From 8635e1682b4a6645460ce4fb1f6e0ff27634e797 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 11 Dec 2017 09:43:08 +0000
Subject: [PATCH] CI configuration and Debian packaging

---
 .gitlab-ci.yml           | 37 +++++++++++++++++++++++++++++++++++++
 debian/changelog         |  5 +++++
 debian/compat            |  1 +
 debian/control           | 13 +++++++++++++
 debian/copyright         | 25 +++++++++++++++++++++++++
 debian/keystored.default |  1 +
 debian/keystored.service | 23 +++++++++++++++++++++++
 debian/postinst          | 16 ++++++++++++++++
 debian/rules             | 13 +++++++++++++
 debian/source/format     |  1 +
 10 files changed, 135 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 debian/changelog
 create mode 100644 debian/compat
 create mode 100644 debian/control
 create mode 100644 debian/copyright
 create mode 100644 debian/keystored.default
 create mode 100644 debian/keystored.service
 create mode 100755 debian/postinst
 create mode 100755 debian/rules
 create mode 100644 debian/source/format

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..f1f481ba
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,37 @@
+
+stages:
+  - build_src
+  - build_pkg
+  - upload
+
+build:src:
+  stage: build_src
+  image: "ai/build:stretch"
+  script: "build-dsc"
+  artifacts:
+    paths:
+      - build-deb/
+  only:
+    - master
+
+build:pkg:
+  stage: build_pkg
+  image: "ai/build:stretch"
+  script: "build-deb"
+  dependencies:
+    - build:src
+  artifacts:
+    paths:
+      - output-deb/
+  only:
+    - master
+
+upload:pkg:
+  stage: upload
+  image: "ai/pkg:base"
+  script: "upload-packages -r ai3"
+  dependencies:
+    - build:pkg
+  only:
+    - master
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 00000000..53c7d41a
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+keystore (0.1) unstable; urgency=medium
+
+  * Initial Release.
+
+ -- Autistici/Inventati <debian@autistici.org>  Mon, 11 Dec 2017 09:41:38 +0000
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 00000000..f599e28b
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 00000000..5bf4f3e4
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,13 @@
+Source: keystore
+Section: admin
+Priority: optional
+Maintainer: Autistici/Inventati <debian@autistici.org>
+Build-Depends: debhelper (>=9), golang-go, dh-systemd, dh-golang
+Standards-Version: 3.9.6
+
+Package: keystored
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: User private key server.
+ Stores user encryption keys in-memory for the session duration.
+
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 00000000..9050fd19
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,25 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: keystore
+Source: <https://git.autistici.org/id/keystore>
+
+Files: *
+Copyright: 2017 Autistici/Inventati <info@autistici.org>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
diff --git a/debian/keystored.default b/debian/keystored.default
new file mode 100644
index 00000000..54d99b80
--- /dev/null
+++ b/debian/keystored.default
@@ -0,0 +1 @@
+ADDR=:5006
diff --git a/debian/keystored.service b/debian/keystored.service
new file mode 100644
index 00000000..16dbdf68
--- /dev/null
+++ b/debian/keystored.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=User Private Key Store
+After=network.target
+
+[Service]
+User=keystored
+Group=keystored
+EnvironmentFile=-/etc/default/keystored
+ExecStart=/usr/bin/keystored --addr $ADDR
+Restart=always
+
+# Hardening
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 00000000..7ef13d5a
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+configure)
+    addgroup --system --quiet keystored
+    adduser --system --no-create-home --home /run/keystored \
+      --disabled-password --disabled-login \
+      --quiet --ingroup keystored keystored
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 00000000..b706a605
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+
+export DH_GOPKG = git.autistici.org/id/keystore
+export DH_GOLANG_EXCLUDES = vendor
+
+
+%:
+	dh $@ --with systemd --with golang --buildsystem golang
+
+override_dh_install:
+	rm -fr $(CURDIR)/debian/keystored/usr/share/gocode
+	dh_install
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 00000000..89ae9db8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
-- 
GitLab