From 12c19033a60504d397bbb8e341a2859f020e7ffd Mon Sep 17 00:00:00 2001
From: Lino Jorzick <lino@gruelag.de>
Date: Sun, 9 Oct 2022 23:57:11 +0200
Subject: [PATCH] Initial commit

---
 .gitignore                               |  7 ++++
 LICENSE                                  | 21 ++++++++++
 Makefile                                 | 49 ++++++++++++++++++++++++
 debian/control                           | 32 ++++++++++++++++
 debian/copyright                         | 29 ++++++++++++++
 debian/gruelag-keyring-data.iservinstall |  1 +
 debian/gruelag-keyring.iservinstall      |  4 ++
 debian/links                             |  1 +
 debian/prerm                             |  9 +++++
 debian/rules                             |  4 ++
 debian/source/format                     |  1 +
 keys/2022-10-10_F64A955C.pub             | 29 ++++++++++++++
 lintian/gruelag-keyring                  |  3 ++
 13 files changed, 190 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 LICENSE
 create mode 100644 Makefile
 create mode 100644 debian/control
 create mode 100644 debian/copyright
 create mode 100644 debian/gruelag-keyring-data.iservinstall
 create mode 100644 debian/gruelag-keyring.iservinstall
 create mode 100644 debian/links
 create mode 100755 debian/prerm
 create mode 100755 debian/rules
 create mode 100644 debian/source/format
 create mode 100644 keys/2022-10-10_F64A955C.pub
 create mode 100644 lintian/gruelag-keyring

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..24c8074
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+debian/.debhelper/*
+debian/gruelag-keyring/*
+debian/gruelag-keyring.debhelper.log
+debian/gruelag-keyring.substvars
+debian/files
+debian/debhelper-build-stamp
+gruelag.gpg
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..b7ec3ed
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Felix Jacobi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f4483b1
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,49 @@
+KEYRING = "gruelag.gpg"
+
+.PHONY: $(KEYRING)
+
+$(KEYRING):
+	$(eval GPGHOME := $(shell mktemp -d))
+	$(eval GPG := gpg --homedir $(GPGHOME))
+	@# ensure that there are no duplicate keys; this should help prevent
+	@# simple mistakes like accidentally exporting or copying the wrong key
+	@# from a smartcard
+	@if fdupes keys | grep -q .; \
+	  then \
+	    echo "ERROR! Duplicate keys!" >&2; \
+	    fdupes keys >&2; \
+	    exit 1; \
+	  fi
+
+	@# import all keys from keys/ into a new keyring
+	@$(GPG) --import keys/*.pub
+
+	@# remove the superfluous encryption/authentication subkeys that have
+	@# no relevance for APT whatsoever
+	@gpg --list-keys --with-colon | \
+	  awk -F: '$$1 == "pub" { print $$5 }' | while read i; \
+	  do \
+	    echo "removing superfluous subkeys of key $$i"; \
+	    echo y | $(GPG) --batch --command-fd=0 \
+	      --edit-key "$$i" "key 2" delkey save 2> /dev/null; \
+	    echo y | $(GPG) --batch --command-fd=0 \
+	      --edit-key "$$i" "key 1" delkey save 2> /dev/null; \
+	  done
+
+	@# export all public keys to classic GPG keyring (APT cannot unterstand
+	@# new-style GPG keyboxes)
+	@$(GPG) --output "$@" --export repository@gruelag.de
+
+	@# make exported keyring visible for dh_iservinstall3 (uses git ls-files)
+	@git add --intent-to-add --force "$@"; \
+
+	@chmod -v 0644 $@
+	@rm -f "$@"~
+
+	@# remove temporary GPG home
+	@rm -rfv "$(GPGHOME)";
+
+.PHONY: clean
+clean:
+	@rm -vf "$(KEYRING)"
+	@git add -A
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..3706532
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,32 @@
+Source: gruelag-keyring
+Section: misc
+Priority: optional
+Maintainer: Gruelag GmbH <buero@gruelag.de>
+Build-Depends: debhelper-compat (= 13),
+               dh-sequence-iserv,
+               dh-sequence-gruelag,
+               fdupes,
+               gpg
+Standards-Version: 4.5.0
+
+Package: gruelag-keyring
+Architecture: all
+Depends: gruelag-keyring-data, ${misc:Depends}, ${perl:Depends}
+Xb-Private-Iserv-Revision: ${iserv:Revision}
+Description: Gruelag GmbH: Öffentlicher Schlüssel
+ Dieses Paket fügt den öffentlichen Schlüssel des Repositorys der
+ Gruelag GmbH zum Schlüsselbund von APT hinzu.
+ .
+ Dieses Paket fügt die Schlüssel zum APT-Schlüsselbund hinzu.
+Tag: suite::iserv, role::data, admin::file-distribution, security::authentication
+
+Package: gruelag-keyring-data
+Architecture: all
+Depends: ${misc:Depends}, ${perl:Depends}
+Xb-Private-Iserv-Revision: ${iserv:Revision}
+Description: Gruelag GmbH: Öffentlicher Schlüssel (Daten)
+ Dieses Paket fügt den öffentlichen Schlüssel des Repositorys der
+ Gruelag GmbH zum Schlüsselbund von APT hinzu.
+ .
+ Dieses Paket enthält die Schlüsseldateien.
+Tag: suite::iserv, role::data, admin::file-distribution, security::authentication
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..9e295b6
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,29 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: gruelag-keyring
+
+Files: *
+Copyright: 2021 Felix Jacobi <felix.jacobi@gruelag.de>
+License: MIT
+
+Files: debian/*
+Copyright: 2021 Stadtteilschule Blankenese <repository@gruelag.de>
+License: MIT
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/debian/gruelag-keyring-data.iservinstall b/debian/gruelag-keyring-data.iservinstall
new file mode 100644
index 0000000..062bbd9
--- /dev/null
+++ b/debian/gruelag-keyring-data.iservinstall
@@ -0,0 +1 @@
+gruelag.gpg usr/share/iserv/security/apt-keys
diff --git a/debian/gruelag-keyring.iservinstall b/debian/gruelag-keyring.iservinstall
new file mode 100644
index 0000000..7ef6c86
--- /dev/null
+++ b/debian/gruelag-keyring.iservinstall
@@ -0,0 +1,4 @@
+LICENSE* usr/share/doc/gruelag-keyring
+lintian/gruelag-keyring usr/share/lintian/overrides
+X:Makefile
+X:keys/*
diff --git a/debian/links b/debian/links
new file mode 100644
index 0000000..a94a2a2
--- /dev/null
+++ b/debian/links
@@ -0,0 +1 @@
+usr/share/iserv/security/apt-keys/gruelag.gpg etc/apt/trusted.gpg.d/gruelag.gpg
diff --git a/debian/prerm b/debian/prerm
new file mode 100755
index 0000000..28a4e5b
--- /dev/null
+++ b/debian/prerm
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$1" = "purge" ] || [ "$1" = "remove" ]
+then
+  apt-key del 16974600
+  apt-key del 1C9E3AC2
+fi
+
+#DEBHELPER#
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..af745b3
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (git)
diff --git a/keys/2022-10-10_F64A955C.pub b/keys/2022-10-10_F64A955C.pub
new file mode 100644
index 0000000..3675df7
--- /dev/null
+++ b/keys/2022-10-10_F64A955C.pub
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGNDM9kBEACsbDenRcCNyDvGDX9/KkRjWimk6c5N28KGB447P33YE36Kn9KE
+/d4YbnoyhyET2oUdoqNWGBv4oVm1jpB6w4XQf32IH4CrZ/7ZWfMRzXTsYwUGWvE1
+huk3qiY0g6T9W+/akM+Cb+hDOTN/JGVFoLEs4i+KUjzQOKb6a5qoVswlTAiwmO8e
+Jk0wBqcK+qyezvFECIyQomyjerDFdSBVzC/FwVhazDk6i+R3mYHczlPfTrA8nIQV
+5K+tP+bQmafBAF1NT8iXPZIGtPyKcW2ovGSosTxPYcwQvTTgT6ZiUxBT/UVM2qNL
+7dff92+PcTCRPLFZW73h8Kc6xR1LkZ8bO2q9j8lz7sbhwWmXl1Z0PXbT3lfAu3No
+xSEbM33RRiehQ+E2D4daX2jT3G4i9fcdy82W/9BAX7zSovxiaVU9DsSy0HXV1Mh0
+swjEwizD/wX4G2lAUxeFsTUFKqdepdSbWemBEJ7+yrp12n1onmgpKzrtoDLt2ix0
+8bnFrT+qVLMSaXRvZvLwoPFaHQnrg4C/u3GYmunjpBuz7HqfIHJ1ByrXiHFKpHRD
+vjtMC2Z2BXow1Le4m3fg6hgQA4bTE/eTBixqEXDCaIGnOOZETArYrYa87MLga0qI
+pvlPKQzSaGGN4ZtDRNlMSXcEF2DzSbkPAS6eeqHZV5ypnWdk0/EXAQ5oLwARAQAB
+tC1HcnVlbGFnIEdtYkggKFNpZ25pbmcgS2V5KSA8YnVlcm9AZ3J1ZWxhZy5kZT6J
+AlQEEwEKAD4WIQTUgno2Xy17mnHt/To5Yizy9kqVXAUCY0Mz2QIbAwUJB4TOAAUL
+CQgHAwUVCgkICwUWAwIBAAIeBQIXgAAKCRA5Yizy9kqVXLQ/D/43dZC8QTWSDzxl
+rZT6HxC1z9PWsvF5lb6KyIGs84HVKiWf8Qv3NPr7oRANcucJTUJ7VpT+OQFxQWuf
+XppagWodTszIF9+uZ0w/sYbWs3uAYS+i2xkzo9n1vgv18yyZrd15V6C7/RORde3E
++OEn0L2e6k3WZlKemSCuzB+EZuQ2Y5FleLOrqFlw70kcJ7E8KhAgEAGA4fKnp6jq
+bNL4GOeXVAZQLx65koVlE9kmDX6WTsks2yLhOfjeo61RofuYauxJEM5tGmXZQaPv
+qIe8vCKt3Tm80LUGxlPYnmz4zTvLe1NI3NtmeoqzFjByZ+tLkqeUZY8xllcsKK66
+RmxPILMlIavD2M4nPlGURpYXsbCjC5izQQuQzPGB03LSBHDFDo/bSnQzQmt/3Kfz
+UqRqbBaM6k4Y62yDN6oR9hdcTvqSyC/sKHNS3v5fDkJoVg/AaU+Rs81wqBE3XMiR
+VKbppLhpdOQAVjWXpzv/uzIYfsA6O6a3w5R/fVH9fV3ONdLVj74Gc2A+fUn2/uo4
+Mpl4bPUuy74ueVOs7ilw1X2OsLwNu7ObTCSmdbUNApRLH/UCb1DIqPNo1Kzw/9yW
+hxDGJZZB3+h3qUoTb1RwfvvSHrAzObHlS+fEin/M5+/dS823vlCvSMNfF7XGeYpI
+OUH8O9kl1PowF1qCS2kR+mgY4VtBcg==
+=sS+8
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/lintian/gruelag-keyring b/lintian/gruelag-keyring
new file mode 100644
index 0000000..1d5ff52
--- /dev/null
+++ b/lintian/gruelag-keyring
@@ -0,0 +1,3 @@
+# by design
+gruelag-keyring: extra-license-file usr/share/doc/gruelag-keyring/LICENSE
+gruelag-keyring: package-installs-apt-keyring etc/apt/trusted.gpg.d/gruelag.gpg