summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-20 22:19:06 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-20 22:19:06 +0000
commita32099eee10e95bdaa733687a1073a4edaedefd7 (patch)
tree2a0b20bfba5e818903a9f29fcd54d472113dfe6f
parentAdding upstream version 2.9+dfsg1. (diff)
downloadtomb-a32099eee10e95bdaa733687a1073a4edaedefd7.tar.xz
tomb-a32099eee10e95bdaa733687a1073a4edaedefd7.zip
Adding debian version 2.9+dfsg1-1.debian/2.9+dfsg1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/NEWS8
-rw-r--r--debian/changelog193
-rw-r--r--debian/control42
-rw-r--r--debian/copyright134
-rw-r--r--debian/gbp.conf15
-rw-r--r--debian/patches/include-kdf-binaries.patch63
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules26
-rw-r--r--debian/salsa-ci.yml4
-rw-r--r--debian/source/format1
-rw-r--r--debian/tests/control5
-rwxr-xr-xdebian/tests/create-and-use-a-tomb41
-rw-r--r--debian/upstream/metadata4
-rw-r--r--debian/watch4
14 files changed, 541 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..41fca9f
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,8 @@
+tomb (2.9+dfsg1-1) unstable; urgency=medium
+
+ Tomb now allows one to specify a file system type to be applied when
+ locking a tomb. You can choose between ext3, ext4 and btrfs. The former
+ default was ext4. For further details please refer to the 'lock' command's
+ description to be found in the manual page.
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Sat, 09 Jan 2021 19:12:17 +0100
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..e1d97bf
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,193 @@
+tomb (2.9+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Adapt d/patches/* to new release.
+ - Add btrfs-progs as Suggests dependency.
+ * Update d/t/*
+ - Rename d/t/test1 to d/t/create-and-use-a-tomb.
+ - Extend test to use ext4 and btrfs as the tomb's file system.
+ * Introduce d/NEWS.
+ * Update d/copyright.
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Sat, 09 Jan 2021 19:43:00 +0100
+
+tomb (2.8.1+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Adapt d/patches/* to new release.
+ - Remove patches adopted by upstream.
+ - fix-typo-calling-pinentry_assuan_getpass.patch
+ - Adapt d/tests/test1 to new release.
+ - Always redirect stderr to stdout with calling tomb.
+ * Refactor d/tests/test1.
+ * Update d/copyright.
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Mon, 30 Nov 2020 18:43:54 +0100
+
+tomb (2.8+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2020-28638: A static string is injected as enryption key when
+ pinentry-curses is used and $DISPLAY is non-empty.
+ (Closes: #975084)
+ - Adapt d/patches/* to new release.
+ - Remove patch not required any more.
+ - CVE-2020-28638.patch
+ - Remove patches adopted by upstream.
+ - fix-default-cipher.patch
+ - fix-errors-on-open.patch
+ - Add new patch to fix mistyped function call.
+ - fix-typo-calling-pinentry_assuan_getpass.patch
+ * Update d/copyright.
+ * Update d/control.
+ - Remove needless field Pre-Depends.
+ - Bump Standards-Version to 4.5.1.
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Fri, 27 Nov 2020 19:15:59 +0100
+
+tomb (2.7+dfsg2-2) unstable; urgency=medium
+
+ [ Samuel Henrique ]
+ * Add d/gbp.conf.
+
+ [ Debian Janitor ]
+ * Remove obsolete field Name from d/u/metadata.
+ * Update Standards-Version to 4.5.0, no changes needed.
+
+ [ Sven Geuer ]
+ * Security upload (Closes: #974719).
+ - CVE-2020-28638: A static string is injected as enryption key when
+ pinentry-curses is used and $DISPLAY is non-empty.
+ * Add myself as uploader.
+ * Helper executables moved from /usr/lib to /usr/libexec.
+ * Bump debhelper-compat to 13.
+ * Update d/copyright.
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Sun, 15 Nov 2020 00:27:31 +0100
+
+tomb (2.7+dfsg2-1) unstable; urgency=medium
+
+ * Team upload.
+ [ Samuel Henrique ]
+ * Add d/salsa-ci.yml
+ [ Sven Geuer ]
+ * New upstream release
+ - Adapt d/patches/* to new release
+ - Remove patches adopted by upstream
+ - fix-spelling-errors-in-manpage.patch
+ - fix-unrecognized-eof.patch
+ * d/control:
+ - Bump Standards-Version to 4.4.1
+ - Add Rules-Requires-Root field
+ * d/copyright
+ - Add various authors and licenses missing for upstream sources
+ - Add various authors missing for d/*
+ - Group files and authors by license
+ * Switch to version dfsg2 of the repacked upstream tarball
+ - Drop doc/LinuxHDEncSettings.txt from upstream due to uncertain
+ licensing
+ - Update Files-Excluded in d/copyright
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Thu, 07 Nov 2019 19:54:54 +0100
+
+tomb (2.6+dfsg1-2) unstable; urgency=medium
+
+ * Team upload.
+ [ Sven Geuer ]
+ * Add patch d/patches/fix-unrecognized-eof.patch so tomb-kdb-pbkdf2
+ reliably detects EOF on all architectures when reading in a password
+ (Closes: #935197).
+ * d/control:
+ - Replace Build-Depends debhelper by debhelper-compat
+ * d/compat:
+ - Remove file in consequence of Build-Depends change
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Wed, 21 Aug 2019 20:15:10 +0200
+
+tomb (2.6+dfsg1-1) unstable; urgency=medium
+
+ * Team upload.
+ [ Sven Geuer ]
+ * New upstream release
+ - Adapt d/patches/* to new release
+ * Add further missing dependencies and correct existing ones
+ * Make package lintian clean
+ - Add debian/tests/* for autopkgtest
+ - Fix for lintian info debian-watch-contains-dh_make-template
+ - Add patch for three lintian infos spelling-error-in-manpage
+ [ SZ Lin (林上智) ]
+ * Remove unnecessary files in .pc
+ * d/control:
+ - Bump Standards-Version to 4.4.0
+ * d/source/lintian-overrides
+ - Remove unnecessary lintian-override
+ * d/upstream/metadata:
+ - Tidy content of metadata
+
+ -- SZ Lin (林上智) <szlin@debian.org> Wed, 07 Aug 2019 16:55:52 +0800
+
+tomb (2.5+dfsg1-3) UNRELEASED; urgency=medium
+
+ * Team upload.
+ [ Sven Geuer ]
+ * Add several missing Recommends and Suggests (Closes: #924042).
+ - gettext-base, lsof, dcfldd, qrencode, unoconv, steghide, swish-e
+ * d/control:
+ - Bump Standards-Version to 4.3.0
+ - Bump DH version to 12
+ * d/compat:
+ - Bump compat to 12
+ * d/copyright:
+ - Normalize Copyright fields according to DEP-5
+ - Update * copyright
+ - Update debian/* copyright
+ * Add kdf helper binaries to the package (Closes: #924043)
+ - d/control:
+ - Change Architecture to 'any'
+ - Add required Build-Depends and Depends
+ - Add d/patches/include-kdf-binaries.patch
+ - d/rules:
+ - Add overrides for dh_auto_clean/build/install
+ * Fix default cipher
+ - Add d/patches/fix-default-cipher.patch (Closes: #930782)
+ - d/control:
+ - Correct cipher mentioned in the description
+ * Fix error messages on opening a new tomb (Closes: #931027)
+ - Add d/patches/fix-errors-on-open.patch
+
+ -- Sven Geuer <debmaint@g-e-u-e-r.de> Mon, 24 Jun 2019 22:37:37 +0200
+
+tomb (2.5+dfsg1-2) unstable; urgency=medium
+
+ * Team upload.
+ [ Raphaël Hertzog ]
+ * d/control:
+ - Update team maintainer address to Debian Security Tools
+
+ [ SZ Lin (林上智) ]
+ * Add upstream metadata file
+ * d/control:
+ - Bump Standards-Version to 4.2.1
+ * d/rules:
+ - Add override_dh_missing target (--fail-missing)
+
+ -- SZ Lin (林上智) <szlin@debian.org> Wed, 26 Sep 2018 22:48:40 +0800
+
+tomb (2.5+dfsg1-1) unstable; urgency=medium
+
+ [ Andreas Henriksson ]
+ * Add e2fsprogs dependency (Closes: #887295)
+
+ [ ChangZhuo Chen (陳昌倬) ]
+ * New upstream release.
+ * Bump Standards-Version to 4.1.3.
+ * Bump compat to 11.
+ * Update Vcs-* fields to salsa.debian.org.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Wed, 14 Feb 2018 13:29:49 +0800
+
+tomb (2.4+dfsg1-1) unstable; urgency=medium
+
+ * Initial release (Closes: #611660).
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Fri, 21 Jul 2017 19:09:45 +0800
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..f6ff9eb
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,42 @@
+Source: tomb
+Section: utils
+Priority: optional
+Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
+Uploaders: ChangZhuo Chen (陳昌倬) <czchen@debian.org>,
+ Sven Geuer <debmaint@g-e-u-e-r.de>
+Build-Depends: debhelper-compat (= 13),
+ libgcrypt20-dev (>= 1.8.4)
+Standards-Version: 4.5.1
+Rules-Requires-Root: no
+Homepage: https://www.dyne.org/software/tomb/
+Vcs-Git: https://salsa.debian.org/pkg-security-team/tomb.git
+Vcs-Browser: https://salsa.debian.org/pkg-security-team/tomb
+
+Package: tomb
+Architecture: any
+Depends: ${misc:Depends},
+ ${shlibs:Depends},
+ cryptsetup-bin,
+ e2fsprogs,
+ file,
+ gettext-base,
+ gnupg,
+ pinentry-curses | pinentry,
+ sudo,
+ zsh
+Recommends: lsof
+Suggests: btrfs-progs,
+ dcfldd,
+ qrencode,
+ unoconv,
+ steghide,
+ swish-e
+Description: crypto undertaker
+ Tomb is a free and easy to operate desktop application for fairly strong
+ encryption of personal files. A tomb is like a locked folder that can be
+ transported and hidden in filesystems; its keys are password protected and can
+ be kept separate, for instance keeping the tomb file in your computer's
+ harddisk and the key file on a USB stick.
+ .
+ Tomb relies on dm-crypt (and cryptsetup) as an encryption backend using the
+ aes-xts-plain64 cypher.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..65a761e
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,134 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: tomb
+Upstream-Contact: Dyne.org Foundation <info@dyne.org>
+Source: https://github.com/dyne/Tomb
+Files-Excluded:
+ doc/New_methods_in_HD_encryption.pdf
+ doc/TKS1-draft.pdf
+ doc/bertini_thesis.pdf
+ doc/Luks_on_disk_format.pdf
+ doc/tomb_manpage.pdf
+ doc/LinuxHDEncSettings.txt
+
+Files: *
+Copyright: 2007-2021 Dyne.org Foundation <info@dyne.org>
+ 2007-2021 Denis Roio <jaromil@dyne.org>
+ 2015 Gianluca Montecchi <gian@grys.it>
+ 2015-2016 Parazyd <parazyd@dyne.org>
+License: GPL-3+
+
+Files: doc/literate/shocco
+Copyright: 2010 Ryan Tomayko <http://tomayko.com/about>
+License: Expat
+
+Files: extras/docker/*
+Copyright: 2019 Greg Tczap (aka Greg Tzar) <https://gregtczap.com>
+License: Expat
+
+Files: extras/test/aggregate-results
+ extras/test/Makefile
+ extras/test/sharness
+Copyright: 2005-2012 Git project <https://git-scm.com>
+ 2005-2012 Junio C Hamano <gitster@pobox.com>
+ 2011-2012 Mathias Lafeldt <mathias.lafeldt@gmail.com>
+License: GPL-2+
+
+Files: extras/tomber/tomber/*
+Copyright: 2014 Federico Cardoso <reiven@gmail.com>
+License: BSD-3-clause
+
+Files: debian/*
+Copyright: 2017-2018 ChangZhuo Chen (陳昌倬) <czchen@debian.org>
+ 2018 Andreas Henriksson <andreas@fatal.se>
+ 2018 Raphaël Hertzog <hertzog@debian.org>
+ 2018-2019 SZ Lin (林上智) <szlin@debian.org>
+ 2019-2020 Samuel Henrique <samueloph@debian.org>
+ 2019-2021 Sven Geuer <debmaint@g-e-u-e-r.de>
+License: GPL-3+
+
+License: GPL-2+
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ "/usr/share/common-licenses/GPL-2".
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: BSD-3-clause
+ Copyright (c) The Regents of the University of California.
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of copyright holders nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..23ae3db
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,15 @@
+[DEFAULT]
+debian-branch = debian/master
+pristine-tar = True
+
+[buildpackage]
+sign-tags = True
+
+[import-orig]
+filter-pristine-tar = True
+
+[pq]
+patch-numbers = False
+
+[dch]
+multimaint-merge = True
diff --git a/debian/patches/include-kdf-binaries.patch b/debian/patches/include-kdf-binaries.patch
new file mode 100644
index 0000000..203a89a
--- /dev/null
+++ b/debian/patches/include-kdf-binaries.patch
@@ -0,0 +1,63 @@
+Description: Include kdf binaries into the build
+ Modify Makefile to fit Debian's needs.
+ Add altered location of binaries to PATH within the tomb script.
+ Remove note on binaries to be compiled from manpage as they are part of the
+ package now.
+Author: Sven Geuer <debmaint@g-e-u-e-r.de>
+Forwarded: not-needed
+Last-Update: 2021-01-07
+--- a/doc/tomb.1
++++ b/doc/tomb.1
+@@ -47,9 +47,7 @@ GPG ids can be indicated (comma separated). The default cipher to
+ protect the key is AES256, a custom one can be specified using the
+ \fI-o\fR option, for a list of supported ciphers use \fI-v\fR. For
+ additional protection against dictionary attacks on keys, the
+-\fI--kdf\fR option can be used when forging a key, making sure that
+-the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were compiled
+-and installed on the system.
++\fI--kdf\fR option can be used when forging a key.
+
+ .B
+ .IP "lock"
+--- a/extras/kdf-keys/Makefile
++++ b/extras/kdf-keys/Makefile
+@@ -1,11 +1,11 @@
+
+ PREFIX ?= /usr/local
++BINDIR = /libexec/tomb
+
+ all:
+- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
+- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
+- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
+- $(CC) -O2 $(CFLAGS) -o tomb-kdb-hexencode hexencode.c
++ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
++ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
++ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
+
+ test:
+ @echo "Running Tomb-kdb tests"
+@@ -15,8 +15,7 @@ clean:
+ rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
+
+ install:
+- install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
+- install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
+- install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
+- install -Dm755 tomb-kdb-hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
+- @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"
++ install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2
++ install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2-getiter
++ install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2-gensalt
++ @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}${BINDIR}"
+--- a/tomb
++++ b/tomb
+@@ -102,6 +102,8 @@ typeset _MSG_FD_OVERRIDE # if set, _msg will write to this file descriptor
+
+ # Make sure sbin is in PATH (man zshparam)
+ path+=( /sbin /usr/sbin )
++# Make sure location of kdb-pbkdf2 binaries is in PATH
++path+=( /usr/libexec/tomb )
+
+ # For gettext
+ export TEXTDOMAIN=tomb
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..b2b3b46
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+include-kdf-binaries.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..aecf0ea
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,26 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE = 1
+
+export PREFIX=/usr
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+%:
+ dh $@
+
+override_dh_auto_clean:
+ dh_auto_clean
+ dh_auto_clean --sourcedirectory=extras/kdf-keys
+
+override_dh_auto_build:
+ dh_auto_build
+ dh_auto_build --sourcedirectory=extras/kdf-keys
+
+override_dh_auto_install:
+ dh_auto_install
+ dh_auto_install --sourcedirectory=extras/kdf-keys
+
+override_dh_auto_test:
+ # Need network connection
+
+override_dh_missing:
+ dh_missing --fail-missing
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 0000000..33c3a64
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,4 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..f74c417
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,5 @@
+Tests: create-and-use-a-tomb
+Depends: btrfs-progs,
+ @
+Restrictions: needs-root,
+ isolation-container
diff --git a/debian/tests/create-and-use-a-tomb b/debian/tests/create-and-use-a-tomb
new file mode 100755
index 0000000..bba0ef9
--- /dev/null
+++ b/debian/tests/create-and-use-a-tomb
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+TOMB=/usr/bin/tomb
+
+# tomb writes non-error output to stderr, we redirect it to stdout by 2>&1.
+# Create the file to hold the encrypted file system. With ext4 20MiB suffice,
+# btrfs requires at least 115MiB.
+zsh -e $TOMB dig -s 20 test.tomb 2>&1
+# Create the key file making sure the kdf binaries are used during key
+# generation by applying --kdf.
+zsh -e $TOMB forge --unsafe -f --tomb-pwd somepw --kdf 1 test.key 2>&1
+
+# Stop test here if the environment has no loop device available
+if ! losetup -f >/dev/null 2>&1; then
+ echo No loop device available, cutting test short.
+ exit 0
+fi
+
+# Continue test with commands requiring a loop device
+# Create the encrypted file system.
+zsh -e $TOMB lock --unsafe -f --tomb-pwd somepw -k test.key --filesystem ext4 test.tomb 2>&1
+# Open and use the created tomb.
+zsh -e $TOMB open --unsafe -f --tomb-pwd somepw -k test.key test.tomb 2>&1
+echo Copying some data into the opened tomb ...
+cp -a test.key /media/test
+echo Opened tomb\'s content:
+ls -la /media/test
+zsh -e $TOMB close test 2>&1
+
+# Repeat test with btrfs
+rm -rf test.tomb
+zsh -e $TOMB dig -s 115 test.tomb 2>&1
+zsh -e $TOMB lock --unsafe -f --tomb-pwd somepw -k test.key --filesystem btrfs test.tomb 2>&1
+zsh -e $TOMB open --unsafe -f --tomb-pwd somepw -k test.key test.tomb 2>&1
+echo Copying some data into the opened tomb ...
+cp -a test.key /media/test
+echo Opened tomb\'s content:
+ls -la /media/test
+zsh -e $TOMB close test 2>&1
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..2e18f40
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,4 @@
+Bug-Database: https://github.com/dyne/Tomb/issues
+Bug-Submit: https://github.com/dyne/Tomb/issues/new
+Repository: https://github.com/dyne/Tomb.git
+Repository-Browse: https://github.com/dyne/Tomb
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..f7953ee
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,4 @@
+version=4
+opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%tomb-$1.tar.gz%,dversionmangle=s/\+dfsg\d*//,repacksuffix=+dfsg1" \
+ https://github.com/dyne/Tomb/tags \
+ (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate