Imported Debian version 0.2debian/0.2

18 files changed, 131 insertions, 31 deletions

diff --git a/debian/README b/README
index 8a521a8..bcbbf4e 100644
--- a/debian/README
+++ b/README
@@ -1,7 +1,7 @@
 Writing a source definition:
 ============================
 
-Place a file in /etc/openssh-known-hosts/sources/. Its name must follow
+Place a file in /etc/openssh-known-hosts/sources. Its name must follow
 run-parts' conventions.
 
 Basic variables:
@@ -9,6 +9,7 @@ Basic variables:
  * EXIT_IGNORE:	space-seperated list of exitcodes which should be ignored, no
 		update is performed for this source then (optional)
 
+For examples see /usr/share/doc/openssh-known-hosts/examples/*.
 
 Writing a plugin:
 =================
@@ -18,5 +19,6 @@ plugin gets the variables set in the source definition in its environment. The
 working directory will be set to the source's cache directory. All your plugin
 has to do is to create a file named "new". "current" must not be touched but
 can be used as a hint to skip downloading the same file again. stdout and
-stderr will be connected to "log", which will be output on error.
+stderr will be connected to "log", which will be output on error. You needn't
+create "new" if it would be identical to "current".
 
diff --git a/debian/changelog b/debian/changelog
index bfc242e..9df9cde 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+openssh-known-hosts (0.2) unstable; urgency=low
+
+  * Add examples.
+  * Add optional GnuPG verification in curl and rsync plugins.
+  * Upload to unstable (Closes: #534891)
+  * Rename update-known-hosts to update-$package and install it in /usr/sbin.
+
+ -- Timo Weingärtner <timo@tiwe.de>  Sun, 28 Jun 2009 01:57:44 +0200
+
 openssh-known-hosts (0.1) fsmi-lenny; urgency=low
 
   * Initial Release.
diff --git a/debian/control b/debian/control
index 6f86622..e23b98f 100644
--- a/debian/control
+++ b/debian/control
@@ -4,14 +4,13 @@ Priority: extra
 Maintainer: Timo Weingärtner <timo@tiwe.de>
 Build-Depends: debhelper (>= 7)
 Standards-Version: 3.8.1
-#Homepage: <insert the upstream URL, if relevant>
 
 Package: openssh-known-hosts
 Architecture: all
-Depends: dash, lockfile-progs, ${shlibs:Depends}, ${misc:Depends}
-Recommends: openssh-client
-Suggests: postgresql-client, rsync, curl
+Depends: dash, lockfile-progs, ${misc:Depends}
+Recommends: openssh-client, cron
+Suggests: postgresql-client, rsync, curl, gpgv
 Description: known_hosts downloader for OpenSSH
- This package allows you to download public hostkeys from various sources and
- merge them together into one file for use by OpenSSH. Plugins for some types
- of sources are included, new plugins can easily be written.
+ This package allows you to download public hostkeys from multiple sources
+ and merge them together into one file for use by OpenSSH. Plugins for some
+ types of sources are included, new plugins can easily be written.
diff --git a/debian/copyright b/debian/copyright
index a60558a..0e558ce 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,6 +1,6 @@
 Copyright:
 
-    <Copyright (C) 2009 Timo Weingärtner>
+    Copyright (C) 2009 Timo Weingärtner <timo@tiwe.de>
 
 License:
 
@@ -21,6 +21,3 @@ License:
 On Debian systems, the complete text of the GNU General
 Public License can be found in `/usr/share/common-licenses/GPL'.
 
-The Debian packaging is (C) 2009, Timo Weingärtner <timo@tiwe.de> and
-is licensed under the GPL, see above.
-
diff --git a/debian/openssh-known-hosts.cron.d b/debian/openssh-known-hosts.cron.d
index d1fef7b..27f4f64 100644
--- a/debian/openssh-known-hosts.cron.d
+++ b/debian/openssh-known-hosts.cron.d
@@ -1,4 +1,4 @@
 #
 # Regular cron jobs for the openssh-known-hosts package
 #
-0 *	* * *	root	[ -x /usr/share/openssh-known-hosts/update-known-hosts ] && /usr/share/openssh-known-hosts/update-known-hosts
+0 *	* * *	root	[ -x /usr/sbin/update-openssh-known-hosts ] && /usr/sbin/update-openssh-known-hosts
diff --git a/debian/openssh-known-hosts.docs b/debian/openssh-known-hosts.docs
index 2c0d173..ba8894c 100644
--- a/debian/openssh-known-hosts.docs
+++ b/debian/openssh-known-hosts.docs
@@ -1,2 +1,2 @@
-debian/README
+README
 
diff --git a/debian/openssh-known-hosts.examples b/debian/openssh-known-hosts.examples
new file mode 100644
index 0000000..e39721e
--- /dev/null
+++ b/debian/openssh-known-hosts.examples
@@ -0,0 +1 @@
+examples/*
diff --git a/debian/openssh-known-hosts.install b/debian/openssh-known-hosts.install
index 8e9375a..e7b7cf1 100644
--- a/debian/openssh-known-hosts.install
+++ b/debian/openssh-known-hosts.install
@@ -1,2 +1,2 @@
-update-known-hosts	usr/share/openssh-known-hosts/
-plugins			usr/share/openssh-known-hosts/
+update-openssh-known-hosts	usr/sbin/
+plugins				usr/share/openssh-known-hosts/
diff --git a/debian/openssh-known-hosts.manpages b/debian/openssh-known-hosts.manpages
new file mode 100644
index 0000000..6ae64ea
--- /dev/null
+++ b/debian/openssh-known-hosts.manpages
@@ -0,0 +1 @@
+update-openssh-known-hosts.8
diff --git a/debian/rules b/debian/rules
index bf240d0..f1516b9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -28,20 +28,19 @@ configure-stamp:
 	touch configure-stamp
 
 
-#Architecture
 build: build-arch build-indep
 
 build-arch: build-arch-stamp
-build-arch-stamp: configure-stamp  
+build-arch-stamp: configure-stamp
 
 	touch $@
 
 build-indep: build-indep-stamp
-build-indep-stamp: configure-stamp  
+build-indep-stamp: configure-stamp
 
 	touch $@
 
-clean: 
+clean:
 	dh_testdir
 	dh_testroot
 	rm -f build-arch-stamp build-indep-stamp configure-stamp
@@ -73,16 +72,11 @@ binary-common:
 	dh_installchangelogs
 	dh_installdocs
 	dh_installexamples
-#	dh_installmime
 	dh_installcron
 	dh_installman
-	dh_link
-	dh_strip
 	dh_compress
 	dh_fixperms
-	dh_makeshlibs
 	dh_installdeb
-	dh_shlibdeps
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
diff --git a/examples/curl b/examples/curl
new file mode 100644
index 0000000..18ed01b
--- /dev/null
+++ b/examples/curl
@@ -0,0 +1,9 @@
+PLUGIN=curl
+# see curl(1), section "EXIT CODES" for details:
+EXIT_IGNORE='6 7 28'
+
+URL='https://www.example.com/known_hosts'
+
+# optional:
+SIGURL='http://www.example.com/known_hosts.sig'
+KEYRING='/path/to/gpgv-compatible.keyring'
diff --git a/examples/psql b/examples/psql
new file mode 100644
index 0000000..e2e72cb
--- /dev/null
+++ b/examples/psql
@@ -0,0 +1,12 @@
+PLUGIN=psql
+# from psql(1): psql returns 2 if the connection to the server went bad and
+# the session was not interactive
+EXIT_IGNORE=2
+
+PGCLUSTER=8.3/db.example.com:
+PGDATABASE=exampledb
+PGUSER=exampleuser
+PGPASSWORD=foobar # beware: will be readable from /proc/<pid>/environ, better:
+PGPASSFILE=/path/to/.pgpass
+
+TABLE=known_hosts
diff --git a/examples/rsync b/examples/rsync
new file mode 100644
index 0000000..f8d9861
--- /dev/null
+++ b/examples/rsync
@@ -0,0 +1,10 @@
+PLUGIN=rsync
+# see rsync(1), section "EXIT VALUES" for details:
+EXIT_IGNORE=10
+
+URL='rsync://rsync.example.com/pub/known_hosts'
+
+# optional:
+SIGURL='rsync://rsync.example.com/pub/known_hosts.sig'
+KEYRING='/path/to/gpgv-compatible.keyring'
+
diff --git a/examples/symlink b/examples/symlink
new file mode 100644
index 0000000..c1a9ba2
--- /dev/null
+++ b/examples/symlink
@@ -0,0 +1,5 @@
+PLUGIN=symlink
+# EXIT_IGNORE doesn't make sense here
+EXIT_IGNORE=
+
+LINKDEST=/etc/ssh/ssh_known_hosts_local
diff --git a/plugins/curl b/plugins/curl
index 8e658cc..5964613 100755
--- a/plugins/curl
+++ b/plugins/curl
@@ -4,10 +4,19 @@
 #
 # ENVIRONMENT VARIABLES:
 #	URL		URL to download known_hosts file from
+#	SIGURL		URL of the GnuPG signature
+#	KEYRING		path to the keyring for use by gpgv
 #
 
 set -e
 
-curl -Rz "./current" -m 300 -o new "${URL}"
+if [ "${SIGURL}" ]; then
+	curl -Rz "./current" -m 300 -o new.sig "${SIGURL}" -o new "${URL}"
+	[ -e new ] || exit 0
+	gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1
+	# return 1 because it's not clear what other codes may used
+else
+	curl -Rz "./current" -m 300 -o new "${URL}"
+fi
 
 # vim:set ft=sh:
diff --git a/plugins/rsync b/plugins/rsync
index 17a1e54..2d51a9d 100755
--- a/plugins/rsync
+++ b/plugins/rsync
@@ -3,7 +3,9 @@
 # rsync plugin
 #
 # ENVIRONMENT VARIABLES:
-#	URL	URL to download known_hosts file from
+#	URL		URL to download known_hosts file from
+#	SIGURL		URL of the GnuPG signature
+#	KEYRING		path to the keyring for use by gpgv
 #
 
 set -e
@@ -11,4 +13,10 @@ set -e
 ln -f current new || true
 rsync -vt --timeout=300 "${URL}" new
 
+if [ "${SIGURL}" ]; then
+	rsync -vt --timeout=300 "${SIGURL}" new.sig
+	gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1
+	# return 1 because it's not clear what other codes may used
+fi	
+
 # vim:set ft=sh:
diff --git a/update-known-hosts b/update-openssh-known-hosts
index 14f873f..136535a 100755
--- a/update-known-hosts
+++ b/update-openssh-known-hosts
@@ -25,17 +25,18 @@ lockfile-create "${LOCK}"
 lockfile-touch "${LOCK}" &
 LOCKPID="$!"
 
+mkdir -p "${CACHEDIR}"
 cd "${CACHEDIR}"
 
 find -mindepth 2 -maxdepth 2 -type f -name new -delete
 
-run-parts --list "${CONFDIR}/sources/" | while read source; do
-	source=`basename ${source}`
+run-parts --list "${CONFDIR}/sources/" | while read sourcefile; do
+	source=`basename ${sourcefile}`
 	mkdir -p ${source}
 	(
 		set -a
 		cd ${source}
-		. "${CONFDIR}/sources/${source}"
+		. "${sourcefile}"
 		`path_search "$PLUGIN" "$PLUGIN_PATH"` >| log 2>&1 || {
 			exitcode=$?
 			rm -f new
@@ -63,6 +64,7 @@ done 3>| "${OUTFILE}.new"
 
 mv "${OUTFILE}.new" "${OUTFILE}"
 
+# clean up cache dirs of vanished sources
 for d in *; do
 	[ -d $d ] || continue
 	[ -e "${CONFDIR}/sources/$d" ] || rm -fr $d
diff --git a/update-openssh-known-hosts.8 b/update-openssh-known-hosts.8
new file mode 100644
index 0000000..445c7d6
--- /dev/null
+++ b/update-openssh-known-hosts.8
@@ -0,0 +1,42 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH OPENSSH-KNOWN-HOSTS 8 "2009-06-28"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+update-openssh-known-hosts \- known_hosts downloader for OpenSSH
+.SH SYNOPSIS
+.B update-openssh-known-hosts
+.SH DESCRIPTION
+This manual page documents briefly the
+.B update-openssh-known-hosts
+command.
+.PP
+.\" TeX users may be more comfortable with the \fB<whatever>\fP and
+.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
+.\" respectively.
+\fBupdate-openssh-known-hosts\fP is a program that downloads public hostkeys from multiple sources
+and merges them together into one file for use by OpenSSH.
+.SH OPTIONS
+This program takes no options.
+.SH SEE ALSO
+.BR sshd (8),
+.BR /usr/share/doc/openssh-known-hosts ,
+.BR /usr/share/openssh-known-hosts/plugins/* .
+.SH AUTHOR
+openssh-known-hosts was written by Timo Weingärtner <timo@tiwe.de>.
+.PP
+This manual page was written by Timo Weingärtner <timo@tiwe.de>,
+for the Debian project (but may be used by others).