From 50d793d30c7a49df2b9aeeab5f3ed42358084fee Mon Sep 17 00:00:00 2001 From: Fco Javier Lopez Perez Date: Thu, 17 Oct 2024 15:48:51 +0200 Subject: [PATCH 1/2] Refs #7593 - Debian packaging improved --- ca.pem => VerdnaturaCA.crt | 0 old-ca.pem => VerdnaturaInformaticaCA.crt | 0 VerdnaturaIntermediateLab.crt | 23 +++++++++++++ debian/changelog | 15 +++++++++ debian/control | 16 ++++++++-- debian/copyright | 39 ++++++++++------------- debian/install | 8 ++--- debian/links | 2 -- debian/rules | 2 ++ debian/source/format | 1 + debian/vn-apt-source.install | 3 ++ debian/vn-apt-source.manpages | 1 + debian/vn-host.triggers | 1 + doc/update-repo.8 | 16 ++++++++++ vn.list | 12 ++----- 15 files changed, 97 insertions(+), 42 deletions(-) rename ca.pem => VerdnaturaCA.crt (100%) rename old-ca.pem => VerdnaturaInformaticaCA.crt (100%) create mode 100644 VerdnaturaIntermediateLab.crt delete mode 100644 debian/links create mode 100644 debian/source/format create mode 100644 debian/vn-apt-source.install create mode 100644 debian/vn-apt-source.manpages create mode 100644 debian/vn-host.triggers create mode 100644 doc/update-repo.8 diff --git a/ca.pem b/VerdnaturaCA.crt similarity index 100% rename from ca.pem rename to VerdnaturaCA.crt diff --git a/old-ca.pem b/VerdnaturaInformaticaCA.crt similarity index 100% rename from old-ca.pem rename to VerdnaturaInformaticaCA.crt diff --git a/VerdnaturaIntermediateLab.crt b/VerdnaturaIntermediateLab.crt new file mode 100644 index 0000000..4e3756d --- /dev/null +++ b/VerdnaturaIntermediateLab.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6jCCAtKgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJFUzEO +MAwGA1UECAwFU3BhaW4xETAPBgNVBAcMCFZhbGVuY2lhMR4wHAYDVQQKDBVWZXJk +bmF0dXJhIExldmFudGUgU0wxFjAUBgNVBAMMDVZlcmRuYXR1cmEgQ0EwHhcNMjQw +NjEzMDc0MTE2WhcNNDQwNjA4MDc0MTE2WjBpMQswCQYDVQQGEwJFUzEOMAwGA1UE +CAwFU3BhaW4xETAPBgNVBAcMCFZhbGVuY2lhMR4wHAYDVQQKDBVWZXJkbmF0dXJh +IExldmFudGUgU0wxFzAVBgNVBAMMDlZlcmRuYXR1cmEgTGFiMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKqvodZFH2RNfSJ5tzNlxdcrSKl3iLF7ImeU +/WlXXnUKxdsXFTq+HbychOc6fYOzTccvUxcgBz14j1ikqF98NLqEHy1vR5tfUGWL +uNIQQ+aEaycuZupeCVNxo9LZ5L2HOJvBZdrhFE92op9BRNiNV4yqS+nkIvUyo4YJ +ljUYAyVG5ZQAd5bEC5DXwehBaNkCcpIipWkYuFGh3UpHd85FCcmEXXBuyMQhb7FY +iqcK9yRfky10jf6K6JyxYBvHCnna5/rDFqQZthWUCgIfIS090EEKkIBqUNsuLdhF +SZGFXXBgVwslmAynoDF4CUddFrpyAhQmg5DND96WEHbW4K+3vQIDAQABo4GdMIGa +MDcGCWCGSAGG+EIBDQQqFihPUE5zZW5zZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MB0GA1UdDgQWBBQ9+iZdf7pLNQItxs4o43dNFZD0CTAfBgNVHSME +GDAWgBQ9+iZdf7pLNQItxs4o43dNFZD0CTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAKBs4HaE/BVmgxzZt0RIQGmkT +dLEoPSBYO9jzdbDl51yEmYqPHDTaV41Q6fUGKQ4wHuzyJIOZVhe4jS6lloorE3bC +7GANN4bG8QJhMHGO1wMTqjlPlekVaCdEUQZMRtMd7t9fUeJtKjDDj/IbyVpbsJcO +10fxGuaWzn5N8/cn0r+ck2uwo2rGPBqTAPxzBAy9aOaAH/5uETsDYCN57Udv76zR +NeZKVM9Uk1XR0PxMIB5sFTO1S8zLEr70yWzHaL1Oyaep5n/u54JKvyz8NXBB9RH0 +WQqdLhM0tuSMLSTPNJGkxfFH/SbBnJ2qLx1JCVMLaTwYqBOfs2eZN2MzMudPLA== +-----END CERTIFICATE----- diff --git a/debian/changelog b/debian/changelog index 7a379d9..770ccdc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +vn-host (3.0.0) stable; urgency=medium + + * Set debian-branch to bookworm. + * Fix verdnatura apt repository to use bookworm only. + * Renamed certificates files and Intermediate LAB CA added. + * Improved debian packaging: + - Added missing ca-certificates dependence. + - Added manpage for update-repo script + - Added uploaders in debian/control + - Splited into multiple packages + - vn-host package for CA management + - vn-apt-source package to add custom Verdnatura repository + + -- Fco Javier Lopez Perez Thu, 12 Sep 2024 16:12:52 +0200 + vn-host (2.1.1) stable; urgency=low * Initial Release. diff --git a/debian/control b/debian/control index d2e0a30..1a17274 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,8 @@ Source: vn-host Priority: optional Maintainer: Juan Ferrer Toribio -Build-Depends: build-essential, debhelper +Uploaders: Fco Javier Lopez Perez +Build-Depends: debhelper (>=10) Standards-Version: 3.9.3 Section: misc Homepage: https://verdnatura.es @@ -9,8 +10,17 @@ Vcs-Git: https://gitea.verdnatura.es/ Package: vn-host Architecture: all -Depends: gpgv +Depends: vn-apt-source, ca-certificates (>= 20130119), ${misc:Depends} Section: misc Priority: optional Description: Verdnatura certificates - Public Verdnatura certificates and APT repository. + Public Verdnatura certificates. + +Package: vn-apt-source +Architecture: all +Depends: gpgv, ${misc:Depends} +Section: misc +Priority: optional +Description: Verdnatura APT repository + Public Verdnatura APT repository. + diff --git a/debian/copyright b/debian/copyright index 6595295..2adc671 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,24 +1,19 @@ -Format: http://dep.debian.net/deps/dep5 -Name: vn-host -Source: https://gitea.verdnatura.es/ +# -*- coding: utf-8 -*- +This package was debianized by Fco Javier Lopez Perez on +Thu, 17 Oct 2024 14:00:00 +0100. -Files: * -Copyright: 2011-2015 Juan Ferrer Toribio -License: GPL-3.0+ +It was downloaded from: + +https://gitea.verdnatura.es/ + +Upstream Authors: + Juan Ferrer Toribio + Fco Javier Lopez Perez + +Copyright: + Copyright (C) 2011-2015 Juan Ferrer Toribio , Verdnatura Levante SL + Copyright (C) 2024 Fco Javier Lopez Perez , Verdnatura Levante SL + +These scripts are released under the GPL version 3 (or any later version), +available on any Debian box at: /usr/share/common-licenses/GPL-3 -License: GPL-3.0+ - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program. If not, see . - . - On Debian systems, the complete text of the GNU General Public - License can be found in "/usr/share/common-licenses/GPL-3". diff --git a/debian/install b/debian/install index c7f0f91..da55d05 100644 --- a/debian/install +++ b/debian/install @@ -1,5 +1,3 @@ -verdnatura.gpg etc/apt/trusted.gpg.d -ca.pem usr/share/ca-certificates/verdnatura.es -old-ca.pem usr/share/ca-certificates/verdnatura.es -update-repo usr/sbin -vn.list etc/apt/sources.list.d +VerdnaturaCA.crt usr/share/ca-certificates/verdnatura +VerdnaturaIntermediateLab.crt usr/share/ca-certificates/verdnatura +VerdnaturaInformaticaCA.crt usr/share/ca-certificates/verdnatura diff --git a/debian/links b/debian/links deleted file mode 100644 index 9482bb8..0000000 --- a/debian/links +++ /dev/null @@ -1,2 +0,0 @@ -usr/share/ca-certificates/verdnatura.es/ca.pem etc/ssl/certs/Verdnatura_CA.pem -usr/share/ca-certificates/verdnatura.es/old-ca.pem etc/ssl/certs/Verdnatura_CA_old.pem diff --git a/debian/rules b/debian/rules index edfc650..d619713 100755 --- a/debian/rules +++ b/debian/rules @@ -5,3 +5,5 @@ %: dh $@ +# override_dh_usrlocal to do nothing +override_dh_usrlocal: diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/vn-apt-source.install b/debian/vn-apt-source.install new file mode 100644 index 0000000..79322ef --- /dev/null +++ b/debian/vn-apt-source.install @@ -0,0 +1,3 @@ +verdnatura.gpg etc/apt/keyrings +update-repo usr/sbin +vn.list etc/apt/sources.list.d diff --git a/debian/vn-apt-source.manpages b/debian/vn-apt-source.manpages new file mode 100644 index 0000000..2911968 --- /dev/null +++ b/debian/vn-apt-source.manpages @@ -0,0 +1 @@ +doc/update-repo.8 diff --git a/debian/vn-host.triggers b/debian/vn-host.triggers new file mode 100644 index 0000000..98c5763 --- /dev/null +++ b/debian/vn-host.triggers @@ -0,0 +1 @@ +activate-await update-ca-certificates-fresh diff --git a/doc/update-repo.8 b/doc/update-repo.8 new file mode 100644 index 0000000..a7f3dc5 --- /dev/null +++ b/doc/update-repo.8 @@ -0,0 +1,16 @@ +.\" Copyright: 2024 Fco Javier Lopez Perez +.TH UPDATE-REPO 8 "" "Debian GNU/Linux" +.SH NAME +update-repo \- update apt packages from repository +.SH SYNOPSIS +.SY update-repo +.B repo +.SH DESCRIPTION +\fBupdate-repo\fP command refresh apt packages cache information +from repository parameter. +.SH NOTES +The parameter \fBrepo\fP used to update repository packages cache, +is the file /etc/apt/sources.list.d/repo.list at disk. +.SH SEE ALSO +.BR apt (8), +.BR apt-get (8) diff --git a/vn.list b/vn.list index 2077aa8..bad2ed0 100644 --- a/vn.list +++ b/vn.list @@ -1,10 +1,2 @@ - -deb http://apt.verdnatura.es/ testing main -deb-src http://apt.verdnatura.es/ testing main - -deb http://apt.verdnatura.es/ stable main -deb-src http://apt.verdnatura.es/ stable main - -deb http://apt.verdnatura.es/ oldstable main -deb-src http://apt.verdnatura.es/ oldstable main - +deb [signed-by=/etc/apt/keyrings/verdnatura.gpg] http://apt.verdnatura.es/ bookworm main +#deb-src [signed-by=/etc/apt/keyrings/verdnatura.gpg] http://apt.verdnatura.es/ bookworm main From 864c0982e2512fbf6637c586b852ac56404d5d95 Mon Sep 17 00:00:00 2001 From: Fco Javier Lopez Perez Date: Tue, 22 Oct 2024 12:34:59 +0200 Subject: [PATCH 2/2] Refs #7593 - Debian packaging improved to manage certs using update-ca-certificates really --- debian/rules | 3 -- debian/{install => vn-host.install} | 0 debian/vn-host.postinst | 56 +++++++++++++++++++++++++++++ debian/vn-host.postrm | 48 +++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 3 deletions(-) rename debian/{install => vn-host.install} (100%) create mode 100644 debian/vn-host.postinst create mode 100644 debian/vn-host.postrm diff --git a/debian/rules b/debian/rules index d619713..31c1c17 100755 --- a/debian/rules +++ b/debian/rules @@ -4,6 +4,3 @@ %: dh $@ - -# override_dh_usrlocal to do nothing -override_dh_usrlocal: diff --git a/debian/install b/debian/vn-host.install similarity index 100% rename from debian/install rename to debian/vn-host.install diff --git a/debian/vn-host.postinst b/debian/vn-host.postinst new file mode 100644 index 0000000..b05b67d --- /dev/null +++ b/debian/vn-host.postinst @@ -0,0 +1,56 @@ +#! /bin/sh +# postinst script for vn-host +# +# see: dh_installdeb(1) + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +set -e + +CERTS="VerdnaturaCA.crt VerdnaturaIntermediateLab.crt VerdnaturaInformaticaCA.crt" + +CERTSDIR=/usr/share/ca-certificates +VERDNATURACERTSDIR="${CERTSDIR}/verdnatura" +LOCALCERTSDIR=/usr/local/share/ca-certificates +case "$1" in + configure) + # Force install verdnatura certificates from installation directory + # update-ca-certificates only process files in /usr/local/share/ca-certificates + # See lintian-explain-tags dir-in-usr-local for more explain + for certfile in ${CERTS} ; do + ln -s ${VERDNATURACERTSDIR}/${certfile} ${LOCALCERTSDIR} + done + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + diff --git a/debian/vn-host.postrm b/debian/vn-host.postrm new file mode 100644 index 0000000..e62aa54 --- /dev/null +++ b/debian/vn-host.postrm @@ -0,0 +1,48 @@ +#! /bin/sh +# postrm script for vn-host +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +# Clear the debconf database as early as possible and signal debconf that +# we are done with it. + + +CERTS="VerdnaturaCA.crt VerdnaturaIntermediateLab.crt VerdnaturaInformaticaCA.crt" + +CERTSDIR=/usr/share/ca-certificates +VERDNATURACERTSDIR="${CERTSDIR}/verdnatura" +LOCALCERTSDIR=/usr/local/share/ca-certificates + +case "$1" in + remove|purge) + for certfile in ${CERTS} ; do + unlink ${LOCALCERTSDIR}/${certfile} 2>/dev/null || true + done + ;; + + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# +