summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog202
-rw-r--r--debian/control52
-rw-r--r--debian/copyright27
-rw-r--r--debian/gbp.conf6
-rw-r--r--debian/install1
-rw-r--r--debian/patches/allow_loading_config.patch107
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules19
-rw-r--r--debian/salsa-ci.yml4
-rw-r--r--debian/source/format1
-rw-r--r--debian/tests/control2
-rw-r--r--debian/tests/upstream-tests.sh14
-rw-r--r--debian/testssl.sh.maintscript1
-rw-r--r--debian/testssl.sh.manpages1
-rw-r--r--debian/upstream/metadata5
-rw-r--r--debian/watch3
16 files changed, 446 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..99bf9ba
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,202 @@
+testssl.sh (3.2~rc3+dfsg-1) unstable; urgency=medium
+
+ [ Debian Janitor ]
+ * Remove constraints unnecessary since buster (oldstable)
+
+ [ Unit 193 ]
+ * New upstream version 3.2~rc3+dfsg.
+ - Refresh patch.
+ * d/control: Drop old version constraints and update recommends
+ * d/copyright: Update my years.
+ * d/rules: Drop dh_fixperms override, no longer needed.
+ * Update Standards-Version to 4.6.2.
+
+ -- Unit 193 <unit193@debian.org> Sat, 04 Nov 2023 19:11:24 -0400
+
+testssl.sh (3.0.8+dfsg-1) unstable; urgency=medium
+
+ * d/watch: Switch from using GitHub releases to tags.
+ * New upstream version 3.0.8+dfsg.
+ - Refresh patch.
+ * Update Standards-Version to 4.6.1.
+
+ -- Unit 193 <unit193@debian.org> Wed, 02 Nov 2022 05:51:29 -0400
+
+testssl.sh (3.0.7+dfsg-1) unstable; urgency=medium
+
+ * d/watch: Drop the number off dfsg version.
+ * New upstream version 3.0.7+dfsg.
+ - Refresh patch.
+ * d/t/upstream-tests.sh: Add upstream tests for autopkgtest.
+ * d/copyright: Add my attribution.
+ * d/rules: client-simulation.txt is sourced, not executed, drop execute bit.
+
+ -- Unit 193 <unit193@debian.org> Sun, 20 Feb 2022 19:32:08 -0500
+
+testssl.sh (3.0.6+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.6+dfsg1.
+ - Refresh patch.
+ * Update Standards-Version to 4.6.0.
+
+ -- Unit 193 <unit193@debian.org> Sun, 10 Oct 2021 02:53:10 -0400
+
+testssl.sh (3.0.5+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.5+dfsg1.
+ - Refresh patch.
+ * d/control: Bump DH compat to 13.
+
+ -- Unit 193 <unit193@debian.org> Wed, 11 Aug 2021 18:54:00 -0400
+
+testssl.sh (3.0.4+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.4+dfsg1.
+ - Refresh patch.
+
+ -- Unit 193 <unit193@debian.org> Sun, 22 Nov 2020 19:46:09 -0500
+
+testssl.sh (3.0.3+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.3+dfsg1.
+ - Refresh patch.
+ * d/watch: Needlessly bump compat to 4.
+ * Update Standards-Version to 4.5.1.
+
+ -- Unit 193 <unit193@debian.org> Thu, 19 Nov 2020 22:42:46 -0500
+
+testssl.sh (3.0.2+dfsg1-3) unstable; urgency=medium
+
+ * d/control: Correct dependancies for backportability.
+ * Adjust line exceeding 80 columns in previous changelog entry.
+
+ -- Unit 193 <unit193@debian.org> Tue, 28 Jul 2020 02:35:25 -0400
+
+testssl.sh (3.0.2+dfsg1-2) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Gerardo Di Giacomo ]
+ * d/control: Update binary dependencies. Closes: #962995
+
+ [ Raphaël Hertzog ]
+ * Set upstream metadata fields: Bug-Database,
+ Bug-Submit, Repository, Repository-Browse.
+
+ -- Raphaël Hertzog <hertzog@debian.org> Mon, 29 Jun 2020 22:56:26 +0200
+
+testssl.sh (3.0.2+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.2+dfsg1.
+ - Refresh patch.
+ * d/control: Update my email address.
+ * d/copyright: Drop license comment as wording has been removed upstream.
+
+ -- Unit 193 <unit193@debian.org> Fri, 08 May 2020 20:05:24 -0400
+
+testssl.sh (3.0.1+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0.1+dfsg1
+ - Refresh patch.
+
+ -- Unit 193 <unit193@ubuntu.com> Sun, 19 Apr 2020 19:38:40 -0400
+
+testssl.sh (3.0+dfsg1-1) unstable; urgency=medium
+
+ * New upstream version 3.0+dfsg1
+ - Refresh patch.
+ * d/control: Add myself to uploaders.
+ * d/s/local-options: Drop, as these are default.
+ * Update Standards-Version to 4.5.0.
+
+ -- Unit 193 <unit193@ubuntu.com> Wed, 29 Jan 2020 17:53:47 -0500
+
+testssl.sh (3.0~rc6+dfsg1-1) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Samuel Henrique ]
+ * Add salsa-ci.yml
+
+ [ Unit 193 ]
+ * d/watch: Update to pick up RC tags.
+ * New upstream version 3.0~rc6+dfsg1
+ - Refresh patch.
+ * d/rules: Update for renamed changelog file.
+ * d/compat, d/control: Drop d/compat in favor of debhelper-compat.
+ * d/control: Set R³ to no.
+ * Update Standards-Version to 4.4.1.
+ * d/testssl.sh.maintscript: Clean up obsolete config file.
+ * d/copyright: Add upstream license note as a comment.
+
+ -- Unit 193 <unit193@ubuntu.com> Mon, 06 Jan 2020 23:39:33 -0500
+
+testssl.sh (2.9.5-7+dfsg1-1) unstable; urgency=medium
+
+ * Team upload
+ * New upstream version 2.9.5-7+dfsg1
+ * Bump Debhelper compat level
+ * Bump Standards-Version
+ * Update patch
+
+ -- Hilko Bengen <bengen@debian.org> Sun, 27 Jan 2019 22:25:45 +0100
+
+testssl.sh (2.9.5-5+dfsg1-1) unstable; urgency=medium
+
+ [ Raphaël Hertzog ]
+ * Update team maintainer address to Debian Security Tools
+ <team+pkg-security@tracker.debian.org>.
+
+ [ ChangZhuo Chen (陳昌倬) ]
+ * New upstream release.
+ * Bump Standards-Version to 4.1.5.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Tue, 17 Jul 2018 13:07:55 +0800
+
+testssl.sh (2.9.5-1+dfsg1-2) unstable; urgency=medium
+
+ [ Unit 193 ]
+ * d/p/allow_loading_config.patch:
+ - Config is presumed to be in the same dir as the script, or in ./etc/
+ * d/install: Install etc/* to /etc/testssl. (Closes: #888393)
+
+ [ ChangZhuo Chen (陳昌倬) ]
+ * Bump Standards-Version to 4.1.3.
+ * Bump compat to 11.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Sun, 11 Feb 2018 21:22:57 +0800
+
+testssl.sh (2.9.5-1+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 4.1.1.
+ * Change Priority to optional.
+ * Change Format in copyright to https.
+ * Add Multi-Arch: foreign.
+ * Use upstream manpage.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Fri, 06 Oct 2017 18:57:29 +0800
+
+testssl.sh (2.8~rc3+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 3.9.8.
+ * Change maintainer to Debian Security Tools Packaging Team.
+ * Update Vcs-* fields.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Fri, 06 Jan 2017 15:48:31 +0800
+
+testssl.sh (2.6+dfsg1-2) unstable; urgency=medium
+
+ * Fix FTBFS
+ * Install upstream changelog
+ * Update manpage
+ * Replace testssl.sh with testssl
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Thu, 15 Oct 2015 11:54:48 +0800
+
+testssl.sh (2.6+dfsg1-1) unstable; urgency=low
+
+ * Initial release. Closes: #800055
+
+ -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Sun, 27 Sep 2015 22:38:29 +0800
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..ae42040
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,52 @@
+Source: testssl.sh
+Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
+Uploaders: ChangZhuo Chen (陳昌倬) <czchen@debian.org>,
+ Unit 193 <unit193@debian.org>
+Section: utils
+Priority: optional
+Build-Depends: debhelper-compat (= 13),
+Rules-Requires-Root: no
+Standards-Version: 4.6.2
+Vcs-Browser: https://salsa.debian.org/pkg-security-team/testssl.sh
+Vcs-Git: https://salsa.debian.org/pkg-security-team/testssl.sh.git
+Homepage: https://testssl.sh/
+
+Package: testssl.sh
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends},
+ ${shlibs:Depends},
+ openssl,
+ bsdextrautils,
+ procps,
+ dnsutils
+Recommends: libengine-gost-openssl
+Description: Command line tool to check TLS/SSL ciphers, protocols and cryptographic flaws
+ testssl.sh is a free command line tool which checks a server's service
+ on any port for the support of TLS/SSL ciphers, protocols as well as
+ recent cryptographic flaws and more.
+ .
+ Key features
+ .
+ * Clear output: you can tell easily whether anything is good or bad
+ .
+ * Ease of installation: It works for Linux, Darwin, FreeBSD and
+ MSYS2/Cygwin out of the box: no need to install or configure
+ something, no gems, CPAN, pip or the like.
+ .
+ * Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
+ not only webservers at port 443
+ .
+ * Toolbox: Several command line options help you to run YOUR test and
+ configure YOUR output
+ .
+ * Reliability: features are tested thoroughly
+ .
+ * Verbosity: If a particular check cannot be performed because of a
+ missing capability on your client side, you'll get a warning
+ .
+ * Privacy: It's only you who sees the result, not a third party
+ .
+ * Freedom: It's 100% open source. You can look at the code, see what's
+ going on and you can change it. Heck, even the development is open
+ (github)
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..c98258c
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,27 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: testssl.sh
+Source: https://github.com/drwetter/testssl.sh
+Files-Excluded: bin/openssl.*
+Comment: Remove prebuilt openssl binary
+
+Files: *
+Copyright: 2006- Dirk Wetter <dirk@testssl.sh>
+License: GPL-2
+
+Files: debian/*
+Copyright: 2015- ChangZhuo Chen (陳昌倬) <czchen@debian.org>
+ 2018-2023 Unit 193 <unit193@debian.org>
+License: GPL-2
+
+License: GPL-2
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 as published by
+ the Free Software Foundation.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..efd0ebf
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+debian-branch = debian/master
+pristine-tar = True
+
+[import-orig]
+filter = ['debian/*', '.svn/*', '.git/*']
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..908f022
--- /dev/null
+++ b/debian/install
@@ -0,0 +1 @@
+etc/* etc/testssl/
diff --git a/debian/patches/allow_loading_config.patch b/debian/patches/allow_loading_config.patch
new file mode 100644
index 0000000..1f66aae
--- /dev/null
+++ b/debian/patches/allow_loading_config.patch
@@ -0,0 +1,107 @@
+Description: Config is presumed to be in the same dir as the script, or in ./etc/
+Author: Unit 193 <unit193@debian.org>
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2019-10-01
+
+---
+ testssl.sh | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+--- a/testssl.sh
++++ b/testssl.sh
+@@ -192,7 +192,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}"
+
+ ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
+ #
+-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
++TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"/etc/testssl"}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
+ CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
+ EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
+ PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
+@@ -2792,7 +2792,7 @@ run_hpkp() {
+ local -i i nrsaved
+ local first_hpkp_header
+ local spki
+- local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt"
++ local ca_hashes="$TESTSSL_INSTALL_DIR/ca_hashes.txt"
+
+ if [[ ! -s $HEADERFILE ]]; then
+ run_http_header "$1" || return 1
+@@ -5029,9 +5029,9 @@ run_client_simulation() {
+ local client_service=""
+
+ # source the external file
+- . "$TESTSSL_INSTALL_DIR/etc/client-simulation.txt" 2>/dev/null
++ . "$TESTSSL_INSTALL_DIR/client-simulation.txt" 2>/dev/null
+ if [[ $? -ne 0 ]]; then
+- prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client-simulation.txt"
++ prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/client-simulation.txt"
+ return 1
+ fi
+
+@@ -7614,7 +7614,7 @@ determine_trust() {
+
+ # if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
+ if [[ -z "$CA_BUNDLES_PATH" ]]; then
+- ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
++ ca_bundles="$TESTSSL_INSTALL_DIR/*.pem"
+ else
+ ca_bundles="$CA_BUNDLES_PATH/*.pem"
+ fi
+@@ -8887,7 +8887,7 @@ certificate_info() {
+ local certificate_list_ordering_problem="${13}"
+ local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info
+ local hostcert=""
+- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
+ local -i lineno_matched=0
+ local cert_keyusage cert_ext_keyusage short_keyAlgo
+ local outok=true
+@@ -17956,7 +17956,7 @@ get_common_prime() {
+ local spaces="$3"
+ local pubkey dh_p=""
+ local -i subret=0
+- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
+ local -i lineno_matched=0
+
+ "$HAS_PKEY" || return 2
+@@ -19952,16 +19952,16 @@ get_install_dir() {
+ DISPLAY_CIPHERNAMES="openssl-only"
+ debugme echo "$CIPHERS_BY_STRENGTH_FILE"
+ prln_warning "\nATTENTION: No cipher mapping file found!"
+- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
+ outln
+ ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
+ [[ $? -ne 0 ]] && exit $ERR_RESOURCE
+ fi
+
+- TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt"
++ TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/tls_data.txt"
+ if [[ ! -r "$TLS_DATA_FILE" ]]; then
+ prln_warning "\nATTENTION: No TLS data file found -- needed for socket-based handshakes"
+- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
+ outln
+ ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
+ [[ $? -ne 0 ]] && exit $ERR_RESOURCE
+@@ -20029,7 +20029,7 @@ find_openssl_binary() {
+ # couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982.
+ # Now we try with another version of the config file and if it still fails we bail out.
+ if ! $OPENSSL version -d >/dev/null 2>&1 ; then
+- export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf"
++ export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/openssl.cnf"
+ if ! $OPENSSL version -d >/dev/null 2>&1 ; then
+ fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
+ else
+@@ -20850,7 +20850,7 @@ initialize_engine(){
+ else
+ # we have engine support. But we want to check whether an external OPENSSL_CONF was supplied.
+ # $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982
+- if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then
++ if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/openssl.cnf" ]]; then
+ prln_warning "For now I am providing the config file to have GOST support"
+ else
+ OPENSSL_CONF=$TEMPDIR/gost.conf
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..36269e1
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+allow_loading_config.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..4160468
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,19 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+%:
+ dh $@
+
+override_dh_auto_install:
+ install -D testssl.sh debian/testssl.sh/usr/bin/testssl
+
+override_dh_installchangelogs:
+ dh_installchangelogs CHANGELOG.md
+
+override_dh_auto_test:
+ # Disable test cases since it needs to connect to badssl.com, smtp-relay.gmail.com.
+ # prove -v
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 0000000..33c3a64
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,4 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..b368416
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: upstream-tests.sh
+Depends: @
diff --git a/debian/tests/upstream-tests.sh b/debian/tests/upstream-tests.sh
new file mode 100644
index 0000000..eea68eb
--- /dev/null
+++ b/debian/tests/upstream-tests.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+set -u
+
+export LC_ALL=C.UTF-8
+
+cp -av etc "$AUTOPKGTEST_TMP"
+cp -av t "$AUTOPKGTEST_TMP"
+
+cd "$AUTOPKGTEST_TMP"
+sed -i s@./testssl.sh@/usr/bin/testssl@g t/*.t
+
+# Only run tests 00-05 as others require network access.
+prove -v t/0[0-5]*
diff --git a/debian/testssl.sh.maintscript b/debian/testssl.sh.maintscript
new file mode 100644
index 0000000..e485b87
--- /dev/null
+++ b/debian/testssl.sh.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/testssl/client_simulation.txt 3.0~rc6+dfsg1-1~ testssl.sh
diff --git a/debian/testssl.sh.manpages b/debian/testssl.sh.manpages
new file mode 100644
index 0000000..23b0009
--- /dev/null
+++ b/debian/testssl.sh.manpages
@@ -0,0 +1 @@
+doc/testssl.1
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..a22f36c
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,5 @@
+---
+Bug-Database: https://github.com/drwetter/testssl.sh/issues
+Bug-Submit: https://github.com/drwetter/testssl.sh/issues/new
+Repository: https://github.com/drwetter/testssl.sh.git
+Repository-Browse: https://github.com/drwetter/testssl.sh
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..eb39430
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts=dversionmangle=s/\+dfsg\d?//,repacksuffix=+dfsg,uversionmangle=s/rc/~rc/ \
+https://github.com/drwetter/testssl.sh/tags .*/v?(.*).tar.gz