--- uruk-20110608.orig/debian/changelog +++ uruk-20110608/debian/changelog @@ -0,0 +1,229 @@ +uruk (20110608-1) unstable; urgency=low + + * New upstream release: The IPv6 Day release!. Missed 20110213 and + 20110602. + * debian/control: Standards-Version compliancy upgraded from 3.9.1 to + 3.9.2 (no further changes needed). + * control: build-depends: add aephea, update zoem (>= 10-265): + incompatible zoem changes. + + -- Joost van Baal Wed, 08 Jun 2011 08:28:46 +0200 + +uruk (20100831-2) unstable; urgency=low + + * postinst: add "1" to the runlevels to stop the service in update-rc.d + call: back in sync with LSB headers in upstream supplied init-script + (Closes: #581659). + + -- Joost van Baal Tue, 31 Aug 2010 14:26:45 +0200 + +uruk (20100831-1) unstable; urgency=low + + * New upstream release. + + -- Joost van Baal Tue, 31 Aug 2010 12:31:45 +0200 + +uruk (20100823-1) unstable; urgency=low + + * New upstream release. Missed 20100820 (and 20100821), which introduced: + + Fix bugs in support for dependency based boot sequencing (which is the + default in "Squeeze"; Boot Performance is a goal for the upcoming Debian + "Squeeze" release) + - init/uruk.in: Fix LSB init header: we want to start early in boot + sequence (on entering runlevel S). LSB init.d header however had + "Default-Start: 2 3 5". This is now fixed to S. Partially fixes + bug 581659. (Upgrade's are likely not yet handled gracefully.) Thanks + Petter Reinholdtsen for reporting and for the patch. + - Furthermore, change Default-Stop: "0 6" to "0 1 6": no need to special + case runlevel 1 (thanks lintian). + - Finally, added "$remote_fs" to Required-Start: and Required-Stop: since + obviously we need /usr/sbin/uruk to be available (thanks again lintian). + + Enable support for IPv6 packet filtering (full IPv6 support + is a goal for the upcoming Debian "Squeeze" release). ip6tables is now + enabled in the uruk script by default. If you interact with uruk using + the init script (which is the default), uruk's default behaviour however + is not changed. + * debian/copyright: updated to new upstream. + * debian/control: the uruk script size no longer is 11 K but 13 K: update + description. + * debian/control: Standards-Version compliancy upgraded from 3.8.4 to + 3.9.1 (no further changes needed). + + -- Joost van Baal Mon, 23 Aug 2010 10:32:51 +0200 + +uruk (20100717-1) unstable; urgency=low + + * This package is not publicly released. + * New upstream release. + * debian/control: Standards-Version compliancy upgraded from 3.7.3 to 3.8.4. + * debian/control: This code no longer is maintained using GNU Arch but + using the git Version Control System + * debian/NEWS: fix typo. Thanks lintian. + + -- Joost van Baal Sun, 18 Jul 2010 08:25:55 +0200 + +uruk (20080330-1) unstable; urgency=low + + * New upstream release. + * debian/control: Add Vcs-Arch header. Unfortunately, gna.org does not + offer archzoom, so no Vcs-Browser header for now. + * debian/copyright: machine-interpretable, using proposal by Sam Hocevar + (http://wiki.debian.org/Proposals/CopyrightFormat). + + -- Joost van Baal Sun, 30 Mar 2008 15:21:18 +0200 + +uruk (20080307-1) unstable; urgency=low + + * New upstream release. + * debian/control: Don't use unneeded Debian revisions in build dependencies: + be nice to backporters. (Thanks lintian.) + + -- Joost van Baal Sat, 08 Mar 2008 08:44:32 +0100 + +uruk (20071101-3) unstable; urgency=low + + * debian/postinst: enable upgrading a not yet configured uruk. Thanks + Wessel Dankers for reporting this bug (in private communication). + * debian/control: move homepage to proper field. + * debian/control: Standards-Version compliancy upgraded from 3.7.2 to + 3.7.3 (no further changes needed). + + -- Joost van Baal Thu, 07 Feb 2008 15:54:17 +0100 + +uruk (20071101-2) unstable; urgency=low + + * Ignore errors from init script when removing package: these might be + caused by lacking (manual) configuration of the package. Thanks + Jacob Holst (Closes: #452904). + + -- Joost van Baal Tue, 04 Dec 2007 16:39:45 +0100 + +uruk (20071101-1) unstable; urgency=low + + * New upstream release. Missed 20071030, which introduced: + - no longer try to support non-ascii characters in .txt manpages + (Closes: #441659) + - If you're using hook scripts (by setting $rc_a, $rc_b, ... or $rc_i + in your uruk rc file), you might be hit by an incompatibility. See + upstream NEWS file (in /usr/share/doc/uruk/NEWS) for details. + - The uruk init script now is (should be) Linux Standards Base v 3.1.0 + compliant. + See upstream NEWS file for other changes and new features in the 20071030 + and 20071101 releases. + * debian/copyright: no longer GPL v2, but v3 (or higher). Add MIT + license for Fred Vos's XML stuff in contrib/. + * debian/rules: do not ignore error from "make distclean". (Thanks + lintian). + * debian/rules: compress NEWS.Debian (Thanks lintian). + * debian/control: Standards-Version compliancy upgraded from 3.6.2.0 to + 3.7.2 (no further changes needed). + + -- Joost van Baal Sun, 04 Nov 2007 15:55:38 +0100 + +uruk (20051129-1) unstable; urgency=low + + * New upstream release. + * control: build-depend upon zoem >= 05-328: new \tr semantics + (Closes: #354677). + * control: found out how to add Homepage pseudo-field (finally!). + + -- Joost van Baal Thu, 02 Mar 2006 11:13:55 +0100 + +uruk (20051027-1) unstable; urgency=low + + * New upstream release. (20051026 suffered from an annoying bug, no public + Debian package for that one was released.) + * debian/rules: added NEWS.Debian for documenting incompatibly changes. + * debian/{prerm,postinst}: make sure firewall rules are no longer disabled + during upgrade. They now are merely reloaded: + + prerm: call "invoke-rc.d uruk stop" only on package removal. + + postinst: call "invoke-rc.d uruk force-reload" on upgrade. + * debian/control: changed package description. + * /etc/uruk/rc, README.Debian: add some pointers to quick setup guide in + uruk(8). + * debian/{rules,uruk.default}: default script now shipped upstream, we + install that one. + * debian/rules: don't install .ps and .txt copies of manpages: these are + easily generated from other installed formats. + * debian/rules: generate md5sums (implementation inspired by dh_md5sums). + * debian/control: s/joostvb-uruk@mdcc.cx/joostvb@debian.org/ + * debian/control: Standards-Version compliancy upgraded from 3.6.1.0 to + 3.6.2.0 (no further changes needed). + * First upload to the Debian archive (Closes: #332819) + + -- Joost van Baal Sun, 30 Oct 2005 18:44:05 +0100 + +uruk (20050718-1) unstable; urgency=low + + * New upstream pre-release. + + -- Joost van Baal Mon, 18 Jul 2005 18:04:50 +0200 + +uruk (20050414-1) unstable; urgency=low + + * New upstream prerelease. + * conffiles: add /etc/default/uruk, used by init script. + * control: make homepage stand out. + * This package now is maintained at http://arch.gna.org/uruk/ . + * rules, uruk.default: ship example /etc/default/uruk script. + * rules: compress new ChangeLog.2003 file. + * control: checked standards compliance: bumped from 3.5.8 to 3.6.1.0. + + -- Joost van Baal Fri, 15 Apr 2005 23:24:37 +0200 + +uruk (20040625-1) unstable; urgency=low + + * New upstream. BEWARE! This is a prerelease. + + -- Joost van Baal Fri, 25 Jun 2004 10:43:34 +0200 + +uruk (20040216-1) unstable; urgency=low + + * New upstream. BEWARE! Upstream 20040213 was _severely_ broken. + + -- Joost van Baal Mon, 16 Feb 2004 16:25:07 +0100 + +uruk (20040213-1) unstable; urgency=low + + * New upstream. + + -- Joost van Baal Fri, 13 Feb 2004 17:05:03 +0100 + +uruk (20040210-1) unstable; urgency=low + + * New upstream. Beware: slightly changed defaults in ICMP blocking. + See upstream NEWS file. + * rc: point to the right places to get uruk initialized and configured. + * postinst: instead of update-rc.d's default we now use "start 40 S . stop + 89 0 6 ." for the uruk runlevels (the same as used by other iptables + calling packages). + + -- Joost van Baal Tue, 10 Feb 2004 15:03:09 +0100 + +uruk (20031111-1) unstable; urgency=low + + * New upstream. Beware: backwards incompatibility. See upstream docs. + + -- Joost van Baal Tue, 11 Nov 2003 13:44:47 +0100 + +uruk (20031026-1) unstable; urgency=low + + * New upstream (missed 20031008). + * First public release of this Debian package. + * README.Debian, TODO.Debian added. + + -- Joost van Baal Sun, 26 Oct 2003 16:49:50 +0100 + +uruk (20031005-1) unstable; urgency=low + + * New upstream. (Not publicly released.) + * rules: copyleft statement added. + * control: description spiced up. + + -- Joost van Baal Sun, 05 Oct 2003 20:38:10 +0200 + +uruk (20031004-1) unstable; urgency=low + + * Initial release. + + -- Joost van Baal Sun, 05 Oct 2003 14:40:32 +0200 --- uruk-20110608.orig/debian/conffiles +++ uruk-20110608/debian/conffiles @@ -0,0 +1,3 @@ +/etc/uruk/rc +/etc/init.d/uruk +/etc/default/uruk --- uruk-20110608.orig/debian/control +++ uruk-20110608/debian/control @@ -0,0 +1,25 @@ +Source: uruk +Section: net +Priority: optional +Maintainer: Joost van Baal +Standards-Version: 3.9.2 +Build-Depends-Indep: zoem (>= 10-265), aephea, groff-base, bsdmainutils +Homepage: http://mdcc.cx/uruk/ +Vcs-Git: http://git.mdcc.cx/uruk-pkg + +Package: uruk +Architecture: all +Depends: iptables +Description: Very small firewall script, for configuring iptables + Uruk is a wrapper for Linux ip[6]tables. A very simple shell script, but + useful if you need similar (but not the same) packet filtering configurations + on lots of hosts. It uses a template file, which gets sourced as a shell + script, to get lists of source addresses, allowed to use specific network + services. Listing these groups of allowed hosts and allowed services is all + what's needed to configure your box. + . + Main difference with other firewall setup tools: uruk is just a very small + (just 14K!) shell script, no gui, no interactive setup, no default + configuration. You'll like this if you'd rather not have lots of (probably + buggy) code between you and your filtering rules. + --- uruk-20110608.orig/debian/copyright +++ uruk-20110608/debian/copyright @@ -0,0 +1,48 @@ +This package was debianized by Joost van Baal joostvb@debian.org on Sun, 5 Oct +2003 14:40:32 +0200. It was downloaded from http://mdcc.cx/pub/uruk/. + +On Debian systems, the complete text of the GNU General Public License can be +found in `/usr/share/common-licenses/GPL'. + +Files: * +Copyright: © 2003 Stichting LogReport Foundation logreport@logreport.org, + © 2003, 2004 Tilburg University http://www.uvt.nl/, + © 2003, 2004, 2005, 2007, 2008, 2010 Joost van Baal +License: GPL-3+ + Uruk is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3, or (at your option) any + later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +Files: init/uruk.in +Copyright: © 2002, 2003 Laurence J. Lane, + © 2003, 2004, 2005, 2007, 2010 Joost van Baal +License: GPL-3+ + +Files: contrib/* +Copyright: © 2007 Fred Vos - Mokolo.org, + © 2007 Tilburg University, http://www.uvt.nl/ +License: MIT + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + --- uruk-20110608.orig/debian/dirs +++ uruk-20110608/debian/dirs @@ -0,0 +1 @@ +usr/sbin --- uruk-20110608.orig/debian/NEWS +++ uruk-20110608/debian/NEWS @@ -0,0 +1,20 @@ +uruk (20100823-1) unstable; urgency=low + + * Support for IPv6 packet filtering via ip6tables is now enabled in the uruk + script by default. If you interact with uruk using the init script (which + is the default), you have to add "enable_ipv6=true" to /etc/default/uruk to + enable IPv6 filtering. See /usr/share/doc/uruk/examples/rc for information + on how to setup IPv6 filtering rules. If you haven't manually enabled uruk + IPv6 filtering before, this uruk release will process your filtering rules + just the same as previous ones. + + See /usr/share/doc/uruk/README for more upgrade instrucions. + + -- Joost van Baal Sun, 22 Aug 2010 11:22:30 +0200 + +uruk (20051027-1) unstable; urgency=low + + * New init-script semantics: the preferred way for reloading your uruk rc + file has changed. See /usr/share/doc/uruk/README. + + -- Joost van Baal Wed, 26 Oct 2005 11:19:11 +0200 --- uruk-20110608.orig/debian/postinst +++ uruk-20110608/debian/postinst @@ -0,0 +1,45 @@ +#!/bin/sh + +# uruk postinst + +set -e + +case "$1" in + configure) + if test -x /etc/init.d/uruk + then + update-rc.d uruk start 40 S . stop 89 0 1 6 . >/dev/null + # + # Don't call init script on initial install: we have no sane rules anyway. + # We might want to run "invoke-rc.d uruk stop" in prerm. + # + fi + + if test -n "$2" + then + # we are called with a second argument, so are upgrading from a prior + # version: second argument holds prior version + if test -x /usr/sbin/invoke-rc.d + then + invoke-rc.d uruk force-reload || err=$? + else + /etc/init.d/uruk force-reload || err=$? + fi + + # exit code 6 from init script indicates "program is not configured" per + # LSB. we don't want to disable upgrading an unconfigured uruk. + if test -n "$err" + then + test $err -eq 6 || exit $err + fi + fi + ;; + + failed-upgrade|abort-upgrade|abort-remove|abort-deconfigure|in-favour|removing) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + --- uruk-20110608.orig/debian/postrm +++ uruk-20110608/debian/postrm @@ -0,0 +1,11 @@ +#! /bin/sh + +# uruk postrm + +set -e + +if test "$1" = purge +then + update-rc.d uruk remove >/dev/null +fi + --- uruk-20110608.orig/debian/prerm +++ uruk-20110608/debian/prerm @@ -0,0 +1,26 @@ +#!/bin/sh + +# uruk prerm + +set -e + +case "$1" in + remove) + if test -x /usr/sbin/invoke-rc.d + then + # if we've still got the default rc, "stop" will fail. ignore that. + invoke-rc.d uruk stop || true + else + /etc/init.d/uruk stop || true + fi + ;; + deconfigure|upgrade|failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 + --- uruk-20110608.orig/debian/rc +++ uruk-20110608/debian/rc @@ -0,0 +1,12 @@ +# Placeholder uruk rc file for Debian package + +# Magic string, inspected by /etc/init.d/uruk. +# This string should not be present in a sane uruk rc file. +# +# URUK_IS_UNCONFIGURED + +echo >&2 'Your uruk package is unconfigured. Please read uruk(8).' + +# Don't run any ipfilter command +interfaces= + --- uruk-20110608.orig/debian/README +++ uruk-20110608/debian/README @@ -0,0 +1,12 @@ +Uruk won't "just work" for you out of the box. Since there are no defaults +which will work for everybody (if you disagree, convince me there are!), it +needs manual configuration. See uruk(8) for quick setup instructions. + +The Uruk Debian package installs /etc/init.d/uruk. The remark about +this init script in the Uruk README file can be ignored. + +This package is somewhat biased to using uruk with the init script: This is +likely the most common setup. I am interested in descriptions of other setups +(integration with ifupdown, e.g.) + + -- Joost van Baal --- uruk-20110608.orig/debian/rules +++ uruk-20110608/debian/rules @@ -0,0 +1,90 @@ +#!/usr/bin/make -f + +# Made with the aid of debmake, by Christoph Lameter, +# based on the sample debian/rules file for GNU hello by Ian Jackson. + +# Copyright (C) 2003, 2004, 2005 Joost van Baal +# +# This file is part of the Debian uruk package. This script is free +# software; you can redistribute it and/or modify it under the terms +# of the GNU GPL, available on-line at +# http://www.gnu.org/copyleft/gpl.html . + +# debmake includes deb-make(1). We don't use dh_make: let's see if +# we can get rid of build-depending on debhelper (and on debmake too, +# when we're at it). + +package=uruk +docdir = debian/$(package)/usr/share/doc/$(package) + +define checkdir + test -f debian/rules +endef + +build: + $(checkdir) + ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + --sysconfdir=/etc --localstatedir=/var + $(MAKE) + touch build + +clean: + $(checkdir) + rm -f build + [ ! -f Makefile ] || $(MAKE) distclean + rm -f `find . -name "*~"` + rm -rf debian/$(package) debian/files* debian/substvars + +binary-indep: checkroot build + $(checkdir) + rm -rf debian/$(package) + install -d debian/$(package) + cd debian/$(package) && install -d `cat ../dirs` + $(MAKE) install prefix=$(CURDIR)/debian/$(package)/usr \ + mandir=$(CURDIR)/debian/$(package)/usr/share/man \ + sysconfdir=$(CURDIR)/debian/$(package)/etc \ + localstatedir=$(CURDIR)/debian/$(package)/var + mkdir -p debian/$(package)/etc/uruk + mkdir -p debian/$(package)/etc/default + cp -a debian/rc debian/$(package)/etc/uruk + mv $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/examples/default debian/$(package)/etc/default/uruk + rm $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/COPYING + rm $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/ChangeLog + rm $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/uruk*.azm + rm $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/uruk*.ps + rm $(CURDIR)/debian/$(package)/usr/share/doc/$(package)/uruk*.txt + cp -a NEWS debian/copyright $(docdir) + cp -a debian/changelog $(docdir)/changelog.Debian + cp -a debian/NEWS $(docdir)/NEWS.Debian + cp -a debian/README $(docdir)/README.Debian + cp -a debian/TODO $(docdir)/TODO.Debian + cp -a ChangeLog $(docdir)/changelog + cd $(docdir) && gzip -9 changelog changelog.Debian ChangeLog.2003 NEWS.Debian + gzip -r9 debian/$(package)/usr/share/man + mkdir debian/$(package)/DEBIAN +# # generate md5sums. pathnames should not have leading /. +# # conffiles should be excluded. for now, assume conffiles are precisely +# # the files in /etc/ . + cd debian/$(package); \ + find . -type f ! -path './etc*' ! -regex '.*/DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums +# # generate binary package control file + dpkg-gencontrol -isp -Pdebian/$(package) + cp -a debian/conffiles debian/$(package)/DEBIAN + for f in postinst prerm postrm; do \ + cp -a debian/$$f debian/$(package)/DEBIAN; \ + chmod a+x debian/$(package)/DEBIAN/$$f; \ + done + chown -R root.root debian/$(package) + chmod -R go=rX debian/$(package) + dpkg --build debian/$(package) .. + +binary-arch: checkroot build + +binary: binary-indep binary-arch + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot + --- uruk-20110608.orig/debian/TODO +++ uruk-20110608/debian/TODO @@ -0,0 +1,28 @@ + +Check out http://wiki.debian.org/FirewallByDefault and +http://wiki.debian.org/Firewalls . + +Check out https://wiki.ubuntu.com/UbuntuFirewall + +Add package tags to description using e.g. package browser: +http://debian.vitavonni.de/packagebrowser/?tags=security%2Cnetwork%2Csecurity%3A%3Afirewall +(it seems this can't yet be done in control file). + +We might want to check /var/lib/uruk/iptables stuff on +purge/removal/reinstallation. (Currently, it's kept on purge.) + +Recheck http://women.alioth.debian.org/wiki/index.php/English/MaintainerScripts +. + +Use doc-base for registering documentation, replace our md5sums generating +stuff with something like: +. + while read f; do \ + exclude="$$exclude ! -path \".$$f\" "; \ + done < debian/conffiles; \ + cd debian/$(package); \ + find . -type f $$exclude ! -regex '.*/DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums; +. +This honors conffiles. Or just call dh_md5sums... (And we might choose to go +use debhelper for all the rest, or cdbs, while we're at it.) +