will be checked before the @code{304 Not modified} +case. + +@item +@code{timeout_ms=NUMBER} – @emph{Optional.} If specified, the Anastasis server will +wait up to @code{timeout_ms} milliseconds for completion of the payment before +sending the HTTP response. A client must never rely on this behavior, as the +backend may return a response immediately. +@end itemize + + +@emph{If-None-Match}: This header MUST be present and set to the SHA512 hash (Etag) of the body by the client. +The client SHOULD also set the @code{Expect: 100-Continue} header and wait for @code{100 continue} +before uploading the body. The server MUST +use the Etag to check whether it already knows the encrypted recovery document that is about to be uploaded. +The server MUST refuse the upload with a @code{304} status code if the Etag matches +the latest version already known to the server. + +@emph{Anastasis-Policy-Signature}: The client must provide Base-32 encoded EdDSA signature over hash of body with @code{$ACCOUNT_PRIV}, affirming desire to upload an encrypted recovery document. + +@emph{Payment-Identifier}: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see @code{402} status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the @strong{kdf_id} might be known to an attacker). If this header is missing in the client’s request (or the associated payment has exceeded the upload limit), the server must return a @code{402} response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request. + +@strong{Response}: + + +@table @asis + +@item 204 No content@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.5}: + +The encrypted recovery document was accepted and stored. @code{Anastasis-Version} and @code{Anastasis-UUID} headers +indicate what version and UUID was assigned to this encrypted recovery document upload by the server. + +@item 304 Not modified@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5}: + +The same encrypted recovery document was previously accepted and stored. @code{Anastasis-Version} header +indicates what version was previously assigned to this encrypted recovery document. + +@item 400 Bad request@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1}: + +The @code{$ACCOUNT_PUB} is not an EdDSA public key or mandatory headers are missing. +The response body MUST elaborate on the error using a Taler error code in the typical JSON encoding. + +@item 402 Payment required@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.3}: + +The account’s balance is too low for the specified operation. +See the Taler payment protocol specification for how to pay. +The response body MAY provide alternative means for payment. + +@item 403 Forbidden@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4}: + +The required account signature was invalid. The response body may elaborate on the error. + +@item 413 Request entity too large@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.14}: + +The upload is too large @emph{or} too small. The response body may elaborate on the error. +@end table + +@strong{Details:} +@anchor{rest encryptedrecoverydocument}@anchor{4c} +@example +interface EncryptedRecoveryDocument @{ + // Nonce used to compute the (iv,key) pair for encryption of the + // encrypted_compressed_recovery_document. + nonce: [32]; //bytearray + + // Authentication tag. + aes_gcm_tag: [16]; //bytearray + + // Variable-size encrypted recovery document. After decryption, + // this contains a gzip compressed JSON-encoded `RecoveryDocument`. + // The nonce of the HKDF for this encryption must include the + // string "ERD". + encrypted_compressed_recovery_document: []; //bytearray of undefined length + +@} +@end example +@anchor{rest recoverydocument}@anchor{4e} +@example +interface RecoveryDocument @{ + // Account identifier at backup provider, AES-encrypted with + // the (symmetric) master_key, i.e. an URL + // https://sync.taler.net/$BACKUP_ID and + // a private key to decrypt the backup. Anastasis is oblivious + // to the details of how this is ultimately encoded. + backup_account: []; //bytearray of undefined length + + // List of escrow providers and selected authentication method. + methods: EscrowMethod[]; + + // List of possible decryption policies. + policy: DecryptionPolicy[]; + +@} +@end example +@anchor{rest escrowmethod}@anchor{4f} +@example +interface EscrowMethod @{ + // URL of the escrow provider (including possibly this Anastasis server). + provider_url : string; + + // Type of the escrow method (e.g. security question, SMS etc.). + escrow_type: string; + + // UUID of the escrow method (see /truth/ API below). + uuid: string; + + // Key used to encrypt the `Truth` this `EscrowMethod` is related to. + // Client has to provide this key to the server when using `@w{`}/truth/`@w{`}. + truth_encryption_key: [32]; //bytearray + + // Salt used to encrypt the truth on the Anastasis server. + truth_salt: [32]; //bytearray + + // The challenge to give to the user (i.e. the security question + // if this is challenge-response). + // (Q: as string in base32 encoding?) + // (Q: what is the mime-type of this value?) + // + // For some methods, this value may be absent. + // + // The plaintext challenge is not revealed to the + // Anastasis server. + challenge: []; //bytearray of undefined length + +@} +@end example +@anchor{rest decryptionpolicy}@anchor{50} +@example +interface DecryptionPolicy @{ + // Salt included to encrypt master key share when + // using this decryption policy. + policy_salt: [32]; //bytearray + + // Master key, AES-encrypted with key derived from + // salt and keyshares revealed by the following list of + // escrow methods identified by UUID. + encrypted_master_key: [32]; //bytearray + + // List of escrow methods identified by their UUID. + uuid: string[]; + +@} +@end example +@end deffn + +@node Managing truth,,Manage policy,Common encodings +@anchor{rest managing-truth}@anchor{51}@anchor{rest truth}@anchor{52} +@subsubsection Managing truth + + +This API is used by the Anastasis client to deposit @strong{truth} or request a (encrypted) @strong{key share} with +the escrow provider. + +An @strong{escrow method} specifies an Anastasis provider and how the user should +authorize themself. The @strong{truth} API allows the user to provide the +(encrypted) key share to the respective escrow provider, as well as auxiliary +data required for such a respective escrow method. + +An Anastasis-server may store truth for free for a certain time period, or +charge per truth operation using GNU Taler. + +@anchor{rest post--truth-$UUID}@anchor{53} +@deffn {HTTP Post} POST /truth/$UUID + +Upload a @ref{54,,TruthUploadRequest}-Object according to the policy the client created before (see @ref{4e,,RecoveryDocument}). +If request has been seen before, the server should do nothing, and otherwise store the new object. + +@strong{Request:} + +@*Query Parameters: + +@itemize * + +@item +@code{timeout_ms=NUMBER} – @emph{Optional.} If specified, the Anastasis server will +wait up to @code{timeout_ms} milliseconds for completion of the payment before +sending the HTTP response. A client must never rely on this behavior, as the +backend may return a response immediately. +@end itemize + + +@strong{Response:} + + +@table @asis + +@item 204 No content@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.5}: + +Truth stored successfully. + +@item 304 Not modified@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5}: + +The same truth was previously accepted and stored under this UUID. The +Anastasis server must still update the expiration time for the truth when returning +this response code. + +@item 402 Payment required@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.3}: + +This server requires payment to store truth per item. +See the Taler payment protocol specification for how to pay. +The response body MAY provide alternative means for payment. + +@item 409 Conflict@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.10}: + +The server already has some truth stored under this UUID. The client should check that it +is generating UUIDs with enough entropy. + +@item 412 Precondition failed@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.13}: + +The selected authentication method is not supported on this provider. +@end table + +@strong{Details:} +@anchor{rest truthuploadrequest}@anchor{54} +@example +interface TruthUploadRequest @{ + // Contains the information of an interface `EncryptedKeyShare`, but simply + // as one binary block (in Crockford Base32 encoding for JSON). + key_share_data: []; //bytearray + + // Key share method, i.e. "security question", "SMS", "e-mail", ... + type: string; + + // Nonce used to compute the (iv,key) pair for encryption of the + // encrypted_truth. + nonce: [32]; //bytearray + + // Authentication tag of `@w{`}encrypted_truth`@w{`}. + aes_gcm_tag: [16]; //bytearray + + // Variable-size truth. After decryption, + // this contains the ground truth, i.e. H(challenge answer), + // phone number, e-mail address, picture, fingerprint, ... + // **base32 encoded**. + // + // The nonce of the HKDF for this encryption must include the + // string "ECT". + encrypted_truth: [80]; //bytearray + + // MIME type of truth, i.e. text/ascii, image/jpeg, etc. + truth_mime: string; + + // For how many years from now would the client like us to + // store the truth? + storage_duration_years: Integer; + +@} +@end example +@end deffn + +@anchor{rest get--truth-$UUID[?response=$H_RESPONSE]}@anchor{55} +@deffn {HTTP Get} GET /truth/$UUID[?response=$H_RESPONSE] + +Get the stored encrypted key share. If @code{$H_RESPONSE} is specified by the client, the server checks +if @code{$H_RESPONSE} matches the expected response specified before within the @ref{54,,TruthUploadRequest} (see @code{encrypted_truth}). +Also, the user has to provide the correct @emph{truth_encryption_key} with every get request (see below). +When @code{$H_RESPONSE} is correct, the server responds with the encrypted key share. +The encrypted key share is returned simply as a byte array and not in JSON format. + +@strong{Response}: + + +@table @asis + +@item 200 OK@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1}: + +@ref{56,,EncryptedKeyShare} is returned in body (in binary). + +@item 202 Accepted@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.3}: + +The escrow provider will respond out-of-band (i.e. SMS). +The body may contain human-readable instructions on next steps. + +@item >>208 Already Reported<<: + +An authentication challenge was recently send, client should +simply respond to the pending challenge. + +@item 303 See other@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4}: + +The provider redirects for authentication (i.e. video identification/WebRTC). +If the client is not a browser, it should launch a browser at the URL +given in the @code{Location} header and allow the user to re-try the operation +after successful authorization. + +@item 402 Payment required@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.3}: + +The service requires payment for access to truth. +See the Taler payment protocol specification for how to pay. +The response body MAY provide alternative means for payment. + +@item 403 Forbidden@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4}: + +The server requires a valid “response” to the challenge associated with the UUID. + +@item 404 Not found@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5}: + +The server does not know any truth under the given UUID. + +@item 410 Gone@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.11}: + +The server has not (recently) issued a challenge under the given UUID, +but a reply was provided. (This does not apply for secure question.) + +@item 417 Expectation Failed@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.18}: + +The decrypted @code{truth} does not match the expectations of the authentication +backend, i.e. a phone number for sending an SMS is not a number, or +an e-mail address for sending an E-mail is not a valid e-mail address. + +@item 503 Service Unavailable@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.4}: + +Server is out of Service. +@end table + +@emph{Truth-Decryption-Key}: Key used to encrypt the @strong{truth} (see encrypted_truth within @ref{54,,TruthUploadRequest}) and which has to provided by the user. The key is stored with +the according @ref{4f,,EscrowMethod}. The server needs this key to get the info out of @ref{54,,TruthUploadRequest} needed to verify the @code{$RESPONSE}. + +@strong{Details:} +@anchor{rest encryptedkeyshare}@anchor{56} +@example +interface EncryptedKeyShare @{ + // Nonce used to compute the decryption (iv,key) pair. + nonce_i: [32]; //bytearray + + // Authentication tag. + aes_gcm_tag_i: [16]; //bytearray + + // Encrypted key-share in base32 encoding. + // After decryption, this yields a `KeyShare`. Note that + // the `KeyShare` MUST be encoded as a fixed-size binary + // block (instead of in JSON encoding). + // + // HKDF for the key generation must include the + // string "eks" as salt. + // Depending on the method, + // the HKDF may additionally include + // bits from the response (i.e. some hash over the + // answer to the security question). + encrypted_key_share_i: [32]; //bytearray + +@} +@end example +@anchor{rest keyshare}@anchor{57} +@example +interface KeyShare @{ + // Key material to concatenate with policy_salt and KDF to derive + // the key to decrypt the master key. + key_share: [32]; //bytearray + + // Signature over method, UUID, and `@w{`}key_share`@w{`}. + account_sig: EddsaSignature; + +@} +@end example +@end deffn + +@c This file is part of Anastasis +@c Copyright (C) 2019-2021 Anastasis SARL +@c +@c Anastasis is free software; you can redistribute it and/or modify it under the +@c terms of the GNU Affero General Public License as published by the Free Software +@c Foundation; either version 2.1, or (at your option) any later version. +@c +@c Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY +@c WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +@c A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. +@c +@c You should have received a copy of the GNU Affero General Public License along with +@c Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +@c +@c @author Christian Grothoff +@c @author Dominik Meister +@c @author Dennis Neufeld + +@node Reducer API,Authentication Methods,REST API,Documentation Overview +@anchor{reducer doc}@anchor{58}@anchor{reducer reducer-api}@anchor{59} +@section Reducer API + + +This section describes the Anastasis Reducer API which is used by client applications +to store or load the different states the client application can have. +The reducer takes a @ref{5a,,state} in JSON syntax and returns the new state in JSON syntax. + +For example a @strong{state} may take the following structure: + +@example +@{ + "backup_state": "CONTINENT_SELECTING", + "continents": [ + "Europe", + "North_America" + ] +@} +@end example + +The new state depends on the previous one and on the transition @ref{5b,,action} with its +arguments given to the reducer. A @strong{transition argument} also is a statement in JSON syntax: + +@example +@{ + "continent": "Europe" +@} +@end example + +The new state returned by the reducer with the state and transition argument defined +above would look like following for the transition @ref{5b,,action} @code{select_continent}: + +@example +@{ + "backup_state": "COUNTRY_SELECTING", + "continents": [ + "Europe", + "North_America" + ], + "selected_continent": "Europe", + "countries": [ + @{ + "code": "ch", + "name": "Switzerland", + "continent": "Europe", + "name_i18n": @{ + "de_DE": "Schweiz", + "de_CH": "Schwiiz", + "fr": "Suisse", + "en": "Swiss" + @}, + "currency": "CHF" + @}, + @{ + "code": "de", + "name": "Germany", + "continent": "Europe", + "continent_i18n": @{ + "de": "Europa" + @}, + "name_i18n": @{ + "de_DE": "Deutschland", + "de_CH": "Deutschland", + "fr": "Allemagne", + "en": "Germany" + @}, + "currency": "EUR" + @} + ] +@} +@end example + +@menu +* States:: +* Backup Reducer:: +* Recovery Reducer:: +* Reducer transitions:: + +@end menu + +@node States,Backup Reducer,,Reducer API +@anchor{reducer states}@anchor{5c} +@subsection States + + +Overall, the reducer knows the following states: + +@quotation + + +@itemize - + +@item + +@table @asis + +@item @strong{ERROR}: The transition led to an error. No further transitions are possible from + +this state, but the client may want to continue from a previous state. +@end table + +@item + +@table @asis + +@item @strong{CONTINENT_SELECTING}: The user should specify the continent where they are living, + +so that we can show a list of countries to choose from. +@end table + +@item + +@table @asis + +@item @strong{COUNTRY_SELECTING}: The user should specify the country where they are living, + +so that we can determine appropriate attributes, currencies and Anastasis +providers. +@end table + +@item + +@table @asis + +@item @strong{USER_ATTRIBUTES_COLLECTING}: The user should provide the country-specific personal + +attributes. +@end table + +@item + +@table @asis + +@item @strong{AUTHENTICATIONS_EDITING}: The user should add authentication methods to be used + +during recovery. +@end table + +@item +@strong{POLICIES_REVIEWING}: The user should review the recovery policies. + +@item +@strong{SECRET_EDITING}: The user should edit the secret to be backed up. + +@item + +@table @asis + +@item @strong{TRUTHS_PAYING}: The user needs to pay for one or more uploads of data associated + +with an authentication method. +@end table + +@item +@strong{POLICIES_PAYING}: The user needs to pay for storing the recovery policy document. + +@item +@strong{BACKUP_FINISHED}: A backup has been successfully generated. + +@item + +@table @asis + +@item @strong{SECRET_SELECTING}: The user needs to select a recovery policy document with + +the secret that is to be recovered. +@end table + +@item + +@table @asis + +@item @strong{CHALLENGE_SELECTING}: The user needs to select an authorization challenge to + +proceed with recovery. +@end table + +@item +@strong{CHALLENGE_PAYING}: The user needs to pay to proceed with the authorization challenge. + +@item +@strong{CHALLENGE_SOLVING}: The user needs to solve the authorization challenge. + +@item +@strong{RECOVERY_FINISHED}: The secret of the user has been recovered. +@end itemize +@end quotation + +State names: + +@quotation + + +@itemize - + +@item +In SELECTING-states, the user has to choose one value out of a predefined set of values (for example a continent out of a set of continents). + +@item +In COLLECTING-states, the user has to give certain values. + +@item +In EDITING-states, the user is free to choose which values he wants to give. + +@item +In REVEIWING-states, the user may make a few choices, but primarily is expected to affirm something. + +@item +in PAYING-states, the user must make a payment. + +@item +in FINISHED-states, the operation has definitively concluded. +@end itemize +@end quotation + +@node Backup Reducer,Recovery Reducer,States,Reducer API +@anchor{reducer backup-reducer}@anchor{5d} +@subsection Backup Reducer + +@anchor{reducer state}@anchor{5a}@anchor{reducer action}@anchor{5b} + +@float Figure + +@image{anastasis-figures/anastasis_reducer_backup,,,fig-anastasis_reducer_backup,png} + +@caption{Backup states and their transitions.} + +@end float + + +The illustration above shows the different states the reducer can have during a backup +process. + +@node Recovery Reducer,Reducer transitions,Backup Reducer,Reducer API +@anchor{reducer recovery-reducer}@anchor{5e} +@subsection Recovery Reducer + + + +@float Figure + +@image{anastasis-figures/anastasis_reducer_recovery,,,fig-anastasis_reducer_recovery,png} + +@caption{Recovery states and their transitions.} + +@end float + + +The illustration above shows the different states the reducer can have during a recovery +process. + +@node Reducer transitions,,Recovery Reducer,Reducer API +@anchor{reducer reducer-transitions}@anchor{5f} +@subsection Reducer transitions + + +In the following, the individual transitions will be specified in more detail. +Note that we only show fields added by the reducer, typically the previous +state is preserved to enable “back” transitions to function smoothly. + +@menu +* Initial state:: +* Common transitions:: +* Backup transitions:: +* Recovery transitions:: + +@end menu + +@node Initial state,Common transitions,,Reducer transitions +@anchor{reducer initial-state}@anchor{60} +@subsubsection Initial state + + +The initial states for backup and recovery processes are: + +@strong{Initial backup state:} + +@example +@{ + "backup_state": "CONTINENT_SELECTING", + "continents": [ + "Europe", + "North America" + ] +@} +@end example + +@strong{Initial recovery state:} + +@example +@{ + "recovery_state": "CONTINENT_SELECTING", + "continents": [ + "Europe", + "North America" + ] +@} +@end example + +Here, “continents” is an array of English strings with the names of the +continents which contain countries for which Anastasis could function (based +on having providers that are known to operate and rules being provided for +user attributes from those countries). + +For internationalization, another field @code{continents_i18n} may be present. +This field would be a map of language names to arrays of translated +continent names: + +@example +@{ + "recovery_state": "CONTINENT_SELECTING", + "continents": [ + "Europe", + "North America" + ] + "continents_i18n": + @{ + "de_DE" : [ + "Europa", + "Nordamerika" + ], + "de_CH" : [ + "Europa", + "Nordamerika" + ] + @} +@} +@end example + +Translations must be given in the same order as the main English array. + +@node Common transitions,Backup transitions,Initial state,Reducer transitions +@anchor{reducer common-transitions}@anchor{61} +@subsubsection Common transitions + + +@strong{select_continent:} + +Here the user specifies the continent they live on. Arguments (example): + +@example +@{ + "continent": "Europe" +@} +@end example + +The continent must be given using the English name from the @code{continents} array. +Using a translated continent name is invalid and may result in failure. + +The reducer returns an updated state with a list of countries to choose from, +for example: + +@example +@{ + "backup_state": "COUNTRY_SELECTING", + "selected_continent": "Europe", + "countries": [ + @{ + "code": "ch", + "name": "Switzerland", + "continent": "Europe", + "name_i18n": @{ + "de_DE": "Schweiz", + "de_CH": "Schwiiz", + "fr": "Suisse", + "en": "Swiss" + @}, + "currency": "CHF" + @}, + @{ + "code": "de", + "name": "Germany", + "continent": "Europe", + "continent_i18n": @{ + "de": "Europa" + @}, + "name_i18n": @{ + "de_DE": "Deutschland", + "de_CH": "Deutschland", + "fr": "Allemagne", + "en": "Germany" + @}, + "currency": "EUR" + @} + ] +@} +@end example + +Here @code{countries} is an array of countries on the @code{selected_continent}. For +each country, the @code{code} is the ISO 3166-1 alpha-2 country code. The +@code{continent} is only present because some countries span continents, the +information is redundant and will always match @code{selected_continent}. The +@code{name} is the name of the country in English, internationalizations of the +name may be provided in @code{name_i18n}. The @code{currency} is @strong{an} official +currency of the country, if a country has multiple currencies, it may appear +multiple times in the list. In this case, the user should select the entry +with the currency they intend to pay with. It is also possible for users +to select a currency that does not match their country, but user interfaces +should by default try to use currencies that match the user’s residence. + +@strong{select_country:} + +Selects the country (via the country code) and specifies the currency. +The latter is needed as some countries have more than one currency, +and some use-cases may also involve users insisting on paying with +foreign currency. + +Arguments (example): + +@example +@{ + "country_code": "de", + "currency": "EUR" +@} +@end example + +The @code{country_code} must be an ISO 3166-1 alpha-2 country code from +the array of @code{countries} of the reducer’s state. The @code{currency} +field must be a valid currency accepted by the Taler payment system. + +The reducer returns a new state with the list of attributes the +user is expected to provide, as well as possible authentication +providers that accept payments in the selected currency: + +@example +@{ + "backup_state": "USER_ATTRIBUTES_COLLECTING", + "selected_country": "de", + "currency": "EUR", + "required_attributes": [ + @{ + "type": "string", + "name": "full_name", + "label": "Full name", + "label_i18n": @{ + "de_DE": "Vollstaendiger Name", + "de_CH": "Vollstaendiger. Name", + "fr": "Nom complet", + "en": "Full name" + @}, + "widget": "anastasis_gtk_ia_full_name", + "uuid" : "9e8f463f-575f-42cb-85f3-759559997331" + @}, + @{ + "type": "date", + "name": "birthdate", + "label": "Birthdate", + "label_i18n": @{ + "de_DE": "Geburtsdatum", + "de_CH": "Geburtsdatum", + "fr": "Date de naissance", + "en": "Birthdate" + @}, + "uuid" : "83d655c7-bdb6-484d-904e-80c1058c8854" + "widget": "anastasis_gtk_ia_birthdate" + @}, + @{ + "type": "string", + "name": "tax_number", + "label": "Taxpayer identification number", + "label_i18n":@{ + "de_DE": "Steuerliche Identifikationsnummer", + "de_CH": "Steuerliche Identifikationsnummer", + "en": "German taxpayer identification number" + @}, + "widget": "anastasis_gtk_ia_tax_de", + "uuid": "dae48f85-e3ff-47a4-a4a3-ed981ed8c3c6", + "validation-regex": "^[0-9]@{11@}$", + "validation-logic": "DE_TIN_check" + @}, + @{ + "type": "string", + "name": "social_security_number", + "label": "Social security number", + "label_i18n": @{ + "de_DE": "Sozialversicherungsnummer", + "de_CH": "Sozialversicherungsnummer", + "fr": "Numéro de sécurité sociale", + "en": "Social security number" + @}, + "widget": "anastasis_gtk_ia_ssn", + "validation-regex": "^[0-9]@{8@}[[:upper:]][0-9]@{3@}$", + "validation-logic": "DE_SVN_check" + "optional" : true + @} + ], + "authentication_providers": @{ + "http://localhost:8089/": @{ + "http_status": 200, + "methods": [ + @{ "type" : "question", + "usage_fee" : "EUR:0.0" @}, + @{ "type" : "sms", + "usage_fee" : "EUR:0.5" @} + ], + "annual_fee": "EUR:4.99", + "truth_upload_fee": "EUR:4.99", + "liability_limit": "EUR:1", + "currency": "EUR", + "truth_lifetime": @{ "d_ms" : 50000000 @}, + "storage_limit_in_megabytes": 1, + "provider_name": "Anastasis 4", + "salt": "CXAPCKSH9D3MYJTS9536RHJHCW" + @}, + "http://localhost:8088/": @{ + "http_status": 200, + "methods": [ + @{ "type" : "question", + "usage_fee" : "EUR:0.01" @}, + @{ "type" : "sms", + "usage_fee" : "EUR:0.55" @} + ], + "annual_fee": "EUR:0.99", + "truth_upload_fee": "EUR:3.99", + "liability_limit": "EUR:1", + "currency": "EUR", + "truth_lifetime": @{ "d_ms" : 50000000 @}, + "storage_limit_in_megabytes": 1, + "provider_name": "Anastasis 4", + "salt": "CXAPCKSH9D3MYJTS9536RHJHCW" + @} + @} +@} +@end example + +The array of @code{required_attributes} contains attributes about the user +that must be provided includes: + +@quotation + + +@itemize - + +@item +@strong{type}: The type of the attribute, for now only @code{string} and @code{date} are +supported. + +@item +@strong{name}: The name of the attribute, this is the key under which the +attribute value must be provided later. The name must be unique per response. + +@item +@strong{label}: A human-readable description of the attribute in English. +Translated descriptions may be provided under @strong{label_i18n}. + +@item +@strong{uuid}: A UUID that uniquely identifies identical attributes across +different countries. Useful to preserve values should the user enter +some attributes, and then switch to another country. Note that +attributes must not be preserved if they merely have the same @strong{name}, +only the @strong{uuid} will be identical if the semantics is identical. + +@item +@strong{widget}: An optional name of a widget that is known to nicely render +the attribute entry in user interfaces where named widgets are +supported. + +@item +@strong{validation-regex}: An optional extended POSIX regular expression +that is to be used to validate (string) inputs to ensure they are +well-formed. + +@item +@strong{validation-logic}: Optional name of a function that should be called +to validate the input. If the function is not known to the particular +client, the respective validation can be skipped (at the expense of +typos by users not being detected, possibly rendering secrets +irrecoverable). + +@item +@strong{optional}: Optional boolean field that, if @code{true}, indicates that +this attribute is not actually required but optional and users MAY leave +it blank in case they do not have the requested information. Used for +common fields that apply to some large part of the population but are +not sufficiently universal to be actually required. +@end itemize +@end quotation + +The authentication providers are listed under a key that is the +base URL of the service. For each provider, the following +information is provided if the provider was successfully contacted: + +@quotation + + +@itemize - + +@item +@strong{http_status}: HTTP status code, always @code{200} on success. + +@item +@strong{methods}: Array of authentication methods supported by this +provider. Includes the @strong{type} of the authentication method +and the @strong{usage_fee} (how much the user must pay for authorization +using this method during recovery). + +@item +@strong{annual_fee}: Fee the provider charges to store the recovery +policy for one year. + +@item +@strong{truth_upload_fee}: Fee the provider charges to store a key share. + +@item +@strong{liability_limit}: Amount the provider can be held liable for in +case a key share or recovery document cannot be recovered due to +provider failures. + +@item +@strong{currency}: Currency in which the provider wants to be paid, +will match all of the fees. + +@item +@strong{storage_limit_in_megabytes}: Maximum size of an upload (for +both recovery document and truth data) in megabytes. + +@item +@strong{provider_name}: Human-readable name of the provider’s business. + +@item +@strong{salt}: Salt value used by the provider, used to derive the +user’s identity at this provider. Should be unique per provider, +and must never change for a given provider. The salt is +base32 encoded. +@end itemize +@end quotation + +If contacting the provider failed, the information returned is: + +@quotation + + +@itemize - + +@item +@strong{http_status}: HTTP status code (if available, possibly 0 if +we did not even obtain an HTTP response). + +@item +@strong{error_code}: Taler error code, never 0. +@end itemize +@end quotation + +@strong{add_provider}: + +This operation can be performed in state @code{USER_ATTRIBUTES_COLLECTING}. It +adds one or more Anastasis providers to the list of providers the reducer +should henceforth consider. Note that removing providers is not possible at +this time. + +Here, the client must provide an array with the base URLs of the +providers to add, for example: + +@example +@{ + "urls": [ + "http://localhost:8888/", + "http://localhost:8089/" + ] +@} +@end example + +Note that existing providers will remain in the state. The following is an +example for an expected new state where the service on port 8089 is +unreachable, the service on port 8088 was previously known, and service on +port 8888 was now added: + +@example +@{ + "backup_state": "USER_ATTRIBUTES_COLLECTING", + "authentication_providers": @{ + "http://localhost:8089/": @{ + "error_code": 11, + "http_status": 0 + @}, + "http://localhost:8088/": @{ + "http_status": 200, + "methods": [ + @{ "type" : "question", + "usage_fee" : "EUR:0.01" @}, + @{ "type" : "sms", + "usage_fee" : "EUR:0.55" @} + ], + "annual_fee": "EUR:0.99", + "truth_upload_fee": "EUR:3.99", + "liability_limit": "EUR:1", + "currency": "EUR", + "truth_lifetime": @{ "d_ms" : 50000000 @}, + "storage_limit_in_megabytes": 1, + "provider_name": "Anastasis 4", + "salt": "CXAPCKSH9D3MYJTS9536RHJHCW" + @} + "http://localhost:8888/": @{ + "methods": [ + @{ "type" : "question", + "usage_fee" : "EUR:0.01" @}, + @{ "type" : "sms", + "usage_fee" : "EUR:0.55" @} + ], + "annual_fee": "EUR:0.99", + "truth_upload_fee": "EUR:3.99", + "liability_limit": "EUR:1", + "currency": "EUR", + "truth_lifetime": @{ "d_ms" : 50000000 @}, + "storage_limit_in_megabytes": 1, + "provider_name": "Anastasis 42", + "salt": "BXAPCKSH9D3MYJTS9536RHJHCX" + @} + @} +@} +@end example + +@node Backup transitions,Recovery transitions,Common transitions,Reducer transitions +@anchor{reducer backup-transitions}@anchor{62} +@subsubsection Backup transitions + + +@strong{enter_user_attributes:} + +This transition provides the user’s personal attributes. The specific set of +attributes required depends on the country of residence of the user. Some +attributes may be optional, in which case they should be omitted entirely +(that is, not simply be set to @code{null} or an empty string). Example +arguments would be: + +@example +@{ + "identity_attributes": @{ + "full_name": "Max Musterman", + "social_security_number": "123456789", + "birthdate": "2000-01-01", + "birthplace": "Earth" + @} +@} +@end example + +Note that at this stage, the state machines between backup and +recovery diverge and the @code{recovery_state} will begin to look +very different from the @code{backup_state}. + +For backups, if all required attributes are present, the reducer will +transition to an @code{AUTHENTICATIONS_EDITING} state with the attributes added +to it: + +@example +@{ + "backup_state": "AUTHENTICATIONS_EDITING", + "identity_attributes": @{ + "full_name": "Max Musterman", + "social_security_number": "123456789", + "birthdate": "2000-01-01", + "birthplace": "Earth" + @} +@} +@end example + +If required attributes are missing, do not match the required regular +expression, or fail the custom validation logic, the reducer SHOULD transition +to an error state indicating what was wrong about the input. A reducer that +does not support some specific validation logic MAY accept the invalid input +and proceed anyway. The error state will include a Taler error code that +is specific to the failure, and optional details. Example: + +@example +@{ + "backup_state": "ERROR", + "code": 8404, + "hint": "An input did not match the regular expression.", + "detail": "social_security_number" +@} +@end example + +Clients may safely repeat this transition to validate the user’s inputs +until they satisfy all of the constraints. This way, the user interface +does not have to perform the input validation directly. + +@strong{add_authentication}: + +This transition adds an authentication method. The method must be supported +by one or more providers that are included in the current state. Adding an +authentication method requires specifying the @code{type} and @code{instructions} to +be given to the user. The @code{challenge} is encrypted and stored at the +Anastasis provider. The specific semantics of the value depend on the +@code{type}. Typical challenges values are a phone number (to send an SMS to), +an e-mail address (to send a PIN code to) or the answer to a security +question. Note that these challenge values will still be encrypted (and +possibly hashed) before being given to the Anastasis providers. + +Note that the @code{challenge} must be given in Crockford Base32 encoding, as it +MAY include binary data (such as a photograph of the user). In the latter +case, the optional @code{mime_type} field must be provided to give the MIME type +of the value encoded in @code{challenge}. + +@example +@{ + "authentication_method": + @{ + "type": "question", + "mime_type" : "text/plain", + "instructions" : "What is your favorite GNU package?", + "challenge" : "E1QPPS8A", + @} +@} +@end example + +If the information provided is valid, the reducer will add the new +authentication method to the array of authentication methods: + +@example +@{ + "backup_state": "AUTHENTICATIONS_EDITING", + "authentication_methods": [ + @{ + "type": "question", + "mime_type" : "text/plain", + "instructions" : "What is your favorite GNU package?", + "challenge" : "E1QPPS8A", + @}, + @{ + "type": "email", + "instructions" : "E-mail to user@@*le.com", + "challenge": "ENSPAWJ0CNW62VBGDHJJWRVFDM50" + @} + ] +@} +@end example + +@strong{delete_authentication}: + +This transition can be used to remove an authentication method from the +array of authentication methods. It simply requires the index of the +authentication method to remove. Note that the array is 0-indexed: + +@example +@{ + "authentication_method": 1 +@} +@end example + +Assuming we begin with the state from the example above, this would +remove the @code{email} authentication method, resulting in the following +response: + +@example +@{ + "backup_state": "AUTHENTICATIONS_EDITING", + "authentication_methods": [ + @{ + "type": "question", + "mime_type" : "text/plain", + "instructions" : "What is your favorite GNU package?", + "challenge" : "gdb", + @} + ] +@} +@end example + +If the index is invalid, the reducer will instead +transition into an @code{ERROR} state. + +@strong{next} (from @code{AUTHENTICATIONS_EDITING}): + +This transition confirms that the user has finished adding (or removing) +authentication methods, and that the system should now automatically compute +a set of reasonable recovery policies. + +This transition does not take any mandatory arguments. Optional arguments can +be provided to upload the recovery document only to a specific subset of the +providers: + +@example +@{ + "providers": [ + "http://localhost:8088/", + "http://localhost:8089/" + ] +@} +@end example + +The resulting state provides the suggested recovery policies in a way suitable +for presentation to the user: + +@example +@{ + "backup_state": "POLICIES_REVIEWING", + "policy_providers" : [ + @{ "provider_url" : "http://localhost:8088/" @}, + @{ "provider_url" : "http://localhost:8089/" @} + ], + "policies": [ + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8088/" + @}, + @{ + "authentication_method": 1, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8087/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8088/" + @}, + @{ + "authentication_method": 1, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 3, + "provider": "http://localhost:8089/" + @} + ] + @} + ] +@} +@end example + +For each recovery policy, the state includes the specific details of which +authentication @code{methods} must be solved to recovery the secret using this +policy. The @code{methods} array specifies the index of the +@code{authentication_method} in the @code{authentication_methods} array, as well as +the provider that was selected to supervise this authentication. + +If no authentication method was provided, the reducer will transition into an +@code{ERROR} state instead of suggesting policies. + +@strong{add_policy}: + +Using this transition, the user can add an additional recovery policy to the +state. The argument format is the same that is used in the existing state. +An example for a possible argument would thus be: + +@example +@{ + "policy": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @}, + @{ + "authentication_method": 3, + "provider": "http://localhost:8089/" + @} + ] +@} +@end example + +Note that the specified providers must already be in the +@code{authentication_providers} of the state. You cannot add new providers at +this stage. The reducer will simply attempt to append the suggested policy to +the “policies” array, returning an updated state: + +@example +@{ + "backup_state": "POLICIES_REVIEWING", + "policies": [ + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @}, + @{ + "authentication_method": 3, + "provider": "http://localhost:8089/" + @} + ] + @} + ] +@} +@end example + +If the new policy is invalid, for example because it adds an unknown +authentication method, or the selected provider does not support the type of +authentication, the reducer will transition into an @code{ERROR} state instead of +adding the new policy. + +@strong{update_policy}: + +Using this transition, the user can modify an existing recovery policy +in the state. +The argument format is the same that is used in @strong{add_policy}, +except there is an additional key @code{policy_index} which +identifies the policy to modify. +An example for a possible argument would thus be: + +@example +@{ + "policy_index" : 1, + "policy": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @}, + @{ + "authentication_method": 3, + "provider": "http://localhost:8089/" + @} + ] +@} +@end example + +If the new policy is invalid, for example because it adds an unknown +authentication method, or the selected provider does not support the type of +authentication, the reducer will transition into an @code{ERROR} state instead of +modifying the policy. + +@strong{delete_policy:} + +This transition allows the deletion of a recovery policy. The argument +simply specifies the index of the policy to delete, for example: + +@example +@{ + "policy_index": 3 +@} +@end example + +Given as input the state from the example above, the expected new state would +be: + +@example +@{ + "backup_state": "POLICIES_REVIEWING", + "policies": [ + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8088/" + @} + ] + @} + ] +@} +@end example + +If the index given is invalid, the reducer will transition into an @code{ERROR} state +instead of deleting a policy. + +@strong{delete_challenge:} + +This transition allows the deletion of an individual +challenge from a recovery policy. The argument +simply specifies the index of the policy and challenge +to delete, for example: + +@example +@{ + "policy_index": 1, + "challenge_index" : 1 +@} +@end example + +Given as input the state from the example above, the expected new state would +be: + +@example +@{ + "backup_state": "POLICIES_REVIEWING", + "policies": [ + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 1, + "provider": "http://localhost:8088/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 0, + "provider": "http://localhost:8089/" + @} + ] + @}, + @{ + "methods": [ + @{ + "authentication_method": 1, + "provider": "http://localhost:8089/" + @}, + @{ + "authentication_method": 2, + "provider": "http://localhost:8088/" + @} + ] + @} + ] +@} +@end example + +If the index given is invalid, the reducer will transition into an @code{ERROR} state +instead of deleting a challenge. + +@strong{next} (from @code{POLICIES_REVIEWING}): + +Using this transition, the user confirms that the policies in the current +state are acceptable. The transition does not take any arguments. + +The reducer will simply transition to the @code{SECRET_EDITING} state: + +@example +@{ + "backup_state": "SECRET_EDITING", + "upload_fees" : [ "KUDOS:42" ], + "expiration" : @{ "t_ms" : 1245362362 @} +@} +@end example + +Here, @code{upload_fees} is an array of applicable upload fees for the +given policy expiration time. This is an array because fees could +be in different currencies. The final cost may be lower if the +user already paid for some of the time. + +If the array of @code{policies} is currently empty, the reducer will transition +into an @code{ERROR} state instead of allowing the user to continue. + +@strong{enter_secret:} + +This transition provides the reducer with the actual core @code{secret} of the user +that Anastasis is supposed to backup (and possibly recover). The argument is +simply the Crockford-Base32 encoded @code{value} together with its @code{mime} type, or a @code{text} field with a human-readable secret text. +For example: + +@example +@{ + "secret": @{ + "value": "EDJP6WK5EG50", + "mime" : "text/plain" + @}, + "expiration" : @{ "t_ms" : 1245362362 @} +@} +@end example + +If the application is unaware of the format, it set the @code{mime} field to @code{null}. +The @code{expiration} field is optional. + +The reducer remains in the @code{SECRET_EDITING} state, but now the secret and +updated expiration time are part of the state and the cost calculations will +be updated. + +@example +@{ + "backup_state": "SECRET_EDITING", + "core_secret" : @{ + "value": "EDJP6WK5EG50", + "mime" : "text/plain" + @}, + "expiration" : @{ "t_ms" : 1245362362 @}, + "upload_fees" : [ "KUDOS:42" ] +@} +@end example + +@strong{clear_secret:} + +This transition removes the core secret from the state. It is simply a +convenience function to undo @code{enter_secret} without providing a new value +immediately. The transition takes no arguments. The resuting state will no +longer have the @code{core_secret} field, and be otherwise unchanged. Calling +@strong{clear_secret} on a state without a @code{core_secret} will result in an error. + +@strong{enter_secret_name:} + +This transition provides the reducer with a name for the core @code{secret} of the user. This name will be given to the user as a hint when seleting a recovery policy document during recovery, prior to satisfying any of the challenges. The argument simply contains the name for the secret. +Applications that have built-in support for Anastasis MUST prefix the +secret name with an underscore and an application-specific identifier +registered in GANA so that they can use recognize their own backups. +An example argument would be: + +@example +@{ + "name": "_TALERWALLET_MyPinePhone", +@} +@end example + +Here, @code{MyPinePhone} might be chosen by the user to identify the +device that was being backed up. + +The reducer remains in the @code{SECRET_EDITING} state, but now the +secret name is updated: + +@example +@{ + "secret_name" : "_TALERWALLET_MyPinePhone" +@} +@end example + +@strong{update_expiration:} + +This transition asks the reducer to change the desired expiration time +and to update the associated cost. For example: + +@example +@{ + "expiration" : @{ "t_ms" : 1245362362 @} +@} +@end example + +The reducer remains in the @code{SECRET_EDITING} state, but the +expiration time and cost calculation will be updated. + +@example +@{ + "backup_state": "SECRET_EDITING", + "expiration" : @{ "t_ms" : 1245362362 @}, + "upload_fees" : [ @{ "fee": "KUDOS:43" @} ] +@} +@end example + +@strong{next} (from @code{SECRET_EDITING}): + +Using this transition, the user confirms that the secret and expiration +settings in the current state are acceptable. The transition does not take any +arguments. + +If the secret is currently empty, the reducer will transition into an +@code{ERROR} state instead of allowing the user to continue. + +After adding a secret, the reducer may transition into different states +depending on whether payment(s) are necessary. If payments are needed, the +@code{secret} will be stored in the state under @code{core_secret}. Applications +should be careful when persisting the resulting state, as the @code{core_secret} +is not protected in the @code{PAYING} states. The @code{PAYING} states only differ +in terms of what the payments are for (key shares or the recovery document), +in all cases the state simply includes an array of Taler URIs that refer to +payments that need to be made with the Taler wallet. + +If all payments are complete, the reducer will transition into the +@code{BACKUP_FINISHED} state and (if applicable) delete the @code{core_secret} as an +additional safety measure. + +Example results are thus: + +@example +@{ + "backup_state": "TRUTHS_PAYING", + "secret_name" : "$NAME", + "core_secret" : @{ "$anything":"$anything" @}, + "payments": [ + "taler://pay/...", + "taler://pay/..." + ] +@} +@end example + +@example +@{ + "backup_state": "POLICIES_PAYING", + "secret_name" : "$NAME", + "core_secret" : @{ "$anything":"$anything" @}, + "payments": [ + "taler://pay/...", + "taler://pay/..." + ] +@} +@end example + +@example +@{ + "backup_state": "BACKUP_FINISHED", +@} +@end example + +@strong{pay:} + +This transition suggests to the reducer that a payment may have been made or +is immanent, and that the reducer should check with the Anastasis service +provider to see if the operation is now possible. The operation takes one +optional argument, which is a @code{timeout} value that specifies how long the +reducer may wait (in long polling) for the payment to complete: + +@example +@{ + "timeout": @{ "d_ms" : 5000 @}, +@} +@end example + +The specified timeout is passed on to the Anastasis service provider(s), which +will wait this long before giving up. If no timeout is given, the check is +done as quickly as possible without additional delays. The reducer will continue +to either an updated state with the remaining payment requests, to the +@code{BACKUP_FINISHED} state (if all payments have been completed and the backup +finished), or into an @code{ERROR} state in case there was an irrecoverable error, +indicating the specific provider and how it failed. An example for this +final error state would be: + +@example +@{ + "backup_state": "ERROR", + "http_status" : 500, + "upload_status" : 52, + "provider_url" : "https://bad.example.com/", +@} +@end example + +Here, the fields have the following meaning: + +@quotation + + +@itemize - + +@item +@strong{http_status} is the HTTP status returned by the Anastasis provider. + +@item +@strong{upload_status} is the Taler error code return by the provider. + +@item +@strong{provider_url} is the base URL of the failing provider. +@end itemize +@end quotation + +In the above example, 52 would thus imply that the Anastasis provider failed to +store information into its database. + +@node Recovery transitions,,Backup transitions,Reducer transitions +@anchor{reducer recovery-transitions}@anchor{63} +@subsubsection Recovery transitions + + +@strong{enter_user_attributes:} + +This transition provides the user’s personal attributes. The specific set of +attributes required depends on the country of residence of the user. Some +attributes may be optional, in which case they should be omitted entirely +(that is, not simply be set to @code{null} or an empty string). The +arguments are identical to the @strong{enter_user_attributes} transition from +the backup process. Example arguments would thus be: + +@example +@{ + "identity_attributes": @{ + "full_name": "Max Musterman", + "social_security_number": "123456789", + "birthdate": "2000-01-01", + "birthplace": "Earth" + @} +@} +@end example + +However, in contrast to the backup process, the reducer will attempt to +retrieve the latest recovery document from all known providers for the +selected currency given the above inputs. If a recovery document was found +by any provider, the reducer will attempt to load it and transition to +a state where the user can choose which challenges to satisfy: + +@example +@{ + "recovery_state": "CHALLENGE_SELECTING", + "recovery_information": @{ + "challenges": [ + @{ + "uuid": "MW2R3RCBZPHNC78AW8AKWRCHF9KV3Y82EN62T831ZP54S3K5599G", + "cost": "TESTKUDOS:0", + "type": "question", + "instructions": "q1" + @}, + @{ + "uuid": "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0", + "cost": "TESTKUDOS:0", + "type": "email", + "instructions": "e-mail address m?il@@f*.bar" + @}, + ], + "policies": [ + [ + @{ + "uuid": "MW2R3RCBZPHNC78AW8AKWRCHF9KV3Y82EN62T831ZP54S3K5599G" + @}, + @{ + "uuid": "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0" + @}, + ], + ], + "provider_url": "http://localhost:8088/", + "version": 1, + @}, + "recovery_document": @{ + "...": "..." + @} +@} +@end example + +The @code{recovery_document} is an internal representation of the recovery +information and of no concern to the user interface. The pertinent information +is in the @code{recovery_information}. Here, the @code{challenges} array is a list +of possible challenges the user could attempt to solve next, while @code{policies} +is an array of policies, with each policy being an array of challenges. +Satisfying all of the challenges of one of the policies will enable the secret +to be recovered. The @code{provider_url} from where the recovery document was +obtained and its @code{version} are also provided. Each challenge comes with +four mandatory fields: + +@quotation + + +@itemize - + +@item +@strong{uuid}: A unique identifier of the challenge; this is what the +UUIDs in the policies array refer to, but also this UUID may be +included in messages sent to the user. They allow the user to +distinguish different PIN/TANs should say the same phone number be +used for SMS-authentication with different providers. + +@item +@strong{cost}: This is the amount the Anastasis provider will charge +to allow the user to pass the challenge. + +@item +@strong{type}: This is the type of the challenge, as a string. + +@item +@strong{instructions}: Contains additional important hints for the user +to allow the user to satisfy the challenge. It typically includes +an abbreviated form of the contact information or the security +question. Details depend on @code{type}. +@end itemize +@end quotation + +If a recovery document was not found, either the user never performed +a backup, entered incorrect attributes, or used a provider not yet in +the list of Anastasis providers. Hence, the user must now either +select a different provider, or go @code{back} and update the identity +attributes. In the case a recovery document was not found, the +transition fails, returning the error code and a human-readable error +message together with a transition failure: + +@example +@{ + "recovery_state": "ERROR", + "error_message": "account unknown to Anastasis server", + "error_code": 9, +@} +@end example + +Here, the @code{error_code} is from the @code{enum ANASTASIS_RecoveryStatus} +and describes precisely what failed about the download, while the +@code{error_message} is a human-readable (English) explanation of the code. +Applications may want to translate the message using GNU gettext; +translations should be available in the @code{anastasis} text domain. +However, in general it should be sufficient to display the slightly +more generic Taler error code that is returned with the new state. + +@strong{change_version:} + +Even if a recovery document was found, it is possible that the user +intended to recover a different version, or recover a backup where +the recovery document is stored at a different provider. Thus, the +reducer allows the user to explicitly switch to a different provider +or recovery document version using the @code{change_version} transition, +which takes a provider URL and policy version as arguments: + +@example +@{ + "provider_url": "https://localhost:8080/", + "version": 2 +@} +@end example + +Note that using a version of 0 implies fetching “the latest version”. The +resulting states are the same as those of the @code{enter_user_attributes} +transition, except that the recovery document version is not necessarily the +latest available version at the provider. + +@strong{select_challenge:} + +Selecting a challenge takes different, depending |
