--- certmonger-0.79.6.orig/debian/certmonger.init +++ certmonger-0.79.6/debian/certmonger.init @@ -0,0 +1,154 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: certmonger +# Required-Start: $network $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Certmonger +# Description: Certmonger is a D-Bus -based service which attempts to +# simplify interaction with certifying authorities (CAs) +# on networks which use public-key infrastructure (PKI). +### END INIT INFO + +# Author: Timo Aaltonen > + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Certmonger" # Introduce a short description here +NAME=certmonger # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +DAEMON_ARGS="" # Arguments to run the daemon with +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: --- certmonger-0.79.6.orig/debian/certmonger.install +++ certmonger-0.79.6/debian/certmonger.install @@ -0,0 +1,11 @@ +etc/certmonger/certmonger.conf +etc/dbus-1/system.d/* +lib/systemd/system/ +usr/bin/* +usr/sbin/* +usr/share/dbus-1/* +usr/share/locale/* +usr/share/man/* +usr/lib/certmonger/* +usr/lib/tmpfiles.d +var/lib/certmonger/* --- certmonger-0.79.6.orig/debian/certmonger.postinst +++ certmonger-0.79.6/debian/certmonger.postinst @@ -0,0 +1,43 @@ +#!/bin/sh +# postinst script for certmonger +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + # reload dbus config file + if [ -x /etc/init.d/dbus ]; then + invoke-rc.d dbus force-reload || true + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- certmonger-0.79.6.orig/debian/certmonger.postrm +++ certmonger-0.79.6/debian/certmonger.postrm @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +case "$1" in + remove|purge) + rm -f /var/lib/certmonger/cas/* + rm -f /var/lib/certmonger/requests/* + ;; +esac + +#DEBHELPER# --- certmonger-0.79.6.orig/debian/certmonger.prerm +++ certmonger-0.79.6/debian/certmonger.prerm @@ -0,0 +1,38 @@ +#!/bin/sh +# prerm script for certmonger +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- certmonger-0.79.6.orig/debian/changelog +++ certmonger-0.79.6/debian/changelog @@ -0,0 +1,152 @@ +certmonger (0.79.6-2) unstable; urgency=medium + + * rules: Set homedir. (Closes: #852691) + * control: Add nss-plugin-pem to Depends. + + -- Timo Aaltonen Thu, 02 May 2019 15:41:32 +0300 + +certmonger (0.79.6-1) unstable; urgency=medium + + * New upstream release. + * control: Update maintainer address. + * control: Update vcs urls. + * Bump debhelper to 11. + * control: Build-depend on libidn2-dev. + * rules: Migrate to dh_missing, use --fail-missing. + * certmonger.upstart: Removed. + * Bump policy to 4.2.1, no changes. + * control: Set priority: optional. + + -- Timo Aaltonen Wed, 17 Oct 2018 10:45:02 +0300 + +certmonger (0.79.5-3) experimental; urgency=medium + + * Merge changes from upstream git to support sqlite nssdb's. + (LP: #1747411) + * force-utf-8.diff: Dropped, upstream. + * fix-apache-path.diff: Use proper path to apache nssdb. + + -- Timo Aaltonen Fri, 30 Mar 2018 09:57:57 +0300 + +certmonger (0.79.5-2) unstable; urgency=medium + + * force-utf8.diff: Don't clear LANG/LC_* for subprocesses, and if + they're not set, use C.UTF-8. + + -- Timo Aaltonen Wed, 21 Feb 2018 19:59:21 +0200 + +certmonger (0.79.5-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Mon, 22 Jan 2018 17:45:30 +0200 + +certmonger (0.79.3-1) unstable; urgency=medium + + * New upstream release. + * control, copyright, watch: Update urls. + * patches: Drop nspr4_path, refresh others. + * control: Migrate to OpenSSL 1.1. (Closes: #851088) + * control, use-dbus-run-session.diff: Use dbus-run-session instead of dbus- + launch in tests. (Closes: #836084) + * rules: Enable parallel build. + + -- Timo Aaltonen Mon, 07 Aug 2017 17:58:14 +0300 + +certmonger (0.78.6-4) unstable; urgency=medium + + * control: Build with libssl1.0-dev. (Closes: #828261) + + -- Timo Aaltonen Wed, 16 Nov 2016 09:40:15 +0200 + +certmonger (0.78.6-3) unstable; urgency=medium + + * Set libexecdir again, the helpers really need to be all in the same + path. Never touch this again.. + + -- Timo Aaltonen Thu, 14 Apr 2016 12:07:46 +0300 + +certmonger (0.78.6-2) unstable; urgency=medium + + * rules, install: Put the helpers back in multiarch libdir. + * postrm: Clean old cert requests on remove/purge. + + -- Timo Aaltonen Wed, 06 Apr 2016 11:01:58 +0300 + +certmonger (0.78.6-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Mon, 22 Feb 2016 08:11:26 +0200 + +certmonger (0.78.5-2) unstable; urgency=medium + + * rules, install: Install libexec stuff to /usr/lib/certmonger instead of + under multiarch path. FreeIPA needs this so that the same path works on + every arch. + + -- Timo Aaltonen Thu, 07 Jan 2016 21:16:02 +0200 + +certmonger (0.78.5-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Wed, 09 Dec 2015 15:09:24 +0200 + +certmonger (0.78.4-1) unstable; urgency=medium + + * New upstream release. + * control: Add libpopt-dev to build-depends. + + -- Timo Aaltonen Sun, 16 Aug 2015 11:02:04 +0300 + +certmonger (0.75.14-4) unstable; urgency=medium + + [ Michael Biebl ] + * control: Transition to libsystemd, fix build-depends. (Closes: #779744) + + -- Timo Aaltonen Sat, 11 Jul 2015 05:28:43 +0300 + +certmonger (0.75.14-3) unstable; urgency=medium + + * control: Depend on dbus. (Closes: #769446) + + -- Timo Aaltonen Fri, 05 Dec 2014 10:30:43 +0200 + +certmonger (0.75.14-2) unstable; urgency=medium + + * control: Use libsystemd-login-dev build-dep on linux only. + * rules: Disable tests for now until failure on mipsel is + investigated. + * control: Bump policy to 3.9.6, no changes. + + -- Timo Aaltonen Thu, 16 Oct 2014 12:18:13 +0300 + +certmonger (0.75.14-1) unstable; urgency=low + + * New upstream release. (Closes: #751637) + * control: Bump policy to 3.9.5, no changes. + * control, compat, .install: Bump compat to 9. + * control, rules: Add support for systemd, install upstart job + unconditionally. + * rules: Add config options for hardened build. + * control: Add libsystemd-login-dev to build-depends, sort them while + at it. + * install: Fix tmpfiles.d install path. + * rules: Don't purge po/*.gmo on clean + * control: Add libkrb5-dev to build-depends. (Closes: #747799) + * nspr4_path: Rebased. + * control: Add libldap-dev ja libidn11-dev to build-depends. + * source: Use 1.0 format again due to upstream messing with + translations. + * control: Update my email. + * control: Update vcs urls. + * fix-keythi-h-path.diff: Fix configure test to find keythi.h. + + -- Timo Aaltonen Wed, 08 Oct 2014 11:28:46 +0300 + +certmonger (0.57-1) unstable; urgency=low + + * Initial release (Closes: #644367) + + -- Timo Aaltonen Fri, 29 Jun 2012 18:41:18 +0200 --- certmonger-0.79.6.orig/debian/compat +++ certmonger-0.79.6/debian/compat @@ -0,0 +1 @@ +11 --- certmonger-0.79.6.orig/debian/control +++ certmonger-0.79.6/debian/control @@ -0,0 +1,54 @@ +Source: certmonger +Section: utils +Priority: optional +Maintainer: Debian FreeIPA Team +Uploaders: Timo Aaltonen +Build-Depends: debhelper (>= 11), quilt, + autopoint, + dbus (>= 1.8), + dos2unix, + expect, + libdbus-1-dev, + libcurl4-nss-dev, + libidn2-dev, + libkrb5-dev, + libldap2-dev, + libnspr4-dev, + libnss3-tools, + libnss3-dev, + libpopt-dev, + libssl-dev, + libsystemd-dev [linux-any], + libtevent-dev, + libxml2-dev, + libxmlrpc-core-c3-dev, + lsb-release, + openssl, + pkg-config, + uuid-dev, +Standards-Version: 4.2.1 +Homepage: https://pagure.io/certmonger/ +Vcs-Git: https://salsa.debian.org/freeipa-team/certmonger.git +Vcs-Browser: https://salsa.debian.org/freeipa-team/certmonger + +Package: certmonger +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, + dbus, + nss-plugin-pem, +Description: D-Bus -based service to simplify interaction with certificate authorities + Certmonger is a D-Bus -based service which attempts to simplify + interaction with certifying authorities (CAs) on networks which use + public-key infrastructure (PKI). + . + If it knows the location of a certificate, certmonger can track the + expiration date and notify you when the certificate is about to expire. + . + If it has access to the corresponding private key and information about + the CA which issued the certificate, certmonger can even attempt to + automatically obtain a new certificate. + . + Supports certificate and key storage in PEM or NSSDB formats. + . + Can self-sign certificates, or can submit them to either certmaster or + development versions of IPA. --- certmonger-0.79.6.orig/debian/copyright +++ certmonger-0.79.6/debian/copyright @@ -0,0 +1,58 @@ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: certmonger +Source: https://pagure.io/certmonger + +Files: * +Copyright: 2009-2011 Red Hat, Inc. +License: GPL-3+ with OpenSSL exception + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later + version. + . + In addition, as a special exception, the author of this + program gives permission to link the code of its + release with the OpenSSL project's "OpenSSL" library (or + with modified versions of it that use the same license as + the "OpenSSL" library), and distribute the linked + executables. You must obey the GNU General Public + License in all respects for all of the code used other + than "OpenSSL". If you modify this file, you may extend + this exception to your version of the file, but you are + not obligated to do so. If you do not wish to do so, + delete this exception statement from your version. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 3 can be found in the file + `/usr/share/common-licenses/GPL-3'. + +Files: debian/* +Copyright: 2011 Timo Aaltonen > +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". --- certmonger-0.79.6.orig/debian/patches/fix-apache-path.diff +++ certmonger-0.79.6/debian/patches/fix-apache-path.diff @@ -0,0 +1,14 @@ +--- a/src/dogtag.c ++++ b/src/dogtag.c +@@ -394,9 +394,9 @@ main(int argc, const char **argv) + (sslpin == NULL) && + (sslpinfile == NULL)) { + cainfo = "/etc/ipa/ca.crt"; +- ssldir = "/etc/httpd/alias"; ++ ssldir = "/etc/apache2/nssdb"; + sslcert = "ipaCert"; +- sslpinfile = "/etc/httpd/alias/pwdfile.txt"; ++ sslpinfile = "/etc/apache2/nssdb/pwdfile.txt"; + } + #endif + if ((sslcert != NULL) && (strlen(sslcert) > 0)) { --- certmonger-0.79.6.orig/debian/patches/fix-keythi-h-path.diff +++ certmonger-0.79.6/debian/patches/fix-keythi-h-path.diff @@ -0,0 +1,12 @@ +Description: Fix configure test to find keythi.h +--- a/configure.ac ++++ b/configure.ac +@@ -594,7 +594,7 @@ if ! ${configure_dist_target_only:-false + AC_CHECK_TYPE(SECKEYDSAPublicKey,,, + [ + AC_INCLUDES_DEFAULT +- #include ++ #include + ]) + CFLAGS="$CFLAGSsave" + LIBS="$LIBSsave" --- certmonger-0.79.6.orig/debian/patches/fix-service-environment.diff +++ certmonger-0.79.6/debian/patches/fix-service-environment.diff @@ -0,0 +1,14 @@ +Description: fix the environment file path +diff --git a/systemd/certmonger.service.in b/systemd/certmonger.service.in +index 7bdbb46..4e90516 100644 +--- a/systemd/certmonger.service.in ++++ b/systemd/certmonger.service.in +@@ -5,7 +5,7 @@ After=syslog.target network.target dbus.service + [Service] + Type=dbus + PIDFile=/var/run/certmonger.pid +-EnvironmentFile=-/etc/sysconfig/certmonger ++EnvironmentFile=-/etc/default/certmonger + ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS + BusName=@CM_DBUS_NAME@ + --- certmonger-0.79.6.orig/debian/patches/series +++ certmonger-0.79.6/debian/patches/series @@ -0,0 +1,4 @@ +fix-keythi-h-path.diff +fix-service-environment.diff +use-dbus-run-session.diff +fix-apache-path.diff --- certmonger-0.79.6.orig/debian/patches/use-dbus-run-session.diff +++ certmonger-0.79.6/debian/patches/use-dbus-run-session.diff @@ -0,0 +1,31 @@ +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -427,9 +427,9 @@ endif + + check: all + for required in certutil cmsutil pk12util openssl diff cmp mktemp \ +- dos2unix unix2dos dbus-launch ; do \ ++ dos2unix unix2dos dbus-run-session ; do \ + which $$required || exit 1; \ + done + env srcdir=$(srcdir) \ + builddir=$(top_builddir)/tests \ +- $(srcdir)/run-tests.sh $(subdirs) ++ dbus-run-session -- $(srcdir)/run-tests.sh $(subdirs) +--- a/tests/run-tests.sh ++++ b/tests/run-tests.sh +@@ -17,13 +17,11 @@ fi + mkdir -m 500 "$tmpdir"/rosubdir + mkdir -m 700 "$tmpdir"/rwsubdir + trap 'rm -f "$tmpfile"; chmod u+w "$tmpdir"/* ; rm -fr "$tmpdir"' EXIT +-unset DBUS_SESSION_BUS_ADDRESS +-eval `dbus-launch --sh-syntax` + if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then + echo Error launching session bus. + exit 1 + else +- trap 'rm -f "$tmpfile"; chmod u+w "$tmpdir"/* ; rm -fr "$tmpdir"; kill "$DBUS_SESSION_BUS_PID"' EXIT ++ trap 'rm -f "$tmpfile"; chmod u+w "$tmpdir"/* ; rm -fr "$tmpdir"' EXIT + fi + + srcdir=${srcdir:-`pwd`} --- certmonger-0.79.6.orig/debian/rules +++ certmonger-0.79.6/debian/rules @@ -0,0 +1,41 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +override_dh_auto_configure: + dh_auto_configure -- \ + --libexecdir=/usr/lib \ + --with-homedir=/var/run/certmonger \ + --with-tmpdir=/var/run/certmonger \ + --enable-systemd \ + --enable-pie \ + --enable-now \ + --enable-tmpfiles \ + CFLAGS="$(CFLAGS)" \ + LDFLAGS="$(LDFLAGS)" + +override_dh_auto_install: + dh_auto_install --destdir=debian/tmp + mkdir -p $(CURDIR)/debian/tmp/lib/systemd/system + rm $(CURDIR)/build/systemd/Makefile + cp $(CURDIR)/build/systemd/certmonger.service \ + $(CURDIR)/debian/tmp/lib/systemd/system + +override_dh_auto_test: + +override_dh_missing: + dh_missing --fail-missing + +override_dh_clean: + dh_clean +# rm -f po/*.gmo + +%: + dh $@ --with quilt --builddirectory=build/ --- certmonger-0.79.6.orig/debian/source/format +++ certmonger-0.79.6/debian/source/format @@ -0,0 +1 @@ +1.0 --- certmonger-0.79.6.orig/debian/watch +++ certmonger-0.79.6/debian/watch @@ -0,0 +1,3 @@ +#git=https://pagure.io/certmonger.git +version=3 +https://releases.pagure.org/certmonger/certmonger-(.*)\.tar\.gz