--- certmaster-0.24.orig/debian/rules +++ certmaster-0.24/debian/rules @@ -0,0 +1,109 @@ +#!/usr/bin/make -f +include /usr/share/quilt/quilt.make + +export DH_VERBOSE=0 +export DH_PYCENTRAL=include-links +PKG = certmaster + +PYVERS = $(shell pyversions -vr) +PACKAGE = $(shell dh_listpackages) +BORKED = docs/certmaster-request.1.gz.BORKED +PYINST = $(CURDIR)/debian/certmaster + +################################################################################ +#. Build +build: build-stamp +build-stamp: fix patch + dh_testdir + dh_prep + python$* setup.py build + touch $@ + +################################################################################ +#. Install +install: install-stamp + dh_install + dh_installdirs + dh_installdocs + dh_installexamples + #dh_installinit + dh_installman + dh_installchangelogs + install debian/upstream.changelog debian/$(PKG)/usr/share/doc/$(PKG)/changelog + dh_link + #. + dh_pycentral + dh_installdeb +install-stamp: build-stamp $(PYVERS:%=install-ext-%) + touch $@ +install-ext-%: + dh_testdir + dh_testroot + python$* setup.py install \ + --root=$(PYINST) \ + --install-scripts=/usr/share/certmaster + touch $@ + +################################################################################ +#. Binary (Executable) +binary: binary-indep +binary-indep: build install + dh_testdir + dh_testroot + #. + dh_compress + dh_shlibdeps + dh_gencontrol + dh_md5sums + #. + dh_fixperms + dh_builddeb + +################################################################################ +#. Fix & Unfix - These are changes that I would like upstream to implement, +#. while they don't, I'll fix it myself here... +.PHONY: unfix fix + +fix: scripts/certmasterd logrotate.d/certmaster + #. Cleaning after upstream... + test -f $(BORKED) || mv $(BORKED:.BORKED=) $(BORKED) + pod2man \ + --center="certmaster-request" \ + --release="" \ + docs/certmaster-request.pod \ + | gzip -c \ + > $(BORKED:.BORKED=) + pod2man \ + --center="certmasterd" \ + --release="" \ + docs/certmaster.pod \ + | gzip -c \ + > docs/certmasterd.1.gz +scripts/certmasterd: + mv scripts/certmaster $@ +logrotate.d/certmaster: + mkdir logrotate.d + mv etc/certmaster_rotate $@ + + + +unfix: scripts/certmaster etc/certmaster_rotate + #. Cleaning after upstream... + test ! -f $(BORKED) || mv $(BORKED) $(BORKED:.BORKED=) + test ! -f docs/certmasterd.1.gz || rm -f docs/certmasterd.1.gz +scripts/certmaster: + mv scripts/certmasterd $@ +etc/certmaster_rotate: + mv logrotate.d/certmaster $@ + rmdir logrotate.d + +################################################################################ +#. Clean +clean: $(PYVERS:%=clean-ext-%) unpatch unfix + dh_testdir + dh_clean build-stamp install-stamp $(PYVERS:%=install-ext-%) + test ! -d build || rm -rf build +clean-ext-%: + python$* setup.py clean + +.PHONY: build clean binary-indep binary-arch binary install --- certmaster-0.24.orig/debian/copyright +++ certmaster-0.24/debian/copyright @@ -0,0 +1,48 @@ +Certmaster +========== + + This package was authored and debianized by Nima Talebi on + Tue, 13 Jan 2009 22:52:44 +0900. + + It was downloaded from https://fedorahosted.org/certmaster/ + + Upstream Authors: + Michael DeHaan + Adrian Likins + Seth Vidal + + The Debian packaging is © 2009, Nima Talebi and is licensed + under the GPL, see `/usr/share/common-licenses/GPL-2'. + + GPLv2+ - The python-dmidecode packages is available under the terms of + the GNU General Public license version 2. On Debian systems, the complete + text of the GNU General Public License can be found in + `/usr/share/common-licenses/GPL-2'. + + + + Copyrights + ========== + + © 2009 Red Hat, In. + + + + License + ======= + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + more details. + + You should have received a copy of the GNU General Public License along with + this package; if not, write to the Free Software Foundation, Inc., 51 + Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +// vim: ft=asciidoc --- certmaster-0.24.orig/debian/compat +++ certmaster-0.24/debian/compat @@ -0,0 +1 @@ +7 --- certmaster-0.24.orig/debian/watch +++ certmaster-0.24/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://people.fedoraproject.org/~alikins/files/certmaster/certmaster-(.*).tar.gz --- certmaster-0.24.orig/debian/upstream.changelog +++ certmaster-0.24/debian/upstream.changelog @@ -0,0 +1,469 @@ +commit fe0312d51aed3602354f61de94042af653907075 +Author: Phil +Date: Thu Mar 5 15:28:44 2009 -0500 + + add a monit configuration file + +commit 919c9c3a4f5418b55108c1ec903160f0400900df +Author: Adrian Likins +Date: Tue Mar 3 17:41:12 2009 -0500 + + change utils.get_hostname to just do the basic thing. Move the bits + that do all the config checking and route lookup and other madness + to func.utils.get_hostname_by_route + +commit 907668bd5063ebf8c4e2c11abcbd6cb46880808d +Merge: d0bee22... a900ddc... +Author: Adrian Likins +Date: Sat Feb 21 00:39:32 2009 -0500 + + Merge branch 'master' of ssh://alikins@git.fedorahosted.org/git/certmaster + + Conflicts: + Makefile + +commit a900ddc0bc93714a22d219623bf65d6ac10be71f +Author: Adrian Likins +Date: Fri Feb 20 19:12:14 2009 -0500 + + there was a trailing space on the version + +commit d0bee2210b885bd8269e5ada00ccf12ed6f9b049 +Author: Adrian Likins +Date: Thu Feb 19 11:36:15 2009 -0500 + + rev to release 5 for rebuild + +commit b38315c26dbcc9e626dc295fe612a0ef3c7e8596 +Author: Adrian Likins +Date: Wed Feb 18 19:47:15 2009 -0500 + + remove "version" file and updated spec/makefile/setup.py to not need it + +commit ed20b2fa1f9e733e24a17c7983d5b411623c4ecc +Author: Adrian Likins +Date: Thu Feb 12 15:08:59 2009 -0500 + + add a excepthook handler for uncaught exceptions, so they get written to the log + + https://fedorahosted.org/func/ticket/70 + +commit fd57bba2195c2b8405b6317755f6ad7030702dfc +Author: Adrian Likins +Date: Thu Jan 22 11:55:11 2009 -0500 + + change old urls to new urls + +commit 9297dabe6c1511bb36a669b505f5586e420b608f +Author: Adrian Likins +Date: Wed Jan 21 14:58:45 2009 -0500 + + make the python executable we use a makefile variable + +commit cd13dd2c5c5e85461ac5b19aa48480d1ef80b94b +Author: Adrian Likins +Date: Mon Jan 19 16:45:22 2009 -0500 + + certmaster.spec: Try to simplify the support for rhel3+python2.3 a little bit. + + We let distutils do the /usr/bin/python path munging for the files that need + it (aka, everything in "scripts"). So we can get rid of the patch for this + (we also cleaned up all the files that had a #! set that didn't need it) + + Some minor spec file formatting changes as well + +commit 8b44578eb6d42cef58627b88e99fc394c5b66674 +Author: Adrian Likins +Date: Mon Jan 19 14:47:45 2009 -0500 + + permissions cleanup on source files + +commit 296f8832222f28d4a8c51f54693789fd93f5bc05 +Author: Adrian Likins +Date: Tue Jan 13 17:33:15 2009 -0500 + + fix up some docs bugs. Looks like they were introduced in the certmaster/func split. + + fix https://fedorahosted.org/certmaster/ticket/5 (certmaster-request man page + was getting created incorrectly) + +commit f1f25ec0ccbb48b0fa699771125eb93d76d3ceed +Author: Adrian Likins +Date: Wed Dec 17 15:30:08 2008 -0500 + + 0.24 + +commit 8092325418f916bf744437c3c42acf4d22ca0a61 +Author: Tim Bielawa +Date: Mon Dec 15 14:00:37 2008 -0500 + + Patch from Tim Bielawa to make init scripts work + on debian/ubuntu + +commit ca8dd9b8ac04f18b550225a9cbbd927b1dc61794 +Author: Adrian Likins +Date: Mon Dec 8 14:30:42 2008 -0500 + + add missing dirs to spec file (trigger dirs) + fix for bugzilla #473633 + +commit c95655b5cb63caf9428898c56ef5cb26d118a678 +Author: Adrian Likins +Date: Tue Nov 18 10:56:37 2008 -0500 + + removed unneed line that reset the requesting_host + +commit 48b1e96d3c66a1a733ca573505e7203651142308 +Author: Adrian Likins +Date: Wed Nov 12 11:53:59 2008 -0500 + + Make the port that certmaster listens on and funcd connects to configurable. + + add listen_port to /etc/certmaster/certmaster.conf to configure which + port certmaster runs on. + + add certmaster_port to /etc/certmaster/minion.conf so funcd knows which + port to talk to certmaster on. + +commit 5bb4be3edcfdf031d7446e434ef4f51309ce32c7 +Author: Adrian Likins +Date: Wed Oct 15 16:12:07 2008 -0400 + + change triggers so we pass in the name of the machine the request/sign/remove is for + and pass it to the triggers + + This could potentially break some existing triggers if they dont expect + and argument. However, it's documented that they should expect a + name argument, they just weren't ever getting one until now. + +commit ca0b109bfb78736cb3997b536ac20dadf32485bd +Author: Adrian Likins +Date: Fri Sep 19 14:52:32 2008 -0400 + + fix for utils.daemonize() as reported in https://fedorahosted.org/func/ticket/58 + by goozbach + + Couple of things wrong, fd's were getting closed in wrong place, the + call to os.cwd('/') was supposed to be os.chdir('/') + + Also try duping the fd's just in case + +commit d7d7203553c024cbddd726d499eb351b460cb9f3 +Merge: 6a9cbb7... 7bcf299... +Author: Adrian Likins +Date: Fri Sep 5 14:15:52 2008 -0400 + + Merge branch 'master' of ssh://alikins@git.fedoraproject.org/git/hosted/certmaster + +commit 6a9cbb753bd700b0913694f38241505fabdee653 +Author: Adrian Likins +Date: Fri Sep 5 14:10:39 2008 -0400 + + credit for patch for Jonathan Barber + +commit d512d680d6fb50cdeae615492fb35741d44bd3a4 +Author: Jonathan Barber +Date: Fri Sep 5 14:09:35 2008 -0400 + + close stdin/stdout/stderr on daemonize + + patch from Jonathan Barber + +commit 7bcf299ccedeb8d22b163f24657eb801cd31bbd9 +Author: Adrian Likins +Date: Fri Sep 5 13:15:59 2008 -0400 + + rev to 0.23-1 + +commit 37f80fb5318f344c4a0db4b53d6e314a5223ddb2 +Author: Adrian Likins +Date: Thu Jul 24 15:28:14 2008 -0400 + + add #*# files correctly to .gitignore + +commit fd723d846a22739678d40ef49bf81a8b5825effa +Author: Adrian Likins +Date: Thu Jul 24 15:26:25 2008 -0400 + + add more stuff to shut up git + +commit 344fe487ed1deb3ca57808fe428aa538008d84be +Author: Adrian Likins +Date: Thu Jul 24 15:25:23 2008 -0400 + + add .gitignore + +commit 621cc4e377e0bf0a48a7bbbf384a3f28d9933be9 +Author: Adrian Likins +Date: Thu Jul 24 12:42:04 2008 -0400 + + merge with the code from func + remove a spurious debug line + +commit 16ba4922c09e81f063ac10c65c70ac4fe9c0e0a7 +Author: Adrian Likins +Date: Mon Jun 30 12:59:21 2008 -0400 + + /s/June/Jun (incorrect changelog entry) + +commit e422ef1bf36a87cd3c2f759131eef99d451dbfd4 +Author: Adrian Likins +Date: Mon Jun 30 12:40:29 2008 -0400 + + fix fedora bug #441283 - typo in postinstall scriptlet + (the init.d symlinks for runlevels 1 and 6 were created wrong) + + rev releae + +commit d5eded3c967d0506a5b955816cd61ba8776f3dea +Author: Michael DeHaan +Date: Mon Jun 30 12:31:45 2008 -0400 + + Updating AUTHORS + +commit 0da13bceda2eaeb399e33665e2d1f35fa7f311f6 +Author: Michael DeHaan +Date: Mon Jun 30 12:25:01 2008 -0400 + + Bump version for release, clean up wrong versions in changelog. + +commit 19a746a04e6851c05fa42e38b284ac3af96284c4 +Author: Michael DeHaan +Date: Mon Jun 30 12:19:20 2008 -0400 + + Remove stray print + +commit 73840166dd547b1df3a4f3e7dbf2648e2be55614 +Author: TANABE Ken-ichi +Date: Sat Jun 28 15:48:19 2008 +0900 + + Add default value of 'cert_extension' in certmaster.conf + +commit 4b12ee4b5dbfc7fa680bf350b6a48e9bf4772fb0 +Author: TANABE Ken-ichi +Date: Sat Jun 28 15:47:30 2008 +0900 + + Add cert_extension option + +commit 1c44d82bc9270466521e8c8d5339d0213935f385 +Author: Adrian Likins +Date: Wed Apr 30 22:37:07 2008 -0400 + + add two new options to "certmaster-ca" + + -list-signed shows a list of certs the certmaster has already signed + + --list-cert-hashes returns the list of signed certs in the CN-hash format that + the acls files expects. Should make it a little easier to use the acls. + + Both options take optional hostnames or hostname globs + +commit 7e743092d11acb95be40a415c3a9207fd040a0cf +Author: Adrian Likins +Date: Tue Apr 22 14:36:37 2008 -0400 + + apply triggers patch from Steve Salevan + + Steves comments: + Adding in triggering functionality, changed specfile and + MANIFEST.in to reflect changes. Added sub_process.py file to + facilitate the subprocesses necessary for triggering to work. + Modified certmaster.py to add trigger points. + +commit ece4c159e4fd726a70b1da25821493fb8a90c8b3 +Author: Adrian Likins +Date: Tue Apr 22 14:36:17 2008 -0400 + + apply triggers patch from Steve Salevan + + Steves comments: + Adding in triggering functionality, changed specfile and + MANIFEST.in to reflect changes. Added sub_process.py file to + facilitate the subprocesses necessary for triggering to work. + Modified certmaster.py to add trigger points. + +commit e92972a02d0e506cb7780694642137201421a74a +Author: Adrian Likins +Date: Tue Mar 18 16:06:43 2008 -0400 + + more logging info. log info for sign_this_csr() + +commit f9375dad2c0da2be5279dfaa0aa4d0a2754147ba +Author: Adrian Likins +Date: Tue Mar 18 16:06:01 2008 -0400 + + be a bit more verbose in the logging here, add file location info to logs + +commit f47209c9f53021c9aaa6d3e8d3548fa50175f464 +Author: Adrian Likins +Date: Tue Mar 18 15:24:11 2008 -0400 + + fix a bug where certmaster was writing out the client csr file over and over if it had been + created, but not signed. + + Also, add some debug logging. + +commit c3e4dd36b5723f95202d0446e96a9d0b00246eac +Author: Adrian Likins +Date: Mon Mar 17 18:16:19 2008 -0400 + + certmaster logging cleanups + + - use unique name for the certmaster logs + - some not quite working code for passing down client info so we can log + +commit af4f09f155f4a4f1c5a9e3e29b4c8736f892dce4 +Author: Adrian Likins +Date: Mon Mar 17 17:10:32 2008 -0400 + + remove unused certmaster/minion/ and certmaster/overlord/ dirs + + update spec and setup accordingly + +commit 6146feb4b676ba7e10f5f175bb50149c20c53b18 +Author: Adrian Likins +Date: Mon Mar 17 17:09:36 2008 -0400 + + add some basic logging output to certmaster + +commit 006fe254641002b5a2d7cefc9e2b7eb97438bed7 +Author: Michael DeHaan +Date: Thu Mar 6 14:02:15 2008 -0500 + + Do not move versions backward + +commit c445941b69adac84ff7311bc41f4c93456923d29 +Author: Adrian Likins +Date: Wed Mar 5 15:53:37 2008 -0500 + + lame build fix. Messages/gettext stuff needs to be sorted out. We done + seem to find any messages to translate,so po/messages.pot isnt created. + So for now, create it with a touch. + +commit 4ccddddaa05dbfb5904905a7442ecd8ab91c0764 +Author: Adrian Likins +Date: Mon Feb 25 17:56:31 2008 -0500 + + remove references to certmasterd + +commit 140dc3622629501333bd253fadd27d810871782f +Author: Michael DeHaan +Date: Mon Feb 25 17:54:03 2008 -0500 + + Config file tweaks + +commit 25e64a20184460d732d6c1b0847f1e5109ed2d30 +Author: Michael DeHaan +Date: Mon Feb 25 17:46:52 2008 -0500 + + Make hostname checking smarter. + +commit 956aa6739978bea3c56f532d3dab15f075c46aa2 +Author: Michael DeHaan +Date: Mon Feb 25 17:03:10 2008 -0500 + + Add missing file + +commit 2108f87ee704ac86f5a6b924c03afc86e0fa617d +Author: Michael DeHaan +Date: Mon Feb 25 16:59:13 2008 -0500 + + Find and replace + +commit 613a485c4798b38a65042e9d78968896c590fdd0 +Author: Michael DeHaan +Date: Mon Feb 25 16:53:08 2008 -0500 + + Certmaster hostname check is different than minion check + +commit d6dfdb25c4e8be31d77ba8db7c3499e3f10e0c4b +Author: Michael DeHaan +Date: Mon Feb 25 16:48:47 2008 -0500 + + Pushing changes as part of certmaster split + +commit 9713ae6bad871bc151d378d3d837f09d6e646832 +Author: Adrian Likins +Date: Mon Feb 25 13:59:54 2008 -0500 + + some certmaster fixes, mostly path stuff + +commit 624727a2446d81e1c786d4fb9101cd35603534c4 +Author: Adrian Likins +Date: Wed Feb 13 14:10:30 2008 -0500 + + duplicate fix from func tree over here + +commit 1b545eb1f1874cd5ba38d849c489785f947018f3 +Author: Adrian Likins +Date: Wed Feb 13 12:56:43 2008 -0500 + + message building fixes in the Makefile + +commit 95653d77d32d8d6c2cab320c9a04cad74d405a1e +Author: Michael DeHaan +Date: Wed Feb 13 13:11:20 2008 -0500 + + Add missing file + +commit 3f460ad56ec4b219cc36287c393c28475faa15c1 +Author: Michael DeHaan +Date: Thu Feb 7 14:47:50 2008 -0500 + + Make things build (not to be confused with "work") + +commit e996c22f239c1c3a426fcbce2aa9394089d240e0 +Author: Michael DeHaan +Date: Thu Feb 7 14:17:45 2008 -0500 + + Makefile from func. + +commit a419c0fb6d0456a058462ea31f76fbdbeac63d99 +Author: Michael DeHaan +Date: Thu Feb 7 14:15:25 2008 -0500 + + Trimming more stuff out. + +commit 4a7f409334528affd3b0245f9fe6e0b35e50e54b +Author: Michael DeHaan +Date: Thu Feb 7 13:30:51 2008 -0500 + + Misc s/func/certmaster/ replacements + +commit 79aca0c825d41f538d36966ec66d272b02dae475 +Author: Michael DeHaan +Date: Thu Feb 7 13:21:17 2008 -0500 + + Fix paths in logs + +commit 8f2ff4d7c902d534d68ff1a16418b7be492033bf +Author: Michael DeHaan +Date: Thu Feb 7 13:13:24 2008 -0500 + + Carving away at func some more to just get down to cert items, still lots + more to do. + +commit 5b2601a56907b02efc6567354fa051ef08d97b6f +Author: Michael DeHaan +Date: Thu Feb 7 12:52:44 2008 -0500 + + Changing func to certmaster in top level directories, also covered + certs directory, lots more to do. + +commit 697402da24ca930b3608359a61b9872fdddc62d9 +Author: Michael DeHaan +Date: Thu Feb 7 12:08:55 2008 -0500 + + Starting off the certmaster tree with most of the func code, shortly non-certmaster related parts will be removed, and other small parts added/tweaked + +commit ac3061bcffd2ea634596c188beaa13339e3fa24a +Author: Michael DeHaan +Date: Thu Feb 7 09:42:45 2008 -0500 + + Test test + +commit f95b036c9095249c1cbcd0bfc60e8e7beff8c572 +Author: Seth Vidal +Date: Tue Feb 5 08:57:39 2008 -0700 + + lalala --- certmaster-0.24.orig/debian/manpages +++ certmaster-0.24/debian/manpages @@ -0,0 +1,3 @@ +docs/certmasterd.1.gz +docs/certmaster-ca.1.gz +docs/certmaster-request.1.gz --- certmaster-0.24.orig/debian/changelog +++ certmaster-0.24/debian/changelog @@ -0,0 +1,146 @@ +certmaster (0.24-19) experimental; urgency=low + + * Simplified `postrm' script. + + -- Nima Talebi Fri, 13 Mar 2009 01:17:32 +1100 + +certmaster (0.24-18) experimental; urgency=low + + * Updated/fixed docs/manpages. + + -- Nima Talebi Fri, 13 Mar 2009 00:57:03 +1100 + +certmaster (0.24-17) experimental; urgency=low + + * Call `dh_installdeb' after `dh_pycentral'. + * Remove logs on `purge'. + + -- Nima Talebi Fri, 13 Mar 2009 00:00:19 +1100 + +certmaster (0.24-16) experimental; urgency=low + + * The init.d script to be verbose only on warnings/errors. + * Fixed bad check for certmasterd process. + + -- Nima Talebi Sat, 07 Mar 2009 22:34:30 +1100 + +certmaster (0.24-15) experimental; urgency=low + + * No more junk (.{binary,source,lintian}) to worry about cleaning. + * Removed dh_testroot from `clean' target. + * Added upstream changelog to remove the final and only warning (pedantic). + * Changed runfile from `certmaster.pid' to `certmasterd.pid' via Quilt. + + -- Nima Talebi Sat, 07 Mar 2009 14:25:35 +1100 + +certmaster (0.24-14) experimental; urgency=low + + * The `dh_fixperms' was being called too late, and it was only by the luck of + my 022 umask that it did not generate warnings for me - Fixed. + * Remove intermediate dotfiles on dh_clean. + + -- Nima Talebi Wed, 04 Mar 2009 09:39:59 +1100 + +certmaster (0.24-13) experimental; urgency=low + + * Restructured filesystem again. + + -- Nima Talebi Mon, 02 Mar 2009 23:18:29 +1100 + +certmaster (0.24-12) experimental; urgency=low + + * Restructered installation to use /usr/share/certmaster instead. + * Binaries are also now in /usr/share/certmaster and dh_linked. + + -- Nima Talebi Thu, 26 Feb 2009 11:02:06 +1100 + +certmaster (0.24-11) experimental; urgency=low + + * Gave up on patching init.d script and just provided our own. + + -- Nima Talebi Sun, 08 Feb 2009 02:30:29 -0800 + +certmaster (0.24-10) experimental; urgency=low + + * Removed `binary' target from rules file, there is no `binary' here. + * Separated fixes that I'd like upstream to implement into their own targets. + * Renamed `certmaster' to `certmasterd' to hint that it is not supposed to be + executed interactively. + * Install the rotation script as `certmaster' not `certmaster_rotate'. + + -- Nima Talebi Sat, 07 Feb 2009 15:02:22 -0800 + +certmaster (0.24-9) experimental; urgency=low + + * Updated copyright. + * Added README.Debian. + * Start funcd on postinst, and stop on prerm. + * Fix defaults in configuration file to listen on localhost. + + -- Nima Talebi Fri, 06 Feb 2009 18:42:33 -0800 + +certmaster (0.24-8) experimental; urgency=low + + * Changed architecture from "any" to "all". + * Added missing dependency on python openssl. + * Added dirs for created directories to streamline removal where possible. + * Added prerm script. + * Added invoke-rc.d for stopping and starting the certmaster daemon. + * Added a README.Debian file. + * Removed docs as they merely contain the manpages. + * Added more patches via quilt for setting sane defaults for the certmaster + + -- Nima Talebi Thu, 05 Feb 2009 21:20:22 +1100 + +certmaster (0.24-7) experimental; urgency=low + + * Cleaned all lintian errors/warnings from te binary, which was + completely missed as pointed out by Christoph Haas. + + -- Nima Talebi Thu, 22 Jan 2009 06:11:58 -0800 + +certmaster (0.24-6) experimental; urgency=low + + * Clean up after setup.py and quilt. + * As a crappy fix, generate the `real' manpage with pod2man, but + replace it with the borked one on `clean'. + * Add perl (pod2man) as a build dependency. + + -- Nima Talebi Mon, 19 Jan 2009 05:17:18 -0800 + +certmaster (0.24-5) experimental; urgency=low + + * Reverted to original source tarball from upstream, as opposed to + the latest from git. + + -- Nima Talebi Mon, 19 Jan 2009 03:47:15 -0800 + +certmaster (0.24-4) experimental; urgency=low + + * Updated copyright notice. + * Updated long description. + * Switched to using quilt instead; hence version number is reverted back, but + incrementing the Debian revision as per usual. + + -- Nima Talebi Fri, 16 Jan 2009 23:10:16 -0800 + +certmaster (0.24.1-3) experimental; urgency=low + + * Another cleanup release. + + -- Nima Talebi Tue, 13 Jan 2009 19:34:47 -0800 + +certmaster (0.24.1-2) experimental; urgency=low + + * Clean up release. + + -- Nima Talebi Tue, 13 Jan 2009 15:42:46 -0800 + +certmaster (0.24.1-1) experimental; urgency=low + + * Asked upstream to fix a few minor bugs (Which they did). This change has + only been commited into the git repo, and no new tarball has been released, + hence the upstream will be referred to as `0.24.1' as opposed to `0.24'. + * Initial release (Closes: #511681) + + -- Nima Talebi Tue, 13 Jan 2009 01:02:43 -0800 --- certmaster-0.24.orig/debian/postinst +++ certmaster-0.24/debian/postinst @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +update-rc.d certmasterd defaults > /dev/null +invoke-rc.d certmasterd start +#DEBHELPER# --- certmaster-0.24.orig/debian/prerm +++ certmaster-0.24/debian/prerm @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +PID=`ps -C "certmasterd" --no-heading -o '%P %p'|awk '$1~/^1$/ {print$2;exit}'` +test -z "${PID}" || invoke-rc.d certmasterd stop + +#DEBHELPER# --- certmaster-0.24.orig/debian/README.Debian +++ certmaster-0.24/debian/README.Debian @@ -0,0 +1,57 @@ +Note that the link in the upstream is invalid. For more information, you +should actually goto https://fedorahosted.org/certmaster/. + +Another note that may clear some confusion, is that the `certmaster' and +`func' packages both originated from the same package, but later were +split up into two packages. + +Now, for this Debian package... + + +Ready The Minions +================= + +1. Install the "certmaster" package on all the machines you would like to + control. + +2. Edit /etc/certmaster/minion.conf to specify which overlord they are to obey. + Generally you would settle for one overlord controlling all other hosts + running as minions. In the case of the `hotwire-irbd' package, the hotwire + server would also host the overlord, and all other machines would be + minions. + + You can alternatively have overlords working under other overlords, and this + is recommended for large networks. + +3. Run the `certmaster-request' executable to request certificates. Once a + request is made by the minions, they will have to wait until the overlord has + actually signed them; by default (and recommended), this will require manual + administrative action by the administrator, however it can be automated if + required. + + Note: This means that `certmaster-request' will remain in the foreground + until the certmaster daemon has signed the request from the minion. + + Note: If you are using Func, you do not have to perform this step, as Func + will do it for you. Similarly, another application may make similar calls + and make this step void. + +4. On your certmaster server, run `certmaster-ca --list' to get a list of + minions awaiting to be signed. + + To sign then, simply run `certmaster-ca --sign '. + + As soon as the minion is signed, the forground `certmaster-request' + processes will complete and drop back to the shell. + + +Running tools as non-root +========================= + +Generally it's recommended to do as much of your work as possible as non-root. +To allow your users access to the certificates necessary to run func, run these +commands as root, replacing MYUSER with the name of your normal login. + + setfacl -d -R -m 'u:MYUSER:rX' /etc/pki/certmaster/ + + setfacl -R -m 'u:MYUSER:rX' /etc/pki/certmaster/ --- certmaster-0.24.orig/debian/control +++ certmaster-0.24/debian/control @@ -0,0 +1,30 @@ +Source: certmaster +Section: python +Homepage: https://fedorahosted.org/certmaster/ +XS-Python-Version: >= 2.4 +Priority: optional +Maintainer: Nima Talebi +Build-Depends: debhelper (>= 7), quilt (>= 0.46) +Build-Depends-Indep: python-all-dev (>= 2.3.5-11), python-central (>= 0.6), python-all-dbg, perl (>= 5.10) +Standards-Version: 3.8.0 + +Package: certmaster +XB-Python-Version: ${python:Versions} +Architecture: all +Provides: ${python:Provides} +Depends: python-openssl (>= 0.7), ${python:Depends}, ${shlibs:Depends}, ${misc:Depends} +Description: Remote certificate distribution framework + Certmaster is an easy mechanism for distributing SSL certificates. + . + * Certmaster is a set of tools and a library for easily distributing SSL + certificates to applications that need them. + * Any application can use certmaster for easy exchange of SSL certificates. + * Certmaster has a Python API, and it also has a set of command-line tools + * `certmaster' is a daemon that hands out certificates. + * `certmaster-ca' is used to list and sign certificates when the arrive. + * `certmaster-request' handles certificate requests. + * Autosigning of new certificate-requests is also supported, but is disabled + by default. + * Configuration takes place via minimal text files. + * Certmaster has extensive audit logs of certificate operations. + * Certmaster originated in the Func project. --- certmaster-0.24.orig/debian/certmasterd +++ certmaster-0.24/debian/certmasterd @@ -0,0 +1,159 @@ +#!/bin/sh + +################################################################################ +#. LSB Header + +### BEGIN INIT INFO +# Provides: certmaster +# Required-Start: network +# Required-Stop: +# Default-Start: 3 4 5 +# Default-Stop: 0 1 2 6 +# Short-Description: certificate master for Fedora Unified Network Control 'master server only' +# Description: certificate master to sign/manage ca/cert infrastructure +### END INIT INFO + +################################################################################ +#. ChkConfig Header +# chkconfig: - 98 99 +# description: certificate master to sign/manage ca/cert infrastructure +# +# processname: /usr/sbin/certmasterd + +SERVICE=certmaster +PROCESS=certmasterd +DAEMON=/usr/sbin/certmasterd +PIDFILE=/var/run/certmasterd.pid +DAEMON_ARGS="--daemon" +PID= + +[ -x "${DAEMON}" ] || exit 1 +FANCYTTY=1 + +isAlive() { + sleep 0.1; + PID=`ps -C "${PROCESS}" --no-heading -o '%P %p'|awk '$1~/^1$/ {print$2;exit}'` + test ! -z "${PID}" + return $? +} + +preStart() { + if [ -f ${PIDFILE} ]; then + isAlive + test ! -z "${PID}" || rm -f ${PIDFILE} + fi +} + +preStop() { + isAlive + if [ ! -f ${PIDFILE} ]; then + test -z "${PID}" || printf ${PID} > ${PIDFILE} + elif [ -z "${PID}" ]; then + rm -f ${PIDFILE} + fi +} + +if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions + alias START_DAEMON=start_daemon + alias STATUS=isAlive + alias LOG_SUCCESS=log_success_msg + alias LOG_FAILURE=log_failure_msg + alias LOG_WARNING=log_warning_msg +elif [ -f /etc/init.d/functions ]; then + . /etc/init.d/functions + alias START_DAEMON=daemon + alias STATUS=status + alias LOG_SUCCESS=success + alias LOG_FAILURE=failure + alias LOG_WARNING=passed +else + echo "Error: your platform is not supported by $0" > /dev/stderr + exit 1 +fi + +RETVAL=0 + +start() { + log_daemon_msg "Starting ${SERVICE} daemon" "certmasterd" + + RETVAL=9 + preStart + isAlive + if [ $? -ne 0 ]; then + OUTPUT=`start-stop-daemon \ + --start \ + --verbose \ + --pidfile ${PIDFILE} \ + --name $DAEMON \ + --exec $DAEMON \ + -- $DAEMON_ARGS` + RETVAL=$? + else + OUTPUT="${SERVICE} daemon already running." + RETVAL=255 + fi + + log_end_msg $RETVAL + test ${RETVAL} -ne 0 && test ! -z "${OUTPUT}" && echo " ! ${OUTPUT}" + + test ${RETVAL} -ne 255 || RETVAL=0 + return $RETVAL +} + +stop() { + log_daemon_msg "Stopping ${SERVICE} daemon" "certmasterd" + + RETVAL=9 + preStop + isAlive + if [ $? -eq 0 ]; then + OUTPUT=`start-stop-daemon \ + --stop \ + --verbose \ + --pidfile ${PIDFILE} \ + --name ${PROCESS}` + RETVAL=$? + test ${RETVAL} -ne 0 || rm -f ${PIDFILE} + else + OUTPUT="No ${SERVICE} daemon running." + RETVAL=255 + fi + + + log_end_msg $RETVAL + test ${RETVAL} -ne 0 && test ! -z "${OUTPUT}" && echo " ! ${OUTPUT}" + + test ${RETVAL} -ne 255 || RETVAL=0 + return ${RETVAL} +} + +restart() { + stop + start +} + +#. See how we were called. +case "$1" in + start|stop|restart) + $1 + ;; + status) + STATUS $PROCESS + RETVAL=$? + ;; + condrestart) + [ -f /var/lock/subsys/$SERVICE ] && restart || : + ;; + reload|force-reload) + echo "can't reload configuration, you have to restart it" + RETVAL=1 + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL + --- certmaster-0.24.orig/debian/postrm +++ certmaster-0.24/debian/postrm @@ -0,0 +1,36 @@ +#!/bin/bash +#. summary of how this script can be called: +#. * `remove' +#. * `purge' +#. * `upgrade' +#. * `failed-upgrade' +#. * `abort-install' +#. * `abort-install' +#. * `abort-upgrade' +#. * `disappear' overwrit>r> +#. for details, see http://www.debian.org/doc/debian-policy/ or +#. the debian-policy package + +set -e + +update-rc.d -f certmasterd remove > /dev/null + +case $1 in + remove) + ;; + + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + purge) + printf " * Cleaning up generated certificate data..." + rm -rf /var/log/certmaster/* && printf "." + rm -rf /var/lib/certmaster/csrs/* && printf "." + rm -rf /var/lib/certmaster/certs/* && printf "." + rm -rf /var/lib/certmaster/ca-certificates/* && printf "." + echo "Done" + ;; + +esac + +#DEBHELPER# --- certmaster-0.24.orig/debian/links +++ certmaster-0.24/debian/links @@ -0,0 +1,3 @@ +usr/share/certmaster/certmasterd usr/sbin/certmasterd +usr/share/certmaster/certmaster-ca usr/bin/certmaster-ca +usr/share/certmaster/certmaster-request usr/bin/certmaster-request --- certmaster-0.24.orig/debian/dirs +++ certmaster-0.24/debian/dirs @@ -0,0 +1,2 @@ +var/lib/certmaster/certs +var/lib/certmaster/csrs --- certmaster-0.24.orig/debian/patches/series +++ certmaster-0.24/debian/patches/series @@ -0,0 +1 @@ +debianized.diff --- certmaster-0.24.orig/debian/patches/debianized.diff +++ certmaster-0.24/debian/patches/debianized.diff @@ -0,0 +1,145 @@ +Simple changes to conform to the Debian and LSB policies. +--- a/setup.py ++++ b/setup.py +@@ -19,7 +19,7 @@ + logpath = "/var/log/%s/" % NAME + certdir = "/var/lib/%s/" % NAME + trigpath = "/var/lib/%s/triggers/"% NAME +- pkipath = "/etc/pki/%s" % NAME ++ pkipath = "/var/lib/%s/ca-certificates/" % NAME + rotpath = "/etc/logrotate.d" + aclpath = "%s/minion-acl.d" % etcpath + setup( +@@ -30,7 +30,7 @@ + url = "https://hosted.fedoraproject.org/projects/certmaster/", + license = "GPL", + scripts = [ +- "scripts/certmaster", "scripts/certmaster-ca", ++ "scripts/certmasterd", "scripts/certmaster-ca", + "scripts/certmaster-request", + ], + # package_data = { '' : ['*.*'] }, +@@ -38,13 +38,13 @@ + }, + packages = ["%s" % NAME, + ], +- data_files = [(initpath, ["init-scripts/certmaster"]), ++ data_files = [(initpath, ["debian/certmasterd"]), + (etcpath, ["etc/minion.conf"]), + (etcpath, ["etc/certmaster.conf"]), +- (manpath, ["docs/certmaster.1.gz"]), ++ (manpath, ["docs/certmasterd.1.gz"]), + (manpath, ["docs/certmaster-request.1.gz"]), + (manpath, ["docs/certmaster-ca.1.gz"]), +- (rotpath, ['etc/certmaster_rotate']), ++ (rotpath, ['logrotate.d/certmaster']), + (logpath, []), + (certdir, []), + (etcpath, []), +--- a/etc/certmaster.conf ++++ b/etc/certmaster.conf +@@ -2,11 +2,11 @@ + + [main] + autosign = no +-listen_addr = ++listen_addr = localhost + listen_port = 51235 + cadir = /etc/pki/certmaster/ca + cert_dir = /etc/pki/certmaster +-certroot = /var/lib/certmaster/certmaster/certs +-csrroot = /var/lib/certmaster/certmaster/csrs ++certroot = /var/lib/certmaster/certs ++csrroot = /var/lib/certmaster/csrs + cert_extension = cert + +--- a/etc/minion.conf ++++ b/etc/minion.conf +@@ -1,7 +1,7 @@ + # configuration for minions + + [main] +-certmaster = certmaster ++certmaster = localhost + certmaster_port = 51235 + log_level = DEBUG + cert_dir = /etc/pki/certmaster +--- a/docs/certmaster.pod ++++ b/docs/certmaster.pod +@@ -1,19 +1,21 @@ + =head1 NAME + +-certmaster -- hands out certificates to programs that want them, like +-certmaster-request or users of the certmaster API ++certmasterd -- hands out certificates to programs that want them, like ++certmaster-request or users of the certmaster API. + + =head1 SYNOPSIS + +-certmaster (it's a daemon and takes no arguments) ++certmasterd (it's a daemon and takes no arguments) + + =head1 DESCRIPTION + + See https://fedorahosted.org/certmaster + +-Certmaster is a daemon that runs on a "master" machine to hand out certificates to machines that want them. Certificates can then be used by applications like func. ++Certmasterd is a daemon that runs on a "master" machine to hand out ++certificates to machines that want them. Certificates can then be used ++by applications like func. + +-Certmaster is configured by /etc/certmaster/certmaster.conf ++Certmasterd is configured by /etc/certmaster/certmaster.conf + + =head1 ADDITONAL RESOURCES + +@@ -23,6 +25,4 @@ + + =head1 AUTHOR + +-Various. See https://hosted.fedoraproject.org/projects/func +- +- ++Various. See https://fedorahosted.org/certmaster/ +--- a/certmaster/certmaster.py ++++ b/certmaster/certmaster.py +@@ -329,7 +329,7 @@ + cm = CertMaster('/etc/certmaster/certmaster.conf') + + if "daemon" in argv or "--daemon" in argv: +- utils.daemonize("/var/run/certmaster.pid") ++ utils.daemonize("/var/run/certmasterd.pid") + else: + print "serving...\n" + +--- a/docs/certmaster-request.pod ++++ b/docs/certmaster-request.pod +@@ -1,7 +1,7 @@ + =head1 NAME + +-certmaster-request -- requests SSL certs from a certmasster +-Fedora Unified Network Controller. ++certmaster-request -- requests SSL certs from a certmaster Fedora Unified ++Network Controller (func). + + =head1 SYNOPSIS + +@@ -21,7 +21,7 @@ + + =head1 EXIT_STATUS + +-non-zero upon failure. ++Non-zero upon failure. + + =head1 ADDITONAL RESOURCES + +@@ -29,8 +29,6 @@ + + See also the manpages for "certmaster", and "certmaster-ca". + +-=head1 AUTHOR ++=head1 AUTHORS + + Various. See https://fedorahosted.org/func +- +-