summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 03:32:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 03:32:50 +0000
commitc617178f9517a33ea878066e13e8836f91574e1d (patch)
treeed4e79104cbba5bea8ec7d1e72540646598dc504 /debian
parentAdding upstream version 0.17.0. (diff)
downloadrnp-c617178f9517a33ea878066e13e8836f91574e1d.tar.xz
rnp-c617178f9517a33ea878066e13e8836f91574e1d.zip
Adding debian version 0.17.0-3.debian/0.17.0-3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog180
-rw-r--r--debian/clean2
-rw-r--r--debian/control68
-rw-r--r--debian/copyright83
-rw-r--r--debian/gbp.conf4
-rw-r--r--debian/librnp-dev.docs1
-rw-r--r--debian/librnp-dev.examples1
-rw-r--r--debian/librnp-dev.install5
-rw-r--r--debian/librnp-dev.manpages1
-rw-r--r--debian/librnp0.install2
-rw-r--r--debian/librnp0.symbols245
-rw-r--r--debian/patches/0001-Pull-version-information-from-debian-changelog-avoid.patch119
-rw-r--r--debian/patches/0002-Use-system-libsexpp-library.patch175
-rw-r--r--debian/patches/0003-test_set_expire-increase-short-expiry-time-from-10s-.patch33
-rw-r--r--debian/patches/series3
-rw-r--r--debian/rnp.docs1
-rw-r--r--debian/rnp.install2
-rw-r--r--debian/rnp.manpages2
-rwxr-xr-xdebian/rules33
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides2
-rwxr-xr-xdebian/tests/build-and-run-examples18
-rw-r--r--debian/tests/control6
-rw-r--r--debian/upstream/metadata5
-rw-r--r--debian/watch10
25 files changed, 1002 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..1884568
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,180 @@
+rnp (0.17.0-3) unstable; urgency=medium
+
+ * avoid test timeouts on mipsel/mips64el (see
+ https://github.com/rnpgp/rnp/issues/2118)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 16 Aug 2023 14:33:44 -0400
+
+rnp (0.17.0-2) unstable; urgency=medium
+
+ * move to unstable
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 15 Aug 2023 13:08:28 -0400
+
+rnp (0.17.0-1) experimental; urgency=medium
+
+ * New upstream release
+ * patch to use system libsexpp
+ * librnp-dev: ship librnp.a as well
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 25 May 2023 14:36:58 +0300
+
+rnp (0.17.0~git20220428-1) experimental; urgency=medium
+
+ * new experimental upstream git snapshot
+ * Constrain internally-reported version to something cmake and RNP can
+ handle (library thinks it is 0.16.999)
+ * added symbols:
+ - rnp_key_is_expired
+ - rnp_signature_get_key_fprint
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 28 Apr 2022 19:54:22 -0400
+
+rnp (0.16.3-1) unstable; urgency=medium
+
+ * New upstream release, Closes: #1034558
+ - Fixes CVE-2023-29479
+ - Fixes CVE-2023-29480
+ * standards-version: bump to 4.6.2 (no changes needed)
+ * drop unnecessary lintian overrides
+ * d/copyright: include 2023
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 24 May 2023 09:06:07 -0400
+
+rnp (0.16.2-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 03 Oct 2022 21:30:25 -0400
+
+rnp (0.16.1-1) unstable; urgency=medium
+
+ * New upstream release
+ * Standards-Version: bump to 4.6.1 (no changes needed)
+ * clean up lintian overrides
+ * update symbols file
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 09 Sep 2022 19:02:09 -0400
+
+rnp (0.16.0-1) unstable; urgency=medium
+
+ * New upstream version
+ * drop patches applied upstream, refresh patches
+ * clean up debian/TODO
+ * update d/copyright
+ * update symbols file
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 26 Mar 2022 13:58:06 -0400
+
+rnp (0.15.2-6) unstable; urgency=medium
+
+ * fix S2K tuning
+ * refresh patch
+ * Use a variant of upstream proposal for filtering exported symbols
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Nov 2021 13:58:40 -0400
+
+rnp (0.15.2-5) unstable; urgency=medium
+
+ * add an explicit version-script to limit symbol exposure
+ * make s2k_iteration_tuning test even sloppier on s390x
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Nov 2021 11:09:37 -0400
+
+rnp (0.15.2-4) unstable; urgency=medium
+
+ * streamline AEAD tests for armel and armhf
+ * loosen up s2k tuning test for s390x
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 29 Oct 2021 17:08:51 -0400
+
+rnp (0.15.2-3) unstable; urgency=medium
+
+ * Try to ignore accidentally-exported C++ symbols
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 29 Oct 2021 10:03:53 -0400
+
+rnp (0.15.2-2) unstable; urgency=medium
+
+ * Pull version information from debian/changelog (avoid git during build)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 28 Oct 2021 18:29:44 -0400
+
+rnp (0.15.2-1) unstable; urgency=medium
+
+ * new upstream release
+ * standards-version: bump to 4.6.0 (no changes needed)
+ * drop patch merged upstream
+ * silence pedantic lintian warning about test vectors
+ * update symbols with rnp_key_get_default_key
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 27 Oct 2021 18:21:28 -0400
+
+rnp (0.15.1-1) unstable; urgency=medium
+
+ * new upstream release
+ * support nodoc build profile
+ * update symbols
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 03 Jun 2021 21:53:15 -0400
+
+rnp (0.15.0-1) unstable; urgency=medium
+
+ * new upstream release
+ * drop unused patches
+ * switch from pandoc to asciidoc for manpage generation
+ * move to simpler library package names -- librnp-dev and librnp0
+ * point upstream to the local copy of googletest
+ * augment symbols for 0.15.0
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 08 Apr 2021 12:18:09 -0400
+
+rnp (0.14.0-6) unstable; urgency=medium
+
+ * Produce more useful diagnostics for s2k iteration test
+ * use patches from upstream where possible
+ * update build-deps to match adopted upstream changes
+ * avoid using the network for gtest and ruby in upstream-preferred form
+ * work around unclear upstream guidance for building with googletest
+ * use upstream manpages
+ * fix spelling errors in upstream manpages
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 01 Mar 2021 20:43:22 -0500
+
+rnp (0.14.0-5) unstable; urgency=medium
+
+ * move C API docs to librnp-0-dev package
+ * Initial autopkgtest, building and running example .c files
+ * Use versioned Build-Depends
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 28 Feb 2021 23:57:35 -0500
+
+rnp (0.14.0-4) unstable; urgency=medium
+
+ * new source-only release to unstable
+ * d/clean: clean up Testing/Temporary/ directory
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 28 Feb 2021 09:32:03 -0500
+
+rnp (0.14.0-3) unstable; urgency=medium
+
+ * clean export
+ * clean up patch metadata
+ * re-enable parallel builds, even in /tmp
+ * avoid building the test suite when nocheck is present
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 12 Feb 2021 00:50:49 -0500
+
+rnp (0.14.0-2) unstable; urgency=medium
+
+ * include manpages
+ * spelling fixes
+ * clean up librnp.3 manpage
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Feb 2021 16:37:41 -0500
+
+rnp (0.14.0-1) unstable; urgency=low
+
+ * Initial debian packaging (Closes: #945537).
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Feb 2021 07:26:51 -0500
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..c78ad70
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1,2 @@
+src/tests/__pycache__/
+Testing/Temporary/
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..eea266c
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,68 @@
+Source: rnp
+Section: utils
+Priority: optional
+Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Build-Depends:
+ asciidoctor <!nodoc>,
+ cmake (>= 3.14),
+ debhelper-compat (= 13),
+ gnupg <!nocheck>,
+ googletest <!nocheck>,
+ libbotan-2-dev (>= 2.14.0),
+ libbz2-dev,
+ libjson-c-dev (>= 0.11),
+ libsexpp-dev,
+ pkg-config,
+ python3 <!nocheck>,
+ python3-distutils <!nocheck>,
+ zlib1g-dev,
+Standards-Version: 4.6.2
+Vcs-Git: https://salsa.debian.org/debian/rnp.git
+Vcs-Browser: https://salsa.debian.org/debian/rnp
+Homepage: https://www.rnpgp.com/software/rnp/
+Rules-Requires-Root: no
+
+Package: rnp
+Architecture: any
+Multi-Arch: foreign
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ librnp0 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Cross-platform OpenPGP (RFC4880) tools (command-line tool)
+ RNP is a set of cross-platform tools implementing OpenPGP (RFC 4880) and
+ related standards.
+ .
+ This package contains the command-line tool, rnp.
+
+Package: librnp0
+Architecture: any
+Section: libs
+Multi-Arch: same
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Cross-platform OpenPGP (RFC4880) tools (library)
+ RNP is a set of cross-platform tools implementing OpenPGP (RFC 4880) and
+ related standards.
+ .
+ This package contains the shared library, librnp.
+
+Package: librnp-dev
+Section: libdevel
+Architecture: any
+Replaces: librnp-0-dev (<< 0.15.0)
+Breaks: librnp-0-dev (<< 0.15.0)
+Depends:
+ librnp0 (= ${binary:Version}),
+ ${misc:Depends},
+Description: Cross-platform OpenPGP (RFC4880) tools (development files)
+ RNP is a set of cross-platform tools implementing OpenPGP (RFC 4880) and
+ related standards.
+ .
+ This package contains the development headers and documentation used
+ to build other tools against the library.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..4f8ced0
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,83 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: rnp
+Upstream-Contact: Ribose Inc <packaging@ribose.com>
+Source: https://github.com/rnpgp/rnp
+
+Files: *
+Copyright:
+ 2017-2023, Ribose Inc.
+ 2009-2010, The NetBSD Foundation, Inc.
+License: BSD-2-clause
+
+Files: cmake/Modules/FindWindowsSDK.cmake
+Copyright:
+ 2012 Iowa State University
+License: Boost-1.0
+
+Files: src/lib/crypto.cpp src/lib/crypto.h src/lib/crypto/dsa.cpp src/lib/crypto/elgamal.cpp src/lib/crypto/hash.cpp src/lib/crypto/rsa.cpp src/lib/crypto/symmetric.cpp src/lib/crypto/symmetric.h src/lib/pgp-key.cpp src/lib/pgp-key.h src/lib/types.h src/librekey/key_store_pgp.cpp src/librekey/key_store_pgp.h
+Comment:
+ Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
+ their moral rights under the UK Copyright Design and Patents Act 1988 to
+ be recorded as the authors of this copyright work.
+ .
+ Nominet contributions to these files fall under Apache 2.0, while
+ other contributions are BSD-2-clause.
+Copyright:
+ 2005-2008 Nominet UK,
+ 2009 The NetBSD Foundation, Inc.,
+ 2017-2022 Ribose Inc.
+License: BSD-2-clause and Apache-2.0
+
+Files: debian/*
+Copyright:
+ 2021-2023 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+License: BSD-2-clause
+
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Apache-2.0
+ The full text of the Apache 2.0 license can be found on Debian systems
+ in /usr/share/common-licenses/Apache-2.0.
+
+License: Boost-1.0
+ Permission is hereby granted, free of charge, to any person or organization
+ obtaining a copy of the software and accompanying documentation covered by
+ this license (the "Software") to use, reproduce, display, distribute,
+ execute, and transmit the Software, and to prepare derivative works of the
+ Software, and to permit third-parties to whom the Software is furnished to
+ do so, all subject to the following:
+ .
+ The copyright notices in the Software and this entire statement, including
+ the above license grant, this restriction and the following disclaimer,
+ must be included in all copies of the Software, in whole or in part, and
+ all derivative works of the Software, unless such copies or derivative
+ works are solely in the form of machine-executable object code generated by
+ a source language processor.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..cc2da7b
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian/unstable
+upstream-tag = v%(version)s
+pristine-tar = False
diff --git a/debian/librnp-dev.docs b/debian/librnp-dev.docs
new file mode 100644
index 0000000..21379e0
--- /dev/null
+++ b/debian/librnp-dev.docs
@@ -0,0 +1 @@
+docs/c-usage.adoc
diff --git a/debian/librnp-dev.examples b/debian/librnp-dev.examples
new file mode 100644
index 0000000..c404289
--- /dev/null
+++ b/debian/librnp-dev.examples
@@ -0,0 +1 @@
+src/examples/*
diff --git a/debian/librnp-dev.install b/debian/librnp-dev.install
new file mode 100644
index 0000000..09c411d
--- /dev/null
+++ b/debian/librnp-dev.install
@@ -0,0 +1,5 @@
+usr/include/rnp/*.h
+usr/lib/${DEB_HOST_MULTIARCH}/cmake/rnp/rnp-*.cmake
+usr/lib/${DEB_HOST_MULTIARCH}/librnp.a
+usr/lib/${DEB_HOST_MULTIARCH}/librnp.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/librnp.pc
diff --git a/debian/librnp-dev.manpages b/debian/librnp-dev.manpages
new file mode 100644
index 0000000..3461c50
--- /dev/null
+++ b/debian/librnp-dev.manpages
@@ -0,0 +1 @@
+usr/share/man/man3/librnp.3
diff --git a/debian/librnp0.install b/debian/librnp0.install
new file mode 100644
index 0000000..d70dc89
--- /dev/null
+++ b/debian/librnp0.install
@@ -0,0 +1,2 @@
+usr/lib/*/librnp.so.0
+usr/lib/*/librnp.so.0.*
diff --git a/debian/librnp0.symbols b/debian/librnp0.symbols
new file mode 100644
index 0000000..2fde4f9
--- /dev/null
+++ b/debian/librnp0.symbols
@@ -0,0 +1,245 @@
+librnp.so.0 librnp0 #MINVER#
+* Build-Depends-Package: librnp-dev
+ rnp_add_security_rule@Base 0.16.0
+ rnp_backend_string@Base 0.16.0
+ rnp_backend_version@Base 0.16.0
+ rnp_buffer_clear@Base 0.14.0
+ rnp_buffer_destroy@Base 0.14.0
+ rnp_calculate_iterations@Base 0.14.0
+ rnp_dearmor@Base 0.14.0
+ rnp_decrypt@Base 0.14.0
+ rnp_detect_homedir_info@Base 0.14.0
+ rnp_detect_key_format@Base 0.14.0
+ rnp_disable_debug@Base 0.14.0
+ rnp_dump_packets_to_json@Base 0.14.0
+ rnp_dump_packets_to_output@Base 0.14.0
+ rnp_enable_debug@Base 0.14.0
+ rnp_enarmor@Base 0.14.0
+ rnp_ffi_create@Base 0.14.0
+ rnp_ffi_destroy@Base 0.14.0
+ rnp_ffi_set_key_provider@Base 0.14.0
+ rnp_ffi_set_log_fd@Base 0.14.0
+ rnp_ffi_set_pass_provider@Base 0.14.0
+ rnp_generate_key_25519@Base 0.14.0
+ rnp_generate_key_dsa_eg@Base 0.14.0
+ rnp_generate_key_ec@Base 0.14.0
+ rnp_generate_key_ex@Base 0.14.0
+ rnp_generate_key_json@Base 0.14.0
+ rnp_generate_key_rsa@Base 0.14.0
+ rnp_generate_key_sm2@Base 0.14.0
+ rnp_get_default_homedir@Base 0.14.0
+ rnp_get_public_key_count@Base 0.14.0
+ rnp_get_public_key_data@Base 0.14.0
+ rnp_get_secret_key_count@Base 0.14.0
+ rnp_get_secret_key_data@Base 0.14.0
+ rnp_get_security_rule@Base 0.16.0
+ rnp_guess_contents@Base 0.14.0
+ rnp_identifier_iterator_create@Base 0.14.0
+ rnp_identifier_iterator_destroy@Base 0.14.0
+ rnp_identifier_iterator_next@Base 0.14.0
+ rnp_import_keys@Base 0.14.0
+ rnp_import_signatures@Base 0.14.0
+ rnp_input_destroy@Base 0.14.0
+ rnp_input_from_callback@Base 0.14.0
+ rnp_input_from_memory@Base 0.14.0
+ rnp_input_from_path@Base 0.14.0
+ rnp_input_from_stdin@Base 0.16.1
+ rnp_key_25519_bits_tweak@Base 0.16.0
+ rnp_key_25519_bits_tweaked@Base 0.16.0
+ rnp_key_add_uid@Base 0.14.0
+ rnp_key_allows_usage@Base 0.14.0
+ rnp_key_export@Base 0.14.0
+ rnp_key_export_autocrypt@Base 0.14.0
+ rnp_key_export_revocation@Base 0.14.0
+ rnp_key_get_alg@Base 0.14.0
+ rnp_key_get_bits@Base 0.14.0
+ rnp_key_get_creation@Base 0.14.0
+ rnp_key_get_curve@Base 0.14.0
+ rnp_key_get_default_key@Base 0.15.2
+ rnp_key_get_dsa_qbits@Base 0.14.0
+ rnp_key_get_expiration@Base 0.14.0
+ rnp_key_get_fprint@Base 0.14.0
+ rnp_key_get_grip@Base 0.14.0
+ rnp_key_get_keyid@Base 0.14.0
+ rnp_key_get_primary_fprint@Base 0.14.0
+ rnp_key_get_primary_grip@Base 0.14.0
+ rnp_key_get_primary_uid@Base 0.14.0
+ rnp_key_get_protection_cipher@Base 0.14.0
+ rnp_key_get_protection_hash@Base 0.14.0
+ rnp_key_get_protection_iterations@Base 0.14.0
+ rnp_key_get_protection_mode@Base 0.14.0
+ rnp_key_get_protection_type@Base 0.14.0
+ rnp_key_get_revocation_reason@Base 0.14.0
+ rnp_key_get_revocation_signature@Base 0.14.0
+ rnp_key_get_signature_at@Base 0.14.0
+ rnp_key_get_signature_count@Base 0.14.0
+ rnp_key_get_subkey_at@Base 0.14.0
+ rnp_key_get_subkey_count@Base 0.14.0
+ rnp_key_get_uid_at@Base 0.14.0
+ rnp_key_get_uid_count@Base 0.14.0
+ rnp_key_get_uid_handle_at@Base 0.14.0
+ rnp_key_handle_destroy@Base 0.14.0
+ rnp_key_have_public@Base 0.14.0
+ rnp_key_have_secret@Base 0.14.0
+ rnp_key_is_compromised@Base 0.14.0
+ rnp_key_is_expired@Base 0.16.1
+ rnp_key_is_locked@Base 0.14.0
+ rnp_key_is_primary@Base 0.14.0
+ rnp_key_is_protected@Base 0.14.0
+ rnp_key_is_retired@Base 0.14.0
+ rnp_key_is_revoked@Base 0.14.0
+ rnp_key_is_sub@Base 0.14.0
+ rnp_key_is_superseded@Base 0.14.0
+ rnp_key_is_valid@Base 0.14.0
+ rnp_key_lock@Base 0.14.0
+ rnp_key_packets_to_json@Base 0.14.0
+ rnp_key_protect@Base 0.14.0
+ rnp_key_remove@Base 0.14.0
+ rnp_key_remove_signatures@Base 0.15.0
+ rnp_key_revoke@Base 0.14.0
+ rnp_key_set_expiration@Base 0.14.0
+ rnp_key_to_json@Base 0.14.0
+ rnp_key_unlock@Base 0.14.0
+ rnp_key_unprotect@Base 0.14.0
+ rnp_key_valid_till64@Base 0.15.1
+ rnp_key_valid_till@Base 0.14.0
+ rnp_load_keys@Base 0.14.0
+ rnp_locate_key@Base 0.14.0
+ rnp_op_encrypt_add_password@Base 0.14.0
+ rnp_op_encrypt_add_recipient@Base 0.14.0
+ rnp_op_encrypt_add_signature@Base 0.14.0
+ rnp_op_encrypt_create@Base 0.14.0
+ rnp_op_encrypt_destroy@Base 0.14.0
+ rnp_op_encrypt_execute@Base 0.14.0
+ rnp_op_encrypt_set_aead@Base 0.14.0
+ rnp_op_encrypt_set_aead_bits@Base 0.14.0
+ rnp_op_encrypt_set_armor@Base 0.14.0
+ rnp_op_encrypt_set_cipher@Base 0.14.0
+ rnp_op_encrypt_set_compression@Base 0.14.0
+ rnp_op_encrypt_set_creation_time@Base 0.14.0
+ rnp_op_encrypt_set_expiration_time@Base 0.14.0
+ rnp_op_encrypt_set_file_mtime@Base 0.14.0
+ rnp_op_encrypt_set_file_name@Base 0.14.0
+ rnp_op_encrypt_set_flags@Base 0.16.1
+ rnp_op_encrypt_set_hash@Base 0.14.0
+ rnp_op_generate_add_pref_cipher@Base 0.14.0
+ rnp_op_generate_add_pref_compression@Base 0.14.0
+ rnp_op_generate_add_pref_hash@Base 0.14.0
+ rnp_op_generate_add_usage@Base 0.14.0
+ rnp_op_generate_clear_pref_ciphers@Base 0.14.0
+ rnp_op_generate_clear_pref_compression@Base 0.14.0
+ rnp_op_generate_clear_pref_hashes@Base 0.14.0
+ rnp_op_generate_clear_usage@Base 0.14.0
+ rnp_op_generate_create@Base 0.14.0
+ rnp_op_generate_destroy@Base 0.14.0
+ rnp_op_generate_execute@Base 0.14.0
+ rnp_op_generate_get_key@Base 0.14.0
+ rnp_op_generate_set_bits@Base 0.14.0
+ rnp_op_generate_set_curve@Base 0.14.0
+ rnp_op_generate_set_dsa_qbits@Base 0.14.0
+ rnp_op_generate_set_expiration@Base 0.14.0
+ rnp_op_generate_set_hash@Base 0.14.0
+ rnp_op_generate_set_pref_keyserver@Base 0.14.0
+ rnp_op_generate_set_protection_cipher@Base 0.14.0
+ rnp_op_generate_set_protection_hash@Base 0.14.0
+ rnp_op_generate_set_protection_iterations@Base 0.14.0
+ rnp_op_generate_set_protection_mode@Base 0.14.0
+ rnp_op_generate_set_protection_password@Base 0.14.0
+ rnp_op_generate_set_request_password@Base 0.14.0
+ rnp_op_generate_set_userid@Base 0.14.0
+ rnp_op_generate_subkey_create@Base 0.14.0
+ rnp_op_sign_add_signature@Base 0.14.0
+ rnp_op_sign_cleartext_create@Base 0.14.0
+ rnp_op_sign_create@Base 0.14.0
+ rnp_op_sign_destroy@Base 0.14.0
+ rnp_op_sign_detached_create@Base 0.14.0
+ rnp_op_sign_execute@Base 0.14.0
+ rnp_op_sign_set_armor@Base 0.14.0
+ rnp_op_sign_set_compression@Base 0.14.0
+ rnp_op_sign_set_creation_time@Base 0.14.0
+ rnp_op_sign_set_expiration_time@Base 0.14.0
+ rnp_op_sign_set_file_mtime@Base 0.14.0
+ rnp_op_sign_set_file_name@Base 0.14.0
+ rnp_op_sign_set_hash@Base 0.14.0
+ rnp_op_sign_signature_set_creation_time@Base 0.14.0
+ rnp_op_sign_signature_set_expiration_time@Base 0.14.0
+ rnp_op_sign_signature_set_hash@Base 0.14.0
+ rnp_op_verify_create@Base 0.14.0
+ rnp_op_verify_destroy@Base 0.14.0
+ rnp_op_verify_detached_create@Base 0.14.0
+ rnp_op_verify_execute@Base 0.14.0
+ rnp_op_verify_get_file_info@Base 0.14.0
+ rnp_op_verify_get_protection_info@Base 0.14.0
+ rnp_op_verify_get_recipient_at@Base 0.14.0
+ rnp_op_verify_get_recipient_count@Base 0.14.0
+ rnp_op_verify_get_signature_at@Base 0.14.0
+ rnp_op_verify_get_signature_count@Base 0.14.0
+ rnp_op_verify_get_symenc_at@Base 0.14.0
+ rnp_op_verify_get_symenc_count@Base 0.14.0
+ rnp_op_verify_get_used_recipient@Base 0.14.0
+ rnp_op_verify_get_used_symenc@Base 0.14.0
+ rnp_op_verify_set_flags@Base 0.16.1
+ rnp_op_verify_signature_get_handle@Base 0.14.0
+ rnp_op_verify_signature_get_hash@Base 0.14.0
+ rnp_op_verify_signature_get_key@Base 0.14.0
+ rnp_op_verify_signature_get_status@Base 0.14.0
+ rnp_op_verify_signature_get_times@Base 0.14.0
+ rnp_output_armor_set_line_length@Base 0.14.0
+ rnp_output_destroy@Base 0.14.0
+ rnp_output_finish@Base 0.14.0
+ rnp_output_memory_get_buf@Base 0.14.0
+ rnp_output_pipe@Base 0.14.0
+ rnp_output_to_armor@Base 0.14.0
+ rnp_output_to_callback@Base 0.14.0
+ rnp_output_to_file@Base 0.14.0
+ rnp_output_to_memory@Base 0.14.0
+ rnp_output_to_null@Base 0.14.0
+ rnp_output_to_path@Base 0.14.0
+ rnp_output_to_stdout@Base 0.16.1
+ rnp_output_write@Base 0.14.0
+ rnp_recipient_get_alg@Base 0.14.0
+ rnp_recipient_get_keyid@Base 0.14.0
+ rnp_remove_security_rule@Base 0.16.0
+ rnp_request_password@Base 0.14.0
+ rnp_result_to_string@Base 0.14.0
+ rnp_save_keys@Base 0.14.0
+ rnp_set_timestamp@Base 0.16.1
+ rnp_signature_export@Base 0.17.0
+ rnp_signature_get_alg@Base 0.14.0
+ rnp_signature_get_creation@Base 0.14.0
+ rnp_signature_get_expiration@Base 0.16.0
+ rnp_signature_get_hash_alg@Base 0.14.0
+ rnp_signature_get_key_fprint@Base 0.16.1
+ rnp_signature_get_keyid@Base 0.14.0
+ rnp_signature_get_signer@Base 0.14.0
+ rnp_signature_get_type@Base 0.14.0
+ rnp_signature_handle_destroy@Base 0.14.0
+ rnp_signature_is_valid@Base 0.14.0
+ rnp_signature_packet_to_json@Base 0.14.0
+ rnp_signature_remove@Base 0.15.0
+ rnp_supported_features@Base 0.14.0
+ rnp_supports_feature@Base 0.14.0
+ rnp_symenc_get_aead_alg@Base 0.14.0
+ rnp_symenc_get_cipher@Base 0.14.0
+ rnp_symenc_get_hash_alg@Base 0.14.0
+ rnp_symenc_get_s2k_iterations@Base 0.14.0
+ rnp_symenc_get_s2k_type@Base 0.14.0
+ rnp_uid_get_data@Base 0.14.0
+ rnp_uid_get_revocation_signature@Base 0.14.0
+ rnp_uid_get_signature_at@Base 0.14.0
+ rnp_uid_get_signature_count@Base 0.14.0
+ rnp_uid_get_type@Base 0.14.0
+ rnp_uid_handle_destroy@Base 0.14.0
+ rnp_uid_is_primary@Base 0.14.0
+ rnp_uid_is_revoked@Base 0.14.0
+ rnp_uid_is_valid@Base 0.14.0
+ rnp_uid_remove@Base 0.15.0
+ rnp_unload_keys@Base 0.14.0
+ rnp_version@Base 0.14.0
+ rnp_version_commit_timestamp@Base 0.14.0
+ rnp_version_for@Base 0.14.0
+ rnp_version_major@Base 0.14.0
+ rnp_version_minor@Base 0.14.0
+ rnp_version_patch@Base 0.14.0
+ rnp_version_string@Base 0.14.0
+ rnp_version_string_full@Base 0.14.0
diff --git a/debian/patches/0001-Pull-version-information-from-debian-changelog-avoid.patch b/debian/patches/0001-Pull-version-information-from-debian-changelog-avoid.patch
new file mode 100644
index 0000000..a08e667
--- /dev/null
+++ b/debian/patches/0001-Pull-version-information-from-debian-changelog-avoid.patch
@@ -0,0 +1,119 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 28 Oct 2021 10:18:00 -0400
+Subject: Pull version information from debian/changelog (avoid git
+ shenanigans)
+
+Forwarded: not-needed
+---
+ cmake/version.cmake | 93 +++++++----------------------------------------------
+ 1 file changed, 11 insertions(+), 82 deletions(-)
+
+diff --git a/cmake/version.cmake b/cmake/version.cmake
+index f74126e..ff100f4 100644
+--- a/cmake/version.cmake
++++ b/cmake/version.cmake
+@@ -67,93 +67,22 @@ function(extract_version_info version var_prefix)
+ endfunction()
+
+ function(determine_version source_dir var_prefix)
+- set(has_release_tag NO)
+- set(has_version_txt NO)
+- set(local_prefix "_determine_ver")
+- # find out base version via version.txt
+- set(base_version "0.0.0")
+- if (EXISTS "${source_dir}/version.txt")
+- set(has_version_txt YES)
+- file(STRINGS "${source_dir}/version.txt" version_file)
+- extract_version_info("${version_file}" "${local_prefix}")
+- set(base_version "${${local_prefix}_VERSION}")
+- message(STATUS "Found version.txt with ${version_file}")
++ # Debian-specific version information
++ if(DEFINED ENV{DEB_VERSION})
++ set(version_full "$ENV{DEB_VERSION}")
+ else()
+- message(STATUS "Found no version.txt.")
++ message(FATAL_ERROR "DEB_VERSION not defined")
+ endif()
+- # for GIT_EXECUTABLE
+- find_package(Git)
+- # get a description of the version, something like:
+- # v1.9.1-0-g38ffe82 (a tagged release)
+- # v1.9.1-0-g38ffe82-dirty (a tagged release with local modifications)
+- # v1.9.0-3-g5b92266 (post-release snapshot)
+- # v1.9.0-3-g5b92266-dirty (post-release snapshot with local modifications)
+- _git(version describe --abbrev=${GIT_REV_LEN} --match "v[0-9]*" --long --dirty)
+- if (NOT _git_ec EQUAL 0)
+- # no annotated tags, fake one
+- message(STATUS "Found no annotated tags.")
+- _git(revision rev-parse --short=${GIT_REV_LEN} --verify HEAD)
+- if (_git_ec EQUAL 0)
+- set(version "v${base_version}-0-g${revision}")
+- # check if dirty (this won't detect untracked files, but should be ok)
+- _git(changes diff-index --quiet HEAD --)
+- if (NOT _git_ec EQUAL 0)
+- string(APPEND version "-dirty")
+- endif()
+- # append the commit timestamp of the most recent commit (only
+- # in non-release branches -- typically master)
+- _git(commit_timestamp show -s --format=%ct)
+- if (_git_ec EQUAL 0)
+- string(APPEND version "+${commit_timestamp}")
+- endif()
+- elseif(has_version_txt)
+- # Nothing to get from git - so use version.txt completely
+- set(version "${version_file}")
+- else()
+- # Sad case - no git, no version.txt
+- set(version "v${base_version}")
+- endif()
++ if(DEFINED ENV{SOURCE_DATE_EPOCH})
++ set(commit_timestamp "$ENV{SOURCE_DATE_EPOCH}")
+ else()
+- set(has_release_tag YES)
+- message(STATUS "Found annotated tag ${version}")
++ message(FATAL_ERROR "SOURCE_DATE_EPOCH not defined")
+ endif()
+- extract_version_info("${version}" "${local_prefix}")
+- if ("${has_version_txt}" AND NOT ${base_version} STREQUAL ${local_prefix}_VERSION)
+- message(WARNING "Tagged version ${${local_prefix}_VERSION} doesn't match one from the version.txt: ${base_version}")
+- if (${base_version} VERSION_GREATER ${local_prefix}_VERSION)
+- set(${local_prefix}_VERSION ${base_version})
+- endif()
+- endif()
+- foreach(suffix VERSION VERSION_NCOMMITS VERSION_GIT_REV VERSION_IS_DIRTY VERSION_COMMIT_TIMESTAMP)
+- if (NOT DEFINED ${local_prefix}_${suffix})
+- message(FATAL_ERROR "Unable to determine version.")
+- endif()
+- set(${var_prefix}_${suffix} "${${local_prefix}_${suffix}}" PARENT_SCOPE)
+- message(STATUS "${var_prefix}_${suffix}: ${${local_prefix}_${suffix}}")
+- endforeach()
+- # Set VERSION_SUFFIX and VERSION_FULL. When making changes, be aware that
+- # this is used in packaging as well and will affect ordering.
+- # | state | version_full |
+- # |-----------------------------------------------------|
+- # | exact tag | 0.9.0 |
+- # | exact tag, dirty | 0.9.0+git20180604 |
+- # | after tag | 0.9.0+git20180604.1.085039f |
+- # | no tag, version.txt | 0.9.0+git20180604.2ee02af |
+- # | no tag, no version.txt| 0.0.0+git20180604.2ee02af |
+- string(TIMESTAMP date "%Y%m%d" UTC)
+- set(version_suffix "")
+- if (NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0)
+- # 0.9.0+git20150604.4.289818b
+- string(APPEND version_suffix "+git${date}.${${local_prefix}_VERSION_NCOMMITS}.${${local_prefix}_VERSION_GIT_REV}")
+- elseif ((NOT has_release_tag) AND ((NOT has_version_txt) OR ("${base_version}" STREQUAL "0.0.0") OR (NOT "${revision}" STREQUAL "")))
+- # 0.9.0+git20150604.289818b
+- string(APPEND version_suffix "+git${date}.${${local_prefix}_VERSION_GIT_REV}")
+- elseif(${local_prefix}_VERSION_IS_DIRTY)
+- # 0.9.0+git20150604
+- string(APPEND version_suffix "+git${date}")
+- endif()
+- set(version_full "${${local_prefix}_VERSION}${version_suffix}")
++ string(REGEX REPLACE "^.*-" "-" version_suffix "${version_full}")
++ string(REGEX REPLACE "-[^-]*$" "" version_upstream "${version_full}")
+ # set the results
++ set(${var_prefix}_VERSION "${version_upstream}" PARENT_SCOPE)
++ set(${var_prefix}_VERSION_COMMIT_TIMESTAMP "${commit_timestamp}" PARENT_SCOPE)
+ set(${var_prefix}_VERSION_SUFFIX "${version_suffix}" PARENT_SCOPE)
+ set(${var_prefix}_VERSION_FULL "${version_full}" PARENT_SCOPE)
+ # for informational purposes
diff --git a/debian/patches/0002-Use-system-libsexpp-library.patch b/debian/patches/0002-Use-system-libsexpp-library.patch
new file mode 100644
index 0000000..4338313
--- /dev/null
+++ b/debian/patches/0002-Use-system-libsexpp-library.patch
@@ -0,0 +1,175 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Wed, 21 Jun 2023 14:12:26 +0200
+Subject: Use system libsexpp library
+
+cherry picked the necessary pieces from upstream commits:
+
+ 3e9831ac3409095db40b7967866b9197eb36ff64
+ df4f24bd48b6691692379f1370fde3c12e96e3ab
+ f9147e72a369f1e412d2f2385cf23a3e9dd6882d
+ 82d9747f1da36db0393c122b451a847cf561bb7c
+---
+ CMakeLists.txt | 29 +++++++++++++++++++++++++----
+ src/lib/CMakeLists.txt | 28 +++++++++++++++++++---------
+ src/librekey/g23_sexp.hpp | 4 ++--
+ src/tests/CMakeLists.txt | 3 ++-
+ 4 files changed, 48 insertions(+), 16 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index bb6d40c..1d75f1a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -58,6 +58,8 @@ option(ENABLE_COVERAGE "Enable code coverage testing.")
+ option(ENABLE_SANITIZERS "Enable ASan and other sanitizers.")
+ option(ENABLE_FUZZERS "Enable fuzz targets.")
+ option(DOWNLOAD_GTEST "Download Googletest" On)
++option(SYSTEM_LIBSEXPP "Use system sexpp library" OFF)
++
+ # crypto components
+ function(tristate_feature_auto NAME DESCRIPTION)
+ set(${NAME} Auto CACHE STRING ${DESCRIPTION})
+@@ -176,10 +178,29 @@ if (ENABLE_FUZZERS)
+ endif()
+ add_subdirectory(src/common)
+
+-set(WITH_SEXP_CLI OFF)
+-set(WITH_SEXP_TESTS OFF)
+-set(CMAKE_INSTALL_DEFAULT_COMPONENT_NAME development)
+-add_subdirectory(src/libsexp EXCLUDE_FROM_ALL)
++if (SYSTEM_LIBSEXPP)
++ find_package(PkgConfig QUIET)
++ pkg_check_modules(REQUIRED sexpp>=0.8.7)
++ find_library(SEXPP_LIBRARY
++ NAMES
++ "libsexpp"
++ "sexpp"
++ HINTS
++ "${SEXPP_LIBRARY_DIRS}"
++ )
++ add_library(sexpp UNKNOWN IMPORTED)
++ set_target_properties(sexpp
++ PROPERTIES
++ INTERFACE_INCLUDE_DIRECTORIES "${SEXPP_INCLUDE_DIR}"
++ IMPORTED_LINK_INTERFACE_LANGUAGES "CXX"
++ IMPORTED_LOCATION "${SEXPP_LIBRARY}"
++ )
++else (SYSTEM_LIBSEXPP)
++ set(WITH_SEXP_CLI OFF)
++ set(WITH_SEXP_TESTS OFF)
++ set(CMAKE_INSTALL_DEFAULT_COMPONENT_NAME development)
++ add_subdirectory(src/libsexp EXCLUDE_FROM_ALL)
++endif(SYSTEM_LIBSEXPP)
+
+ add_subdirectory(src/lib)
+ add_subdirectory(src/rnp)
+diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
+index 086ac57..e05d1c1 100755
+--- a/src/lib/CMakeLists.txt
++++ b/src/lib/CMakeLists.txt
+@@ -320,6 +320,7 @@ target_include_directories(librnp-obj
+ PRIVATE
+ "${CMAKE_CURRENT_SOURCE_DIR}"
+ "${PROJECT_SOURCE_DIR}/src"
++ "${SEXPP_INCLUDE_DIRS}"
+ )
+ target_link_libraries(librnp-obj PRIVATE JSON-C::JSON-C)
+ if (CRYPTO_BACKEND_BOTAN)
+@@ -328,7 +329,7 @@ elseif (CRYPTO_BACKEND_OPENSSL)
+ target_link_libraries(librnp-obj PRIVATE OpenSSL::Crypto)
+ endif()
+
+-target_link_libraries(librnp-obj PRIVATE sexp)
++target_link_libraries(librnp-obj PRIVATE sexpp)
+
+ set_target_properties(librnp-obj PROPERTIES CXX_VISIBILITY_PRESET hidden)
+ if (TARGET BZip2::BZip2)
+@@ -384,7 +385,7 @@ foreach (prop LINK_LIBRARIES INTERFACE_LINK_LIBRARIES INCLUDE_DIRECTORIES INTERF
+ get_target_property(val librnp-obj ${prop})
+ if (BUILD_SHARED_LIBS)
+ set_property(TARGET librnp-static PROPERTY ${prop} ${val})
+- list(REMOVE_ITEM val "$<LINK_ONLY:sexp>")
++ list(REMOVE_ITEM val "$<LINK_ONLY:sexpp>")
+ set_property(TARGET librnp PROPERTY ${prop} ${val})
+ else()
+ set_property(TARGET librnp PROPERTY ${prop} ${val})
+@@ -417,8 +418,8 @@ endif()
+ # On Unix like systems we will build/install/pack shared and static libraries librnp.so and librnp.a
+ # On Windows we will build/install/pack dynamic, import and static libraries rnp.dll, rnp.lib and rnp-static.lib
+
+-# If a client application uses shared rnp library, sexp is statically linked to librnp.so
+-# If a client application uses static rnp library, it still needs libsexp.a
++# If a client application uses shared rnp library, sexpp is statically linked to librnp.so
++# If a client application uses static rnp library, it still needs libsexpp.a
+
+ if (BUILD_SHARED_LIBS)
+ # both static and shared libraries
+@@ -432,21 +433,30 @@ install(TARGETS librnp
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+ COMPONENT development
+ )
+-
+- install(TARGETS librnp-static sexp
++ install(TARGETS librnp-static
+ EXPORT rnp-targets
+ ARCHIVE
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+ COMPONENT development
+ )
+ else(BUILD_SHARED_LIBS)
+-# static libraries only
+-install(TARGETS librnp sexp
++# static libraries
++# install libsexpp unless system-installed libsexpp is used
++ if (SYSTEM_LIBSEXPP)
++ install(TARGETS librnp
++ EXPORT rnp-targets
++ ARCHIVE
++ DESTINATION "${CMAKE_INSTALL_LIBDIR}"
++ COMPONENT development
++ )
++ else (SYSTEM_LIBSEXPP)
++ install(TARGETS librnp sexpp
+ EXPORT rnp-targets
+ ARCHIVE
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+ COMPONENT development
+-)
++ )
++ endif (SYSTEM_LIBSEXPP)
+ endif(BUILD_SHARED_LIBS)
+
+ # install dll only for windows
+diff --git a/src/librekey/g23_sexp.hpp b/src/librekey/g23_sexp.hpp
+index b888680..b062c52 100644
+--- a/src/librekey/g23_sexp.hpp
++++ b/src/librekey/g23_sexp.hpp
+@@ -27,8 +27,8 @@
+ #ifndef RNP_G23_SEXP_HPP
+ #define RNP_G23_SEXP_HPP
+
+-#include "sexp/sexp.h"
+-#include "sexp/ext-key-format.h"
++#include "sexpp/sexp.h"
++#include "sexpp/ext-key-format.h"
+
+ #define SXP_MAX_DEPTH 30
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 7d2a6b0..16d30fb 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -171,12 +171,13 @@ target_include_directories(rnp_tests
+ "${PROJECT_SOURCE_DIR}/src"
+ "${PROJECT_SOURCE_DIR}/src/lib"
+ "${BOTAN2_INCLUDE_DIRS}"
++ "${SEXPP_INCLUDE_DIRS}"
+ )
+ target_link_libraries(rnp_tests
+ PRIVATE
+ librnp-static
+ JSON-C::JSON-C
+- sexp
++ sexpp
+ ${GTestMain}
+ )
+ if (CRYPTO_BACKEND_LOWERCASE STREQUAL "openssl")
diff --git a/debian/patches/0003-test_set_expire-increase-short-expiry-time-from-10s-.patch b/debian/patches/0003-test_set_expire-increase-short-expiry-time-from-10s-.patch
new file mode 100644
index 0000000..35ba2f4
--- /dev/null
+++ b/debian/patches/0003-test_set_expire-increase-short-expiry-time-from-10s-.patch
@@ -0,0 +1,33 @@
+From: Andreas Stieger <Andreas.Stieger@gmx.de>
+Date: Mon, 19 Jun 2023 23:21:43 +0200
+Subject: test_set_expire: increase short expiry time from 10s to 60s
+
+Fixes #2100, #2059
+
+(cherry picked from commit 3be41e061e28ffe0bc368b6cce57c4e07a6d1983)
+---
+ src/tests/cli_tests.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
+index e6f5ed7..f0bcc75 100755
+--- a/src/tests/cli_tests.py
++++ b/src/tests/cli_tests.py
+@@ -1997,14 +1997,14 @@ class Keystore(unittest.TestCase):
+ matches = re.findall(r'(key expiration time: 63072000 seconds \(730 days\))', out)
+ self.assertEqual(len(matches), 1)
+
+- # Expires in 10 seconds
+- ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '10', 'primary_with_empty_password@rnp'])
++ # Expires in 60 seconds
++ ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '60', 'primary_with_empty_password@rnp'])
+ self.assertEqual(ret, 0)
+ self.assertRegex(out, r'(?s)^.*\[EXPIRES .*')
+
+ ret, out, _ = run_proc(RNP, ['--list-packets', kpath])
+ self.assertEqual(ret, 0)
+- self.assertRegex(out, r'(?s)^.*key expiration time: 10 seconds \(0 days\).*')
++ self.assertRegex(out, r'(?s)^.*key expiration time: 60 seconds \(0 days\).*')
+
+ # Expires in 10 hours
+ ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '10h', 'primary_with_empty_password@rnp'])
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..0e06ee0
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+0001-Pull-version-information-from-debian-changelog-avoid.patch
+0002-Use-system-libsexpp-library.patch
+0003-test_set_expire-increase-short-expiry-time-from-10s-.patch
diff --git a/debian/rnp.docs b/debian/rnp.docs
new file mode 100644
index 0000000..d0296c8
--- /dev/null
+++ b/debian/rnp.docs
@@ -0,0 +1 @@
+docs/cli-usage.adoc
diff --git a/debian/rnp.install b/debian/rnp.install
new file mode 100644
index 0000000..c55a1d1
--- /dev/null
+++ b/debian/rnp.install
@@ -0,0 +1,2 @@
+usr/bin/rnp
+usr/bin/rnpkeys
diff --git a/debian/rnp.manpages b/debian/rnp.manpages
new file mode 100644
index 0000000..fb6e2a7
--- /dev/null
+++ b/debian/rnp.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man1/rnp.1
+usr/share/man/man1/rnpkeys.1
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..63b7dd8
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,33 @@
+#!/usr/bin/make -f
+
+include /usr/share/dpkg/pkg-info.mk
+export DEB_VERSION
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CXXFLAGS_MAINT_APPEND = -DS2K_MINIMUM_TUNING_RATIO=4
+
+ifneq (,$(filter $(DEB_HOST_ARCH), s390x))
+export DEB_CXXFLAGS_MAINT_APPEND = -DS2K_MINIMUM_TUNING_RATIO=1.5
+endif
+
+CONFIGURE_OPTIONS = -DBUILD_SHARED_LIBS=on \
+ -DDOWNLOAD_GTEST=off \
+ -DGTEST_SOURCES=/usr/src/googletest \
+ -DSYSTEM_LIBSEXPP=on \
+ -DDOWNLOAD_RUBYRNP=off
+
+ifneq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+CONFIGURE_OPTIONS += -DBUILD_TESTING=off
+endif
+
+ifneq (,$(filter nodoc,$(DEB_BUILD_OPTIONS)))
+CONFIGURE_OPTIONS += -DENABLE_DOC=off
+else
+CONFIGURE_OPTIONS += -DENABLE_DOC=on
+endif
+
+override_dh_auto_configure:
+ dh_auto_configure --builddirectory=build -- $(CONFIGURE_OPTIONS)
+
+%:
+ dh $@ --builddirectory=build
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..fa50f46
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,2 @@
+# these are test elements that are expected to be long:
+rnp source: very-long-line-length-in-source-file * > 512 [src/tests/data/*]
diff --git a/debian/tests/build-and-run-examples b/debian/tests/build-and-run-examples
new file mode 100755
index 0000000..6145719
--- /dev/null
+++ b/debian/tests/build-and-run-examples
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+if [ -d "$AUTOPKGTEST_ARTIFACTS" ]; then
+ cd "$AUTOPKGTEST_ARTIFACTS"
+fi
+
+for x in /usr/share/doc/librnp-dev/examples/*.c; do
+ bin="$(basename "$x" .c)"
+ printf 'building %s\n' "$bin"
+ gcc -g -O2 -Werror -Wall -pedantic -o "$bin" "$x" $(pkg-config --cflags --libs librnp)
+done
+
+for x in generate encrypt decrypt sign verify; do
+ printf '**** %s ****\n' "$x"
+ "./$x"
+done
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..48f1da5
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,6 @@
+Tests: build-and-run-examples
+Depends:
+ gcc,
+ libc6-dev,
+ librnp-dev,
+ pkg-config,
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..20997be
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,5 @@
+---
+Bug-Database: https://github.com/rnpgp/rnp/issues
+Bug-Submit: https://github.com/rnpgp/rnp/issues/new
+Repository: https://github.com/rnpgp/rnp.git
+Repository-Browse: https://github.com/rnpgp/rnp
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..afd59d4
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,10 @@
+version=4
+opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%" \
+ https://github.com/rnpgp/rnp/tags \
+ (?:.*?/)?v?(\d[\d.]*)\.tar\.gz
+# rnp now uses submodules upstream, but they might move to libsexpp as
+# a separate linked library.
+# if they continue with the submodules, we probably need to fetch the
+# upstream "release", not just the tag.
+# we might need to use the kind of mangling suggested by David Steele in
+# https://bugs.debian.org/1019696#30