Adding debian version 1.1.9-1.debian/1.1.9-1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

14 files changed, 323 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..6b92eda
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,67 @@
+golang-github-containers-ocicrypt (1.1.9-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 22 Nov 2023 09:18:05 -0500
+
+golang-github-containers-ocicrypt (1.1.7-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 07 Sep 2023 21:48:38 -0400
+
+golang-github-containers-ocicrypt (1.1.7-1) experimental; urgency=medium
+
+  * New upstream version 1.1.7
+  * Bump standards version
+  * add more tools/dependencies that make tests pass
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 19 Jan 2023 03:58:24 -0500
+
+golang-github-containers-ocicrypt (1.1.4-1) experimental; urgency=medium
+
+  * New upstream verison 1.1.4
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 May 2022 07:55:29 -0400
+
+golang-github-containers-ocicrypt (1.0.3-1) unstable; urgency=medium
+
+  * New upstream version: 1.0.3
+  * revert upstream move to mozilla/pkcs7 until it enters debian
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 21 Nov 2020 19:08:02 -0500
+
+golang-github-containers-ocicrypt (1.0.2-4) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Debian Janitor ]
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
+    Repository-Browse.
+
+  [ Shengjing Zhu ]
+  * Backport patch to fix test with expired key in testdata (Closes: #971163)
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 04 Oct 2020 16:41:33 +0800
+
+golang-github-containers-ocicrypt (1.0.2-3) unstable; urgency=medium
+
+  * Team upload.
+  * Backport upstream patch to avoid containerd dependency
+  * Remove golang-github-containerd-containerd-dev from Build-Depends.
+    And add missing golang-github-fullsailor-pkcs7-dev to Depends
+  * Bump debhelper-compat to 13
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 31 May 2020 16:36:26 +0800
+
+golang-github-containers-ocicrypt (1.0.2-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 May 2020 08:02:28 -0400
+
+golang-github-containers-ocicrypt (1.0.2-1) experimental; urgency=medium
+
+  * Initial release (Closes: #958303)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 20 Apr 2020 07:47:43 -0400
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..d3413ba
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,55 @@
+Source: golang-github-containers-ocicrypt
+Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
+Uploaders: Reinhard Tartler <siretart@tauware.de>,
+Section: devel
+Testsuite: autopkgtest-pkg-go
+Priority: optional
+Build-Depends: debhelper-compat (= 13),
+               dh-golang,
+               gnutls-bin,
+               golang-any,
+               golang-github-fullsailor-pkcs7-dev,
+               golang-github-miekg-pkcs11-dev,
+               golang-github-opencontainers-go-digest-dev,
+               golang-github-opencontainers-image-spec-dev,
+               golang-github-pkg-errors-dev,
+               golang-github-sirupsen-logrus-dev,
+               golang-github-stefanberger-go-pkcs11uri-dev,
+               golang-github-stretchr-testify-dev,
+               golang-golang-x-crypto-dev,
+               golang-google-grpc-dev,
+               golang-google-protobuf-dev,
+               golang-gopkg-square-go-jose.v2-dev,
+               golang-gopkg-yaml.v2-dev,
+               libhsm-bin,
+               softhsm2,
+Standards-Version: 4.6.2
+Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-containers-ocicrypt
+Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-containers-ocicrypt.git
+Homepage: https://github.com/containers/ocicrypt
+Rules-Requires-Root: no
+XS-Go-Import-Path: github.com/containers/ocicrypt
+
+Package: golang-github-containers-ocicrypt-dev
+Architecture: all
+Depends: golang-github-fullsailor-pkcs7-dev,
+         golang-github-miekg-pkcs11-dev,
+         golang-github-opencontainers-go-digest-dev,
+         golang-github-opencontainers-image-spec-dev,
+         golang-github-pkg-errors-dev,
+         golang-github-sirupsen-logrus-dev,
+         golang-github-stefanberger-go-pkcs11uri-dev,
+         golang-golang-x-crypto-dev,
+         golang-google-grpc-dev,
+         golang-google-protobuf-dev,
+         golang-gopkg-square-go-jose.v2-dev,
+         golang-gopkg-yaml.v2-dev,
+         ${misc:Depends},
+Description: Encryption libraries for Encrypted OCI Container images (library)
+ OCIcrypt Library The ocicrypt library is the OCI image
+ spec implementation of container image encryption. More
+ details of the spec can be seen in the OCI repository
+ (https://github.com/opencontainers/image-spec/pull/775). The purpose of
+ this library is to encode spec structures and consts in code, as well as
+ provide a consistent implementation of image encryption across container
+ runtimes and build tools.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..de52f62
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,56 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: ocicrypt
+Source: https://github.com/containers/ocicrypt
+
+Files: *
+Copyright: 2019, The ocicrypt Authors.
+License: Apache-2.0
+
+Files: Makefile
+Copyright: The containerd Authors.
+License: Apache-2.0
+
+Files: blockcipher/*
+Copyright: The ocicrypt Authors.
+License: Apache-2.0
+
+Files: config/*
+Copyright: The ocicrypt Authors.
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2020, Reinhard Tartler <siretart@tauware.de>
+License: Apache-2.0
+Comment: Debian packaging is licensed under the same terms as upstream
+
+Files: encryption.go
+  encryption_test.go
+  gpg.go
+  gpgvault.go
+  reader.go
+Copyright: The ocicrypt Authors.
+License: Apache-2.0
+
+Files: keywrap/*
+Copyright: The ocicrypt Authors.
+License: Apache-2.0
+
+Files: utils/*
+Copyright: The ocicrypt Authors.
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..ed54530
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = debian/experimental
+dist = DEP14
diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml
new file mode 100644
index 0000000..594e14e
--- /dev/null
+++ b/debian/gitlab-ci.yml
@@ -0,0 +1,6 @@
+# auto-generated, DO NOT MODIFY.
+# The authoritative copy of this file lives at:
+# https://salsa.debian.org/go-team/infra/pkg-go-tools/blob/master/config/gitlabciyml.go
+---
+include:
+  - https://salsa.debian.org/go-team/infra/pkg-go-tools/-/raw/master/pipeline/test-archive.yml
diff --git a/debian/license-reconcile.yml b/debian/license-reconcile.yml
new file mode 100644
index 0000000..f86288e
--- /dev/null
+++ b/debian/license-reconcile.yml
@@ -0,0 +1,6 @@
+Rules:
+  rules:
+    -
+      Glob: debian/*
+      License: Apache-2.0
+      Copyright: Reinhard Tartler <siretart@tauware.de>
diff --git a/debian/patches/fullsailor-pkcs7.patch b/debian/patches/fullsailor-pkcs7.patch
new file mode 100644
index 0000000..be68a9e
--- /dev/null
+++ b/debian/patches/fullsailor-pkcs7.patch
@@ -0,0 +1,19 @@
+From: Reinhard Tartler
+Subject: revert upstream move to mozilla/pkcs7
+
+The latter may be better maintained, but is not present in debian yet.
+This patch can be dropped as soon as mozilla/pkcs7 enters debian
+
+Index: golang-github-containers-ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
+===================================================================
+--- golang-github-containers-ocicrypt.orig/keywrap/pkcs7/keywrapper_pkcs7.go
++++ golang-github-containers-ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
+@@ -25,7 +25,7 @@ import (
+ 	"github.com/containers/ocicrypt/config"
+ 	"github.com/containers/ocicrypt/keywrap"
+ 	"github.com/containers/ocicrypt/utils"
+-	"go.mozilla.org/pkcs7"
++	"github.com/fullsailor/pkcs7"
+ )
+ 
+ type pkcs7KeyWrapper struct {
diff --git a/debian/patches/go-jose-v2.patch b/debian/patches/go-jose-v2.patch
new file mode 100644
index 0000000..d9e36c9
--- /dev/null
+++ b/debian/patches/go-jose-v2.patch
@@ -0,0 +1,72 @@
+Author: Reinhard Tartler
+Description: build against go-jose.v2
+
+This reverts commit 19b5c83b3e57578e990dc916c17771281249d821
+Author: Miloslav Trmač <mitr@redhat.com>
+Date:   Mon Feb 13 23:15:17 2023 +0100
+
+    Migrate from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3
+
+    https://github.com/square/go-jose/tree/master says the former is deprecated.
+    Moving everything to /v3 will, eventually, allow callers to only contain one
+    vendored implementation instead of up to 3.
+
+    Signed-off-by: Miloslav Trmač <mitr@redhat.com>
+
+
+diff --git a/keywrap/jwe/keywrapper_jwe.go b/keywrap/jwe/keywrapper_jwe.go
+index 9d1fe20..cd2241c 100644
+--- b/keywrap/jwe/keywrapper_jwe.go
++++ a/keywrap/jwe/keywrapper_jwe.go
+@@ -24,7 +24,7 @@
+ 	"github.com/containers/ocicrypt/config"
+ 	"github.com/containers/ocicrypt/keywrap"
+ 	"github.com/containers/ocicrypt/utils"
+-	"github.com/go-jose/go-jose/v3"
++	jose "gopkg.in/square/go-jose.v2"
+ )
+
+ type jweKeyWrapper struct {
+diff --git a/keywrap/jwe/keywrapper_jwe_test.go b/keywrap/jwe/keywrapper_jwe_test.go
+index 1226986..3beea39 100644
+--- b/keywrap/jwe/keywrapper_jwe_test.go
++++ a/keywrap/jwe/keywrapper_jwe_test.go
+@@ -22,7 +22,7 @@
+
+ 	"github.com/containers/ocicrypt/config"
+ 	"github.com/containers/ocicrypt/utils"
+-	"github.com/go-jose/go-jose/v3"
++	jose "gopkg.in/square/go-jose.v2"
+ )
+
+ var oneEmpty []byte
+diff --git a/utils/utils.go b/utils/utils.go
+index c24ee3b..160f747 100644
+--- b/utils/utils.go
++++ a/utils/utils.go
+@@ -26,13 +26,14 @@
+ 	"strings"
+
+ 	"github.com/containers/ocicrypt/crypto/pkcs11"
+-	"github.com/go-jose/go-jose/v3"
++
+ 	"golang.org/x/crypto/openpgp"
++	json "gopkg.in/square/go-jose.v2"
+ )
+
+ // parseJWKPrivateKey parses the input byte array as a JWK and makes sure it's a private key
+ func parseJWKPrivateKey(privKey []byte, prefix string) (interface{}, error) {
+-	jwk := jose.JSONWebKey{}
++	jwk := json.JSONWebKey{}
+ 	err := jwk.UnmarshalJSON(privKey)
+ 	if err != nil {
+ 		return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err)
+@@ -45,7 +46,7 @@
+
+ // parseJWKPublicKey parses the input byte array as a JWK
+ func parseJWKPublicKey(privKey []byte, prefix string) (interface{}, error) {
+-	jwk := jose.JSONWebKey{}
++	jwk := json.JSONWebKey{}
+ 	err := jwk.UnmarshalJSON(privKey)
+ 	if err != nil {
+ 		return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err)
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..9986fca
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+fullsailor-pkcs7.patch
+go-jose-v2.patch
+t-keyprovider.patch
diff --git a/debian/patches/t-keyprovider.patch b/debian/patches/t-keyprovider.patch
new file mode 100644
index 0000000..7f170f8
--- /dev/null
+++ b/debian/patches/t-keyprovider.patch
@@ -0,0 +1,12 @@
+Index: golang-github-containers-ocicrypt/keywrap/keyprovider/keyprovider_test.go
+===================================================================
+--- golang-github-containers-ocicrypt.orig/keywrap/keyprovider/keyprovider_test.go
++++ golang-github-containers-ocicrypt/keywrap/keyprovider/keyprovider_test.go
+@@ -1,3 +1,7 @@
++//go:build debian_disable
++
++// requires network connectivity, disable in debian
++
+ /*
+    Copyright The ocicrypt Authors.
+ 
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..e004630
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+
+export DH_GOLANG_INSTALL_EXTRA := scripts/
+
+%:
+	dh $@ --builddirectory=_build --buildsystem=golang --with=golang
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..1be8930
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,5 @@
+---
+Bug-Database: https://github.com/containers/ocicrypt/issues
+Bug-Submit: https://github.com/containers/ocicrypt/issues/new
+Repository: https://github.com/containers/ocicrypt.git
+Repository-Browse: https://github.com/containers/ocicrypt
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..ff65f25
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,12 @@
+# uscan(1) configuration file.
+version=4
+
+opts="\
+pgpmode=none,\
+repacksuffix=+ds1,\
+repack,compression=xz,\
+dirversionmangle=s/-rc/~rc/,\
+uversionmangle=s/-rc/~rc/,\
+dversionmangle=auto,\
+" https://github.com/containers/ocicrypt/tags \
+  .*/v?@ANY_VERSION@@ARCHIVE_EXT@