# Generated by wrap-tree.py. Needs hacking for things like # maintaining the debian/changelog file, but at least this gets all # the debian/ubuntu stuff to date into the repository. import os os.makedirs('debian') with open('debian/changelog', "wb") as f: f.write('''\ rpki (0.4976) UNRELEASED; urgency=low * Test update to changelog. -- Rob Austein Tue, 22 Jan 2013 02:50:01 -0500 rpki (0.4968) UNRELEASED; urgency=low * Initial Release. -- Rob Austein Tue, 15 Jan 2013 13:29:54 -0500 ''') with open('debian/compat', "wb") as f: f.write('''\ 8 ''') with open('debian/control', "wb") as f: f.write('''\ Source: rpki Priority: extra Maintainer: Rob Austein Build-Depends: debhelper (>= 8.0.0), autotools-dev, xsltproc, python (>= 2.7), python-all-dev, python-setuptools, python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml Standards-Version: 3.9.3 Homepage: http://trac.rpki.net/ Vcs-Svn: http://subvert-rpki.hactrn.net/ Vcs-Browser: http://trac.rpki.net/browser Package: rpki-rp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.7), rrdtool, rsync Description: rpki.net relying party tools "Relying party" validation tools from the rpki.net toolkit. See the online documentation at http://rpki.net/. Package: rpki-ca Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, xsltproc, python (>= 2.7), python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml Description: rpki.net certification authority tools "Certification authority" tools for issuing RPKI certificates and related objects using the rpki.net toolkit. See the online documentation at http://rpki.net/. ''') with open('debian/copyright', "wb") as f: f.write('''\ Format: http://dep.debian.net/deps/dep5 Upstream-Name: rpki Source: http://rpki.net/ Files: * Copyright: 2006-2008 American Registry for Internet Numbers 2009-2013 Internet Systems Consortium 2010-2013 SPARTA, Inc. License: ISC Files: openssl/openssl-*.tar.gz Copyright: 1998-2012 The OpenSSL Project 1995-1998 Eric A. Young, Tim J. Hudson License: OpenSSL and SSLeay License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. License: OpenSSL Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" . 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact licensing@OpenSSL.org. . 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. . 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" . THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). License: SSLeay This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). . Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" . THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] ''') with open('debian/postinst.ex', "wb") as f: f.write('''\ #!/bin/sh # postinst script for rpki-rp # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/postrm.ex', "wb") as f: f.write('''\ #!/bin/sh # postrm script for rpki-rp # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/preinst.ex', "wb") as f: f.write('''\ #!/bin/sh # preinst script for rpki-rp # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in install|upgrade) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/prerm.ex', "wb") as f: f.write('''\ #!/bin/sh # prerm script for rpki-rp # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|deconfigure) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/rpki-ca.init.d.ex', "wb") as f: f.write('''\ #!/bin/sh ### BEGIN INIT INFO # Provides: rpki-ca # Required-Start: $network $local_fs # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: # Description: # <...> # <...> ### END INIT INFO # Author: Rob Austein # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC=rpki-ca # Introduce a short description here NAME=rpki-ca # Introduce the short server's name here DAEMON=/usr/sbin/rpki-ca # Introduce the server's location here DAEMON_ARGS="" # Arguments to run the daemon with PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x $DAEMON ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \\ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \\ $DAEMON_ARGS \\ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : ''') with open('debian/rpki-ca.install', "wb") as f: f.write('''\ etc/rpki/apache.conf etc/rpki/settings.py usr/lib usr/sbin usr/share ''') with open('debian/rpki-ca.lintian-overrides', "wb") as f: f.write('''\ # The RPKI code requires a copy of the OpenSSL library with both the # CMS code and RFC 3779 code enabled. All recent versions of OpenSSL # include this code, but it's not enabled on all platforms. On Ubuntu # 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad # of our several bad options, and carefully link against a private # copy of the OpenSSL crypto library built with the options we need, # with all the voodoo necessary to avoid conflicts with, eg, the # OpenSSL shared libraries that are already linked into Python. # # It would be totally awesome if the OpenSSL package maintainers were # to enable the RFC 3779 code for us, but I'm not holding my breath. # # In the meantime, we need to tell lintian to allow this nasty hack. rpki-ca: embedded-library ''') with open('debian/rpki-ca.upstart.ex', "wb") as f: f.write('''\ # RPKI CA Service description "RPKI CA Servers" author "Rob Austein " # This is almost certainly wrong. Suggestions on how to improve this # welcome, but please first read the Python code to understand what it # is doing. # Our only real dependency is on mysqld. start on started mysql stop on stopping mysql pre-start script install -m 755 -o rpki -g rpki -d /var/run/rpki sudo -u rpki /usr/sbin/rpki-start-servers end script post-stop script for i in rpkid pubd irdbd rootd do [ -f /var/run/rpki/$i.pid ] && kill `/bin/cat /var/run/rpki/$i.pid` done end script ''') with open('debian/rpki-rp.install', "wb") as f: f.write('''\ etc/rcynic.conf etc/rpki/trust-anchors usr/bin var/rcynic ''') with open('debian/rpki-rp.lintian-overrides', "wb") as f: f.write('''\ # The RPKI code requires a copy of the OpenSSL library with both the # CMS code and RFC 3779 code enabled. All recent versions of OpenSSL # include this code, but it's not enabled on all platforms. On Ubuntu # 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad # of our several bad options, and carefully link against a private # copy of the OpenSSL crypto library built with the options we need, # with all the voodoo necessary to avoid conflicts with, eg, the # OpenSSL shared libraries that are already linked into Python. # # It would be totally awesome if the OpenSSL package maintainers were # to enable the RFC 3779 code for us, but I'm not holding my breath. # # In the meantime, we need to tell lintian to allow this nasty hack. rpki-rp: embedded-library # /var/rcynic is where we have been keeping this for years. We could change # but all the documentation says /var/rcynic. Maybe some day we will # figure out a politically correct place to put this, for now stick # with what the documentation leads the user to expect. rpki-rp: non-standard-dir-in-var ''') with open('debian/rpki-rp.postinst', "wb") as f: f.write('''\ #!/bin/sh # postinst script for rpki-rp # # see: dh_installdeb(1) set -e setup_rcynic_ownership() { chown rcynic:rcynic /var/rcynic/data /var/rcynic/rpki-rtr } setup_rcynic_user() { if ! getent passwd rcynic >/dev/null then useradd -g rcynic -M -N -d /var/rcynic -s /sbin/nologin -c "RPKI validation system" rcynic fi } setup_rcynic_group() { if ! getent group rcynic >/dev/null then groupadd rcynic fi } # We want to pick a *random* minute for rcynic to run, to spread load # on repositories, which is why we don't just use a package crontab. setup_rcynic_cron() { crontab -l -u rcynic 2>/dev/null | awk -v t=`hexdump -n 2 -e '"%u\\n"' /dev/urandom` ' BEGIN { cmd = "exec /usr/bin/rcynic-cron" } $0 !~ cmd { print } END { printf "%u * * * *\\t%s\\n", t % 60, cmd } ' | crontab -u rcynic - } # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) setup_rcynic_group setup_rcynic_user setup_rcynic_ownership setup_rcynic_cron ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/rpki-rp.prerm', "wb") as f: f.write('''\ #!/bin/sh # prerm script for rpki-rp # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove) crontab -l -u rcynic 2>/dev/null | awk ' $0 !~ "exec /usr/bin/rcynic-cron" { line[++n] = $0; } END { if (n) for (i = 1; i <= n; i++) print line[i] | "crontab -u rcynic -"; else system("crontab -u rcynic -r"); }' ;; upgrade|deconfigure) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \\`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 ''') with open('debian/rules', "wb") as f: f.write('''\ #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. export DH_VERBOSE=1 %: dh $@ --with python2 # dh $@ # Getting the RP package working is more urgent than getting the CA # package working, so skip stuff that's only needed for the CA package # for now. # # Get rid of this overide once we start testing builds of multiple # binary packages from a single source package. # # We'll want to keep --disable-target-installation to avoid trying to # do things during make install which really need to be done in # rpki-rp.postinst. override_dh_auto_configure: dh_auto_configure -- --disable-target-installation # dh_auto_configure -- --disable-ca-tools --disable-target-installation ''') os.makedirs('debian/source') with open('debian/source/format', "wb") as f: f.write('''\ 3.0 (native) ''')