diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/anastasis-httpd.config | 14 | ||||
-rw-r--r-- | debian/anastasis-httpd.install | 9 | ||||
-rw-r--r-- | debian/anastasis-httpd.postinst | 38 | ||||
-rw-r--r-- | debian/anastasis-httpd.postrm | 11 | ||||
-rw-r--r-- | debian/anastasis-httpd.preinst | 29 | ||||
-rw-r--r-- | debian/anastasis-httpd.prerm | 11 | ||||
-rw-r--r-- | debian/anastasis-httpd.service | 2 | ||||
-rw-r--r-- | debian/changelog | 60 | ||||
-rw-r--r-- | debian/control | 57 | ||||
-rwxr-xr-x | debian/db/install/pgsql | 38 | ||||
-rw-r--r-- | debian/etc/anastasis/anastasis.conf | 4 | ||||
-rw-r--r-- | debian/etc/anastasis/secrets/anastasis-db.secret.conf | 2 | ||||
-rwxr-xr-x | debian/rules | 8 |
13 files changed, 147 insertions, 136 deletions
diff --git a/debian/anastasis-httpd.config b/debian/anastasis-httpd.config index 97f57bc..97d5101 100644 --- a/debian/anastasis-httpd.config +++ b/debian/anastasis-httpd.config @@ -6,17 +6,3 @@ set -e _USERNAME=anastasis-httpd _GROUPNAME=www-data - -# For now, we only support postgres -dbc_dbtypes=pgsql -dbc_dbuser=${_USERNAME} - -dbc_authmethod_user=ident -dbc_authmethod_admin=ident - -if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/config.pgsql - dbc_go anastasis-httpd "$@" -fi - -db_stop diff --git a/debian/anastasis-httpd.install b/debian/anastasis-httpd.install index 652caa0..6594f28 100644 --- a/debian/anastasis-httpd.install +++ b/debian/anastasis-httpd.install @@ -3,7 +3,9 @@ usr/lib/*/anastasis/ usr/lib/*/libanastasisauthorization.* usr/lib/*/libanastasisdb.* usr/lib/*/libanastasiseufin.so.* -usr/share/man/man5/* +usr/share/man/man5/anastasis.conf.5 +usr/share/man/man1/anastasis-dbconfig.1 +usr/share/man/man1/anastasis-dbinit.1 usr/share/man/man1/anastasis-httpd.1 usr/share/man/man1/anastasis-helper-authorization-iban.1 usr/share/man/man1/anastasis-config.1 @@ -11,4 +13,7 @@ usr/share/anastasis/* usr/share/anastasis/sql/* usr/share/anastasis/config.d/* debian/etc/* /etc/ -debian/db/install/* usr/share/dbconfig-common/scripts/anastasis/install/ +# Terms of service / privacy policy templates +usr/share/anastasis/terms/*.rst +# Translations of ToS/PP +usr/share/locale/*/LC_MESSAGES/*.po diff --git a/debian/anastasis-httpd.postinst b/debian/anastasis-httpd.postinst index 994b06b..1dd41f4 100644 --- a/debian/anastasis-httpd.postinst +++ b/debian/anastasis-httpd.postinst @@ -2,37 +2,43 @@ set -e -TALER_HOME="/var/lib/taler/" +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi +if [ "$1" = "remove" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper mask 'anastasis-httpd.service' >/dev/null || true + fi +fi + +if [ "$1" = "purge" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge 'anastasis-httpd.service' >/dev/null || true + deb-systemd-helper unmask 'anastasis-httpd.service' >/dev/null || true + fi +fi + +ANASTASIS_HOME="/var/lib/anastasis/" _USERNAME=anastasis-httpd _GROUPNAME=www-data -# Set permissions for sqlite3 file -# (for when we support sqlite3 in the future) -dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" -dbc_dbfile_perms="0600" - . /usr/share/debconf/confmodule case "${1}" in configure) # Creating taler users if needed - if ! getent passwd ${_USERNAME} >/dev/null; then - adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME} + if ! getent passwd ${_USERNAME} >/dev/null + then + adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${ANASTASIS_HOME} ${_USERNAME} fi - if ! dpkg-statoverride --list /etc/anastasis/secrets/anastasis-db.secret.conf >/dev/null 2>&1; then + if ! dpkg-statoverride --list /etc/anastasis/secrets/anastasis-db.secret.conf >/dev/null 2>&1 + then dpkg-statoverride --add --update \ anastasis-httpd root 460 \ /etc/anastasis/secrets/anastasis-db.secret.conf fi - # Setup postgres database (needs dbconfig-pgsql package) - if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postinst.pgsql - dbc_pgsql_createdb_encoding="UTF8" - dbc_go anastasis-httpd "$@" - fi - ;; abort-upgrade | abort-remove | abort-deconfigure) ;; diff --git a/debian/anastasis-httpd.postrm b/debian/anastasis-httpd.postrm index 9954a33..ee84d38 100644 --- a/debian/anastasis-httpd.postrm +++ b/debian/anastasis-httpd.postrm @@ -2,18 +2,19 @@ set -e +_USERNAME=anastasis-httpd + if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi -if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postrm.pgsql - dbc_go anastasis-httpd "$@" -fi - case "${1}" in purge) rm -rf /var/lib/anastasis/httpd/ + rm -f /etc/anastasis/override.conf + deluser --system --quiet ${_USERNAME} || true + dpkg-statoverride --remove \ + /etc/anastasis/secrets/anastasis-db.secret.conf || true ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; diff --git a/debian/anastasis-httpd.preinst b/debian/anastasis-httpd.preinst deleted file mode 100644 index 2d6c261..0000000 --- a/debian/anastasis-httpd.preinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# We prevent a few questions from being asked -# upon installation by specifying defaults. Namely, -# we want the database to be accessed via Unix domain -# sockets and password-less. - -set -e - -# When purging this package after the selections in the preinst have been made, -# the debconf database is left in an inconsistent state and the package cannot -# be installed again. This happens because dbconf-common will create a -# template for these questions with a shared owner. Purging will only delete -# one of the two templates, leading to a DB state where debconf-set-selections -# fails. We work around this by manually fixing up the debconf database. -# -# Unfortunately we can't do this in "postrm", because during "postrm" -# the configuration database is locked (even after db_stop). -# -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487300 -if [ -x /usr/share/debconf/fix_db.pl ]; then - /usr/share/debconf/fix_db.pl || true -fi - -echo anastasis-httpd anastasis-httpd/pgsql/method select Unix socket | debconf-set-selections -echo anastasis-httpd anastasis-httpd/pgsql/authmethod-user select ident | debconf-set-selections -echo anastasis-httpd anastasis-httpd/pgsql/app-pass password | debconf-set-selections - -exit 0 diff --git a/debian/anastasis-httpd.prerm b/debian/anastasis-httpd.prerm index 24625c0..951f5ac 100644 --- a/debian/anastasis-httpd.prerm +++ b/debian/anastasis-httpd.prerm @@ -2,15 +2,8 @@ set -e -if [ -f /usr/share/debconf/confmodule ]; then - . /usr/share/debconf/confmodule +if [ -d /run/systemd/system ] && [ "$1" = remove ]; then + deb-systemd-invoke stop 'anastasis-httpd.service' >/dev/null || true fi -. /usr/share/dbconfig-common/dpkg/prerm -if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/prerm.pgsql - dbc_go anastasis-httpd "$@" -fi - -db_stop exit 0 diff --git a/debian/anastasis-httpd.service b/debian/anastasis-httpd.service index bd6919e..372e824 100644 --- a/debian/anastasis-httpd.service +++ b/debian/anastasis-httpd.service @@ -5,7 +5,7 @@ Description=Anastasis key recovery backend User=anastasis-httpd Type=simple Restart=on-failure -ExecStart=/usr/bin/anastasis-httpd -c /etc/anastasis/anastasis.conf +ExecStart=/usr/bin/anastasis-httpd -c /etc/anastasis/anastasis.conf -L INFO [Install] WantedBy=multi-user.target diff --git a/debian/changelog b/debian/changelog index d972a47..d3231da 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,63 @@ +anastasis (0.4.1) unstable; urgency=low + + * Actual v0.4.1 release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 10 Feb 2024 03:50:12 +0200 + +anastasis (0.4.0-2) unstable; urgency=low + + * Updates for packaging with GNU Taler v0.9.4. + + -- Christian Grothoff <grothoff@gnu.org> Sun, 21 Jan 2024 23:50:12 +0200 + +anastasis (0.4.0-1) unstable; urgency=low + + * Actual v0.4.0 release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 27 Sep 2023 03:50:12 +0200 + +anastasis (0.4.0) unstable; urgency=low + + * First work towards packaging v0.4.0. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Sep 2023 23:50:12 +0200 + +anastasis (0.3.2) unstable; urgency=low + + * Official Anastasis 0.3.2 release. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 21 Feb 2023 09:50:12 +0200 + +anastasis (0.3.1) unstable; urgency=low + + * Official Anastasis 0.3.1 release. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 17 Jan 2023 09:50:12 +0200 + +anastasis (0.3.0) unstable; urgency=low + + * Official Anastasis 0.3.0 release. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 26 Sep 2022 09:50:12 +0200 + +anastasis (0.2.99-2) unstable; urgency=low + + * Close to Anastasis 0.3.0, but testing package details. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 20 Jun 2022 14:02:10 +0100 + +anastasis (0.2.99-1) unstable; urgency=low + + * Close to Anastasis 0.3.0, but a preview release for UX testing. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 01 Feb 2022 14:02:10 +0100 + +anastasis (0.2.0) unstable; urgency=low + + * New upstream release. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 30 Sep 2021 14:02:10 +0100 + anastasis (0.1.0-5) unstable; urgency=low * Fix amount check for payments (upstream fix). diff --git a/debian/control b/debian/control index 0252c0d..e9e618e 100644 --- a/debian/control +++ b/debian/control @@ -8,19 +8,16 @@ Build-Depends: autopoint, debhelper-compat (= 12), gettext, - libgnunet-dev, - libtalerexchange-dev (>= 0.8.5), - libtalermerchant-dev (>= 0.8.4), - libpq-dev (>=9.5), + libgnunet-dev (>=0.21), + libtalerexchange-dev (>= 0.9.4), + libtalermerchant-dev (>= 0.9.4), + libpq-dev (>=14), libsqlite3-dev (>=3.8), pkg-config, po-debconf, libqrencode-dev, uuid-dev, zlib1g-dev -Build-Conflicts: - autoconf2.13, - automake1.4 Standards-Version: 4.5.0 Vcs-Git: https://salsa.debian.org/debian/anastasis.git Vcs-browser: https://salsa.debian.org/debian/anastasis @@ -35,44 +32,66 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: libraries to talk to an Anastasis provider. +Description: libraries to talk to a GNU Anastasis provider. + . + GNU Anastasis allows users to make backups of their + private key material to multiple providers while ensuring that + individual providers cannot learn the secret key material. + The libraries contained in this package implement the + client-side of the Anastasis backup and recovery protocol. Package: anastasis-httpd Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: - libtalerexchange (>= 0.8.5), + libtalerexchange (>= 0.9.4), libgnutls30 (>= 3.7.1), adduser, lsb-base, netbase, - apache2 | nginx | httpd, - postgresql, - dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}, ${shlibs:Depends} +Recommends: + apache2 | nginx | httpd, + postgresql (>=14.0) Description: GNU's key escrow provider. + . + GNU Anastasis allows users to make backups of their + private key material to multiple providers while ensuring that + individual providers cannot learn the secret key material. + This package contains the backend logic that must be run by + an Anastasis backup provider. Package: anastasis-cli Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: - libanastasis (>= 0.0.0), + libanastasis, ${misc:Depends}, ${shlibs:Depends} -Description: Command-line interface for the Anastasis key escrow provider service. +Description: Command-line interface for the GNU Anastasis key escrow provider service. + . + GNU Anastasis allows users to make backups of their + private key material to multiple providers while ensuring that + individual providers cannot learn the secret key material. + This package contains a command-line interface to the + Anastasis logic. Please note that we do not expect the CLI to + be useful to end-users. It may be useful for integration of + Anastasis into applications (and for testing). + If you are looking for a stand-alone Anastasis client, please + use anastasis-gtk. Package: libanastasis-dev Section: libdevel Architecture: any Depends: - libtalermerchant-dev (>= 0.8.3), - libtalerexchange-dev (>= 0.8.5), - libgnunet-dev (>=0.15.3), + libtalermerchant-dev (>= 0.9.4), + libtalerexchange-dev (>= 0.9.4), + libgnunet-dev (>=0.21), ${misc:Depends}, ${shlibs:Depends} -Description: libraries to talk to a GNU Anastasis provider (development) +Description: libraries to talk to a GNU Anastasis provider (development). . - This package contains the development files. + This package contains the development files for the libanastasis libraries. diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql deleted file mode 100755 index f695fed..0000000 --- a/debian/db/install/pgsql +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set -eu - -conf_anastasis_db=/etc/anastasis/secrets/anastasis-db.secret.conf -conf_override=/etc/anastasis/override.conf - -# Get database settings from dbconfig-common and write anastasis configuration files. -if [ -f /etc/dbconfig-common/anastasis-httpd.conf ]; then - . /etc/dbconfig-common/anastasis-httpd.conf - case "$dbc_dbtype" in - pgsql) - echo -e "# Config file auto-generated by Debian.\n[anastasis]\nDB=postgres\n\n" > \ - $conf_override - # We assume ident auth here. We might support password auth later. - echo -e "[stasis-postgres]\nCONFIG=postgres:///${dbc_dbname}\n\n" > \ - $conf_anastasis_db - - # Allow the taler-merchant-httpd user to create schemas, needed by dbinit - echo "GRANT CREATE on database \"$dbc_dbname\" to \"anastasis-httpd\";" | sudo -u postgres psql -f - - # Run database initialization logic - sudo -u anastasis-httpd anastasis-dbinit -c /etc/anastasis/anastasis.conf - ;; - sqlite3) - # Later: use something like: - # sqlite:///$DATA_DIR/anastasis.db - # But for now, sqlite is unsupported: - echo "Unsupported database type $dbc_type." - exit 1 - ;; - "") ;; - - *) - echo "Unsupported database type $dbc_type." - exit 1 - ;; - esac -fi diff --git a/debian/etc/anastasis/anastasis.conf b/debian/etc/anastasis/anastasis.conf index 9938438..9b85754 100644 --- a/debian/etc/anastasis/anastasis.conf +++ b/debian/etc/anastasis/anastasis.conf @@ -14,7 +14,7 @@ SERVE = unix # Name of your business #BUSINESS_NAME = "" -# Random server salt. Use output of 'uuidgen' +# Random server salt. Use output of 'uuidgen'. Make a backup of the value. #SERVER_SALT = "" # How high is the per key share insurance offered @@ -32,7 +32,7 @@ PAYMENT_BACKEND_URL = http://backend.demo.taler.net/instances/Tutorial/ [taler] -# Currency accepted by anastasis via GNU Taler payments. +# Currency accepted by GNU Anastasis via GNU Taler payments. CURRENCY = KUDOS [paths] diff --git a/debian/etc/anastasis/secrets/anastasis-db.secret.conf b/debian/etc/anastasis/secrets/anastasis-db.secret.conf index 8f9fb54..512366d 100644 --- a/debian/etc/anastasis/secrets/anastasis-db.secret.conf +++ b/debian/etc/anastasis/secrets/anastasis-db.secret.conf @@ -1,3 +1,3 @@ [stasis-postgres] #The connection string the plugin has to use for connecting to the database -CONFIG = postgres:///anastasis +# CONFIG = postgres:///anastasis diff --git a/debian/rules b/debian/rules index 0307145..3a1911d 100755 --- a/debian/rules +++ b/debian/rules @@ -7,6 +7,9 @@ include /usr/share/dpkg/architecture.mk %: dh ${@} +override_dh_builddeb: + dh_builddeb -- -Zgzip + override_dh_auto_configure-arch: dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure) @@ -30,6 +33,11 @@ override_dh_auto_install-indep: override_dh_auto_clean: dh_auto_clean +override_dh_installsystemd: + dh_installsystemd -panastasis-httpd --name=anastasis-httpd --no-start --no-enable + # final invocation to generate daemon reload + dh_installsystemd + override_dh_install: dh_install # Done manually for debhelper-compat<13 |