commit f8aa5cc36db6641c02f1542fc913732d16f16c32
parent b74bf64ed1810e3c075fdda62c584ba37fa19fed
Author: parazyd <parazyd@dyne.org>
Date: Mon, 9 Nov 2020 17:20:22 +0100
Cleanup and modernize debian directory.
Diffstat:
14 files changed, 102 insertions(+), 135 deletions(-)
diff --git a/debian/README.source b/debian/README.source
@@ -1,9 +0,0 @@
-The sha512sums of the keyrings and fragments can be verified using:
-
- $ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c -
- $ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt md5sums.txt | md5sum -c -
-
-It is left as an excercise to the reader to establish trust path to
-the Debian Project strongly connect set of keys.
-
-
diff --git a/debian/compat b/debian/compat
@@ -1 +1 @@
-10
+12
diff --git a/debian/control b/debian/control
@@ -2,26 +2,29 @@ Source: devuan-keyring
Section: misc
Priority: optional
Maintainer: Ivan J. <parazyd@dyne.org>
-Bugs: mailto:bugs@devuan.org
-Homepage: https://devuan.org
Standards-Version: 4.3.0
-Build-Depends: debhelper (>= 10), gnupg, debian-keyring
+Build-Depends:
+ debhelper (>= 12),
+ debian-keyring,
+ gnupg,
+Homepage: https://www.devuan.org/os/keyring
+Vcs-Git: https://salsa.debian.org/parazyd/devuan-keyring.git
+Vcs-Browser: https://salsa.debian.org/parazyd/devuan-keyring
+Rules-Requires-Root: no
Package: devuan-keyring
-Priority: important
Architecture: all
Multi-Arch: foreign
-Depends: gpgv
-Recommends: gnupg | gnupg1
-Breaks: apt (<< 0.7.25.1)
-Description: GnuPG archive key of the devuan repository
- The devuan repository digitally signs its Release files.
- This package contains the repository keys from devuan
+Pre-Depends: debconf
+Depends: ${misc:Depends}
+Recommends: gpgv
+Description: GnuPG archive key of the Devuan repository
+ The Devuan repository digitally signs its Release files.
+ This package contains the repository keys from Devuan
developers used for that.
Package: devuan-keyring-udeb
XC-Package-Type: udeb
-Priority: optional
Architecture: all
Section: debian-installer
Recommends: gpgv-udeb
@@ -29,4 +32,3 @@ Description: GnuPG keys of the Devuan archive
The Devuan project digitally signs its Release files. This package
contains the archive keys used for that, in a minimal form for use
in the installer.
-
diff --git a/debian/devuan-keyring-udeb.install b/debian/devuan-keyring-udeb.install
@@ -0,0 +1 @@
+keyrings/*.gpg usr/share/keyrings/
diff --git a/debian/devuan-keyring.config b/debian/devuan-keyring.config
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+db_input low devuan-keyring/keyring || true
+db_go
+
+exit 0
diff --git a/debian/devuan-keyring.install b/debian/devuan-keyring.install
@@ -0,0 +1 @@
+keyrings/*.gpg usr/share/keyrings/
diff --git a/debian/devuan-keyring.postinst b/debian/devuan-keyring.postinst
@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+install|configure)
+ TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+ eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+ db_get devuan-keyring/keyring
+
+ if [ -n "$RET" ]; then
+ selected=$(echo "$RET" | sed -e 's, /\n/g')
+ echo "$selected" | while read keyring; do
+ ln -sf "/usr/share/keyrings/${keyring}.gpg" "$TRUSTEDPARTS"
+ done
+ fi
+
+ db_stop
+ ;;
+abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+*)
+ echo "postinst called with unknown argument: $1" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/devuan-keyring.postrm b/debian/devuan-keyring.postrm
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+ eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::trustedparts/d)"
+
+ rm -f "${TRUSTEDPARTS}"devuan-*.gpg
+ ;;
+*)
+ echo "postrm called with unknown argument: $1" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/docs b/debian/docs
@@ -0,0 +1 @@
+SHA512SUMS.txt.asc
diff --git a/debian/gbp.conf b/debian/gbp.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+upstream-tag = %(version)s
+debian-branch = master
diff --git a/debian/postinst b/debian/postinst
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ "$1" = 'configure' -a -n "$2" ]; then
- # remove keys from the trusted.gpg file as they are now shipped in fragment files in trusted.gpg.d
- if dpkg --compare-versions "$2" 'lt' "2016.10.10" && which gpg > /dev/null && which apt-key > /dev/null; then
- TRUSTEDFILE='/etc/apt/trusted.gpg'
- eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
- eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
- if [ -e "$TRUSTEDFILE" ]; then
- for KEY in 94532124541922FB; do
- apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || :
- done
- fi
- fi
-fi
diff --git a/debian/rules b/debian/rules
@@ -1,95 +1,20 @@
#!/usr/bin/make -f
-# debian/rules file - for debian/keyring
-# Based on sample debian/rules file - for GNU Hello (1.3).
-# Copyright 1994,1995 by Ian Jackson.
-# Copyright 1998-2003 James Troup
-# I hereby give you perpetual unlimited permission to copy,
-# modify and relicense this file, provided that you do not remove
-# my name from the file itself. (I assert my moral right of
-# paternity under the Copyright, Designs and Patents Act 1988.)
-# This file may have to be extensively modified
-
-install_dir=install -d -m 755
-install_file=install -m 644
-install_script=install -m 755
-install_binary=install -m 755 -s
-
-VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2)
-
-build:
-
-build-indep:
-
-clean:
- $(checkdir)
- -rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars
- -rm -rf debian/tmp debian/devuan-keyring-udeb
-
-binary-indep: checkroot
- $(checkdir)
- -rm -rf debian/tmp
- $(install_dir) debian/tmp/DEBIAN/
- $(install_script) debian/postinst debian/tmp/DEBIAN/
-
- $(install_dir) debian/tmp/usr/share/keyrings/
- $(install_file) keyrings/devuan-keyring.gpg debian/tmp/usr/share/keyrings/
- $(install_file) keyrings/devuan-archive-keyring.gpg debian/tmp/usr/share/keyrings/
-
- $(install_dir) debian/tmp/etc/apt/trusted.gpg.d/
- $(install_file) keyrings/devuan-keyring-2016-archive.gpg debian/tmp/etc/apt/trusted.gpg.d/
- $(install_file) keyrings/devuan-keyring-2017-archive.gpg debian/tmp/etc/apt/trusted.gpg.d/
- $(install_file) keyrings/devuan-keyring-2016-cdimage.gpg debian/tmp/etc/apt/trusted.gpg.d/
-
- $(install_dir) debian/tmp/usr/share/doc/devuan-keyring/
- $(install_file) README.md debian/tmp/usr/share/doc/devuan-keyring/
- $(install_file) debian/changelog debian/tmp/usr/share/doc/devuan-keyring/changelog
- gzip -9v debian/tmp/usr/share/doc/devuan-keyring/*
- $(install_file) debian/copyright debian/tmp/usr/share/doc/devuan-keyring/
- cd debian/tmp; find -type f \! -regex '.*/DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum >DEBIAN/md5sums
-
- dpkg-gencontrol -pdevuan-keyring -isp
- chown -R root.root debian/tmp
- chmod -R go=rX debian/tmp
- dpkg --build debian/tmp ..
-
- -rm -rf debian/devuan-keyring-udeb
- $(install_dir) debian/devuan-keyring-udeb/DEBIAN/
-
- $(install_dir) debian/devuan-keyring-udeb/usr/share/keyrings/
- $(install_file) keyrings/devuan-archive-keyring.gpg debian/devuan-keyring-udeb/usr/share/keyrings/
-
- install -m 755 debian/devuan-keyring-udeb.postinst debian/devuan-keyring-udeb/DEBIAN/postinst
-
- # Don't let dpkg-gencontrol write incorrect guesses to debian/files.
- # Instead, register the udeb manually.
- dpkg-gencontrol -ndevuan-keyring-udeb_$(VERSION)_all.udeb -pdevuan-keyring-udeb -Tdebian/devuan-keyring-udeb.substvars -Pdebian/devuan-keyring-udeb -isp
- chown -R root.root debian/devuan-keyring-udeb
- chmod -R go=rX debian/devuan-keyring-udeb
- dpkg --build debian/devuan-keyring-udeb ../devuan-keyring-udeb_$(VERSION)_all.udeb
-
-binary-arch:
-
-define checkdir
- test -f keyrings/devuan-keyring.gpg
-endef
-
-# Below here is fairly generic really
-
-binary: binary-indep binary-arch
-
-checkroot:
- $(checkdir)
- test root = "`whoami`"
-
-regenerate-key-fragments:
- rm -f keyrings/devuan-keyring-*.gpg
- gpg --no-default-keyring --keyring ./keyrings/devuan-archive-keyring.gpg --output keyrings/devuan-keyring-2016-archive.gpg --export 0x72E3CB773315DFA2E464743D94532124541922FB
- gpg --no-default-keyring --keyring ./keyrings/devuan-archive-keyring.gpg --output keyrings/devuan-keyring-2016-cdimage.gpg --export 0xCF1921B2D91C6435848E810099C46A90B1FB3B59
- gpg --no-default-keyring --keyring ./keyrings/devuan-archive-keyring.gpg --output keyrings/devuan-keyring-2017-archive.gpg --export 0xE032601B7CA10BC3EA53FA81BB23C00C61FC752C
- sha512sum keyrings/*.gpg | gpg --clearsign > SHA512SUMS.txt.asc
-
-checkkeyrings:
- gpg --no-default-keyring --keyring keyrings/devuan-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c -
- gpg --no-default-keyring --keyring keyrings/devuan-keyring.gpg --decrypt md5sums.txt | md5sum -c -
-
-.PHONY: binary binary-arch binary-indep clean checkkeyrings checkroot build
+# Uncomment this to turn on verbose mode
+#export DH_VERBOSE=1
+
+export trusted_keyid=SOMEONE
+export GNUPGHOME=$(CURDIR)/debian/tmp
+
+%:
+ dh $@ --without autoreconf
+
+override_dh_auto_build:
+ # check GPG sig for sha512sums and sha512sums for gpg keys
+ mkdir -p $(CURDIR)/debian/tmp
+ gpg --no-default-keyring \
+ --keyring /usr/share/keyrings/debian-keyring.gpg \
+ --trusted-key $(trusted_keyid) \
+ --no-auto-check-trustdb \
+ --decrypt $(CURDIR)/SHA512SUMS.txt.asc \
+ > $(CURDIR)/debian/tmp/SHA512SUMS.txt
+ sha512sum -c $(CURDIR)/debian/tmp/SHA512SUMS.txt
diff --git a/debian/source/format b/debian/source/format
@@ -1,2 +1 @@
-3.0 (native)
-
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts=filenamemangle=s/.*?\/(\d\S+)\/archive\.tar\.gz/devuan-keyring-$1\.tar\.gz/ \
+ https://salsa.debian.org/parazyd/devuan-keyring/tags .*?(\d\S+)/archive\.tar\.gz
