Import Debian changes 4.21-1
pollen (4.21-1) sid; urgency=medium
* first upload to Debian
* debian/control: use dh11
* debian/control: set standard to 4.3.0
* debian/control: remove anerd mentions
* debian/copyright: use https for copyright-format-uri
* debian/rules: dh11 does not allow "--with systemd"
* remove deprecated upstart init files
* remove unused overrides
pollen (4.21-0ubuntu1) yakkety; urgency=medium
* check_pollen:
- note the number of short bytes in the error log message
pollen (4.20-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
* rebuild the packages for upload
pollen (4.19-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
pollen (4.18-0ubuntu1) wily; urgency=medium
* pollen.go:
- add the "available" word to the log
pollen (4.17-0ubuntu1) unstable; urgency=medium
* debian/pollen.postrm:
- clear out certificates on purge
* debian/pollen.default:
- quote the variable definition, for consistency
* debian/pollen.postinst:
- fix ssl cert generation, country must be <2 chars
* debian/pollen.service:
- put braces around environment variables; required to work at all
* pollen.go, usr.bin.pollen:
- log the entropy bits before and after the transaction
pollen (4.16-0ubuntu1) vivid; urgency=medium
[ Matthias Klose ]
* debian/control:
- Build everywhere
pollen (4.15-0ubuntu1) vivid; urgency=medium
[ Didier Roche ]
* debian/control, debian/pollen.service, debian/rules:
- Add systemd unit, following similar restart on failure and device
checking logic
- Bump Standards-Version
pollen (4.14-0ubuntu1) vivid; urgency=medium
* pollen.go: LP: #1383738
- remove SSLv3 support
pollen (4.13-0ubuntu1) vivid; urgency=medium
* debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules:
- LP: #1386052
- add a new upstart job that restarts pollen any time the rsyslog server
is restarted
- this is necessary to work around a bug in the golang syslog library
where syslog restarts break logging
+ https://code.google.com/p/go/issues/detail?id=2264#c8
pollen (4.12-0ubuntu1) utopic; urgency=medium
* debian/control:
- recommend rng-tools; we can do this, since pollen is in universe
* debian/pollen.postinst:
- minor change to the default self-signed cert; use 'localhost'
for the hostname; this is useful for testing pollinate against
the localhost with a self-signed cert
* README:
- update docs; pollinate no longer runs daily by default
* README:
- update some docs
* check_pollen:
- ensure that the nagios check catches log failures
pollen (4.11-0ubuntu1) trusty; urgency=medium
* pollen_test.go:
- fix FTBFS
- hardcode device to /dev/urandom in unit tests, otherwise, our
entropy starved vm-based builders will fail the unit tests
and fail the build
pollen (4.10-0ubuntu1) trusty; urgency=low
* debian/control, debian/pollen.default, pollen.go, usr.bin.pollen:
- LP: #1293958
- suggest rng-tools (universe), which is needed to leverage tpm for
/dev/random entropy
- change default entropy source for pollen server to /dev/random
- update inline configuration documentation to reflect reality
- add rw of /dev/random to our apparmor whitelist
pollen (4.9-0ubuntu1) trusty; urgency=low
* debian/rules: LP: #1288807
- fix FTBFS, build using golang 'go build' rather than gccgo
pollen (4.8-0ubuntu1) trusty; urgency=low
[ JuanJo Ciarlante and Dustin Kirkland ]
* check_pollen:
- use the new -t|--testing flag, to verify communications with the
server, runable as a non-privileged user, but not affecting the
local PRNG
pollen (4.7-0ubuntu1) trusty; urgency=low
[ John Arbash Meinel ]
* .gitignore, pollen.go, pollen_test.go:
- This changes the 'handler' from being just a func() using global
state to being a struct with local state.
- It then moves the things like dev and log to being members of the
struct, with interfaces that let us override them in the test suite.
- It then adds a bunch of tests about how we handle failures, errors,
logging, the size flag, etc.
- The interfaces also mean that we won't try to spam syslog while running
the test suite.
- Another small change is that if you do:
pollen -https-port=""
Then it won't try to bind to the HTTP port with a cert.
- Since I'm not the official source for pollen, it helped for testing at
least the HTTP requests manually.
- This also fixes the help text for "-size" since it doesn't actually
change how much content we send on the wire, but how much content we
read from /dev/urandom (but it adds tests for that fact).
- go fmt, and some formatting tweaks
- actually do the right formatting
- use microsecond timing (ms was always 0)
- capture the length of time serving requests takes
[ Dustin Kirkland ]
* pollen.go:
- put brackets around request length of time value
pollen (4.6-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go:
- Require the challenge query-string param to be provided
- don't create the random device, if it doesn't exist
[ Dustin Kirkland ]
* pollen_test.go:
- update test to handle required challenge string
* pollen.go:
- incorporate feedback from Adam Langley
- catch errors reading the random device
- add a note as to why we're checksumming the random seed
- update message when challenge empty
[ Caleb Spare and Dustin Kirkland ]
* debian/pollen.upstart, pollen.8, pollen.go:
- Use flags rather than positional arguments, and plumb bytes argument
through
[ Dustin Kirkland and Matt Croydon ]
* debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
- add support for specifying the TLS cert and key as command line
flags
pollen (4.5-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go, pollen_test.go:
- Bring naming in line with Go conventions
- Use shorter parameter names for an http.HandlerFunc
- Remove an unnecessary string conversion
- Print useful error if wrong arguments are given rather than crashing
- Don't ignore errors
- Rename http[s]Port to http[s]Addr for accuracy
- Handle errors starting the http servers
- Change some naming in the test
- Read from the provided device rather than always /dev/urandom
pollen (4.4-0ubuntu1) trusty; urgency=low
[ Casey Marshall ]
* debian/control, debian/rules, Makefile, pollen.go, pollen_test.go:
- add unit tests for pollen server
[ Dustin Kirkland ]
* debian/pollen.lintian-overrides:
- override expected Lintian gripes
pollen (4.3-0ubuntu1) trusty; urgency=low
* check_pollen:
- ensure that the nagios script uses the -r|--reseed option
pollen (4.2-0ubuntu1) trusty; urgency=low
* pollen.go:
- remove redundant line
* README:
- remove deprecated bit of documentation
pollen (4.1-0ubuntu1) trusty; urgency=low
* debian/control:
- build on amd64 and i386 only
- these are the only builds I've been able to confirm when building
with golang-go
- note that this undoes the fix for LP: #1274074, but that's the
way it has to be, until either golang-go supports more architectures
or gccgo doesn't suck
pollen (4.0-0ubuntu1) trusty; urgency=low
* check_pollen, debian/control, debian/copyright,
debian/pollinate.default, debian/pollinate.install,
debian/pollinate.manpages, debian/pollinate.postinst,
debian/pollinate.postrm, debian/pollinate.upstart,
entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1:
- split pollen and pollinate into separate projects and packages
- re-enable the pollen build
pollen (3.17-0ubuntu1) trusty; urgency=low
* pollinate:
- improve kernel debug info
* debian/control, debian/pollen.install, Makefile:
- TEMPORARILY disabling the building of pollen, until
either gccgo or golang-go get promoted to main
- this should be reverted as soon as a go compiler
is available as a build dep
pollen (3.16-0ubuntu1) trusty; urgency=low
* pollinate:
- minor standardization of the user agent string
pollen (3.15-0ubuntu1) trusty; urgency=low
* debian/control: LP: #1274074
- build on any architecure, now that we build with gccgo
pollen (3.14-0ubuntu1) trusty; urgency=low
* debian/pollinate.postinst:
- fix order of operations, packaging breakage
pollen (3.13-0ubuntu1) trusty; urgency=low
* README:
- fix more minor typos
- explain "did some work"
* debian/rules, Makefile:
- fix the build for gccgo
- must use the -g parameter
- don't strip binaries
- these are ugly, but are the result of gccgo vs golang-go
* pollinate:
- remove unused variable $cmd
* debian/pollinate.upstart:
- our upstart job should start on starting cloud-init, to ensure that
we get run before generating SSH keys
* debian/pollinate.install, debian/pollinate.postrm, pollen.go,
pollinate, pollinate.cron.d, README:
- drop the tag and cronjob per feedback from sarnold in the code audit
in LP: #1246098
* debian/pollinate.default, pollinate:
- add helpful debug info to user agent, similar to chrome and firefox,
* debian/pollinate.postinst, debian/pollinate.postrm,
debian/pollinate.upstart, pollinate, pollinate.1:
- use a pollinate user, rather than the daemon user
- by default, only run pollinate once per system instantiation
- offer reseeding as an option, though
* debian/control:
- need to depend on adduser
pollen (3.12-0ubuntu1) trusty; urgency=low
* README:
- minor documentation feedback from Kees Cook
- note that pollen servers can of course be run internally
* debian/control:
- clean up package descriptions a bit
pollen (3.11-0ubuntu1) trusty; urgency=low
* README:
- updates to the README
* debian/copyright, pollinate:
- the client should really be GPLv3, rather than AGPL
* debian/copyright:
- point to the local copy of GPLv3 license
pollen (3.10-0ubuntu1) trusty; urgency=low
* debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
- have each client choose a random time of day to reseed,
at first run, rather than at package installation time
- this requires a very clever hack(!)
- install a "template" at /etc/cron.d/pollinate, with __MINUTE__
and __HOUR__ symbols that should be replaced by the client,
at first run
- cron requires that /etc/cron.d/pollinate be owned by root
- ideally we'd run the pollinate script as a non-root user (ie, daemon),
by specifying the daemon user in upstart and in the cronjob
- but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
- so here's the hack...
+ the upstart job installed by the package has "setuid root"
+ on its first run (which will be either at package install time, or
at boot), it will run as root and: a) update the cronjob to a random
time, and b) update the upstart job to run as daemon
+ woot
+ this works because both are conffiles
* debian/pollen.postinst, debian/pollinate.postinst,
debian/pollinate.postrm, pollinate:
- use /var/cache/pollinate, rather than /var/lib/pollinate
- this should make it more obvious that this data can be cleared out,
and should be cleared out, on re-bundles or snapshots and reimages
* debian/control, Makefile:
- switch from golang-go to gcc-go, so that we can get this source
package into Ubuntu main
* pollinate, pollinate.1:
- separate the pool and the server variables
* debian/control:
- no need to depend on bsdutils, it's essential
- pollen depends on adduser
* usr.bin.pollen:
- update apparmor profile to allow reading of /usr/bin/pollen
- oddly, this was introduced when switching compilers
* debian/copyright:
- lintian/dep5 cleanup
pollen (3.9-0ubuntu1) trusty; urgency=low
* debian/pollinate.default:
- don't use quiet by default, do use binary
* pollinate:
- save ourselves an unneeded fork
* debian/control:
- drop haveged as a suggests
* debian/pollinate.default, debian/pollinate.install,
entropy.ubuntu.com.pem:
- install entropy.ubuntu.com.pem's certificate and intermediate
chain, to get rid of --insecure curl option
* debian/control, pollinate:
- log to the system log, using the logger utility
- add a final message, noting successful (re-)seed
- have pollinate depend on bsdutils, which provides logger
pollen (3.8-0ubuntu1) trusty; urgency=low
* debian/pollinate.default, debian/pollinate.postinst,
debian/pollinate.upstart, pollinate:
- fix the (broken) options setting in the pollinate default file
- change the tag creation to happen during the pollinate runtime,
rather than at package installation; this makes it more useful
for downstreams and remixes of Ubuntu
- ensure the daemon user owns the /var/lib/pollinate directory
- run the pollinate upstart script as the daemon user
* debian/pollinate.cron.d, debian/pollinate.postinst,
debian/pollinate.postrm:
- run the pollinate cronjob (reseed) once per day, rather than once
per hour
- purge pollinate files more effectively
pollen (3.7-0ubuntu1) trusty; urgency=low
* debian/control:
- demote haveged to suggests, based on feedback from Seth Arnold
in LP: #1246098
* pollinate:
- ensure both -c and -i can be used, without losing CURL_OPTS,
as identified by Seth Arnold in LP: #1246098
* pollinate:
- drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098
* debian/pollen.postinst:
- use pollen as our fake email address, suggested by Seth Arnold
in LP: #1246098
* debian/pollinate.cron.d:
- add notes in the comments about NIST DRBG Special Publication 800-90A
recommendations on reseeding
- add notes in the comments about why we choose a random minute
- fix a bug, that was causing the cronjob to run far more frequently
than desired
- Addresses some issues raised by Seth Arnold in LP: #1246098
* debian/pollen.upstart, pollen.8, pollen.go:
- add DEVICE as the 3rd argument to the pollen server in the upstart
script
- test that DEVICE is a special in upstart
- document that the DEVICE is now a required argument
* debian/pollen.install, Makefile, pollen:
- build static binary at package build time, rather than dynamically
compiling at each run, per feedback from Seth Arnold in LP: #1246098
- use a very simple, basic Makefile
* debian/control:
- move golang-go to a build-dependency, rather than a runtime dependency
* debian/control, debian/pollen.postinst, debian/pollen.postrm,
debian/pollen.upstart:
- create a new user, pollen:daemon, in the postinst, remove in postrm
- depend on libcap2-bin, which provides setcap
- use setcap to allow the pollen binary to bind to privileged ports
- run the pollen daemon as the pollen user
- per feedback from Seth Arnold in LP: #1246098
* debian/pollen.upstart:
- use setuid in upstart to run the pollen daemon as the pollen user
* debian/pollen.postinst:
- change pollen user's shell to /bin/false
* debian/control, debian/pollen.install, debian/pollen.postinst,
debian/rules, usr.bin.pollen:
- add an apparmor profile for the pollen server, per suggestion
by Seth Arnold in LP: #1246098
- big thanks to Jamie Strandboge and Seth Arnold for assistance
* debian/pollinate.postinst:
- these chowns are not necessary; thanks for catching Michael Terry
in LP: #1246098
* debian/control: LP: #1259014
- have the pollen server depend on ent, which is used by the
check_pollen nagios script
pollen (3.6-0ubuntu1) trusty; urgency=low
* pollinate:
- remove sourcing of an rc config file from $HOME, per security
review from Seth Arnold
* pollinate.1:
- update documentation to note that multiple servers can be specified
on the command line
* debian/pollinate.default:
- use the entropy.ubuntu.com beta site for testing
- note that we're specifying the --insecure option here, as this is
very much a work in progress
* debian/pollinate.upstart:
- start pollinate when we have networking up and running, or
when we start ssh
* pollen.go:
- drop the nanosecond timestamp collection on the server
- a good server should have real entropy hardware, and a busy server
will have network traffic entropy already captured by the kernel
- Suggestion by Seth Arnold in a security review
* debian/pollen.default, pollinate:
- drop timestamp based salting, not terribly valuable
- per security review by Seth Arnold
* pollinate:
- drop unused $bin variable
pollen (3.5-0ubuntu1) trusty; urgency=low
* README:
- enhance and update design documentation
* debian/copyright:
- update to DEP-5 format
pollen (3.4-0ubuntu1) saucy; urgency=low
* check_pollen, debian/control:
- improve the nagios check
- warn if:
+ insufficient bytes are retrieved
+ less than 5-bits-per-byte of entropy are calculated
+ an out of whack arithmetic mean
- have pollen server recommend ent, which is used by the nagios check
pollen (3.3-0ubuntu1) saucy; urgency=low
* pollen-nagios-check:
- added nagios check script
* check_pollen, debian/pollen.install:
- rename check script and install in nagios plugins directory
pollen (3.2-0ubuntu1) saucy; urgency=low
* README:
- update design documentation
* pollinate, pollinate.1:
- support printing random seed to standard out
- useful for debugging
- add a -q|--quiet option to silence log messages
* pollinate, pollinate.1:
- add an option for binary data output
* debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
- re-enable support for both encrypted and non-encrypted connections
- use a go subroutine to serve both out of the same process
- document these changes
- default to 80 and 443, allow admin to override easily via config
* debian/control:
- update package descriptions
* pollinate:
- default to, but do not force, https
pollen (3.1-0ubuntu1) saucy; urgency=low
* pollen.go
- use a global for the dev writer
- write a few more timestamps into the mix during the response
handler
- change logging verbiage
* pollinate:
- use a single temp directory, rather than multiple temp files
- use a trap to cleanup the temp directory
- uptdate the logging verbiage
- use an etc default file if available
* debian/pollen.default:
- drop "TCP_" in the TCP_PORT variable
* pollen.go:
- just use two timestamps
* pollinate:
- improve usability; prepend https
* debian/pollinate.cron.d, debian/pollinate.default,
debian/pollinate.upstart, pollinate, pollinate.1:
- use an upstart job, rather than an @reboot cronjob,
to do the initial prng seeding
- fix the default config file
pollen (3.0-0ubuntu1) saucy; urgency=low
* anerd, anerd-server-tcp.1 => anerd-server.1, anerd-server-tcp =>
anerd-server, anerd-server-tcp.go => anerd-server.go, anerd-server-
udp.1, anerd-server-udp.c, configure.ac, debian/anerd-
client.default, debian/anerd-server.anerd-server-tcp.upstart =>
debian/anerd-server.upstart, debian/anerd-server.anerd-server-
udp.upstart, debian/anerd-server.default, debian/anerd-
server.install, debian/anerd-server.manpages, debian/control,
debian/rules, Makefile.am:
- completely deprecate the UDP operation of both the client and
the server
- the TLS server over TCP is the only supported protocol going
forward
- this will necessitate a major version bump
* anerd.1 => pollinate.1, anerd => pollinate, anerd-server.1 =>
pollen.8, anerd-server.go => pollen.go, anerd-server => pollen,
ChangeLog, debian/anerd-client.cron.d => debian/pollinate.cron.d,
debian/anerd-client.default => debian/pollinate.default,
debian/anerd-client.install => debian/pollinate.install,
debian/anerd-client.manpages => debian/pollinate.manpages,
debian/anerd-client.postinst => debian/pollinate.postinst,
debian/anerd-client.postrm => debian/pollinate.postrm, debian/anerd-
server.default => debian/pollen.default, debian/anerd-server.install
=> debian/pollen.install, debian/anerd-server.manpages =>
debian/pollen.manpages, debian/anerd-server.postinst =>
debian/pollen.postinst, debian/anerd-server.upstart =>
debian/pollen.upstart, debian/control, debian/copyright,
img/anerd_14.png, img/anerd_192.png, img/anerd_64.png,
img/anerd.png, initramfs/hooks/anerd-client-udp,
initramfs/scripts/init-bottom/anerd, NEWS, README, === removed
directory initramfs, === removed directory initramfs/hooks, ===
removed directory initramfs/scripts, === removed directory
initramfs/scripts/init-bottom:
- rename anerd server/client to pollen / pollinate
to reflect that this data is intended to "seed" a random
number generator
* debian/control, debian/pollen.manpages:
- package maintenace for package/project rename
- move manpage to section 8
* pollen.8, pollinate, pollinate.1:
- documentation updated
* debian/control, pollen.8, pollinate:
- update some documentation and descriptions
* img/pollen_14.png, img/pollen_192.png, img/pollen_64.png:
- added new pollen logos
* debian/control:
- drop suggests
anerd (2.4-0ubuntu1) saucy; urgency=low
* anerd-client-tcp.go:
- deprecated, use the shell (curl) one for better timestamping
salt
* anerd-server-tcp.go:
- log user-agent and nanosecond timestamp
* anerd, anerd-server-tcp.go:
- rename "tip" to "challenge", use for challenge/response
- verify challenge/response, to ensure personalized communication
* anerd:
- use a common logging function throughout
* anerd-server-tcp.go:
- open syslog only once
* anerd, debian/control:
- lower socat to a suggests, while still requiring curl
- dynamically check for socat/curl and error appropriately
- update package description
- recommend haveged on the server
* debian/anerd-server.default:
- do not run the UDP, by default; local admin can enable by
setting a port in /etc/default/anerd-server
* anerd, anerd-server-tcp.go, debian/anerd-client.postinst,
debian/anerd-server.postrm:
- rename uuid to tag
- generate on package install, remove on purge
* anerd, debian/anerd-server.postrm => debian/anerd-client.postrm:
- silence search for helper utilities
- fix maintainer script name
* anerd:
- silence missing tag error messages for now
anerd (2.3-0ubuntu1) saucy; urgency=low
[ Matthias Klose ]
* debian/control: LP: #1139188
- Don't build anerd-server on powerpc (no golang-go, prevents
migration from raring-proposed to raring).
anerd (2.2-0ubuntu1) saucy; urgency=low
* === added directory img, img/anerd_14.png, img/anerd_192.png,
img/anerd_64.png, img/anerd.png:
- added icons
* anerd-server-tcp.go:
- gofmt
* anerd-server-tcp.go:
- make this code more go-like, after some code review with Tim Penney
* anerd-server-tcp.go:
- drop unnecessary json formatting
anerd (2.1-0ubuntu1) saucy; urgency=low
* anerd-client-tcp.go:
- default to anerd.us
* anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/anerd-
client.default:
- anerd.us is now serving on 443
* anerd, anerd-server-tcp.go:
- add syslog logging to the anerd tcp server
- use post for the tip from the anerd tcp client
* anerd, debian/control:
- use uuidgen -r for uuid and tip
* anerd, anerd-server-udp.c:
- add UDP to syslog messages
- fix uuid related typo
- add --insecure option
* anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/control:
- use sha512sum rather than uuidgen
* anerd, debian/anerd-client.cron.d:
- run at reboot, and hourly thereafter
- shorten some function names
* debian/anerd-client.cron.d, debian/anerd-client.postinst:
- randomize the hourly cronjob to distribute load on the
server, if possible
* debian/control:
- fix a lintian annoyance
* anerd, anerd-server-tcp.go, anerd-server-udp.c:
- drop byte counts in logging, as these can be misleading
* anerd-server-tcp.go:
- salt data with nanosecond timestamp
anerd (2.0-0ubuntu1) saucy; urgency=low
* anerd-tcp.go:
- pretty print the json
* anerd-client, anerd-client.1, anerd-tcp, anerd-tcp.1, anerd-tcp.go,
anerd-udp.1, anerd-udp.c, debian/anerd-server.anerd-tcp.upstart,
debian/anerd-server.anerd-udp.upstart, debian/control:
- drop the "asynchronous" part of aNerd, this really isn't
necessary in the description anymore
* anerd-tcp.go:
- reduce the default size to 64 bytes, which is sufficient to seed
any random number generator
* anerd-tcp.go, debian/anerd-server.default:
- change the default size to 64 bytes
- add some notes in the comments in the configuration file
- always uses TLS encryption for the TCP implementation
* anerd-tcp.1 => anerd-server-tcp.1, anerd-tcp => anerd-server-tcp,
anerd-tcp.go => anerd-server-tcp.go, anerd-udp.1 => anerd-server-
udp.1, anerd-udp.c => anerd-server-udp.c, debian/anerd-server.anerd-
tcp.upstart => debian/anerd-server.anerd-server-tcp.upstart,
debian/anerd-server.anerd-udp.upstart => debian/anerd-server.anerd-
server-udp.upstart, debian/anerd-server.install, debian/anerd-
server.manpages, debian/rules, Makefile.am:
- rename anerd-tcp to anerd-server-tcp
- rename anerd-udp to anerd-server-udp
* debian/anerd-client.default:
- change to the new anerd.us server, which supports TCP, TLS, and UDP
* anerd, anerd-client, anerd-client.1 => anerd.1, anerd-client-tcp.go,
anerd-server-tcp, debian/anerd-client.cron.d, debian/anerd-
client.default, debian/anerd-client.install, debian/anerd-
client.manpages, debian/anerd-server.anerd-server-tcp.upstart,
debian/anerd-server.install, debian/control, initramfs/hooks/anerd-
client => initramfs/hooks/anerd-client-udp, initramfs/scripts/init-
bottom/anerd-client => initramfs/scripts/init-bottom/anerd,
Makefile.am:
- major rework of client, combine udp/tcp clients into a single
shell script
* anerd, anerd-client-tcp.go, anerd-server-tcp, anerd-server-tcp.go,
anerd-server-udp.c, COPYING, debian/copyright,
initramfs/scripts/init-bottom/anerd:
- changed license back to AGPL
* debian/anerd-client.default, debian/anerd-server.default:
- deprecate hash as a configurable; use sha512sum
* anerd:
- use socat in verbose mode, to add more timestamps to the log
- hash the timestamped log output
* debian/control:
- bump standards
anerd (1.4-0ubuntu1) raring; urgency=low
[ Dustin Kirkland ]
* anerd-tcp.go:
- add a very small, basic anerd-tcp server
- clean up via gofmt
* anerd-client:
- count the number of bytes received correctly using a tmpfile
- adjust info messages slightly
* anerd.c:
- drop crc from logging, change messages to info from debug
* debian/anerd-client.default:
- default to anerd.gazzang.net now that its up for good
* anerd-tcp, anerd-tcp.go, debian/anerd-tcp-common.install,
debian/anerd-tcp.postinst, debian/anerd-tcp.upstart, debian/anerd-
web.upstart, debian/control:
- create two small packages, one to launch anerd-tcp->80 and
anerd-tcp->443
+ both depend on anerd-tcp-common, which provides the go script
- add a postinst that generates a self-signed cert if there is none;
obviously, one would want to replace these with real certs if
security matters to you
- create two upstart scripts that start the web service on each port
+ means you can install one, or the other, or both
* anerd-client, debian/anerd-client.default:
- fix communication with remote servers
- make the wait time configurable, 0.1s by default
- only broadcast when no specific servers are specified
- add message on broadcast bytes sent
* anerd-tcp:
- add interpreter
* anerd-tcp.1, debian/anerd-tcp-common.manpages:
- add documentation
* anerd-tcp.go:
- ensure that we read enough bytes
* anerd.1 => anerd-udp.1, anerd.c => anerd-udp.c, anerd-web.1 =>
anerd-tcp.1, anerd-web => anerd-tcp, anerd-web.go => anerd-tcp.go,
debian/anerd-server.anerd-udp.upstart, debian/anerd-server.default,
debian/anerd-server.install, debian/anerd-server.manpages,
debian/anerd-server.upstart => debian/anerd-server.anerd-
tcp.upstart, debian/anerd-web-common.install, debian/anerd-web-
common.manpages, debian/anerd-webs.postinst => debian/anerd-
server.postinst, debian/anerd-webs.upstart, debian/anerd-
web.upstart, debian/control, debian/rules, Makefile.am:
- rename the C program to anerd-udp
- create separate upstart scripts for anerd-tcp and anerd-udp
- update documentation
- drop anerd-web* packages
* debian/anerd-client.postinst, debian/control, debian/anerd-client.install:
- keep the initramfs code, but don't automatically update the initramfs
for now, as this can render a machine without networking unbootable;
re-enable this when we have a workaround for that
* debian/anerd-server.postinst:
- fix typo
[ Hector Acosta ]
* anerd.c:
- Only call srandom() once
anerd (1.3-0ubuntu1) raring; urgency=low
* anerd.1, anerd.c, anerd-client, anerd-client.1, AUTHORS,
debian/anerd-server.upstart, debian/copyright:
- updated email addresses and author information
anerd (1.2-0ubuntu1) raring; urgency=low
[ Dustin Kirkland ]
* debian/control, debian/cron.d:
- use run-one for cronjob
* anerd-client:
- clean up client, make more modular, remove some variables, uses pipes
to keep everything in memory
* debian/anerd-client.install, debian/anerd-server.install,
debian/control, debian/copyright, debian/cron.d => debian/anerd-
client.cron.d, debian/default => debian/anerd-client.default,
debian/upstart => debian/anerd-server.upstart:
- split package into a server and client package, with a meta
package depending on both
* anerd.1, anerd-client.1:
- manpage fixes
* debian/anerd-client.cron.d, debian/anerd-client.default:
- add some inline documentation
- use the default file for setting defaults (ie, uncomment)
* debian/control:
- bump standards
* debian/anerd-server.manpages, debian/manpages => debian/anerd-
client.manpages, Makefile.am:
- install manpages (perhaps there's a better automake way of doing this?)
* anerd.c:
- rename "sum" to "crc"
* debian/anerd-server.upstart:
- upstart needs to expect the fork
- upstart does not need to sudo to the daemon user because anerd does
this automatically
* anerd-client:
- use a $cmd variable populated with correct parameters
* anerd-client, debian/control:
- reluctantly add support for netcat
* anerd-client, anerd-client.1:
- use a default file for configuration
* anerd-client:
- emulate the syslog printing from the server
[ Wesley Wiedenmeier ]
* anerd.c, anerd-client, debian/default:
- add ipv6 support
* anerd.1, anerd.c, anerd-client.1, debian/manpages:
- added manpages
- dropped unused global
anerd (1.1-0ubuntu1) quantal; urgency=low
* anerd.c:
- define the default total exchange size
- also define and use a default payload size
- break up the total exchange to a bunch of smaller payloads, to increase
the randomness of UDP packet ordering and timing
- improve some inline documentation
- lower logging to debug from info
- allocate an extra byte for the data binary string
- use a separate pointer for segmenting and moving through the data string
- no need for null-bytes, since binary data could have null bytes within
- alphabetize includes
- change perrors to syslog errors
- move daemon() function
* Makefile.am:
- fix up the build, clean out the binary and log files
* anerd.c, anerd-client, debian/control, debian/cron.d,
debian/default, debian/install, Makefile.am:
- drop the anerd client in the C program entirely
- the C program is now the server exclusively
- add a bash script client, which can loop over a pool of anerd servers,
and broadcast to the local network
- recommend the socat package/utility, which is used to broadcast to the
local network from the bash script
- add a cron job to run the anerd-client regularly
- add a default configuration file for configuring the pool and other
tunables
- remove the unnessary install file
anerd (1.0-0ubuntu1) quantal; urgency=low
[ Dustin Kirkland ]
* initial release
* === added directory debian, === added directory debian/source,
anerd, debian/compat, debian/control, debian/copyright,
debian/install, debian/rules, debian/source/format, debian/upstart:
- added packaging
* anerd, anerd.conf, debian/install, debian/upstart:
- add a configuration file
- run as daemon (non-root) user
* anerd.c, AUTHORS, ChangeLog, configure.ac, COPYING,
debian/copyright, debian/upstart, INSTALL, Makefile.am, NEWS,
README:
- ported from python to C
- added autoconf/automake build
- changed license from GPLv3 to Apache2.0 for portability to other
UNIX platforms
* anerd.conf, debian/control, debian/install, debian/upstart:
- drop conf file, add options to upstart script
- update build deps
* anerd.c:
- use syslog, open files/sockets only once per fork
- catch all responses to a client broadcast
- use a common function for salt calculation
- implement a very simple checksum of random data
- use uint64_t for platform compatibility
- add entropy to pool in client read
- simplify salt generation
- simplify log printing
- whitespace changes only, 80 char width
* debian/install:
- drop installation of default file
[ Wesley Wiedenmeier ]
* anerd.c:
- use getopt for command line parsing
- Modified code to fork twice then kill the parent process,
freeing the terminal that spawns the daemons, added daemonize()
function to safely daemonize the program.
- Improved entering into daemon status by moving daemon() call to
after intilization of server and client, so that errors
encountered in intilization are written to the terminal.
Thorsten Alteholz
4 years ago
0 | pollen (4.21-1) sid; urgency=medium | |
1 | ||
2 | * first upload to Debian | |
3 | * debian/control: use dh11 | |
4 | * debian/control: set standard to 4.3.0 | |
5 | * debian/control: remove anerd mentions | |
6 | * debian/copyright: use https for copyright-format-uri | |
7 | * debian/rules: dh11 does not allow "--with systemd" | |
8 | * remove deprecated upstart init files | |
9 | * remove unused overrides | |
10 | ||
11 | -- Thorsten Alteholz <debian@alteholz.de> Tue, 05 Feb 2019 18:25:58 +0100 | |
12 | ||
13 | pollen (4.21-0ubuntu1) yakkety; urgency=medium | |
14 | ||
15 | * check_pollen: | |
16 | - note the number of short bytes in the error log message | |
17 | ||
18 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:58 -0700 | |
19 | ||
20 | pollen (4.20-0ubuntu1) wily; urgency=medium | |
21 | ||
22 | * debian/pollen.upstart: LP: #1505473 | |
23 | - remove typo in the upstart config which was preventing the service from starting | |
24 | * rebuild the packages for upload | |
25 | ||
26 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:54 -0700 | |
27 | ||
28 | pollen (4.19-0ubuntu1) wily; urgency=medium | |
29 | ||
30 | * debian/pollen.upstart: LP: #1505473 | |
31 | - remove typo in the upstart config which was preventing the service from starting | |
32 | ||
33 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:21:08 -0700 | |
34 | ||
35 | pollen (4.18-0ubuntu1) wily; urgency=medium | |
36 | ||
37 | * pollen.go: | |
38 | - add the "available" word to the log | |
39 | ||
40 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 09 Sep 2015 15:22:56 -0500 | |
41 | ||
42 | pollen (4.17-0ubuntu1) unstable; urgency=medium | |
43 | ||
44 | * debian/pollen.postrm: | |
45 | - clear out certificates on purge | |
46 | * debian/pollen.default: | |
47 | - quote the variable definition, for consistency | |
48 | * debian/pollen.postinst: | |
49 | - fix ssl cert generation, country must be <2 chars | |
50 | * debian/pollen.service: | |
51 | - put braces around environment variables; required to work at all | |
52 | * pollen.go, usr.bin.pollen: | |
53 | - log the entropy bits before and after the transaction | |
54 | ||
55 | -- Dustin Kirkland <kirkland@ubuntu.com> Sat, 02 May 2015 18:39:13 -0500 | |
56 | ||
57 | pollen (4.16-0ubuntu1) vivid; urgency=medium | |
58 | ||
59 | [ Matthias Klose ] | |
60 | * debian/control: | |
61 | - Build everywhere | |
62 | ||
63 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 25 Mar 2015 09:44:01 -0500 | |
64 | ||
65 | pollen (4.15-0ubuntu1) vivid; urgency=medium | |
66 | ||
67 | [ Didier Roche ] | |
68 | * debian/control, debian/pollen.service, debian/rules: | |
69 | - Add systemd unit, following similar restart on failure and device | |
70 | checking logic | |
71 | - Bump Standards-Version | |
72 | ||
73 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 07 Jan 2015 13:06:05 -0600 | |
74 | ||
75 | pollen (4.14-0ubuntu1) vivid; urgency=medium | |
76 | ||
77 | * pollen.go: LP: #1383738 | |
78 | - remove SSLv3 support | |
79 | ||
80 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:31:23 -0500 | |
81 | ||
82 | pollen (4.13-0ubuntu1) vivid; urgency=medium | |
83 | ||
84 | * debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules: | |
85 | - LP: #1386052 | |
86 | - add a new upstart job that restarts pollen any time the rsyslog server | |
87 | is restarted | |
88 | - this is necessary to work around a bug in the golang syslog library | |
89 | where syslog restarts break logging | |
90 | + https://code.google.com/p/go/issues/detail?id=2264#c8 | |
91 | ||
92 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:08:39 -0500 | |
93 | ||
94 | pollen (4.12-0ubuntu1) utopic; urgency=medium | |
95 | ||
96 | * debian/control: | |
97 | - recommend rng-tools; we can do this, since pollen is in universe | |
98 | * debian/pollen.postinst: | |
99 | - minor change to the default self-signed cert; use 'localhost' | |
100 | for the hostname; this is useful for testing pollinate against | |
101 | the localhost with a self-signed cert | |
102 | * README: | |
103 | - update docs; pollinate no longer runs daily by default | |
104 | * README: | |
105 | - update some docs | |
106 | * check_pollen: | |
107 | - ensure that the nagios check catches log failures | |
108 | ||
109 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 23 Jul 2014 00:08:54 -0700 | |
110 | ||
111 | pollen (4.11-0ubuntu1) trusty; urgency=medium | |
112 | ||
113 | * pollen_test.go: | |
114 | - fix FTBFS | |
115 | - hardcode device to /dev/urandom in unit tests, otherwise, our | |
116 | entropy starved vm-based builders will fail the unit tests | |
117 | and fail the build | |
118 | ||
119 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 22:56:20 +0900 | |
120 | ||
121 | pollen (4.10-0ubuntu1) trusty; urgency=low | |
122 | ||
123 | * debian/control, debian/pollen.default, pollen.go, usr.bin.pollen: | |
124 | - LP: #1293958 | |
125 | - suggest rng-tools (universe), which is needed to leverage tpm for | |
126 | /dev/random entropy | |
127 | - change default entropy source for pollen server to /dev/random | |
128 | - update inline configuration documentation to reflect reality | |
129 | - add rw of /dev/random to our apparmor whitelist | |
130 | ||
131 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 16:31:47 +0900 | |
132 | ||
133 | pollen (4.9-0ubuntu1) trusty; urgency=low | |
134 | ||
135 | * debian/rules: LP: #1288807 | |
136 | - fix FTBFS, build using golang 'go build' rather than gccgo | |
137 | ||
138 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 06 Mar 2014 09:24:48 -0600 | |
139 | ||
140 | pollen (4.8-0ubuntu1) trusty; urgency=low | |
141 | ||
142 | [ JuanJo Ciarlante and Dustin Kirkland ] | |
143 | * check_pollen: | |
144 | - use the new -t|--testing flag, to verify communications with the | |
145 | server, runable as a non-privileged user, but not affecting the | |
146 | local PRNG | |
147 | ||
148 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 28 Feb 2014 11:13:09 -0600 | |
149 | ||
150 | pollen (4.7-0ubuntu1) trusty; urgency=low | |
151 | ||
152 | [ John Arbash Meinel ] | |
153 | * .gitignore, pollen.go, pollen_test.go: | |
154 | - This changes the 'handler' from being just a func() using global | |
155 | state to being a struct with local state. | |
156 | - It then moves the things like dev and log to being members of the | |
157 | struct, with interfaces that let us override them in the test suite. | |
158 | - It then adds a bunch of tests about how we handle failures, errors, | |
159 | logging, the size flag, etc. | |
160 | - The interfaces also mean that we won't try to spam syslog while running | |
161 | the test suite. | |
162 | - Another small change is that if you do: | |
163 | pollen -https-port="" | |
164 | Then it won't try to bind to the HTTP port with a cert. | |
165 | - Since I'm not the official source for pollen, it helped for testing at | |
166 | least the HTTP requests manually. | |
167 | - This also fixes the help text for "-size" since it doesn't actually | |
168 | change how much content we send on the wire, but how much content we | |
169 | read from /dev/urandom (but it adds tests for that fact). | |
170 | - go fmt, and some formatting tweaks | |
171 | - actually do the right formatting | |
172 | - use microsecond timing (ms was always 0) | |
173 | - capture the length of time serving requests takes | |
174 | ||
175 | [ Dustin Kirkland ] | |
176 | * pollen.go: | |
177 | - put brackets around request length of time value | |
178 | ||
179 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 26 Feb 2014 10:51:06 -0600 | |
180 | ||
181 | pollen (4.6-0ubuntu1) trusty; urgency=low | |
182 | ||
183 | [ Caleb Spare ] | |
184 | * pollen.go: | |
185 | - Require the challenge query-string param to be provided | |
186 | - don't create the random device, if it doesn't exist | |
187 | ||
188 | [ Dustin Kirkland ] | |
189 | * pollen_test.go: | |
190 | - update test to handle required challenge string | |
191 | * pollen.go: | |
192 | - incorporate feedback from Adam Langley | |
193 | - catch errors reading the random device | |
194 | - add a note as to why we're checksumming the random seed | |
195 | - update message when challenge empty | |
196 | ||
197 | [ Caleb Spare and Dustin Kirkland ] | |
198 | * debian/pollen.upstart, pollen.8, pollen.go: | |
199 | - Use flags rather than positional arguments, and plumb bytes argument | |
200 | through | |
201 | ||
202 | [ Dustin Kirkland and Matt Croydon ] | |
203 | * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go: | |
204 | - add support for specifying the TLS cert and key as command line | |
205 | flags | |
206 | ||
207 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 23:18:55 -0600 | |
208 | ||
209 | pollen (4.5-0ubuntu1) trusty; urgency=low | |
210 | ||
211 | [ Caleb Spare ] | |
212 | * pollen.go, pollen_test.go: | |
213 | - Bring naming in line with Go conventions | |
214 | - Use shorter parameter names for an http.HandlerFunc | |
215 | - Remove an unnecessary string conversion | |
216 | - Print useful error if wrong arguments are given rather than crashing | |
217 | - Don't ignore errors | |
218 | - Rename http[s]Port to http[s]Addr for accuracy | |
219 | - Handle errors starting the http servers | |
220 | - Change some naming in the test | |
221 | - Read from the provided device rather than always /dev/urandom | |
222 | ||
223 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 14:50:52 -0600 | |
224 | ||
225 | pollen (4.4-0ubuntu1) trusty; urgency=low | |
226 | ||
227 | [ Casey Marshall ] | |
228 | * debian/control, debian/rules, Makefile, pollen.go, pollen_test.go: | |
229 | - add unit tests for pollen server | |
230 | ||
231 | [ Dustin Kirkland ] | |
232 | * debian/pollen.lintian-overrides: | |
233 | - override expected Lintian gripes | |
234 | ||
235 | -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 12:51:51 -0600 | |
236 | ||
237 | pollen (4.3-0ubuntu1) trusty; urgency=low | |
238 | ||
239 | * check_pollen: | |
240 | - ensure that the nagios script uses the -r|--reseed option | |
241 | ||
242 | -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 09:38:51 -0600 | |
243 | ||
244 | pollen (4.2-0ubuntu1) trusty; urgency=low | |
245 | ||
246 | * pollen.go: | |
247 | - remove redundant line | |
248 | * README: | |
249 | - remove deprecated bit of documentation | |
250 | ||
251 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 18:04:08 -0600 | |
252 | ||
253 | pollen (4.1-0ubuntu1) trusty; urgency=low | |
254 | ||
255 | * debian/control: | |
256 | - build on amd64 and i386 only | |
257 | - these are the only builds I've been able to confirm when building | |
258 | with golang-go | |
259 | - note that this undoes the fix for LP: #1274074, but that's the | |
260 | way it has to be, until either golang-go supports more architectures | |
261 | or gccgo doesn't suck | |
262 | ||
263 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 10:11:19 -0600 | |
264 | ||
265 | pollen (4.0-0ubuntu1) trusty; urgency=low | |
266 | ||
267 | * check_pollen, debian/control, debian/copyright, | |
268 | debian/pollinate.default, debian/pollinate.install, | |
269 | debian/pollinate.manpages, debian/pollinate.postinst, | |
270 | debian/pollinate.postrm, debian/pollinate.upstart, | |
271 | entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1: | |
272 | - split pollen and pollinate into separate projects and packages | |
273 | - re-enable the pollen build | |
274 | ||
275 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 09:40:21 -0600 | |
276 | ||
277 | pollen (3.17-0ubuntu1) trusty; urgency=low | |
278 | ||
279 | * pollinate: | |
280 | - improve kernel debug info | |
281 | * debian/control, debian/pollen.install, Makefile: | |
282 | - TEMPORARILY disabling the building of pollen, until | |
283 | either gccgo or golang-go get promoted to main | |
284 | - this should be reverted as soon as a go compiler | |
285 | is available as a build dep | |
286 | ||
287 | -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 10 Feb 2014 14:16:08 -0600 | |
288 | ||
289 | pollen (3.16-0ubuntu1) trusty; urgency=low | |
290 | ||
291 | * pollinate: | |
292 | - minor standardization of the user agent string | |
293 | ||
294 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 13:57:42 +0200 | |
295 | ||
296 | pollen (3.15-0ubuntu1) trusty; urgency=low | |
297 | ||
298 | * debian/control: LP: #1274074 | |
299 | - build on any architecure, now that we build with gccgo | |
300 | ||
301 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 12:31:20 +0200 | |
302 | ||
303 | pollen (3.14-0ubuntu1) trusty; urgency=low | |
304 | ||
305 | * debian/pollinate.postinst: | |
306 | - fix order of operations, packaging breakage | |
307 | ||
308 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 11:34:36 +0200 | |
309 | ||
310 | pollen (3.13-0ubuntu1) trusty; urgency=low | |
311 | ||
312 | * README: | |
313 | - fix more minor typos | |
314 | - explain "did some work" | |
315 | * debian/rules, Makefile: | |
316 | - fix the build for gccgo | |
317 | - must use the -g parameter | |
318 | - don't strip binaries | |
319 | - these are ugly, but are the result of gccgo vs golang-go | |
320 | * pollinate: | |
321 | - remove unused variable $cmd | |
322 | * debian/pollinate.upstart: | |
323 | - our upstart job should start on starting cloud-init, to ensure that | |
324 | we get run before generating SSH keys | |
325 | * debian/pollinate.install, debian/pollinate.postrm, pollen.go, | |
326 | pollinate, pollinate.cron.d, README: | |
327 | - drop the tag and cronjob per feedback from sarnold in the code audit | |
328 | in LP: #1246098 | |
329 | * debian/pollinate.default, pollinate: | |
330 | - add helpful debug info to user agent, similar to chrome and firefox, | |
331 | * debian/pollinate.postinst, debian/pollinate.postrm, | |
332 | debian/pollinate.upstart, pollinate, pollinate.1: | |
333 | - use a pollinate user, rather than the daemon user | |
334 | - by default, only run pollinate once per system instantiation | |
335 | - offer reseeding as an option, though | |
336 | * debian/control: | |
337 | - need to depend on adduser | |
338 | ||
339 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Feb 2014 11:51:22 +0200 | |
340 | ||
341 | pollen (3.12-0ubuntu1) trusty; urgency=low | |
342 | ||
343 | * README: | |
344 | - minor documentation feedback from Kees Cook | |
345 | - note that pollen servers can of course be run internally | |
346 | * debian/control: | |
347 | - clean up package descriptions a bit | |
348 | ||
349 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 28 Jan 2014 22:16:10 +0000 | |
350 | ||
351 | pollen (3.11-0ubuntu1) trusty; urgency=low | |
352 | ||
353 | * README: | |
354 | - updates to the README | |
355 | * debian/copyright, pollinate: | |
356 | - the client should really be GPLv3, rather than AGPL | |
357 | * debian/copyright: | |
358 | - point to the local copy of GPLv3 license | |
359 | ||
360 | -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 27 Jan 2014 13:54:16 +0000 | |
361 | ||
362 | pollen (3.10-0ubuntu1) trusty; urgency=low | |
363 | ||
364 | * debian/pollinate.cron.d, debian/pollinate.postinst, pollinate: | |
365 | - have each client choose a random time of day to reseed, | |
366 | at first run, rather than at package installation time | |
367 | - this requires a very clever hack(!) | |
368 | - install a "template" at /etc/cron.d/pollinate, with __MINUTE__ | |
369 | and __HOUR__ symbols that should be replaced by the client, | |
370 | at first run | |
371 | - cron requires that /etc/cron.d/pollinate be owned by root | |
372 | - ideally we'd run the pollinate script as a non-root user (ie, daemon), | |
373 | by specifying the daemon user in upstart and in the cronjob | |
374 | - but daemon can't write to /etc/cron.d/pollinate, if it's owned by root | |
375 | - so here's the hack... | |
376 | + the upstart job installed by the package has "setuid root" | |
377 | + on its first run (which will be either at package install time, or | |
378 | at boot), it will run as root and: a) update the cronjob to a random | |
379 | time, and b) update the upstart job to run as daemon | |
380 | + woot | |
381 | + this works because both are conffiles | |
382 | * debian/pollen.postinst, debian/pollinate.postinst, | |
383 | debian/pollinate.postrm, pollinate: | |
384 | - use /var/cache/pollinate, rather than /var/lib/pollinate | |
385 | - this should make it more obvious that this data can be cleared out, | |
386 | and should be cleared out, on re-bundles or snapshots and reimages | |
387 | * debian/control, Makefile: | |
388 | - switch from golang-go to gcc-go, so that we can get this source | |
389 | package into Ubuntu main | |
390 | * pollinate, pollinate.1: | |
391 | - separate the pool and the server variables | |
392 | * debian/control: | |
393 | - no need to depend on bsdutils, it's essential | |
394 | - pollen depends on adduser | |
395 | * usr.bin.pollen: | |
396 | - update apparmor profile to allow reading of /usr/bin/pollen | |
397 | - oddly, this was introduced when switching compilers | |
398 | * debian/copyright: | |
399 | - lintian/dep5 cleanup | |
400 | ||
401 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 11:39:42 -0600 | |
402 | ||
403 | pollen (3.9-0ubuntu1) trusty; urgency=low | |
404 | ||
405 | * debian/pollinate.default: | |
406 | - don't use quiet by default, do use binary | |
407 | * pollinate: | |
408 | - save ourselves an unneeded fork | |
409 | * debian/control: | |
410 | - drop haveged as a suggests | |
411 | * debian/pollinate.default, debian/pollinate.install, | |
412 | entropy.ubuntu.com.pem: | |
413 | - install entropy.ubuntu.com.pem's certificate and intermediate | |
414 | chain, to get rid of --insecure curl option | |
415 | * debian/control, pollinate: | |
416 | - log to the system log, using the logger utility | |
417 | - add a final message, noting successful (re-)seed | |
418 | - have pollinate depend on bsdutils, which provides logger | |
419 | ||
420 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 08:01:28 -0600 | |
421 | ||
422 | pollen (3.8-0ubuntu1) trusty; urgency=low | |
423 | ||
424 | * debian/pollinate.default, debian/pollinate.postinst, | |
425 | debian/pollinate.upstart, pollinate: | |
426 | - fix the (broken) options setting in the pollinate default file | |
427 | - change the tag creation to happen during the pollinate runtime, | |
428 | rather than at package installation; this makes it more useful | |
429 | for downstreams and remixes of Ubuntu | |
430 | - ensure the daemon user owns the /var/lib/pollinate directory | |
431 | - run the pollinate upstart script as the daemon user | |
432 | * debian/pollinate.cron.d, debian/pollinate.postinst, | |
433 | debian/pollinate.postrm: | |
434 | - run the pollinate cronjob (reseed) once per day, rather than once | |
435 | per hour | |
436 | - purge pollinate files more effectively | |
437 | ||
438 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 16:49:35 -0600 | |
439 | ||
440 | pollen (3.7-0ubuntu1) trusty; urgency=low | |
441 | ||
442 | * debian/control: | |
443 | - demote haveged to suggests, based on feedback from Seth Arnold | |
444 | in LP: #1246098 | |
445 | * pollinate: | |
446 | - ensure both -c and -i can be used, without losing CURL_OPTS, | |
447 | as identified by Seth Arnold in LP: #1246098 | |
448 | * pollinate: | |
449 | - drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098 | |
450 | * debian/pollen.postinst: | |
451 | - use pollen as our fake email address, suggested by Seth Arnold | |
452 | in LP: #1246098 | |
453 | * debian/pollinate.cron.d: | |
454 | - add notes in the comments about NIST DRBG Special Publication 800-90A | |
455 | recommendations on reseeding | |
456 | - add notes in the comments about why we choose a random minute | |
457 | - fix a bug, that was causing the cronjob to run far more frequently | |
458 | than desired | |
459 | - Addresses some issues raised by Seth Arnold in LP: #1246098 | |
460 | * debian/pollen.upstart, pollen.8, pollen.go: | |
461 | - add DEVICE as the 3rd argument to the pollen server in the upstart | |
462 | script | |
463 | - test that DEVICE is a special in upstart | |
464 | - document that the DEVICE is now a required argument | |
465 | * debian/pollen.install, Makefile, pollen: | |
466 | - build static binary at package build time, rather than dynamically | |
467 | compiling at each run, per feedback from Seth Arnold in LP: #1246098 | |
468 | - use a very simple, basic Makefile | |
469 | * debian/control: | |
470 | - move golang-go to a build-dependency, rather than a runtime dependency | |
471 | * debian/control, debian/pollen.postinst, debian/pollen.postrm, | |
472 | debian/pollen.upstart: | |
473 | - create a new user, pollen:daemon, in the postinst, remove in postrm | |
474 | - depend on libcap2-bin, which provides setcap | |
475 | - use setcap to allow the pollen binary to bind to privileged ports | |
476 | - run the pollen daemon as the pollen user | |
477 | - per feedback from Seth Arnold in LP: #1246098 | |
478 | * debian/pollen.upstart: | |
479 | - use setuid in upstart to run the pollen daemon as the pollen user | |
480 | * debian/pollen.postinst: | |
481 | - change pollen user's shell to /bin/false | |
482 | * debian/control, debian/pollen.install, debian/pollen.postinst, | |
483 | debian/rules, usr.bin.pollen: | |
484 | - add an apparmor profile for the pollen server, per suggestion | |
485 | by Seth Arnold in LP: #1246098 | |
486 | - big thanks to Jamie Strandboge and Seth Arnold for assistance | |
487 | * debian/pollinate.postinst: | |
488 | - these chowns are not necessary; thanks for catching Michael Terry | |
489 | in LP: #1246098 | |
490 | * debian/control: LP: #1259014 | |
491 | - have the pollen server depend on ent, which is used by the | |
492 | check_pollen nagios script | |
493 | ||
494 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 10:59:34 -0600 | |
495 | ||
496 | pollen (3.6-0ubuntu1) trusty; urgency=low | |
497 | ||
498 | * pollinate: | |
499 | - remove sourcing of an rc config file from $HOME, per security | |
500 | review from Seth Arnold | |
501 | * pollinate.1: | |
502 | - update documentation to note that multiple servers can be specified | |
503 | on the command line | |
504 | * debian/pollinate.default: | |
505 | - use the entropy.ubuntu.com beta site for testing | |
506 | - note that we're specifying the --insecure option here, as this is | |
507 | very much a work in progress | |
508 | * debian/pollinate.upstart: | |
509 | - start pollinate when we have networking up and running, or | |
510 | when we start ssh | |
511 | * pollen.go: | |
512 | - drop the nanosecond timestamp collection on the server | |
513 | - a good server should have real entropy hardware, and a busy server | |
514 | will have network traffic entropy already captured by the kernel | |
515 | - Suggestion by Seth Arnold in a security review | |
516 | * debian/pollen.default, pollinate: | |
517 | - drop timestamp based salting, not terribly valuable | |
518 | - per security review by Seth Arnold | |
519 | * pollinate: | |
520 | - drop unused $bin variable | |
521 | ||
522 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 08 Nov 2013 09:59:35 -0600 | |
523 | ||
524 | pollen (3.5-0ubuntu1) trusty; urgency=low | |
525 | ||
526 | * README: | |
527 | - enhance and update design documentation | |
528 | * debian/copyright: | |
529 | - update to DEP-5 format | |
530 | ||
531 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 29 Oct 2013 16:55:28 -0500 | |
532 | ||
533 | pollen (3.4-0ubuntu1) saucy; urgency=low | |
534 | ||
535 | * check_pollen, debian/control: | |
536 | - improve the nagios check | |
537 | - warn if: | |
538 | + insufficient bytes are retrieved | |
539 | + less than 5-bits-per-byte of entropy are calculated | |
540 | + an out of whack arithmetic mean | |
541 | - have pollen server recommend ent, which is used by the nagios check | |
542 | ||
543 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 11 Sep 2013 16:56:52 -0500 | |
544 | ||
545 | pollen (3.3-0ubuntu1) saucy; urgency=low | |
546 | ||
547 | * pollen-nagios-check: | |
548 | - added nagios check script | |
549 | * check_pollen, debian/pollen.install: | |
550 | - rename check script and install in nagios plugins directory | |
551 | ||
552 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 04 Sep 2013 14:25:49 -0500 | |
553 | ||
554 | pollen (3.2-0ubuntu1) saucy; urgency=low | |
555 | ||
556 | * README: | |
557 | - update design documentation | |
558 | * pollinate, pollinate.1: | |
559 | - support printing random seed to standard out | |
560 | - useful for debugging | |
561 | - add a -q|--quiet option to silence log messages | |
562 | * pollinate, pollinate.1: | |
563 | - add an option for binary data output | |
564 | * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go: | |
565 | - re-enable support for both encrypted and non-encrypted connections | |
566 | - use a go subroutine to serve both out of the same process | |
567 | - document these changes | |
568 | - default to 80 and 443, allow admin to override easily via config | |
569 | * debian/control: | |
570 | - update package descriptions | |
571 | * pollinate: | |
572 | - default to, but do not force, https | |
573 | ||
574 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 20 Aug 2013 18:56:11 -0500 | |
575 | ||
576 | pollen (3.1-0ubuntu1) saucy; urgency=low | |
577 | ||
578 | * pollen.go | |
579 | - use a global for the dev writer | |
580 | - write a few more timestamps into the mix during the response | |
581 | handler | |
582 | - change logging verbiage | |
583 | * pollinate: | |
584 | - use a single temp directory, rather than multiple temp files | |
585 | - use a trap to cleanup the temp directory | |
586 | - uptdate the logging verbiage | |
587 | - use an etc default file if available | |
588 | * debian/pollen.default: | |
589 | - drop "TCP_" in the TCP_PORT variable | |
590 | * pollen.go: | |
591 | - just use two timestamps | |
592 | * pollinate: | |
593 | - improve usability; prepend https | |
594 | * debian/pollinate.cron.d, debian/pollinate.default, | |
595 | debian/pollinate.upstart, pollinate, pollinate.1: | |
596 | - use an upstart job, rather than an @reboot cronjob, | |
597 | to do the initial prng seeding | |
598 | - fix the default config file | |
599 | ||
600 | -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 14 Aug 2013 17:45:22 -0500 | |
601 | ||
602 | pollen (3.0-0ubuntu1) saucy; urgency=low | |
603 | ||
604 | * anerd, anerd-server-tcp.1 => anerd-server.1, anerd-server-tcp => | |
605 | anerd-server, anerd-server-tcp.go => anerd-server.go, anerd-server- | |
606 | udp.1, anerd-server-udp.c, configure.ac, debian/anerd- | |
607 | client.default, debian/anerd-server.anerd-server-tcp.upstart => | |
608 | debian/anerd-server.upstart, debian/anerd-server.anerd-server- | |
609 | udp.upstart, debian/anerd-server.default, debian/anerd- | |
610 | server.install, debian/anerd-server.manpages, debian/control, | |
611 | debian/rules, Makefile.am: | |
612 | - completely deprecate the UDP operation of both the client and | |
613 | the server | |
614 | - the TLS server over TCP is the only supported protocol going | |
615 | forward | |
616 | - this will necessitate a major version bump | |
617 | * anerd.1 => pollinate.1, anerd => pollinate, anerd-server.1 => | |
618 | pollen.8, anerd-server.go => pollen.go, anerd-server => pollen, | |
619 | ChangeLog, debian/anerd-client.cron.d => debian/pollinate.cron.d, | |
620 | debian/anerd-client.default => debian/pollinate.default, | |
621 | debian/anerd-client.install => debian/pollinate.install, | |
622 | debian/anerd-client.manpages => debian/pollinate.manpages, | |
623 | debian/anerd-client.postinst => debian/pollinate.postinst, | |
624 | debian/anerd-client.postrm => debian/pollinate.postrm, debian/anerd- | |
625 | server.default => debian/pollen.default, debian/anerd-server.install | |
626 | => debian/pollen.install, debian/anerd-server.manpages => | |
627 | debian/pollen.manpages, debian/anerd-server.postinst => | |
628 | debian/pollen.postinst, debian/anerd-server.upstart => | |
629 | debian/pollen.upstart, debian/control, debian/copyright, | |
630 | img/anerd_14.png, img/anerd_192.png, img/anerd_64.png, | |
631 | img/anerd.png, initramfs/hooks/anerd-client-udp, | |
632 | initramfs/scripts/init-bottom/anerd, NEWS, README, === removed | |
633 | directory initramfs, === removed directory initramfs/hooks, === | |
634 | removed directory initramfs/scripts, === removed directory | |
635 | initramfs/scripts/init-bottom: | |
636 | - rename anerd server/client to pollen / pollinate | |
637 | to reflect that this data is intended to "seed" a random | |
638 | number generator | |
639 | * debian/control, debian/pollen.manpages: | |
640 | - package maintenace for package/project rename | |
641 | - move manpage to section 8 | |
642 | * pollen.8, pollinate, pollinate.1: | |
643 | - documentation updated | |
644 | * debian/control, pollen.8, pollinate: | |
645 | - update some documentation and descriptions | |
646 | * img/pollen_14.png, img/pollen_192.png, img/pollen_64.png: | |
647 | - added new pollen logos | |
648 | * debian/control: | |
649 | - drop suggests | |
650 | ||
651 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Aug 2013 16:34:42 -0500 | |
652 | ||
653 | anerd (2.4-0ubuntu1) saucy; urgency=low | |
654 | ||
655 | * anerd-client-tcp.go: | |
656 | - deprecated, use the shell (curl) one for better timestamping | |
657 | salt | |
658 | * anerd-server-tcp.go: | |
659 | - log user-agent and nanosecond timestamp | |
660 | * anerd, anerd-server-tcp.go: | |
661 | - rename "tip" to "challenge", use for challenge/response | |
662 | - verify challenge/response, to ensure personalized communication | |
663 | * anerd: | |
664 | - use a common logging function throughout | |
665 | * anerd-server-tcp.go: | |
666 | - open syslog only once | |
667 | * anerd, debian/control: | |
668 | - lower socat to a suggests, while still requiring curl | |
669 | - dynamically check for socat/curl and error appropriately | |
670 | - update package description | |
671 | - recommend haveged on the server | |
672 | * debian/anerd-server.default: | |
673 | - do not run the UDP, by default; local admin can enable by | |
674 | setting a port in /etc/default/anerd-server | |
675 | * anerd, anerd-server-tcp.go, debian/anerd-client.postinst, | |
676 | debian/anerd-server.postrm: | |
677 | - rename uuid to tag | |
678 | - generate on package install, remove on purge | |
679 | * anerd, debian/anerd-server.postrm => debian/anerd-client.postrm: | |
680 | - silence search for helper utilities | |
681 | - fix maintainer script name | |
682 | * anerd: | |
683 | - silence missing tag error messages for now | |
684 | ||
685 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 09 Aug 2013 16:16:54 +0100 | |
686 | ||
687 | anerd (2.3-0ubuntu1) saucy; urgency=low | |
688 | ||
689 | [ Matthias Klose ] | |
690 | * debian/control: LP: #1139188 | |
691 | - Don't build anerd-server on powerpc (no golang-go, prevents | |
692 | migration from raring-proposed to raring). | |
693 | ||
694 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 02 Aug 2013 12:40:00 -0500 | |
695 | ||
696 | anerd (2.2-0ubuntu1) saucy; urgency=low | |
697 | ||
698 | * === added directory img, img/anerd_14.png, img/anerd_192.png, | |
699 | img/anerd_64.png, img/anerd.png: | |
700 | - added icons | |
701 | * anerd-server-tcp.go: | |
702 | - gofmt | |
703 | * anerd-server-tcp.go: | |
704 | - make this code more go-like, after some code review with Tim Penney | |
705 | * anerd-server-tcp.go: | |
706 | - drop unnecessary json formatting | |
707 | ||
708 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 01 Aug 2013 09:21:13 -0500 | |
709 | ||
710 | anerd (2.1-0ubuntu1) saucy; urgency=low | |
711 | ||
712 | * anerd-client-tcp.go: | |
713 | - default to anerd.us | |
714 | * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/anerd- | |
715 | client.default: | |
716 | - anerd.us is now serving on 443 | |
717 | * anerd, anerd-server-tcp.go: | |
718 | - add syslog logging to the anerd tcp server | |
719 | - use post for the tip from the anerd tcp client | |
720 | * anerd, debian/control: | |
721 | - use uuidgen -r for uuid and tip | |
722 | * anerd, anerd-server-udp.c: | |
723 | - add UDP to syslog messages | |
724 | - fix uuid related typo | |
725 | - add --insecure option | |
726 | * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/control: | |
727 | - use sha512sum rather than uuidgen | |
728 | * anerd, debian/anerd-client.cron.d: | |
729 | - run at reboot, and hourly thereafter | |
730 | - shorten some function names | |
731 | * debian/anerd-client.cron.d, debian/anerd-client.postinst: | |
732 | - randomize the hourly cronjob to distribute load on the | |
733 | server, if possible | |
734 | * debian/control: | |
735 | - fix a lintian annoyance | |
736 | * anerd, anerd-server-tcp.go, anerd-server-udp.c: | |
737 | - drop byte counts in logging, as these can be misleading | |
738 | * anerd-server-tcp.go: | |
739 | - salt data with nanosecond timestamp | |
740 | ||
741 | -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 29 Jul 2013 15:24:29 -0500 | |
742 | ||
743 | anerd (2.0-0ubuntu1) saucy; urgency=low | |
744 | ||
745 | * anerd-tcp.go: | |
746 | - pretty print the json | |
747 | * anerd-client, anerd-client.1, anerd-tcp, anerd-tcp.1, anerd-tcp.go, | |
748 | anerd-udp.1, anerd-udp.c, debian/anerd-server.anerd-tcp.upstart, | |
749 | debian/anerd-server.anerd-udp.upstart, debian/control: | |
750 | - drop the "asynchronous" part of aNerd, this really isn't | |
751 | necessary in the description anymore | |
752 | * anerd-tcp.go: | |
753 | - reduce the default size to 64 bytes, which is sufficient to seed | |
754 | any random number generator | |
755 | * anerd-tcp.go, debian/anerd-server.default: | |
756 | - change the default size to 64 bytes | |
757 | - add some notes in the comments in the configuration file | |
758 | - always uses TLS encryption for the TCP implementation | |
759 | * anerd-tcp.1 => anerd-server-tcp.1, anerd-tcp => anerd-server-tcp, | |
760 | anerd-tcp.go => anerd-server-tcp.go, anerd-udp.1 => anerd-server- | |
761 | udp.1, anerd-udp.c => anerd-server-udp.c, debian/anerd-server.anerd- | |
762 | tcp.upstart => debian/anerd-server.anerd-server-tcp.upstart, | |
763 | debian/anerd-server.anerd-udp.upstart => debian/anerd-server.anerd- | |
764 | server-udp.upstart, debian/anerd-server.install, debian/anerd- | |
765 | server.manpages, debian/rules, Makefile.am: | |
766 | - rename anerd-tcp to anerd-server-tcp | |
767 | - rename anerd-udp to anerd-server-udp | |
768 | * debian/anerd-client.default: | |
769 | - change to the new anerd.us server, which supports TCP, TLS, and UDP | |
770 | * anerd, anerd-client, anerd-client.1 => anerd.1, anerd-client-tcp.go, | |
771 | anerd-server-tcp, debian/anerd-client.cron.d, debian/anerd- | |
772 | client.default, debian/anerd-client.install, debian/anerd- | |
773 | client.manpages, debian/anerd-server.anerd-server-tcp.upstart, | |
774 | debian/anerd-server.install, debian/control, initramfs/hooks/anerd- | |
775 | client => initramfs/hooks/anerd-client-udp, initramfs/scripts/init- | |
776 | bottom/anerd-client => initramfs/scripts/init-bottom/anerd, | |
777 | Makefile.am: | |
778 | - major rework of client, combine udp/tcp clients into a single | |
779 | shell script | |
780 | * anerd, anerd-client-tcp.go, anerd-server-tcp, anerd-server-tcp.go, | |
781 | anerd-server-udp.c, COPYING, debian/copyright, | |
782 | initramfs/scripts/init-bottom/anerd: | |
783 | - changed license back to AGPL | |
784 | * debian/anerd-client.default, debian/anerd-server.default: | |
785 | - deprecate hash as a configurable; use sha512sum | |
786 | * anerd: | |
787 | - use socat in verbose mode, to add more timestamps to the log | |
788 | - hash the timestamped log output | |
789 | * debian/control: | |
790 | - bump standards | |
791 | ||
792 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 25 Jul 2013 16:34:54 -0500 | |
793 | ||
794 | anerd (1.4-0ubuntu1) raring; urgency=low | |
795 | ||
796 | [ Dustin Kirkland ] | |
797 | * anerd-tcp.go: | |
798 | - add a very small, basic anerd-tcp server | |
799 | - clean up via gofmt | |
800 | * anerd-client: | |
801 | - count the number of bytes received correctly using a tmpfile | |
802 | - adjust info messages slightly | |
803 | * anerd.c: | |
804 | - drop crc from logging, change messages to info from debug | |
805 | * debian/anerd-client.default: | |
806 | - default to anerd.gazzang.net now that its up for good | |
807 | * anerd-tcp, anerd-tcp.go, debian/anerd-tcp-common.install, | |
808 | debian/anerd-tcp.postinst, debian/anerd-tcp.upstart, debian/anerd- | |
809 | web.upstart, debian/control: | |
810 | - create two small packages, one to launch anerd-tcp->80 and | |
811 | anerd-tcp->443 | |
812 | + both depend on anerd-tcp-common, which provides the go script | |
813 | - add a postinst that generates a self-signed cert if there is none; | |
814 | obviously, one would want to replace these with real certs if | |
815 | security matters to you | |
816 | - create two upstart scripts that start the web service on each port | |
817 | + means you can install one, or the other, or both | |
818 | * anerd-client, debian/anerd-client.default: | |
819 | - fix communication with remote servers | |
820 | - make the wait time configurable, 0.1s by default | |
821 | - only broadcast when no specific servers are specified | |
822 | - add message on broadcast bytes sent | |
823 | * anerd-tcp: | |
824 | - add interpreter | |
825 | * anerd-tcp.1, debian/anerd-tcp-common.manpages: | |
826 | - add documentation | |
827 | * anerd-tcp.go: | |
828 | - ensure that we read enough bytes | |
829 | * anerd.1 => anerd-udp.1, anerd.c => anerd-udp.c, anerd-web.1 => | |
830 | anerd-tcp.1, anerd-web => anerd-tcp, anerd-web.go => anerd-tcp.go, | |
831 | debian/anerd-server.anerd-udp.upstart, debian/anerd-server.default, | |
832 | debian/anerd-server.install, debian/anerd-server.manpages, | |
833 | debian/anerd-server.upstart => debian/anerd-server.anerd- | |
834 | tcp.upstart, debian/anerd-web-common.install, debian/anerd-web- | |
835 | common.manpages, debian/anerd-webs.postinst => debian/anerd- | |
836 | server.postinst, debian/anerd-webs.upstart, debian/anerd- | |
837 | web.upstart, debian/control, debian/rules, Makefile.am: | |
838 | - rename the C program to anerd-udp | |
839 | - create separate upstart scripts for anerd-tcp and anerd-udp | |
840 | - update documentation | |
841 | - drop anerd-web* packages | |
842 | * debian/anerd-client.postinst, debian/control, debian/anerd-client.install: | |
843 | - keep the initramfs code, but don't automatically update the initramfs | |
844 | for now, as this can render a machine without networking unbootable; | |
845 | re-enable this when we have a workaround for that | |
846 | * debian/anerd-server.postinst: | |
847 | - fix typo | |
848 | ||
849 | [ Hector Acosta ] | |
850 | * anerd.c: | |
851 | - Only call srandom() once | |
852 | ||
853 | -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 15 Feb 2013 13:02:50 -0600 | |
854 | ||
855 | anerd (1.3-0ubuntu1) raring; urgency=low | |
856 | ||
857 | * anerd.1, anerd.c, anerd-client, anerd-client.1, AUTHORS, | |
858 | debian/anerd-server.upstart, debian/copyright: | |
859 | - updated email addresses and author information | |
860 | ||
861 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 05 Feb 2013 09:50:23 -0600 | |
862 | ||
863 | anerd (1.2-0ubuntu1) raring; urgency=low | |
864 | ||
865 | [ Dustin Kirkland ] | |
866 | * debian/control, debian/cron.d: | |
867 | - use run-one for cronjob | |
868 | * anerd-client: | |
869 | - clean up client, make more modular, remove some variables, uses pipes | |
870 | to keep everything in memory | |
871 | * debian/anerd-client.install, debian/anerd-server.install, | |
872 | debian/control, debian/copyright, debian/cron.d => debian/anerd- | |
873 | client.cron.d, debian/default => debian/anerd-client.default, | |
874 | debian/upstart => debian/anerd-server.upstart: | |
875 | - split package into a server and client package, with a meta | |
876 | package depending on both | |
877 | * anerd.1, anerd-client.1: | |
878 | - manpage fixes | |
879 | * debian/anerd-client.cron.d, debian/anerd-client.default: | |
880 | - add some inline documentation | |
881 | - use the default file for setting defaults (ie, uncomment) | |
882 | * debian/control: | |
883 | - bump standards | |
884 | * debian/anerd-server.manpages, debian/manpages => debian/anerd- | |
885 | client.manpages, Makefile.am: | |
886 | - install manpages (perhaps there's a better automake way of doing this?) | |
887 | * anerd.c: | |
888 | - rename "sum" to "crc" | |
889 | * debian/anerd-server.upstart: | |
890 | - upstart needs to expect the fork | |
891 | - upstart does not need to sudo to the daemon user because anerd does | |
892 | this automatically | |
893 | * anerd-client: | |
894 | - use a $cmd variable populated with correct parameters | |
895 | * anerd-client, debian/control: | |
896 | - reluctantly add support for netcat | |
897 | * anerd-client, anerd-client.1: | |
898 | - use a default file for configuration | |
899 | * anerd-client: | |
900 | - emulate the syslog printing from the server | |
901 | ||
902 | [ Wesley Wiedenmeier ] | |
903 | * anerd.c, anerd-client, debian/default: | |
904 | - add ipv6 support | |
905 | * anerd.1, anerd.c, anerd-client.1, debian/manpages: | |
906 | - added manpages | |
907 | - dropped unused global | |
908 | ||
909 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 22 Jan 2013 10:38:24 -0600 | |
910 | ||
911 | anerd (1.1-0ubuntu1) quantal; urgency=low | |
912 | ||
913 | * anerd.c: | |
914 | - define the default total exchange size | |
915 | - also define and use a default payload size | |
916 | - break up the total exchange to a bunch of smaller payloads, to increase | |
917 | the randomness of UDP packet ordering and timing | |
918 | - improve some inline documentation | |
919 | - lower logging to debug from info | |
920 | - allocate an extra byte for the data binary string | |
921 | - use a separate pointer for segmenting and moving through the data string | |
922 | - no need for null-bytes, since binary data could have null bytes within | |
923 | - alphabetize includes | |
924 | - change perrors to syslog errors | |
925 | - move daemon() function | |
926 | * Makefile.am: | |
927 | - fix up the build, clean out the binary and log files | |
928 | * anerd.c, anerd-client, debian/control, debian/cron.d, | |
929 | debian/default, debian/install, Makefile.am: | |
930 | - drop the anerd client in the C program entirely | |
931 | - the C program is now the server exclusively | |
932 | - add a bash script client, which can loop over a pool of anerd servers, | |
933 | and broadcast to the local network | |
934 | - recommend the socat package/utility, which is used to broadcast to the | |
935 | local network from the bash script | |
936 | - add a cron job to run the anerd-client regularly | |
937 | - add a default configuration file for configuring the pool and other | |
938 | tunables | |
939 | - remove the unnessary install file | |
940 | ||
941 | -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 27 Sep 2012 15:40:23 -0500 | |
942 | ||
943 | anerd (1.0-0ubuntu1) quantal; urgency=low | |
944 | ||
945 | [ Dustin Kirkland ] | |
946 | * initial release | |
947 | * === added directory debian, === added directory debian/source, | |
948 | anerd, debian/compat, debian/control, debian/copyright, | |
949 | debian/install, debian/rules, debian/source/format, debian/upstart: | |
950 | - added packaging | |
951 | * anerd, anerd.conf, debian/install, debian/upstart: | |
952 | - add a configuration file | |
953 | - run as daemon (non-root) user | |
954 | * anerd.c, AUTHORS, ChangeLog, configure.ac, COPYING, | |
955 | debian/copyright, debian/upstart, INSTALL, Makefile.am, NEWS, | |
956 | README: | |
957 | - ported from python to C | |
958 | - added autoconf/automake build | |
959 | - changed license from GPLv3 to Apache2.0 for portability to other | |
960 | UNIX platforms | |
961 | * anerd.conf, debian/control, debian/install, debian/upstart: | |
962 | - drop conf file, add options to upstart script | |
963 | - update build deps | |
964 | * anerd.c: | |
965 | - use syslog, open files/sockets only once per fork | |
966 | - catch all responses to a client broadcast | |
967 | - use a common function for salt calculation | |
968 | - implement a very simple checksum of random data | |
969 | - use uint64_t for platform compatibility | |
970 | - add entropy to pool in client read | |
971 | - simplify salt generation | |
972 | - simplify log printing | |
973 | - whitespace changes only, 80 char width | |
974 | * debian/install: | |
975 | - drop installation of default file | |
976 | ||
977 | [ Wesley Wiedenmeier ] | |
978 | * anerd.c: | |
979 | - use getopt for command line parsing | |
980 | - Modified code to fork twice then kill the parent process, | |
981 | freeing the terminal that spawns the daemons, added daemonize() | |
982 | function to safely daemonize the program. | |
983 | - Improved entering into daemon status by moving daemon() call to | |
984 | after intilization of server and client, so that errors | |
985 | encountered in intilization are written to the terminal. | |
986 | ||
987 | -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Sep 2012 18:14:40 -0500 |
0 | 11 |
0 | Source: pollen | |
1 | Section: admin | |
2 | Priority: optional | |
3 | Maintainer: Thorsten Alteholz <debian@alteholz.de> | |
4 | Build-Depends: debhelper (>= 11) | |
5 | , dh-apparmor | |
6 | , dh-golang | |
7 | , golang-go | |
8 | Standards-Version: 4.3.0 | |
9 | Homepage: http://launchpad.net/pollen | |
10 | ||
11 | Package: pollen | |
12 | Architecture: any | |
13 | Built-Using: ${misc:Built-Using} | |
14 | Depends: ${misc:Depends}, ${shlibs:Depends} | |
15 | , libcap2-bin | |
16 | , ent | |
17 | , adduser | |
18 | Recommends: pollinate | |
19 | , rng-tools | |
20 | Suggests: apparmor (>= 2.3) | |
21 | Description: Entropy-as-a-Service web server | |
22 | Pollen is an Entropy-as-a-Service web server, providing random seeds. | |
23 | This can be performed over both cleartext http and encrypted | |
24 | https TLS connections. |
0 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ | |
1 | Upstream-Name: pollen | |
2 | Upstream-Contact: Dustin Kirkland <dustin.kirkland@gmail.com> | |
3 | Source: http://launchpad.net/pollen | |
4 | ||
5 | Files: * | |
6 | Copyright: 2012-2014, Dustin Kirkland <dustin.kirkland@gmail.com> | |
7 | License: AGPL-3 | |
8 | ||
9 | Files: usr.bin.pollen | |
10 | Copyright: 2014, Dustin Kirkland <dustin.kirkland@gmail.com> | |
11 | 2014 Canonical Ltd. | |
12 | License: GPL-3 | |
13 | ||
14 | Files: debian/* | |
15 | Copyright: 2012-2014, Dustin Kirkland <dustin.kirkland@gmail.com> | |
16 | 2019, Thorsten Alteholz <debian@alteholz.de> | |
17 | License: AGPL-3 | |
18 | ||
19 | License: AGPL-3 | |
20 | GNU AFFERO GENERAL PUBLIC LICENSE | |
21 | Version 3, 19 November 2007 | |
22 | . | |
23 | Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> | |
24 | Everyone is permitted to copy and distribute | |
25 | verbatim copies of this license document, | |
26 | but changing it is not allowed. | |
27 | . | |
28 | Preamble | |
29 | . | |
30 | The GNU Affero General Public License is a free, copyleft license | |
31 | for software and other kinds of works, | |
32 | specifically designed to ensure cooperation with the community | |
33 | in the case of network server software. | |
34 | . | |
35 | The licenses for most software and other practical works | |
36 | are designed to take away your freedom to share and change the works. | |
37 | By contrast, our General Public Licenses are intended | |
38 | to guarantee your freedom to share | |
39 | and change all versions of a program-- | |
40 | to make sure it remains free software for all its users. | |
41 | . | |
42 | When we speak of free software, | |
43 | we are referring to freedom, not price. | |
44 | Our General Public Licenses are designed | |
45 | to make sure that you have the freedom | |
46 | to distribute copies of free software | |
47 | (and charge for them if you wish), | |
48 | that you receive source code or can get it if you want it, | |
49 | that you can change the software | |
50 | or use pieces of it in new free programs, | |
51 | and that you know you can do these things. | |
52 | . | |
53 | Developers that use our General Public Licenses | |
54 | protect your rights with two steps: | |
55 | (1) assert copyright on the software, | |
56 | and (2) offer you this License | |
57 | which gives you legal permission | |
58 | to copy, distribute and/or modify the software. | |
59 | . | |
60 | A secondary benefit of defending all users' freedom is | |
61 | that improvements made in alternate versions of the program, | |
62 | if they receive widespread use, | |
63 | become available for other developers to incorporate. | |
64 | Many developers of free software are heartened and encouraged | |
65 | by the resulting cooperation. | |
66 | However, in the case of software used on network servers, | |
67 | this result may fail to come about. | |
68 | The GNU General Public License permits | |
69 | making a modified version and letting the public access it on a server | |
70 | without ever releasing its source code to the public. | |
71 | . | |
72 | The GNU Affero General Public License is designed | |
73 | specifically to ensure that, in such cases, | |
74 | the modified source code becomes available to the community. | |
75 | It requires the operator of a network server to provide | |
76 | the source code of the modified version running there | |
77 | to the users of that server. | |
78 | Therefore, public use of a modified version, | |
79 | on a publicly accessible server, | |
80 | gives the public access to the source code of the modified version. | |
81 | . | |
82 | An older license, | |
83 | called the Affero General Public License and published by Affero, | |
84 | was designed to accomplish similar goals. | |
85 | This is a different license, not a version of the Affero GPL, | |
86 | but Affero has released a new version of the Affero GPL | |
87 | which permits relicensing under this license. | |
88 | . | |
89 | The precise terms and conditions | |
90 | for copying, distribution and modification follow. | |
91 | . | |
92 | TERMS AND CONDITIONS | |
93 | . | |
94 | 0. Definitions. | |
95 | . | |
96 | "This License" refers to version 3 | |
97 | of the GNU Affero General Public License. | |
98 | . | |
99 | "Copyright" also means copyright-like laws that apply | |
100 | to other kinds of works, such as semiconductor masks. | |
101 | . | |
102 | "The Program" refers to any copyrightable work | |
103 | licensed under this License. | |
104 | Each licensee is addressed as "you". | |
105 | "Licensees" and "recipients" may be individuals or organizations. | |
106 | . | |
107 | To "modify" a work means to copy from or adapt all or part of the work | |
108 | in a fashion requiring copyright permission, | |
109 | other than the making of an exact copy. | |
110 | The resulting work is called a "modified version" of the earlier work | |
111 | or a work "based on" the earlier work. | |
112 | . | |
113 | A "covered work" means either the unmodified Program | |
114 | or a work based on the Program. | |
115 | . | |
116 | To "propagate" a work means to do anything with it | |
117 | that, without permission, would make you directly or secondarily liable | |
118 | for infringement under applicable copyright law, | |
119 | except executing it on a computer or modifying a private copy. | |
120 | Propagation includes copying, | |
121 | distribution (with or without modification), | |
122 | making available to the public, | |
123 | and in some countries other activities as well. | |
124 | . | |
125 | To "convey" a work means any kind of propagation | |
126 | that enables other parties to make or receive copies. | |
127 | Mere interaction with a user through a computer network, | |
128 | with no transfer of a copy, | |
129 | is not conveying. | |
130 | . | |
131 | An interactive user interface displays "Appropriate Legal Notices" | |
132 | to the extent that it includes | |
133 | a convenient and prominently visible feature | |
134 | that (1) displays an appropriate copyright notice, | |
135 | and (2) tells the user that there is no warranty for the work | |
136 | (except to the extent that warranties are provided), | |
137 | that licensees may convey the work under this License, | |
138 | and how to view a copy of this License. | |
139 | If the interface presents | |
140 | a list of user commands or options, such as a menu, | |
141 | a prominent item in the list meets this criterion. | |
142 | . | |
143 | 1. Source Code. | |
144 | . | |
145 | The "source code" for a work means | |
146 | the preferred form of the work for making modifications to it. | |
147 | "Object code" means any non-source form of a work. | |
148 | . | |
149 | A "Standard Interface" means | |
150 | an interface that either is an official standard | |
151 | defined by a recognized standards body, | |
152 | or, in the case of interfaces | |
153 | specified for a particular programming language, | |
154 | one that is widely used among developers working in that language. | |
155 | . | |
156 | The "System Libraries" of an executable work include anything, | |
157 | other than the work as a whole, | |
158 | that (a) is included in the normal form of packaging a Major Component, | |
159 | but which is not part of that Major Component, | |
160 | and (b) serves only | |
161 | to enable use of the work with that Major Component, | |
162 | or to implement a Standard Interface | |
163 | for which an implementation is available to the public | |
164 | in source code form. | |
165 | A "Major Component", in this context, means | |
166 | a major essential component (kernel, window system, and so on) | |
167 | of the specific operating system (if any) | |
168 | on which the executable work runs, | |
169 | or a compiler used to produce the work, | |
170 | or an object code interpreter used to run it. | |
171 | . | |
172 | The "Corresponding Source" for a work in object code form means | |
173 | all the source code needed to generate, install, | |
174 | and (for an executable work) run the object code | |
175 | and to modify the work, | |
176 | including scripts to control those activities. | |
177 | However, it does not include the work's System Libraries, | |
178 | or general-purpose tools or generally available free programs | |
179 | which are used unmodified in performing those activities | |
180 | but which are not part of the work. | |
181 | For example, Corresponding Source includes | |
182 | interface definition files associated with source files for the work, | |
183 | and the source code for shared libraries | |
184 | and dynamically linked subprograms | |
185 | that the work is specifically designed to require, | |
186 | such as by intimate data communication or control flow | |
187 | between those subprograms and other parts of the work. | |
188 | . | |
189 | The Corresponding Source need not include | |
190 | anything that users can regenerate automatically | |
191 | from other parts of the Corresponding Source. | |
192 | . | |
193 | The Corresponding Source for a work in source code form | |
194 | is that same work. | |
195 | . | |
196 | 2. Basic Permissions. | |
197 | . | |
198 | All rights granted under this License are granted | |
199 | for the term of copyright on the Program, | |
200 | and are irrevocable provided the stated conditions are met. | |
201 | This License explicitly affirms your unlimited permission | |
202 | to run the unmodified Program. | |
203 | The output from running a covered work is covered by this License | |
204 | only if the output, given its content, constitutes a covered work. | |
205 | This License acknowledges your rights of fair use | |
206 | or other equivalent, as provided by copyright law. | |
207 | . | |
208 | You may make, run and propagate | |
209 | covered works that you do not convey, | |
210 | without conditions | |
211 | so long as your license otherwise remains in force. | |
212 | You may convey covered works to others | |
213 | for the sole purpose of having them | |
214 | make modifications exclusively for you, | |
215 | or provide you with facilities for running those works, | |
216 | provided that you comply with the terms of this License | |
217 | in conveying all material | |
218 | for which you do not control copyright. | |
219 | Those thus making or running the covered works for you | |
220 | must do so exclusively on your behalf, | |
221 | under your direction and control, | |
222 | on terms that prohibit them from making any copies | |
223 | of your copyrighted material | |
224 | outside their relationship with you. | |
225 | . | |
226 | Conveying under any other circumstances is permitted | |
227 | solely under the conditions stated below. | |
228 | Sublicensing is not allowed; | |
229 | section 10 makes it unnecessary. | |
230 | . | |
231 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. | |
232 | . | |
233 | No covered work shall be deemed | |
234 | part of an effective technological measure | |
235 | under any applicable law fulfilling obligations | |
236 | under article 11 of the WIPO copyright treaty | |
237 | adopted on 20 December 1996, | |
238 | or similar laws prohibiting or restricting | |
239 | circumvention of such measures. | |
240 | . | |
241 | When you convey a covered work, | |
242 | you waive any legal power | |
243 | to forbid circumvention of technological measures | |
244 | to the extent such circumvention is effected | |
245 | by exercising rights under this License | |
246 | with respect to the covered work, | |
247 | and you disclaim any intention | |
248 | to limit operation or modification of the work | |
249 | as a means of enforcing, against the work's users, | |
250 | your or third parties' legal rights | |
251 | to forbid circumvention of technological measures. | |
252 | . | |
253 | 4. Conveying Verbatim Copies. | |
254 | . | |
255 | You may convey verbatim copies of the Program's source code | |
256 | as you receive it, in any medium, | |
257 | provided that you conspicuously and appropriately publish | |
258 | on each copy an appropriate copyright notice; | |
259 | keep intact all notices | |
260 | stating that this License and any non-permissive terms | |
261 | added in accord with section 7 apply to the code; | |
262 | keep intact all notices | |
263 | of the absence of any warranty; | |
264 | and give all recipients a copy of this License | |
265 | along with the Program. | |
266 | . | |
267 | You may charge any price or no price | |
268 | for each copy that you convey, | |
269 | and you may offer support or warranty protection for a fee. | |
270 | . | |
271 | 5. Conveying Modified Source Versions. | |
272 | . | |
273 | You may convey a work based on the Program, | |
274 | or the modifications to produce it from the Program, | |
275 | in the form of source code | |
276 | under the terms of section 4, | |
277 | provided that you also meet all of these conditions: | |
278 | . | |
279 | a) The work must carry prominent notices | |
280 | stating that you modified it, and giving a relevant date. | |
281 | . | |
282 | b) The work must carry prominent notices | |
283 | stating that it is released under this License | |
284 | and any conditions added under section 7. | |
285 | This requirement modifies | |
286 | the requirement in section 4 to "keep intact all notices". | |
287 | . | |
288 | c) You must license the entire work, as a whole, under this License | |
289 | to anyone who comes into possession of a copy. | |
290 | This License will therefore apply, | |
291 | along with any applicable section 7 additional terms, | |
292 | to the whole of the work, and all its parts, | |
293 | regardless of how they are packaged. | |
294 | This License gives no permission | |
295 | to license the work in any other way, | |
296 | but it does not invalidate such permission | |
297 | if you have separately received it. | |
298 | . | |
299 | d) If the work has interactive user interfaces, | |
300 | each must display Appropriate Legal Notices; | |
301 | however, if the Program has interactive interfaces | |
302 | that do not display Appropriate Legal Notices, | |
303 | your work need not make them do so. | |
304 | . | |
305 | A compilation of a covered work | |
306 | with other separate and independent works, | |
307 | which are not by their nature extensions of the covered work, | |
308 | and which are not combined with it such as to form a larger program, | |
309 | in or on a volume of a storage or distribution medium, | |
310 | is called an "aggregate" | |
311 | if the compilation and its resulting copyright are not used | |
312 | to limit the access or legal rights of the compilation's users | |
313 | beyond what the individual works permit. | |
314 | Inclusion of a covered work in an aggregate | |
315 | does not cause this License to apply | |
316 | to the other parts of the aggregate. | |
317 | . | |
318 | 6. Conveying Non-Source Forms. | |
319 | . | |
320 | You may convey a covered work in object code form | |
321 | under the terms of sections 4 and 5, | |
322 | provided that you also convey the machine-readable Corresponding Source | |
323 | under the terms of this License, | |
324 | in one of these ways: | |
325 | . | |
326 | a) Convey the object code in, or embodied in, a physical product | |
327 | (including a physical distribution medium), | |
328 | accompanied by the Corresponding Source | |
329 | fixed on a durable physical medium | |
330 | customarily used for software interchange. | |
331 | . | |
332 | b) Convey the object code in, or embodied in, a physical product | |
333 | (including a physical distribution medium), | |
334 | accompanied by a written offer, | |
335 | valid for at least three years | |
336 | and valid for as long as you offer spare parts or customer support | |
337 | for that product model, | |
338 | to give anyone who possesses the object code | |
339 | either (1) a copy of the Corresponding Source | |
340 | for all the software in the product that is covered by this License, | |
341 | on a durable physical medium | |
342 | customarily used for software interchange, | |
343 | for a price no more than your reasonable cost | |
344 | of physically performing this conveying of source, | |
345 | or (2) access to copy the Corresponding Source | |
346 | from a network server at no charge. | |
347 | . | |
348 | c) Convey individual copies of the object code | |
349 | with a copy of the written offer to provide the Corresponding Source. | |
350 | This alternative is allowed only occasionally and noncommercially, | |
351 | and only if you received the object code with such an offer, | |
352 | in accord with subsection 6b. | |
353 | . | |
354 | d) Convey the object code by offering access from a designated place | |
355 | (gratis or for a charge), | |
356 | and offer equivalent access to the Corresponding Source | |
357 | in the same way through the same place at no further charge. | |
358 | You need not require recipients to copy the Corresponding Source | |
359 | along with the object code. | |
360 | If the place to copy the object code is a network server, | |
361 | the Corresponding Source may be on a different server | |
362 | (operated by you or a third party) | |
363 | that supports equivalent copying facilities, | |
364 | provided you maintain clear directions next to the object code | |
365 | saying where to find the Corresponding Source. | |
366 | Regardless of what server hosts the Corresponding Source, | |
367 | you remain obligated to ensure that it is available | |
368 | for as long as needed to satisfy these requirements. | |
369 | . | |
370 | e) Convey the object code using peer-to-peer transmission, | |
371 | provided you inform other peers | |
372 | where the object code and Corresponding Source of the work | |
373 | are being offered to the general public | |
374 | at no charge under subsection 6d. | |
375 | . | |
376 | A separable portion of the object code, | |
377 | whose source code is excluded | |
378 | from the Corresponding Source as a System Library, | |
379 | need not be included in conveying the object code work. | |
380 | . | |
381 | A "User Product" is either (1) a "consumer product", | |
382 | which means any tangible personal property | |
383 | which is normally used for personal, family, or household purposes, | |
384 | or (2) anything designed or sold for incorporation into a dwelling. | |
385 | In determining whether a product is a consumer product, | |
386 | doubtful cases shall be resolved in favor of coverage. | |
387 | For a particular product received by a particular user, | |
388 | "normally used" refers to a typical or common use | |
389 | of that class of product, | |
390 | regardless of the status of the particular user | |
391 | or of the way in which the particular user actually uses, | |
392 | or expects or is expected to use, | |
393 | the product. | |
394 | A product is a consumer product | |
395 | regardless of whether the product has substantial commercial, | |
396 | industrial or non-consumer uses, | |
397 | unless such uses represent the only significant mode | |
398 | of use of the product. | |
399 | . | |
400 | "Installation Information" for a User Product means | |
401 | any methods, procedures, authorization keys, or other information | |
402 | required to install and execute modified versions of a covered work | |
403 | in that User Product | |
404 | from a modified version of its Corresponding Source. | |
405 | The information must suffice to ensure | |
406 | that the continued functioning of the modified object code | |
407 | is in no case prevented or interfered with | |
408 | solely because modification has been made. | |
409 | . | |
410 | If you convey an object code work under this section | |
411 | in, or with, or specifically for use in, a User Product, | |
412 | and the conveying occurs as part of a transaction | |
413 | in which the right of possession and use of the User Product | |
414 | is transferred to the recipient | |
415 | in perpetuity or for a fixed term | |
416 | (regardless of how the transaction is characterized), | |
417 | the Corresponding Source conveyed under this section must | |
418 | be accompanied by the Installation Information. | |
419 | But this requirement does not apply | |
420 | if neither you nor any third party retains | |
421 | the ability to install modified object code on the User Product | |
422 | (for example, the work has been installed in ROM). | |
423 | . | |
424 | The requirement to provide Installation Information does not include | |
425 | a requirement to continue to provide support service, warranty, | |
426 | or updates for a work | |
427 | that has been modified or installed by the recipient, | |
428 | or for the User Product in which it has been modified or installed. | |
429 | Access to a network may be denied | |
430 | when the modification itself materially and adversely affects | |
431 | the operation of the network | |
432 | or violates the rules and protocols | |
433 | for communication across the network. | |
434 | . | |
435 | Corresponding Source conveyed, | |
436 | and Installation Information provided, | |
437 | in accord with this section must be in a format | |
438 | that is publicly documented | |
439 | (and with an implementation available to the public | |
440 | in source code form), | |
441 | and must require no special password or key | |
442 | for unpacking, reading or copying. | |
443 | . | |
444 | 7. Additional Terms. | |
445 | . | |
446 | "Additional permissions" are terms | |
447 | that supplement the terms of this License | |
448 | by making exceptions from one or more of its conditions. | |
449 | Additional permissions that are applicable to the entire Program | |
450 | shall be treated as though they were included in this License, | |
451 | to the extent that they are valid under applicable law. | |
452 | If additional permissions apply only to part of the Program, | |
453 | that part may be used separately under those permissions, | |
454 | but the entire Program remains governed by this License | |
455 | without regard to the additional permissions. | |
456 | . | |
457 | When you convey a copy of a covered work, | |
458 | you may at your option remove any additional permissions | |
459 | from that copy, or from any part of it. | |
460 | (Additional permissions may be written to require their own removal | |
461 | in certain cases when you modify the work.) | |
462 | You may place additional permissions on material, | |
463 | added by you to a covered work, | |
464 | for which you have or can give appropriate copyright permission. | |
465 | . | |
466 | Notwithstanding any other provision of this License, | |
467 | for material you add to a covered work, you may | |
468 | (if authorized by the copyright holders of that material) | |
469 | supplement the terms of this License with terms: | |
470 | . | |
471 | a) Disclaiming warranty or limiting liability | |
472 | differently from the terms of sections 15 and 16 of this License; or | |
473 | . | |
474 | b) Requiring preservation | |
475 | of specified reasonable legal notices | |
476 | or author attributions in that material | |
477 | or in the Appropriate Legal Notices | |
478 | displayed by works containing it; or | |
479 | . | |
480 | c) Prohibiting misrepresentation of the origin of that material, | |
481 | or requiring that modified versions of such material be marked | |
482 | in reasonable ways as different from the original version; or | |
483 | . | |
484 | d) Limiting the use for publicity purposes | |
485 | of names of licensors or authors of the material; or | |
486 | . | |
487 | e) Declining to grant rights under trademark law | |
488 | for use of some trade names, trademarks, or service marks; or | |
489 | . | |
490 | f) Requiring indemnification | |
491 | of licensors and authors of that material | |
492 | by anyone who conveys the material (or modified versions of it) | |
493 | with contractual assumptions of liability to the recipient, | |
494 | for any liability that these contractual assumptions directly impose | |
495 | on those licensors and authors. | |
496 | . | |
497 | All other non-permissive additional terms | |
498 | are considered "further restrictions" | |
499 | within the meaning of section 10. | |
500 | If the Program as you received it, or any part of it, | |
501 | contains a notice stating that it is governed by this License | |
502 | along with a term that is a further restriction, | |
503 | you may remove that term. | |
504 | If a license document contains a further restriction | |
505 | but permits relicensing or conveying under this License, | |
506 | you may add to a covered work material governed | |
507 | by the terms of that license document, | |
508 | provided that the further restriction does not survive | |
509 | such relicensing or conveying. | |
510 | . | |
511 | If you add ter a covered work in accord with this section, | |
512 | you must place, in the relevant source files, a statement | |
513 | of the additional terms that apply to those files, | |
514 | or a notice indicating where to find the applicable terms. | |
515 | . | |
516 | Additional terms, permissive or non-permissive, may be stated | |
517 | in the form of a separately written license, | |
518 | or stated as exceptions; | |
519 | the above requirements apply either way. | |
520 | . | |
521 | 8. Termination. | |
522 | . | |
523 | You may not propagate or modify a covered work | |
524 | except as expressly provided under this License. | |
525 | Any attempt otherwise to propagate or modify it is void, | |
526 | and will automatically terminate your rights under this License | |
527 | (including any patent licenses granted | |
528 | under the third paragraph of section 11). | |
529 | . | |
530 | However, if you cease all violation of this License, | |
531 | then your license from a particular copyright holder is reinstated | |
532 | (a) provisionally, | |
533 | unless and until the copyright holder explicitly and finally | |
534 | terminates your license, | |
535 | and (b) permanently, | |
536 | if the copyright holder fails to notify you of the violation | |
537 | by some reasonable means prior to 60 days after the cessation. | |
538 | . | |
539 | Moreover, your license from a particular copyright holder | |
540 | is reinstated permanently | |
541 | if the copyright holder notifies you | |
542 | of the violation by some reasonable means, | |
543 | this is the first time you have received notice | |
544 | of violation of this License (for any work) | |
545 | from that copyright holder, | |
546 | and you cure the violation | |
547 | prior to 30 days after your receipt of the notice. | |
548 | . | |
549 | Termination of your rights under this section does not terminate | |
550 | the licenses of parties who have received copies or rights | |
551 | from you under this License. | |
552 | If your rights have been terminated and not permanently reinstated, | |
553 | you do not qualify to receive new licenses for the same material | |
554 | under section 10. | |
555 | . | |
556 | 9. Acceptance Not Required for Having Copies. | |
557 | . | |
558 | You are not required to accept this License | |
559 | in order to receive or run a copy of the Program. | |
560 | Ancillary propagation | |
561 | of a covered work occurring solely as a consequence | |
562 | of using peer-to-peer transmission to receive a copy | |
563 | likewise does not require acceptance. | |
564 | However, nothing other than this License grants you | |
565 | permission to propagate or modify any covered work. | |
566 | These actions infringe copyright | |
567 | if you do not accept this License. | |
568 | Therefore, by modifying or propagating a covered work, | |
569 | you indicate your acceptance of this License to do so. | |
570 | . | |
571 | 10. Automatic Licensing of Downstream Recipients. | |
572 | . | |
573 | Each time you convey a covered work, | |
574 | the recipient automatically receives | |
575 | a license from the original licensors, | |
576 | to run, modify and propagate that work, | |
577 | subject to this License. | |
578 | You are not responsible for enforcing compliance by third parties | |
579 | with this License. | |
580 | . | |
581 | An "entity transaction" is a transaction transferring control | |
582 | of an organization, or substantially all assets of one, | |
583 | or subdividing an organization, | |
584 | or merging organizations. | |
585 | If propagation of a covered work results from an entity transaction, | |
586 | each party to that transaction who receives a copy of the work | |
587 | also receives whatever licenses to the work | |
588 | the party's predecessor in interest had or could give | |
589 | under the previous paragraph, | |
590 | plus a right to possession of the Corresponding Source of the work | |
591 | from the predecessor in interest, | |
592 | if the predecessor has it or can get it with reasonable efforts. | |
593 | . | |
594 | You may not impose any further restrictions | |
595 | on the exercise of the rights granted or affirmed under this License. | |
596 | For example, you may not impose | |
597 | a license fee, royalty, or other charge | |
598 | for exercise of rights granted under this Licensend you may not initiate litigation | |
599 | (including a cross-claim or counterclaim in a lawsuit) | |
600 | alleging that any patent claim is infringed | |
601 | by making, using, selling, offering for sale, or importing | |
602 | the Program or any portion of it. | |
603 | . | |
604 | 11. Patents. | |
605 | . | |
606 | A "contributor" is a copyright holder | |
607 | who authorizes use under this License of the Program | |
608 | or a work on which the Program is based. | |
609 | The work thus licensed is called | |
610 | the contributor's "contributor version". | |
611 | . | |
612 | A contributor's "essential patent claims" are all patent claims | |
613 | owned or controlled by the contributor, | |
614 | whether already acquired or hereafter acquired, | |
615 | that would be infringed by some manner, | |
616 | permitted by this License, | |
617 | of making, using, or selling its contributor version, | |
618 | but do not include claims | |
619 | that would be infringed only as a consequence | |
620 | of further modification of the contributor version. | |
621 | For purposes of this definition, "control" includes the right | |
622 | to grant patent sublicenses in a manner | |
623 | consistent with the requirements of this License. | |
624 | . | |
625 | Each contributor grants you | |
626 | a non-exclusive, worldwide, royalty-free patent license | |
627 | under the contributor's essential patent claims, | |
628 | to make, use, sell, offer for sale, import and otherwise run, modify | |
629 | and propagate the contents of its contributor version. | |
630 | . | |
631 | In the following three paragraphs, | |
632 | a "patent license" is any express agreement or commitment, | |
633 | however denominated, not to enforce a patent | |
634 | (such as an express permission to practice a patent | |
635 | or covenant not to sue for patent infringement). | |
636 | To "grant" such a patent license to a party means | |
637 | to make such an agreement or commitment | |
638 | not to enforce a patent against the party. | |
639 | . | |
640 | If you convey a covered work, | |
641 | knowingly relying on a patent license, | |
642 | and the Corresponding Source of the work is not available | |
643 | for anyone to copy, | |
644 | free of charge and under the terms of this License, | |
645 | through a publicly available network server | |
646 | or other readily accessible means, | |
647 | then you must either | |
648 | (1) cause the Corresponding Source to be so available, | |
649 | or (2) arrange to deprive yourself of the benefit | |
650 | of the patent license for this particular work, | |
651 | or (3) arrange, | |
652 | in a manner consistent with the requirements of this License, | |
653 | to extend the patent license to downstream recipients. | |
654 | "Knowingly relying" means | |
655 | you have actual knowledge that, but for the patent license, | |
656 | your conveying the covered work in a country, | |
657 | or your recipient's use of the covered work in a country, | |
658 | would infringe one or more identifiable patents in that country | |
659 | that you have reason to believe are valid. | |
660 | . | |
661 | If, pursuant to or in connection | |
662 | with a single transaction or arrangement, | |
663 | you convey, or propagate by procuring conveyance of, a covered work, | |
664 | and grant a patent license to some of the parties | |
665 | receiving the covered work authorizing them | |
666 | to use, propagate, modify or convey a specific copy of the covered work, | |
667 | then the patent license you grant is automatically extended | |
668 | to all recipients of the covered work and works based on it. | |
669 | . | |
670 | A patent license is "discriminatory" | |
671 | if it does not include within the scope of its coverage, | |
672 | prohibits the exercise of, or is conditioned on | |
673 | the non-exercise of one or more of the rights | |
674 | that are specifically granted under this License. | |
675 | You may not convey a covered work | |
676 | if you are a party to an arrangement with a third party | |
677 | that is in the business of distributing software, | |
678 | under which you make payment to the third party | |
679 | based on the extent of your activity of conveying the work, | |
680 | and under which the third party grants, | |
681 | to any of the partieo would receive the covered work from you, | |
682 | a discriminatory patent license | |
683 | (a) in connection with copies of the covered work conveyed by you | |
684 | (or copies made from those copies), | |
685 | or (b) primarily for and in connection with specific products | |
686 | or compilations that contain the covered work, | |
687 | unless you entered into that arrangement, | |
688 | or that patent license was granted, | |
689 | prior to 28 March 2007. | |
690 | . | |
691 | Nothing in this License shall be construed as excluding or limiting | |
692 | any implied license or other defenses to infringement | |
693 | that may otherwise be available to you under applicable patent law. | |
694 | . | |
695 | 12. No Surrender of Others' Freedom. | |
696 | . | |
697 | If conditions are imposed on you | |
698 | (whether by court order, agreement or otherwise) | |
699 | that contradict the conditions of this License, | |
700 | they do not excuse you from the conditions of this License. | |
701 | If you cannot convey a covered work | |
702 | so as to satisfy simultaneously your obligations | |
703 | under this License and any other pertinent obligations, | |
704 | then as a consequence you may not convey it at all. | |
705 | For example, if you agree to terms that obligate you | |
706 | to collect a royalty for further conveying from those | |
707 | to whom you convey the Program, | |
708 | the only way you could satisfy both those terms and this License | |
709 | would be to refrain entirely from conveying the Program. | |
710 | . | |
711 | 13. Remote Network Interaction; | |
712 | Use with the GNU General Public License. | |
713 | . | |
714 | Notwithstanding any other provision of this License, | |
715 | if you modify the Program, | |
716 | your modified version must prominently offer | |
717 | all users interacting with it remotely through a computer network | |
718 | (if your version supports such interaction) | |
719 | an opportunity to receive the Corresponding Source of your version | |
720 | by providing access to the Corresponding Source | |
721 | from a network server at no charge, | |
722 | through some standard or customary means | |
723 | of facilitating copying of software. | |
724 | This Corresponding Source shall include | |
725 | the Corresponding Source for any work covered | |
726 | by version 3 of the GNU General Public License | |
727 | that is incorporated pursuant to the following paragraph. | |
728 | . | |
729 | Notwithstanding any other provision of this License, | |
730 | you have permission to link or combine any covered work | |
731 | with a work licensed | |
732 | under version 3 of the GNU General Public License | |
733 | into a single combined work, and to convey the resulting work. | |
734 | The terms of this License will continue to apply | |
735 | to the part which is the covered work, | |
736 | but the work with which it is combined will remain governed | |
737 | by version 3 of the GNU General Public License. | |
738 | . | |
739 | 14. Revised Versions of this License. | |
740 | . | |
741 | The Free Software Foundation may publish revised and/or new versions | |
742 | of the GNU Affero General Public License from time to time. | |
743 | Such new versions will be similar in spirit to the present version, | |
744 | but may differ in detail to address new problems or concerns. | |
745 | . | |
746 | Each version is given a distinguishing version number. | |
747 | If the Program specifies that a certain numbered version | |
748 | of the GNU Affero General Public License | |
749 | "or any later version" applies to it, | |
750 | you have the option of following the terms and conditions | |
751 | either of that numbered version | |
752 | or of any later version | |
753 | published by the Free Software Foundation. | |
754 | If the Program does not specify a version number | |
755 | of the GNU Affero General Public License, | |
756 | you may choose any version ever | |
757 | published by the Free Software Foundation. | |
758 | . | |
759 | If the Program specifies that a proxy can decide | |
760 | which future versions | |
761 | of the GNU Affero General Public License can be used, | |
762 | that proxy's public statement of acceptance of a version | |
763 | permanently authorizes you to choose that version for the Progr. | |
764 | Later license versions may give you | |
765 | additional or different permissions. | |
766 | However, no additional obligations are imposed | |
767 | on any author or copyright holder | |
768 | as a result of your choosing to follow a later version. | |
769 | . | |
770 | 15. Disclaimer of Warranty. | |
771 | . | |
772 | THERE IS NO WARRANTY FOR THE PROGRAM, | |
773 | TO THE EXTENT PERMITTED BY APPLICABLE LAW. | |
774 | EXCEPT WHEN OTHERWISE STATED IN WRITING | |
775 | THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" | |
776 | WITHOUT WARRANTY OF ANY KIND, | |
777 | EITHER EXPRESSED OR IMPLIED, | |
778 | INCLUDING, BUT NOT LIMITED TO, | |
779 | THE IMPLIED WARRANTIES OF MERCHANTABILITY | |
780 | AND FITNESS FOR A PARTICULAR PURPOSE. | |
781 | THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM | |
782 | IS WITH YOU. | |
783 | SHOULD THE PROGRAM PROVE DEFECTIVE, | |
784 | YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. | |
785 | . | |
786 | 16. Limitation of Liability. | |
787 | . | |
788 | IN NO EVENT | |
789 | UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING | |
790 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY | |
791 | WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, | |
792 | BE LIABLE TO YOU FOR DAMAGES, | |
793 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES | |
794 | ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM | |
795 | (INCLUDING BUT NOT LIMITED TO | |
796 | LOSS OF DATA OR DATA BEING RENDERED INACCURATE | |
797 | OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES | |
798 | OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), | |
799 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED | |
800 | OF THE POSSIBILITY OF SUCH DAMAGES. | |
801 | . | |
802 | 17. Interpretation of Sections 15 and 16. | |
803 | . | |
804 | If the disclaimer | |
805 | of warranty and limitation of liability provided above | |
806 | cannot be given local legal effect according to their terms, | |
807 | reviewing courts shall apply local law | |
808 | that most closely approximates an absolute waiver | |
809 | of all civil liability in connection with the Program, | |
810 | unless a warranty or assumption of liability accompanies | |
811 | a copy of the Program in return for a fee. | |
812 | . | |
813 | END OF TERMS AND CONDITIONS | |
814 | . | |
815 | How to Apply These Terms to Your New Programs | |
816 | . | |
817 | If you develop a new program, | |
818 | and you want it to be of the greatest possible use to the public, | |
819 | the best way to achieve this is to make it free software | |
820 | which everyone can redistribute and change under these terms. | |
821 | . | |
822 | To do so, attach the following notices to the program. | |
823 | It is safest to attach them to the start of each source file | |
824 | to most effectively state the exclusion of warranty; | |
825 | and each file should have at least the "copyright" line | |
826 | and a pointer to where the full notice is found. | |
827 | . | |
828 | <one line to give the program's name and a brief idea of what it does.> | |
829 | Copyright (C) <year> <name of author> | |
830 | . | |
831 | This program is free software: | |
832 | you can redistribute it and/or modify it | |
833 | under the terms of the GNU Affero General Public License | |
834 | as published by the Free Software Foundation, | |
835 | either version 3 of the License, or (at your option) any later version. | |
836 | . | |
837 | This program is distributed in the hope that it will be useful, | |
838 | but WITHOUT ANY WARRANTY; | |
839 | without even the implied warranty | |
840 | of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
841 | See the GNU Affero General Public License for more details. | |
842 | . | |
843 | You should have received | |
844 | a copy of the GNU Affero General Public License | |
845 | along with this program. | |
846 | If not, see <http://www.gnu.org/licenses/>. | |
847 | . | |
848 | Also add information on how to contact you | |
849 | by electronic and paper mail. | |
850 | . | |
851 | If your software can interact with users | |
852 | remotely through a computer network, | |
853 | you should also make sure that it provides | |
854 | a way for users to get its source. | |
855 | For example, if your program is a web application, | |
856 | its interface could display a "Source"at leads users to an archive of the code. | |
857 | There are many ways you could offer source, | |
858 | and different solutions will be better for different programs; | |
859 | see section 13 for the specific requirements. | |
860 | . | |
861 | You should also get your employer (if you work as a programmer) | |
862 | or school, if any, to sign | |
863 | a "copyright disclaimer" for the program, if necessary. | |
864 | For more information on this, | |
865 | and how to apply and follow the GNU AGPL, | |
866 | see <http://www.gnu.org/licenses/>. | |
867 | ||
868 | License: GPL-3 | |
869 | This program is free software; you can redistribute it and/or modify | |
870 | it under the terms of the GNU General Public License as published by | |
871 | the Free Software Foundation; version 3. | |
872 | . | |
873 | This program is distributed in the hope that it will be useful, | |
874 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
875 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
876 | GNU General Public License for more details. | |
877 | . | |
878 | You should have received a copy of the GNU General Public License | |
879 | along with this program; if not, write to the Free Software | |
880 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, | |
881 | MA 02110-1301, USA | |
882 | . | |
883 | On Debian systems the full text of the GNU General Public License can be found | |
884 | in the `/usr/share/common-licenses/GPL-3' file. |
0 | Description: check_pollen needs pollinate, so this script is better suited | |
1 | in package pollinate | |
2 | Author: Thorsten Alteholz <debian@alteholz.de> | |
3 | Index: pollen-4.21/check_pollen | |
4 | =================================================================== | |
5 | --- pollen-4.21.orig/check_pollen 2019-02-06 19:42:04.054819853 +0100 | |
6 | +++ pollen-4.21/check_pollen 2019-02-06 19:42:52.346819200 +0100 | |
7 | @@ -1,54 +1 @@ | |
8 | -#!/bin/sh | |
9 | -# | |
10 | -# check_pollen - verify the pollen server on localhost is operating correctly | |
11 | -# | |
12 | -# Copyright (C) 2013 Dustin Kirkland <dustin.kirkland@gmail.com> | |
13 | -# | |
14 | -# This program is free software: you can redistribute it and/or modify | |
15 | -# it under the terms of the GNU Affero General Public License as published by | |
16 | -# the Free Software Foundation, version 3 of the License. | |
17 | -# | |
18 | -# This program is distributed in the hope that it will be useful, | |
19 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | -# GNU Affero General Public License for more details. | |
22 | -# | |
23 | -# You should have received a copy of the GNU Affero General Public License | |
24 | -# along with this program. If not, see <http://www.gnu.org/licenses/>. | |
25 | - | |
26 | - | |
27 | -TMPDIR=$(mktemp -d -t "pollen.XXXXXXXXXXXX") | |
28 | -trap "rm -rf ${TMPDIR} 2>/dev/null || true" EXIT HUP INT QUIT TERM | |
29 | - | |
30 | -md5sum1=$(grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true | md5sum) | |
31 | -pollinate -t -i -s localhost -b -d - >"$TMPDIR/out" 2>"$TMPDIR/err" && RC=0 || RC=$? | |
32 | -md5sum2=$(grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true | md5sum) | |
33 | -bytes=$(wc -c "$TMPDIR/out" | awk '{print $1}') | |
34 | -bpb=$(ent -t "$TMPDIR/out" | tail -n1 | awk -F, '{print $3}' | awk -F. '{print $1}') | |
35 | -mean=$(ent -t "$TMPDIR/out" | tail -n1 | awk -F, '{print $5}' | awk -F. '{print $1}') | |
36 | - | |
37 | -if [ "$RC" != "0" ]; then | |
38 | - echo "CRITICAL - pollen server did not properly respond to the test request [$RC]" | |
39 | - cat "$TMPDIR/err" 1>&2 | |
40 | - exit 2 | |
41 | -fi | |
42 | -if [ "$md5sum1" = "$md5sum2" ]; then | |
43 | - echo "CRITICAL - pollen server did not properly log the test request [$RC]" | |
44 | - grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true | |
45 | - exit 2 | |
46 | -fi | |
47 | -if [ -z "$bytes" ] || [ "$bytes" -lt 64 ]; then | |
48 | - echo "WARNING - pollen server did not respond with at least 64 bytes [$bytes]" | |
49 | - exit 1 | |
50 | -fi | |
51 | -if [ -z "$bpb" ] || [ "$bpb" -lt 5 ]; then | |
52 | - echo "WARNING - pollen server did not respond with sufficient entropy bits per byte [$bpb]" | |
53 | - exit 1 | |
54 | -fi | |
55 | -if [ -z "$mean" ] || [ "$mean" -lt 95 ] || [ "$mean" -gt 160 ]; then | |
56 | - echo "WARNING - pollen server responded with poor entropy (bad arithmetic mean [$mean])" | |
57 | - exit 1 | |
58 | -fi | |
59 | - | |
60 | -echo "OK - pollen server is online and responded correctly to the test request" | |
61 | -exit 0 | |
62 | +# This has been moved to package pollinate |
0 | check-pollen-to-pollianet.patch |
0 | # HTTP_PORT is the http port on which the pollen server should listen and respond. | |
1 | # Note that these connections will not be encrypted | |
2 | # Default: 80 | |
3 | HTTP_PORT="42080" | |
4 | ||
5 | # HTTPS_PORT is the https port on which the pollen server should listen and respond. | |
6 | # Note that these connections will be encrypted using TLS | |
7 | # Default: 443 | |
8 | HTTPS_PORT="42443" | |
9 | ||
10 | # DEVICE is the source of randomness for entropy read by the server, | |
11 | # and the destination for received and whitened entropy. | |
12 | # Default: /dev/random | |
13 | # Alternative: /dev/urandom | |
14 | DEVICE="/dev/random" | |
15 | ||
16 | # BYTES is the size in bytes to transmit and receive each time, to peers | |
17 | # or neighbors listening for broadcast in the pool. It is rude to set this | |
18 | # very high. | |
19 | # Default: 64 | |
20 | BYTES="64" | |
21 | ||
22 | # In case you don't want to have the stuff created during install, | |
23 | # the files below need to be obtained for example from Let's Encrypt | |
24 | # | |
25 | # CERT is the location of the TLS certificate | |
26 | # Default: /etc/pollen/cert.pem | |
27 | CERT="/etc/pollen/cert.pem" | |
28 | ||
29 | # KEY is the location of the TLS key | |
30 | # Default: /etc/pollen/key.pem | |
31 | KEY="/etc/pollen/key.pem" |
0 | # Golang code expects to be statically linked and built in this way | |
1 | pollen: unstripped-binary-or-object |
0 | pollen.8 |
0 | #!/bin/sh | |
1 | set -e | |
2 | ||
3 | PKG="pollen" | |
4 | DIR="/etc/$PKG" | |
5 | mkdir -p -m 700 "$DIR" | |
6 | PUB_CERT="$DIR/cert.pem" | |
7 | PK="$DIR/key.pem" | |
8 | CA="$DIR/ca.pem" | |
9 | ||
10 | # Create the pollen user if necessary | |
11 | if ! getent passwd $PKG >/dev/null; then | |
12 | adduser --disabled-password --quiet --system --home /var/cache/pollen --ingroup daemon $PKG --shell /bin/false | |
13 | fi | |
14 | ||
15 | # Set capabilities on the pollen binary to bind to privileged ports | |
16 | setcap 'cap_net_bind_service=+ep' /usr/bin/pollen | |
17 | [ -e /etc/apparmor.d/local/usr.bin.pollen ] || touch /etc/apparmor.d/local/usr.bin.pollen | |
18 | ||
19 | if [ ! -r "$PUB_CERT" ] || [ ! -r "$PK" ]; then | |
20 | install -m 600 /dev/null "$PUB_CERT" | |
21 | install -m 600 /dev/null "$PK" | |
22 | # Auto generate self signed certs if we don't have one already in place | |
23 | openssl req -new -newkey rsa:4096 -nodes -x509 -out "$PUB_CERT" -keyout "$PK" -days 3650 -subj "/C=US/ST=TX/L=Austin/CN=localhost/emailAddress=pollen@example.com" | |
24 | fi | |
25 | ||
26 | chown $PKG:root $DIR | |
27 | chown $PKG:root $DIR/* | |
28 | ||
29 | #DEBHELPER# |
0 | #! /bin/sh | |
1 | ||
2 | set -e | |
3 | PKG=pollen | |
4 | ||
5 | if [ "$1" = "purge" ]; then | |
6 | deluser --quiet --system $PKG > /dev/null || true | |
7 | rm -rf /etc/pollen || true | |
8 | fi | |
9 | ||
10 | #DEBHELPER# |
0 | [Unit] | |
1 | Description=Entropy as a Service | |
2 | After=network.target | |
3 | ||
4 | [Service] | |
5 | User=pollen | |
6 | EnvironmentFile=/etc/default/pollen | |
7 | # Ensure our device exists, and is a character device | |
8 | ExecStartPre=/bin/sh -c '[ -c "$DEVICE" ]' | |
9 | ExecStart=/usr/bin/pollen -http-port=${HTTP_PORT} -https-port=${HTTPS_PORT} -device=${DEVICE} -bytes=${BYTES} -cert=${CERT} -key=${KEY} | |
10 | Restart=on-failure | |
11 | ||
12 | [Install] | |
13 | WantedBy=multi-user.target |
0 | #!/usr/bin/make -f | |
1 | ||
2 | %: | |
3 | dh $@ --with golang | |
4 | ||
5 | override_dh_strip: | |
6 | true | |
7 | ||
8 | override_dh_installdeb: | |
9 | dh_apparmor --profile-name=usr.bin.pollen -ppollen | |
10 | dh_installdeb | |
11 | ||
12 | override_dh_installinit: | |
13 | dh_installinit --name=pollen-restart | |
14 | dh_installinit |
0 | 3.0 (quilt) |