Codebase list pollen / 8321431
Import Debian changes 4.21-1 pollen (4.21-1) sid; urgency=medium * first upload to Debian * debian/control: use dh11 * debian/control: set standard to 4.3.0 * debian/control: remove anerd mentions * debian/copyright: use https for copyright-format-uri * debian/rules: dh11 does not allow "--with systemd" * remove deprecated upstart init files * remove unused overrides pollen (4.21-0ubuntu1) yakkety; urgency=medium * check_pollen: - note the number of short bytes in the error log message pollen (4.20-0ubuntu1) wily; urgency=medium * debian/pollen.upstart: LP: #1505473 - remove typo in the upstart config which was preventing the service from starting * rebuild the packages for upload pollen (4.19-0ubuntu1) wily; urgency=medium * debian/pollen.upstart: LP: #1505473 - remove typo in the upstart config which was preventing the service from starting pollen (4.18-0ubuntu1) wily; urgency=medium * pollen.go: - add the "available" word to the log pollen (4.17-0ubuntu1) unstable; urgency=medium * debian/pollen.postrm: - clear out certificates on purge * debian/pollen.default: - quote the variable definition, for consistency * debian/pollen.postinst: - fix ssl cert generation, country must be <2 chars * debian/pollen.service: - put braces around environment variables; required to work at all * pollen.go, usr.bin.pollen: - log the entropy bits before and after the transaction pollen (4.16-0ubuntu1) vivid; urgency=medium [ Matthias Klose ] * debian/control: - Build everywhere pollen (4.15-0ubuntu1) vivid; urgency=medium [ Didier Roche ] * debian/control, debian/pollen.service, debian/rules: - Add systemd unit, following similar restart on failure and device checking logic - Bump Standards-Version pollen (4.14-0ubuntu1) vivid; urgency=medium * pollen.go: LP: #1383738 - remove SSLv3 support pollen (4.13-0ubuntu1) vivid; urgency=medium * debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules: - LP: #1386052 - add a new upstart job that restarts pollen any time the rsyslog server is restarted - this is necessary to work around a bug in the golang syslog library where syslog restarts break logging + https://code.google.com/p/go/issues/detail?id=2264#c8 pollen (4.12-0ubuntu1) utopic; urgency=medium * debian/control: - recommend rng-tools; we can do this, since pollen is in universe * debian/pollen.postinst: - minor change to the default self-signed cert; use 'localhost' for the hostname; this is useful for testing pollinate against the localhost with a self-signed cert * README: - update docs; pollinate no longer runs daily by default * README: - update some docs * check_pollen: - ensure that the nagios check catches log failures pollen (4.11-0ubuntu1) trusty; urgency=medium * pollen_test.go: - fix FTBFS - hardcode device to /dev/urandom in unit tests, otherwise, our entropy starved vm-based builders will fail the unit tests and fail the build pollen (4.10-0ubuntu1) trusty; urgency=low * debian/control, debian/pollen.default, pollen.go, usr.bin.pollen: - LP: #1293958 - suggest rng-tools (universe), which is needed to leverage tpm for /dev/random entropy - change default entropy source for pollen server to /dev/random - update inline configuration documentation to reflect reality - add rw of /dev/random to our apparmor whitelist pollen (4.9-0ubuntu1) trusty; urgency=low * debian/rules: LP: #1288807 - fix FTBFS, build using golang 'go build' rather than gccgo pollen (4.8-0ubuntu1) trusty; urgency=low [ JuanJo Ciarlante and Dustin Kirkland ] * check_pollen: - use the new -t|--testing flag, to verify communications with the server, runable as a non-privileged user, but not affecting the local PRNG pollen (4.7-0ubuntu1) trusty; urgency=low [ John Arbash Meinel ] * .gitignore, pollen.go, pollen_test.go: - This changes the 'handler' from being just a func() using global state to being a struct with local state. - It then moves the things like dev and log to being members of the struct, with interfaces that let us override them in the test suite. - It then adds a bunch of tests about how we handle failures, errors, logging, the size flag, etc. - The interfaces also mean that we won't try to spam syslog while running the test suite. - Another small change is that if you do: pollen -https-port="" Then it won't try to bind to the HTTP port with a cert. - Since I'm not the official source for pollen, it helped for testing at least the HTTP requests manually. - This also fixes the help text for "-size" since it doesn't actually change how much content we send on the wire, but how much content we read from /dev/urandom (but it adds tests for that fact). - go fmt, and some formatting tweaks - actually do the right formatting - use microsecond timing (ms was always 0) - capture the length of time serving requests takes [ Dustin Kirkland ] * pollen.go: - put brackets around request length of time value pollen (4.6-0ubuntu1) trusty; urgency=low [ Caleb Spare ] * pollen.go: - Require the challenge query-string param to be provided - don't create the random device, if it doesn't exist [ Dustin Kirkland ] * pollen_test.go: - update test to handle required challenge string * pollen.go: - incorporate feedback from Adam Langley - catch errors reading the random device - add a note as to why we're checksumming the random seed - update message when challenge empty [ Caleb Spare and Dustin Kirkland ] * debian/pollen.upstart, pollen.8, pollen.go: - Use flags rather than positional arguments, and plumb bytes argument through [ Dustin Kirkland and Matt Croydon ] * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go: - add support for specifying the TLS cert and key as command line flags pollen (4.5-0ubuntu1) trusty; urgency=low [ Caleb Spare ] * pollen.go, pollen_test.go: - Bring naming in line with Go conventions - Use shorter parameter names for an http.HandlerFunc - Remove an unnecessary string conversion - Print useful error if wrong arguments are given rather than crashing - Don't ignore errors - Rename http[s]Port to http[s]Addr for accuracy - Handle errors starting the http servers - Change some naming in the test - Read from the provided device rather than always /dev/urandom pollen (4.4-0ubuntu1) trusty; urgency=low [ Casey Marshall ] * debian/control, debian/rules, Makefile, pollen.go, pollen_test.go: - add unit tests for pollen server [ Dustin Kirkland ] * debian/pollen.lintian-overrides: - override expected Lintian gripes pollen (4.3-0ubuntu1) trusty; urgency=low * check_pollen: - ensure that the nagios script uses the -r|--reseed option pollen (4.2-0ubuntu1) trusty; urgency=low * pollen.go: - remove redundant line * README: - remove deprecated bit of documentation pollen (4.1-0ubuntu1) trusty; urgency=low * debian/control: - build on amd64 and i386 only - these are the only builds I've been able to confirm when building with golang-go - note that this undoes the fix for LP: #1274074, but that's the way it has to be, until either golang-go supports more architectures or gccgo doesn't suck pollen (4.0-0ubuntu1) trusty; urgency=low * check_pollen, debian/control, debian/copyright, debian/pollinate.default, debian/pollinate.install, debian/pollinate.manpages, debian/pollinate.postinst, debian/pollinate.postrm, debian/pollinate.upstart, entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1: - split pollen and pollinate into separate projects and packages - re-enable the pollen build pollen (3.17-0ubuntu1) trusty; urgency=low * pollinate: - improve kernel debug info * debian/control, debian/pollen.install, Makefile: - TEMPORARILY disabling the building of pollen, until either gccgo or golang-go get promoted to main - this should be reverted as soon as a go compiler is available as a build dep pollen (3.16-0ubuntu1) trusty; urgency=low * pollinate: - minor standardization of the user agent string pollen (3.15-0ubuntu1) trusty; urgency=low * debian/control: LP: #1274074 - build on any architecure, now that we build with gccgo pollen (3.14-0ubuntu1) trusty; urgency=low * debian/pollinate.postinst: - fix order of operations, packaging breakage pollen (3.13-0ubuntu1) trusty; urgency=low * README: - fix more minor typos - explain "did some work" * debian/rules, Makefile: - fix the build for gccgo - must use the -g parameter - don't strip binaries - these are ugly, but are the result of gccgo vs golang-go * pollinate: - remove unused variable $cmd * debian/pollinate.upstart: - our upstart job should start on starting cloud-init, to ensure that we get run before generating SSH keys * debian/pollinate.install, debian/pollinate.postrm, pollen.go, pollinate, pollinate.cron.d, README: - drop the tag and cronjob per feedback from sarnold in the code audit in LP: #1246098 * debian/pollinate.default, pollinate: - add helpful debug info to user agent, similar to chrome and firefox, * debian/pollinate.postinst, debian/pollinate.postrm, debian/pollinate.upstart, pollinate, pollinate.1: - use a pollinate user, rather than the daemon user - by default, only run pollinate once per system instantiation - offer reseeding as an option, though * debian/control: - need to depend on adduser pollen (3.12-0ubuntu1) trusty; urgency=low * README: - minor documentation feedback from Kees Cook - note that pollen servers can of course be run internally * debian/control: - clean up package descriptions a bit pollen (3.11-0ubuntu1) trusty; urgency=low * README: - updates to the README * debian/copyright, pollinate: - the client should really be GPLv3, rather than AGPL * debian/copyright: - point to the local copy of GPLv3 license pollen (3.10-0ubuntu1) trusty; urgency=low * debian/pollinate.cron.d, debian/pollinate.postinst, pollinate: - have each client choose a random time of day to reseed, at first run, rather than at package installation time - this requires a very clever hack(!) - install a "template" at /etc/cron.d/pollinate, with __MINUTE__ and __HOUR__ symbols that should be replaced by the client, at first run - cron requires that /etc/cron.d/pollinate be owned by root - ideally we'd run the pollinate script as a non-root user (ie, daemon), by specifying the daemon user in upstart and in the cronjob - but daemon can't write to /etc/cron.d/pollinate, if it's owned by root - so here's the hack... + the upstart job installed by the package has "setuid root" + on its first run (which will be either at package install time, or at boot), it will run as root and: a) update the cronjob to a random time, and b) update the upstart job to run as daemon + woot + this works because both are conffiles * debian/pollen.postinst, debian/pollinate.postinst, debian/pollinate.postrm, pollinate: - use /var/cache/pollinate, rather than /var/lib/pollinate - this should make it more obvious that this data can be cleared out, and should be cleared out, on re-bundles or snapshots and reimages * debian/control, Makefile: - switch from golang-go to gcc-go, so that we can get this source package into Ubuntu main * pollinate, pollinate.1: - separate the pool and the server variables * debian/control: - no need to depend on bsdutils, it's essential - pollen depends on adduser * usr.bin.pollen: - update apparmor profile to allow reading of /usr/bin/pollen - oddly, this was introduced when switching compilers * debian/copyright: - lintian/dep5 cleanup pollen (3.9-0ubuntu1) trusty; urgency=low * debian/pollinate.default: - don't use quiet by default, do use binary * pollinate: - save ourselves an unneeded fork * debian/control: - drop haveged as a suggests * debian/pollinate.default, debian/pollinate.install, entropy.ubuntu.com.pem: - install entropy.ubuntu.com.pem's certificate and intermediate chain, to get rid of --insecure curl option * debian/control, pollinate: - log to the system log, using the logger utility - add a final message, noting successful (re-)seed - have pollinate depend on bsdutils, which provides logger pollen (3.8-0ubuntu1) trusty; urgency=low * debian/pollinate.default, debian/pollinate.postinst, debian/pollinate.upstart, pollinate: - fix the (broken) options setting in the pollinate default file - change the tag creation to happen during the pollinate runtime, rather than at package installation; this makes it more useful for downstreams and remixes of Ubuntu - ensure the daemon user owns the /var/lib/pollinate directory - run the pollinate upstart script as the daemon user * debian/pollinate.cron.d, debian/pollinate.postinst, debian/pollinate.postrm: - run the pollinate cronjob (reseed) once per day, rather than once per hour - purge pollinate files more effectively pollen (3.7-0ubuntu1) trusty; urgency=low * debian/control: - demote haveged to suggests, based on feedback from Seth Arnold in LP: #1246098 * pollinate: - ensure both -c and -i can be used, without losing CURL_OPTS, as identified by Seth Arnold in LP: #1246098 * pollinate: - drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098 * debian/pollen.postinst: - use pollen as our fake email address, suggested by Seth Arnold in LP: #1246098 * debian/pollinate.cron.d: - add notes in the comments about NIST DRBG Special Publication 800-90A recommendations on reseeding - add notes in the comments about why we choose a random minute - fix a bug, that was causing the cronjob to run far more frequently than desired - Addresses some issues raised by Seth Arnold in LP: #1246098 * debian/pollen.upstart, pollen.8, pollen.go: - add DEVICE as the 3rd argument to the pollen server in the upstart script - test that DEVICE is a special in upstart - document that the DEVICE is now a required argument * debian/pollen.install, Makefile, pollen: - build static binary at package build time, rather than dynamically compiling at each run, per feedback from Seth Arnold in LP: #1246098 - use a very simple, basic Makefile * debian/control: - move golang-go to a build-dependency, rather than a runtime dependency * debian/control, debian/pollen.postinst, debian/pollen.postrm, debian/pollen.upstart: - create a new user, pollen:daemon, in the postinst, remove in postrm - depend on libcap2-bin, which provides setcap - use setcap to allow the pollen binary to bind to privileged ports - run the pollen daemon as the pollen user - per feedback from Seth Arnold in LP: #1246098 * debian/pollen.upstart: - use setuid in upstart to run the pollen daemon as the pollen user * debian/pollen.postinst: - change pollen user's shell to /bin/false * debian/control, debian/pollen.install, debian/pollen.postinst, debian/rules, usr.bin.pollen: - add an apparmor profile for the pollen server, per suggestion by Seth Arnold in LP: #1246098 - big thanks to Jamie Strandboge and Seth Arnold for assistance * debian/pollinate.postinst: - these chowns are not necessary; thanks for catching Michael Terry in LP: #1246098 * debian/control: LP: #1259014 - have the pollen server depend on ent, which is used by the check_pollen nagios script pollen (3.6-0ubuntu1) trusty; urgency=low * pollinate: - remove sourcing of an rc config file from $HOME, per security review from Seth Arnold * pollinate.1: - update documentation to note that multiple servers can be specified on the command line * debian/pollinate.default: - use the entropy.ubuntu.com beta site for testing - note that we're specifying the --insecure option here, as this is very much a work in progress * debian/pollinate.upstart: - start pollinate when we have networking up and running, or when we start ssh * pollen.go: - drop the nanosecond timestamp collection on the server - a good server should have real entropy hardware, and a busy server will have network traffic entropy already captured by the kernel - Suggestion by Seth Arnold in a security review * debian/pollen.default, pollinate: - drop timestamp based salting, not terribly valuable - per security review by Seth Arnold * pollinate: - drop unused $bin variable pollen (3.5-0ubuntu1) trusty; urgency=low * README: - enhance and update design documentation * debian/copyright: - update to DEP-5 format pollen (3.4-0ubuntu1) saucy; urgency=low * check_pollen, debian/control: - improve the nagios check - warn if: + insufficient bytes are retrieved + less than 5-bits-per-byte of entropy are calculated + an out of whack arithmetic mean - have pollen server recommend ent, which is used by the nagios check pollen (3.3-0ubuntu1) saucy; urgency=low * pollen-nagios-check: - added nagios check script * check_pollen, debian/pollen.install: - rename check script and install in nagios plugins directory pollen (3.2-0ubuntu1) saucy; urgency=low * README: - update design documentation * pollinate, pollinate.1: - support printing random seed to standard out - useful for debugging - add a -q|--quiet option to silence log messages * pollinate, pollinate.1: - add an option for binary data output * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go: - re-enable support for both encrypted and non-encrypted connections - use a go subroutine to serve both out of the same process - document these changes - default to 80 and 443, allow admin to override easily via config * debian/control: - update package descriptions * pollinate: - default to, but do not force, https pollen (3.1-0ubuntu1) saucy; urgency=low * pollen.go - use a global for the dev writer - write a few more timestamps into the mix during the response handler - change logging verbiage * pollinate: - use a single temp directory, rather than multiple temp files - use a trap to cleanup the temp directory - uptdate the logging verbiage - use an etc default file if available * debian/pollen.default: - drop "TCP_" in the TCP_PORT variable * pollen.go: - just use two timestamps * pollinate: - improve usability; prepend https * debian/pollinate.cron.d, debian/pollinate.default, debian/pollinate.upstart, pollinate, pollinate.1: - use an upstart job, rather than an @reboot cronjob, to do the initial prng seeding - fix the default config file pollen (3.0-0ubuntu1) saucy; urgency=low * anerd, anerd-server-tcp.1 => anerd-server.1, anerd-server-tcp => anerd-server, anerd-server-tcp.go => anerd-server.go, anerd-server- udp.1, anerd-server-udp.c, configure.ac, debian/anerd- client.default, debian/anerd-server.anerd-server-tcp.upstart => debian/anerd-server.upstart, debian/anerd-server.anerd-server- udp.upstart, debian/anerd-server.default, debian/anerd- server.install, debian/anerd-server.manpages, debian/control, debian/rules, Makefile.am: - completely deprecate the UDP operation of both the client and the server - the TLS server over TCP is the only supported protocol going forward - this will necessitate a major version bump * anerd.1 => pollinate.1, anerd => pollinate, anerd-server.1 => pollen.8, anerd-server.go => pollen.go, anerd-server => pollen, ChangeLog, debian/anerd-client.cron.d => debian/pollinate.cron.d, debian/anerd-client.default => debian/pollinate.default, debian/anerd-client.install => debian/pollinate.install, debian/anerd-client.manpages => debian/pollinate.manpages, debian/anerd-client.postinst => debian/pollinate.postinst, debian/anerd-client.postrm => debian/pollinate.postrm, debian/anerd- server.default => debian/pollen.default, debian/anerd-server.install => debian/pollen.install, debian/anerd-server.manpages => debian/pollen.manpages, debian/anerd-server.postinst => debian/pollen.postinst, debian/anerd-server.upstart => debian/pollen.upstart, debian/control, debian/copyright, img/anerd_14.png, img/anerd_192.png, img/anerd_64.png, img/anerd.png, initramfs/hooks/anerd-client-udp, initramfs/scripts/init-bottom/anerd, NEWS, README, === removed directory initramfs, === removed directory initramfs/hooks, === removed directory initramfs/scripts, === removed directory initramfs/scripts/init-bottom: - rename anerd server/client to pollen / pollinate to reflect that this data is intended to "seed" a random number generator * debian/control, debian/pollen.manpages: - package maintenace for package/project rename - move manpage to section 8 * pollen.8, pollinate, pollinate.1: - documentation updated * debian/control, pollen.8, pollinate: - update some documentation and descriptions * img/pollen_14.png, img/pollen_192.png, img/pollen_64.png: - added new pollen logos * debian/control: - drop suggests anerd (2.4-0ubuntu1) saucy; urgency=low * anerd-client-tcp.go: - deprecated, use the shell (curl) one for better timestamping salt * anerd-server-tcp.go: - log user-agent and nanosecond timestamp * anerd, anerd-server-tcp.go: - rename "tip" to "challenge", use for challenge/response - verify challenge/response, to ensure personalized communication * anerd: - use a common logging function throughout * anerd-server-tcp.go: - open syslog only once * anerd, debian/control: - lower socat to a suggests, while still requiring curl - dynamically check for socat/curl and error appropriately - update package description - recommend haveged on the server * debian/anerd-server.default: - do not run the UDP, by default; local admin can enable by setting a port in /etc/default/anerd-server * anerd, anerd-server-tcp.go, debian/anerd-client.postinst, debian/anerd-server.postrm: - rename uuid to tag - generate on package install, remove on purge * anerd, debian/anerd-server.postrm => debian/anerd-client.postrm: - silence search for helper utilities - fix maintainer script name * anerd: - silence missing tag error messages for now anerd (2.3-0ubuntu1) saucy; urgency=low [ Matthias Klose ] * debian/control: LP: #1139188 - Don't build anerd-server on powerpc (no golang-go, prevents migration from raring-proposed to raring). anerd (2.2-0ubuntu1) saucy; urgency=low * === added directory img, img/anerd_14.png, img/anerd_192.png, img/anerd_64.png, img/anerd.png: - added icons * anerd-server-tcp.go: - gofmt * anerd-server-tcp.go: - make this code more go-like, after some code review with Tim Penney * anerd-server-tcp.go: - drop unnecessary json formatting anerd (2.1-0ubuntu1) saucy; urgency=low * anerd-client-tcp.go: - default to anerd.us * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/anerd- client.default: - anerd.us is now serving on 443 * anerd, anerd-server-tcp.go: - add syslog logging to the anerd tcp server - use post for the tip from the anerd tcp client * anerd, debian/control: - use uuidgen -r for uuid and tip * anerd, anerd-server-udp.c: - add UDP to syslog messages - fix uuid related typo - add --insecure option * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/control: - use sha512sum rather than uuidgen * anerd, debian/anerd-client.cron.d: - run at reboot, and hourly thereafter - shorten some function names * debian/anerd-client.cron.d, debian/anerd-client.postinst: - randomize the hourly cronjob to distribute load on the server, if possible * debian/control: - fix a lintian annoyance * anerd, anerd-server-tcp.go, anerd-server-udp.c: - drop byte counts in logging, as these can be misleading * anerd-server-tcp.go: - salt data with nanosecond timestamp anerd (2.0-0ubuntu1) saucy; urgency=low * anerd-tcp.go: - pretty print the json * anerd-client, anerd-client.1, anerd-tcp, anerd-tcp.1, anerd-tcp.go, anerd-udp.1, anerd-udp.c, debian/anerd-server.anerd-tcp.upstart, debian/anerd-server.anerd-udp.upstart, debian/control: - drop the "asynchronous" part of aNerd, this really isn't necessary in the description anymore * anerd-tcp.go: - reduce the default size to 64 bytes, which is sufficient to seed any random number generator * anerd-tcp.go, debian/anerd-server.default: - change the default size to 64 bytes - add some notes in the comments in the configuration file - always uses TLS encryption for the TCP implementation * anerd-tcp.1 => anerd-server-tcp.1, anerd-tcp => anerd-server-tcp, anerd-tcp.go => anerd-server-tcp.go, anerd-udp.1 => anerd-server- udp.1, anerd-udp.c => anerd-server-udp.c, debian/anerd-server.anerd- tcp.upstart => debian/anerd-server.anerd-server-tcp.upstart, debian/anerd-server.anerd-udp.upstart => debian/anerd-server.anerd- server-udp.upstart, debian/anerd-server.install, debian/anerd- server.manpages, debian/rules, Makefile.am: - rename anerd-tcp to anerd-server-tcp - rename anerd-udp to anerd-server-udp * debian/anerd-client.default: - change to the new anerd.us server, which supports TCP, TLS, and UDP * anerd, anerd-client, anerd-client.1 => anerd.1, anerd-client-tcp.go, anerd-server-tcp, debian/anerd-client.cron.d, debian/anerd- client.default, debian/anerd-client.install, debian/anerd- client.manpages, debian/anerd-server.anerd-server-tcp.upstart, debian/anerd-server.install, debian/control, initramfs/hooks/anerd- client => initramfs/hooks/anerd-client-udp, initramfs/scripts/init- bottom/anerd-client => initramfs/scripts/init-bottom/anerd, Makefile.am: - major rework of client, combine udp/tcp clients into a single shell script * anerd, anerd-client-tcp.go, anerd-server-tcp, anerd-server-tcp.go, anerd-server-udp.c, COPYING, debian/copyright, initramfs/scripts/init-bottom/anerd: - changed license back to AGPL * debian/anerd-client.default, debian/anerd-server.default: - deprecate hash as a configurable; use sha512sum * anerd: - use socat in verbose mode, to add more timestamps to the log - hash the timestamped log output * debian/control: - bump standards anerd (1.4-0ubuntu1) raring; urgency=low [ Dustin Kirkland ] * anerd-tcp.go: - add a very small, basic anerd-tcp server - clean up via gofmt * anerd-client: - count the number of bytes received correctly using a tmpfile - adjust info messages slightly * anerd.c: - drop crc from logging, change messages to info from debug * debian/anerd-client.default: - default to anerd.gazzang.net now that its up for good * anerd-tcp, anerd-tcp.go, debian/anerd-tcp-common.install, debian/anerd-tcp.postinst, debian/anerd-tcp.upstart, debian/anerd- web.upstart, debian/control: - create two small packages, one to launch anerd-tcp->80 and anerd-tcp->443 + both depend on anerd-tcp-common, which provides the go script - add a postinst that generates a self-signed cert if there is none; obviously, one would want to replace these with real certs if security matters to you - create two upstart scripts that start the web service on each port + means you can install one, or the other, or both * anerd-client, debian/anerd-client.default: - fix communication with remote servers - make the wait time configurable, 0.1s by default - only broadcast when no specific servers are specified - add message on broadcast bytes sent * anerd-tcp: - add interpreter * anerd-tcp.1, debian/anerd-tcp-common.manpages: - add documentation * anerd-tcp.go: - ensure that we read enough bytes * anerd.1 => anerd-udp.1, anerd.c => anerd-udp.c, anerd-web.1 => anerd-tcp.1, anerd-web => anerd-tcp, anerd-web.go => anerd-tcp.go, debian/anerd-server.anerd-udp.upstart, debian/anerd-server.default, debian/anerd-server.install, debian/anerd-server.manpages, debian/anerd-server.upstart => debian/anerd-server.anerd- tcp.upstart, debian/anerd-web-common.install, debian/anerd-web- common.manpages, debian/anerd-webs.postinst => debian/anerd- server.postinst, debian/anerd-webs.upstart, debian/anerd- web.upstart, debian/control, debian/rules, Makefile.am: - rename the C program to anerd-udp - create separate upstart scripts for anerd-tcp and anerd-udp - update documentation - drop anerd-web* packages * debian/anerd-client.postinst, debian/control, debian/anerd-client.install: - keep the initramfs code, but don't automatically update the initramfs for now, as this can render a machine without networking unbootable; re-enable this when we have a workaround for that * debian/anerd-server.postinst: - fix typo [ Hector Acosta ] * anerd.c: - Only call srandom() once anerd (1.3-0ubuntu1) raring; urgency=low * anerd.1, anerd.c, anerd-client, anerd-client.1, AUTHORS, debian/anerd-server.upstart, debian/copyright: - updated email addresses and author information anerd (1.2-0ubuntu1) raring; urgency=low [ Dustin Kirkland ] * debian/control, debian/cron.d: - use run-one for cronjob * anerd-client: - clean up client, make more modular, remove some variables, uses pipes to keep everything in memory * debian/anerd-client.install, debian/anerd-server.install, debian/control, debian/copyright, debian/cron.d => debian/anerd- client.cron.d, debian/default => debian/anerd-client.default, debian/upstart => debian/anerd-server.upstart: - split package into a server and client package, with a meta package depending on both * anerd.1, anerd-client.1: - manpage fixes * debian/anerd-client.cron.d, debian/anerd-client.default: - add some inline documentation - use the default file for setting defaults (ie, uncomment) * debian/control: - bump standards * debian/anerd-server.manpages, debian/manpages => debian/anerd- client.manpages, Makefile.am: - install manpages (perhaps there's a better automake way of doing this?) * anerd.c: - rename "sum" to "crc" * debian/anerd-server.upstart: - upstart needs to expect the fork - upstart does not need to sudo to the daemon user because anerd does this automatically * anerd-client: - use a $cmd variable populated with correct parameters * anerd-client, debian/control: - reluctantly add support for netcat * anerd-client, anerd-client.1: - use a default file for configuration * anerd-client: - emulate the syslog printing from the server [ Wesley Wiedenmeier ] * anerd.c, anerd-client, debian/default: - add ipv6 support * anerd.1, anerd.c, anerd-client.1, debian/manpages: - added manpages - dropped unused global anerd (1.1-0ubuntu1) quantal; urgency=low * anerd.c: - define the default total exchange size - also define and use a default payload size - break up the total exchange to a bunch of smaller payloads, to increase the randomness of UDP packet ordering and timing - improve some inline documentation - lower logging to debug from info - allocate an extra byte for the data binary string - use a separate pointer for segmenting and moving through the data string - no need for null-bytes, since binary data could have null bytes within - alphabetize includes - change perrors to syslog errors - move daemon() function * Makefile.am: - fix up the build, clean out the binary and log files * anerd.c, anerd-client, debian/control, debian/cron.d, debian/default, debian/install, Makefile.am: - drop the anerd client in the C program entirely - the C program is now the server exclusively - add a bash script client, which can loop over a pool of anerd servers, and broadcast to the local network - recommend the socat package/utility, which is used to broadcast to the local network from the bash script - add a cron job to run the anerd-client regularly - add a default configuration file for configuring the pool and other tunables - remove the unnessary install file anerd (1.0-0ubuntu1) quantal; urgency=low [ Dustin Kirkland ] * initial release * === added directory debian, === added directory debian/source, anerd, debian/compat, debian/control, debian/copyright, debian/install, debian/rules, debian/source/format, debian/upstart: - added packaging * anerd, anerd.conf, debian/install, debian/upstart: - add a configuration file - run as daemon (non-root) user * anerd.c, AUTHORS, ChangeLog, configure.ac, COPYING, debian/copyright, debian/upstart, INSTALL, Makefile.am, NEWS, README: - ported from python to C - added autoconf/automake build - changed license from GPLv3 to Apache2.0 for portability to other UNIX platforms * anerd.conf, debian/control, debian/install, debian/upstart: - drop conf file, add options to upstart script - update build deps * anerd.c: - use syslog, open files/sockets only once per fork - catch all responses to a client broadcast - use a common function for salt calculation - implement a very simple checksum of random data - use uint64_t for platform compatibility - add entropy to pool in client read - simplify salt generation - simplify log printing - whitespace changes only, 80 char width * debian/install: - drop installation of default file [ Wesley Wiedenmeier ] * anerd.c: - use getopt for command line parsing - Modified code to fork twice then kill the parent process, freeing the terminal that spawns the daemons, added daemonize() function to safely daemonize the program. - Improved entering into daemon status by moving daemon() call to after intilization of server and client, so that errors encountered in intilization are written to the terminal. Thorsten Alteholz 4 years ago
15 changed file(s) with 2071 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
0 pollen (4.21-1) sid; urgency=medium
1
2 * first upload to Debian
3 * debian/control: use dh11
4 * debian/control: set standard to 4.3.0
5 * debian/control: remove anerd mentions
6 * debian/copyright: use https for copyright-format-uri
7 * debian/rules: dh11 does not allow "--with systemd"
8 * remove deprecated upstart init files
9 * remove unused overrides
10
11 -- Thorsten Alteholz <debian@alteholz.de> Tue, 05 Feb 2019 18:25:58 +0100
12
13 pollen (4.21-0ubuntu1) yakkety; urgency=medium
14
15 * check_pollen:
16 - note the number of short bytes in the error log message
17
18 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:58 -0700
19
20 pollen (4.20-0ubuntu1) wily; urgency=medium
21
22 * debian/pollen.upstart: LP: #1505473
23 - remove typo in the upstart config which was preventing the service from starting
24 * rebuild the packages for upload
25
26 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:54 -0700
27
28 pollen (4.19-0ubuntu1) wily; urgency=medium
29
30 * debian/pollen.upstart: LP: #1505473
31 - remove typo in the upstart config which was preventing the service from starting
32
33 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:21:08 -0700
34
35 pollen (4.18-0ubuntu1) wily; urgency=medium
36
37 * pollen.go:
38 - add the "available" word to the log
39
40 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 09 Sep 2015 15:22:56 -0500
41
42 pollen (4.17-0ubuntu1) unstable; urgency=medium
43
44 * debian/pollen.postrm:
45 - clear out certificates on purge
46 * debian/pollen.default:
47 - quote the variable definition, for consistency
48 * debian/pollen.postinst:
49 - fix ssl cert generation, country must be <2 chars
50 * debian/pollen.service:
51 - put braces around environment variables; required to work at all
52 * pollen.go, usr.bin.pollen:
53 - log the entropy bits before and after the transaction
54
55 -- Dustin Kirkland <kirkland@ubuntu.com> Sat, 02 May 2015 18:39:13 -0500
56
57 pollen (4.16-0ubuntu1) vivid; urgency=medium
58
59 [ Matthias Klose ]
60 * debian/control:
61 - Build everywhere
62
63 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 25 Mar 2015 09:44:01 -0500
64
65 pollen (4.15-0ubuntu1) vivid; urgency=medium
66
67 [ Didier Roche ]
68 * debian/control, debian/pollen.service, debian/rules:
69 - Add systemd unit, following similar restart on failure and device
70 checking logic
71 - Bump Standards-Version
72
73 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 07 Jan 2015 13:06:05 -0600
74
75 pollen (4.14-0ubuntu1) vivid; urgency=medium
76
77 * pollen.go: LP: #1383738
78 - remove SSLv3 support
79
80 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:31:23 -0500
81
82 pollen (4.13-0ubuntu1) vivid; urgency=medium
83
84 * debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules:
85 - LP: #1386052
86 - add a new upstart job that restarts pollen any time the rsyslog server
87 is restarted
88 - this is necessary to work around a bug in the golang syslog library
89 where syslog restarts break logging
90 + https://code.google.com/p/go/issues/detail?id=2264#c8
91
92 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:08:39 -0500
93
94 pollen (4.12-0ubuntu1) utopic; urgency=medium
95
96 * debian/control:
97 - recommend rng-tools; we can do this, since pollen is in universe
98 * debian/pollen.postinst:
99 - minor change to the default self-signed cert; use 'localhost'
100 for the hostname; this is useful for testing pollinate against
101 the localhost with a self-signed cert
102 * README:
103 - update docs; pollinate no longer runs daily by default
104 * README:
105 - update some docs
106 * check_pollen:
107 - ensure that the nagios check catches log failures
108
109 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 23 Jul 2014 00:08:54 -0700
110
111 pollen (4.11-0ubuntu1) trusty; urgency=medium
112
113 * pollen_test.go:
114 - fix FTBFS
115 - hardcode device to /dev/urandom in unit tests, otherwise, our
116 entropy starved vm-based builders will fail the unit tests
117 and fail the build
118
119 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 22:56:20 +0900
120
121 pollen (4.10-0ubuntu1) trusty; urgency=low
122
123 * debian/control, debian/pollen.default, pollen.go, usr.bin.pollen:
124 - LP: #1293958
125 - suggest rng-tools (universe), which is needed to leverage tpm for
126 /dev/random entropy
127 - change default entropy source for pollen server to /dev/random
128 - update inline configuration documentation to reflect reality
129 - add rw of /dev/random to our apparmor whitelist
130
131 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 16:31:47 +0900
132
133 pollen (4.9-0ubuntu1) trusty; urgency=low
134
135 * debian/rules: LP: #1288807
136 - fix FTBFS, build using golang 'go build' rather than gccgo
137
138 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 06 Mar 2014 09:24:48 -0600
139
140 pollen (4.8-0ubuntu1) trusty; urgency=low
141
142 [ JuanJo Ciarlante and Dustin Kirkland ]
143 * check_pollen:
144 - use the new -t|--testing flag, to verify communications with the
145 server, runable as a non-privileged user, but not affecting the
146 local PRNG
147
148 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 28 Feb 2014 11:13:09 -0600
149
150 pollen (4.7-0ubuntu1) trusty; urgency=low
151
152 [ John Arbash Meinel ]
153 * .gitignore, pollen.go, pollen_test.go:
154 - This changes the 'handler' from being just a func() using global
155 state to being a struct with local state.
156 - It then moves the things like dev and log to being members of the
157 struct, with interfaces that let us override them in the test suite.
158 - It then adds a bunch of tests about how we handle failures, errors,
159 logging, the size flag, etc.
160 - The interfaces also mean that we won't try to spam syslog while running
161 the test suite.
162 - Another small change is that if you do:
163 pollen -https-port=""
164 Then it won't try to bind to the HTTP port with a cert.
165 - Since I'm not the official source for pollen, it helped for testing at
166 least the HTTP requests manually.
167 - This also fixes the help text for "-size" since it doesn't actually
168 change how much content we send on the wire, but how much content we
169 read from /dev/urandom (but it adds tests for that fact).
170 - go fmt, and some formatting tweaks
171 - actually do the right formatting
172 - use microsecond timing (ms was always 0)
173 - capture the length of time serving requests takes
174
175 [ Dustin Kirkland ]
176 * pollen.go:
177 - put brackets around request length of time value
178
179 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 26 Feb 2014 10:51:06 -0600
180
181 pollen (4.6-0ubuntu1) trusty; urgency=low
182
183 [ Caleb Spare ]
184 * pollen.go:
185 - Require the challenge query-string param to be provided
186 - don't create the random device, if it doesn't exist
187
188 [ Dustin Kirkland ]
189 * pollen_test.go:
190 - update test to handle required challenge string
191 * pollen.go:
192 - incorporate feedback from Adam Langley
193 - catch errors reading the random device
194 - add a note as to why we're checksumming the random seed
195 - update message when challenge empty
196
197 [ Caleb Spare and Dustin Kirkland ]
198 * debian/pollen.upstart, pollen.8, pollen.go:
199 - Use flags rather than positional arguments, and plumb bytes argument
200 through
201
202 [ Dustin Kirkland and Matt Croydon ]
203 * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
204 - add support for specifying the TLS cert and key as command line
205 flags
206
207 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 23:18:55 -0600
208
209 pollen (4.5-0ubuntu1) trusty; urgency=low
210
211 [ Caleb Spare ]
212 * pollen.go, pollen_test.go:
213 - Bring naming in line with Go conventions
214 - Use shorter parameter names for an http.HandlerFunc
215 - Remove an unnecessary string conversion
216 - Print useful error if wrong arguments are given rather than crashing
217 - Don't ignore errors
218 - Rename http[s]Port to http[s]Addr for accuracy
219 - Handle errors starting the http servers
220 - Change some naming in the test
221 - Read from the provided device rather than always /dev/urandom
222
223 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 14:50:52 -0600
224
225 pollen (4.4-0ubuntu1) trusty; urgency=low
226
227 [ Casey Marshall ]
228 * debian/control, debian/rules, Makefile, pollen.go, pollen_test.go:
229 - add unit tests for pollen server
230
231 [ Dustin Kirkland ]
232 * debian/pollen.lintian-overrides:
233 - override expected Lintian gripes
234
235 -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 12:51:51 -0600
236
237 pollen (4.3-0ubuntu1) trusty; urgency=low
238
239 * check_pollen:
240 - ensure that the nagios script uses the -r|--reseed option
241
242 -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 09:38:51 -0600
243
244 pollen (4.2-0ubuntu1) trusty; urgency=low
245
246 * pollen.go:
247 - remove redundant line
248 * README:
249 - remove deprecated bit of documentation
250
251 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 18:04:08 -0600
252
253 pollen (4.1-0ubuntu1) trusty; urgency=low
254
255 * debian/control:
256 - build on amd64 and i386 only
257 - these are the only builds I've been able to confirm when building
258 with golang-go
259 - note that this undoes the fix for LP: #1274074, but that's the
260 way it has to be, until either golang-go supports more architectures
261 or gccgo doesn't suck
262
263 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 10:11:19 -0600
264
265 pollen (4.0-0ubuntu1) trusty; urgency=low
266
267 * check_pollen, debian/control, debian/copyright,
268 debian/pollinate.default, debian/pollinate.install,
269 debian/pollinate.manpages, debian/pollinate.postinst,
270 debian/pollinate.postrm, debian/pollinate.upstart,
271 entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1:
272 - split pollen and pollinate into separate projects and packages
273 - re-enable the pollen build
274
275 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 09:40:21 -0600
276
277 pollen (3.17-0ubuntu1) trusty; urgency=low
278
279 * pollinate:
280 - improve kernel debug info
281 * debian/control, debian/pollen.install, Makefile:
282 - TEMPORARILY disabling the building of pollen, until
283 either gccgo or golang-go get promoted to main
284 - this should be reverted as soon as a go compiler
285 is available as a build dep
286
287 -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 10 Feb 2014 14:16:08 -0600
288
289 pollen (3.16-0ubuntu1) trusty; urgency=low
290
291 * pollinate:
292 - minor standardization of the user agent string
293
294 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 13:57:42 +0200
295
296 pollen (3.15-0ubuntu1) trusty; urgency=low
297
298 * debian/control: LP: #1274074
299 - build on any architecure, now that we build with gccgo
300
301 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 12:31:20 +0200
302
303 pollen (3.14-0ubuntu1) trusty; urgency=low
304
305 * debian/pollinate.postinst:
306 - fix order of operations, packaging breakage
307
308 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 11:34:36 +0200
309
310 pollen (3.13-0ubuntu1) trusty; urgency=low
311
312 * README:
313 - fix more minor typos
314 - explain "did some work"
315 * debian/rules, Makefile:
316 - fix the build for gccgo
317 - must use the -g parameter
318 - don't strip binaries
319 - these are ugly, but are the result of gccgo vs golang-go
320 * pollinate:
321 - remove unused variable $cmd
322 * debian/pollinate.upstart:
323 - our upstart job should start on starting cloud-init, to ensure that
324 we get run before generating SSH keys
325 * debian/pollinate.install, debian/pollinate.postrm, pollen.go,
326 pollinate, pollinate.cron.d, README:
327 - drop the tag and cronjob per feedback from sarnold in the code audit
328 in LP: #1246098
329 * debian/pollinate.default, pollinate:
330 - add helpful debug info to user agent, similar to chrome and firefox,
331 * debian/pollinate.postinst, debian/pollinate.postrm,
332 debian/pollinate.upstart, pollinate, pollinate.1:
333 - use a pollinate user, rather than the daemon user
334 - by default, only run pollinate once per system instantiation
335 - offer reseeding as an option, though
336 * debian/control:
337 - need to depend on adduser
338
339 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Feb 2014 11:51:22 +0200
340
341 pollen (3.12-0ubuntu1) trusty; urgency=low
342
343 * README:
344 - minor documentation feedback from Kees Cook
345 - note that pollen servers can of course be run internally
346 * debian/control:
347 - clean up package descriptions a bit
348
349 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 28 Jan 2014 22:16:10 +0000
350
351 pollen (3.11-0ubuntu1) trusty; urgency=low
352
353 * README:
354 - updates to the README
355 * debian/copyright, pollinate:
356 - the client should really be GPLv3, rather than AGPL
357 * debian/copyright:
358 - point to the local copy of GPLv3 license
359
360 -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 27 Jan 2014 13:54:16 +0000
361
362 pollen (3.10-0ubuntu1) trusty; urgency=low
363
364 * debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
365 - have each client choose a random time of day to reseed,
366 at first run, rather than at package installation time
367 - this requires a very clever hack(!)
368 - install a "template" at /etc/cron.d/pollinate, with __MINUTE__
369 and __HOUR__ symbols that should be replaced by the client,
370 at first run
371 - cron requires that /etc/cron.d/pollinate be owned by root
372 - ideally we'd run the pollinate script as a non-root user (ie, daemon),
373 by specifying the daemon user in upstart and in the cronjob
374 - but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
375 - so here's the hack...
376 + the upstart job installed by the package has "setuid root"
377 + on its first run (which will be either at package install time, or
378 at boot), it will run as root and: a) update the cronjob to a random
379 time, and b) update the upstart job to run as daemon
380 + woot
381 + this works because both are conffiles
382 * debian/pollen.postinst, debian/pollinate.postinst,
383 debian/pollinate.postrm, pollinate:
384 - use /var/cache/pollinate, rather than /var/lib/pollinate
385 - this should make it more obvious that this data can be cleared out,
386 and should be cleared out, on re-bundles or snapshots and reimages
387 * debian/control, Makefile:
388 - switch from golang-go to gcc-go, so that we can get this source
389 package into Ubuntu main
390 * pollinate, pollinate.1:
391 - separate the pool and the server variables
392 * debian/control:
393 - no need to depend on bsdutils, it's essential
394 - pollen depends on adduser
395 * usr.bin.pollen:
396 - update apparmor profile to allow reading of /usr/bin/pollen
397 - oddly, this was introduced when switching compilers
398 * debian/copyright:
399 - lintian/dep5 cleanup
400
401 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 11:39:42 -0600
402
403 pollen (3.9-0ubuntu1) trusty; urgency=low
404
405 * debian/pollinate.default:
406 - don't use quiet by default, do use binary
407 * pollinate:
408 - save ourselves an unneeded fork
409 * debian/control:
410 - drop haveged as a suggests
411 * debian/pollinate.default, debian/pollinate.install,
412 entropy.ubuntu.com.pem:
413 - install entropy.ubuntu.com.pem's certificate and intermediate
414 chain, to get rid of --insecure curl option
415 * debian/control, pollinate:
416 - log to the system log, using the logger utility
417 - add a final message, noting successful (re-)seed
418 - have pollinate depend on bsdutils, which provides logger
419
420 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 08:01:28 -0600
421
422 pollen (3.8-0ubuntu1) trusty; urgency=low
423
424 * debian/pollinate.default, debian/pollinate.postinst,
425 debian/pollinate.upstart, pollinate:
426 - fix the (broken) options setting in the pollinate default file
427 - change the tag creation to happen during the pollinate runtime,
428 rather than at package installation; this makes it more useful
429 for downstreams and remixes of Ubuntu
430 - ensure the daemon user owns the /var/lib/pollinate directory
431 - run the pollinate upstart script as the daemon user
432 * debian/pollinate.cron.d, debian/pollinate.postinst,
433 debian/pollinate.postrm:
434 - run the pollinate cronjob (reseed) once per day, rather than once
435 per hour
436 - purge pollinate files more effectively
437
438 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 16:49:35 -0600
439
440 pollen (3.7-0ubuntu1) trusty; urgency=low
441
442 * debian/control:
443 - demote haveged to suggests, based on feedback from Seth Arnold
444 in LP: #1246098
445 * pollinate:
446 - ensure both -c and -i can be used, without losing CURL_OPTS,
447 as identified by Seth Arnold in LP: #1246098
448 * pollinate:
449 - drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098
450 * debian/pollen.postinst:
451 - use pollen as our fake email address, suggested by Seth Arnold
452 in LP: #1246098
453 * debian/pollinate.cron.d:
454 - add notes in the comments about NIST DRBG Special Publication 800-90A
455 recommendations on reseeding
456 - add notes in the comments about why we choose a random minute
457 - fix a bug, that was causing the cronjob to run far more frequently
458 than desired
459 - Addresses some issues raised by Seth Arnold in LP: #1246098
460 * debian/pollen.upstart, pollen.8, pollen.go:
461 - add DEVICE as the 3rd argument to the pollen server in the upstart
462 script
463 - test that DEVICE is a special in upstart
464 - document that the DEVICE is now a required argument
465 * debian/pollen.install, Makefile, pollen:
466 - build static binary at package build time, rather than dynamically
467 compiling at each run, per feedback from Seth Arnold in LP: #1246098
468 - use a very simple, basic Makefile
469 * debian/control:
470 - move golang-go to a build-dependency, rather than a runtime dependency
471 * debian/control, debian/pollen.postinst, debian/pollen.postrm,
472 debian/pollen.upstart:
473 - create a new user, pollen:daemon, in the postinst, remove in postrm
474 - depend on libcap2-bin, which provides setcap
475 - use setcap to allow the pollen binary to bind to privileged ports
476 - run the pollen daemon as the pollen user
477 - per feedback from Seth Arnold in LP: #1246098
478 * debian/pollen.upstart:
479 - use setuid in upstart to run the pollen daemon as the pollen user
480 * debian/pollen.postinst:
481 - change pollen user's shell to /bin/false
482 * debian/control, debian/pollen.install, debian/pollen.postinst,
483 debian/rules, usr.bin.pollen:
484 - add an apparmor profile for the pollen server, per suggestion
485 by Seth Arnold in LP: #1246098
486 - big thanks to Jamie Strandboge and Seth Arnold for assistance
487 * debian/pollinate.postinst:
488 - these chowns are not necessary; thanks for catching Michael Terry
489 in LP: #1246098
490 * debian/control: LP: #1259014
491 - have the pollen server depend on ent, which is used by the
492 check_pollen nagios script
493
494 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 10:59:34 -0600
495
496 pollen (3.6-0ubuntu1) trusty; urgency=low
497
498 * pollinate:
499 - remove sourcing of an rc config file from $HOME, per security
500 review from Seth Arnold
501 * pollinate.1:
502 - update documentation to note that multiple servers can be specified
503 on the command line
504 * debian/pollinate.default:
505 - use the entropy.ubuntu.com beta site for testing
506 - note that we're specifying the --insecure option here, as this is
507 very much a work in progress
508 * debian/pollinate.upstart:
509 - start pollinate when we have networking up and running, or
510 when we start ssh
511 * pollen.go:
512 - drop the nanosecond timestamp collection on the server
513 - a good server should have real entropy hardware, and a busy server
514 will have network traffic entropy already captured by the kernel
515 - Suggestion by Seth Arnold in a security review
516 * debian/pollen.default, pollinate:
517 - drop timestamp based salting, not terribly valuable
518 - per security review by Seth Arnold
519 * pollinate:
520 - drop unused $bin variable
521
522 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 08 Nov 2013 09:59:35 -0600
523
524 pollen (3.5-0ubuntu1) trusty; urgency=low
525
526 * README:
527 - enhance and update design documentation
528 * debian/copyright:
529 - update to DEP-5 format
530
531 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 29 Oct 2013 16:55:28 -0500
532
533 pollen (3.4-0ubuntu1) saucy; urgency=low
534
535 * check_pollen, debian/control:
536 - improve the nagios check
537 - warn if:
538 + insufficient bytes are retrieved
539 + less than 5-bits-per-byte of entropy are calculated
540 + an out of whack arithmetic mean
541 - have pollen server recommend ent, which is used by the nagios check
542
543 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 11 Sep 2013 16:56:52 -0500
544
545 pollen (3.3-0ubuntu1) saucy; urgency=low
546
547 * pollen-nagios-check:
548 - added nagios check script
549 * check_pollen, debian/pollen.install:
550 - rename check script and install in nagios plugins directory
551
552 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 04 Sep 2013 14:25:49 -0500
553
554 pollen (3.2-0ubuntu1) saucy; urgency=low
555
556 * README:
557 - update design documentation
558 * pollinate, pollinate.1:
559 - support printing random seed to standard out
560 - useful for debugging
561 - add a -q|--quiet option to silence log messages
562 * pollinate, pollinate.1:
563 - add an option for binary data output
564 * debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
565 - re-enable support for both encrypted and non-encrypted connections
566 - use a go subroutine to serve both out of the same process
567 - document these changes
568 - default to 80 and 443, allow admin to override easily via config
569 * debian/control:
570 - update package descriptions
571 * pollinate:
572 - default to, but do not force, https
573
574 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 20 Aug 2013 18:56:11 -0500
575
576 pollen (3.1-0ubuntu1) saucy; urgency=low
577
578 * pollen.go
579 - use a global for the dev writer
580 - write a few more timestamps into the mix during the response
581 handler
582 - change logging verbiage
583 * pollinate:
584 - use a single temp directory, rather than multiple temp files
585 - use a trap to cleanup the temp directory
586 - uptdate the logging verbiage
587 - use an etc default file if available
588 * debian/pollen.default:
589 - drop "TCP_" in the TCP_PORT variable
590 * pollen.go:
591 - just use two timestamps
592 * pollinate:
593 - improve usability; prepend https
594 * debian/pollinate.cron.d, debian/pollinate.default,
595 debian/pollinate.upstart, pollinate, pollinate.1:
596 - use an upstart job, rather than an @reboot cronjob,
597 to do the initial prng seeding
598 - fix the default config file
599
600 -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 14 Aug 2013 17:45:22 -0500
601
602 pollen (3.0-0ubuntu1) saucy; urgency=low
603
604 * anerd, anerd-server-tcp.1 => anerd-server.1, anerd-server-tcp =>
605 anerd-server, anerd-server-tcp.go => anerd-server.go, anerd-server-
606 udp.1, anerd-server-udp.c, configure.ac, debian/anerd-
607 client.default, debian/anerd-server.anerd-server-tcp.upstart =>
608 debian/anerd-server.upstart, debian/anerd-server.anerd-server-
609 udp.upstart, debian/anerd-server.default, debian/anerd-
610 server.install, debian/anerd-server.manpages, debian/control,
611 debian/rules, Makefile.am:
612 - completely deprecate the UDP operation of both the client and
613 the server
614 - the TLS server over TCP is the only supported protocol going
615 forward
616 - this will necessitate a major version bump
617 * anerd.1 => pollinate.1, anerd => pollinate, anerd-server.1 =>
618 pollen.8, anerd-server.go => pollen.go, anerd-server => pollen,
619 ChangeLog, debian/anerd-client.cron.d => debian/pollinate.cron.d,
620 debian/anerd-client.default => debian/pollinate.default,
621 debian/anerd-client.install => debian/pollinate.install,
622 debian/anerd-client.manpages => debian/pollinate.manpages,
623 debian/anerd-client.postinst => debian/pollinate.postinst,
624 debian/anerd-client.postrm => debian/pollinate.postrm, debian/anerd-
625 server.default => debian/pollen.default, debian/anerd-server.install
626 => debian/pollen.install, debian/anerd-server.manpages =>
627 debian/pollen.manpages, debian/anerd-server.postinst =>
628 debian/pollen.postinst, debian/anerd-server.upstart =>
629 debian/pollen.upstart, debian/control, debian/copyright,
630 img/anerd_14.png, img/anerd_192.png, img/anerd_64.png,
631 img/anerd.png, initramfs/hooks/anerd-client-udp,
632 initramfs/scripts/init-bottom/anerd, NEWS, README, === removed
633 directory initramfs, === removed directory initramfs/hooks, ===
634 removed directory initramfs/scripts, === removed directory
635 initramfs/scripts/init-bottom:
636 - rename anerd server/client to pollen / pollinate
637 to reflect that this data is intended to "seed" a random
638 number generator
639 * debian/control, debian/pollen.manpages:
640 - package maintenace for package/project rename
641 - move manpage to section 8
642 * pollen.8, pollinate, pollinate.1:
643 - documentation updated
644 * debian/control, pollen.8, pollinate:
645 - update some documentation and descriptions
646 * img/pollen_14.png, img/pollen_192.png, img/pollen_64.png:
647 - added new pollen logos
648 * debian/control:
649 - drop suggests
650
651 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Aug 2013 16:34:42 -0500
652
653 anerd (2.4-0ubuntu1) saucy; urgency=low
654
655 * anerd-client-tcp.go:
656 - deprecated, use the shell (curl) one for better timestamping
657 salt
658 * anerd-server-tcp.go:
659 - log user-agent and nanosecond timestamp
660 * anerd, anerd-server-tcp.go:
661 - rename "tip" to "challenge", use for challenge/response
662 - verify challenge/response, to ensure personalized communication
663 * anerd:
664 - use a common logging function throughout
665 * anerd-server-tcp.go:
666 - open syslog only once
667 * anerd, debian/control:
668 - lower socat to a suggests, while still requiring curl
669 - dynamically check for socat/curl and error appropriately
670 - update package description
671 - recommend haveged on the server
672 * debian/anerd-server.default:
673 - do not run the UDP, by default; local admin can enable by
674 setting a port in /etc/default/anerd-server
675 * anerd, anerd-server-tcp.go, debian/anerd-client.postinst,
676 debian/anerd-server.postrm:
677 - rename uuid to tag
678 - generate on package install, remove on purge
679 * anerd, debian/anerd-server.postrm => debian/anerd-client.postrm:
680 - silence search for helper utilities
681 - fix maintainer script name
682 * anerd:
683 - silence missing tag error messages for now
684
685 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 09 Aug 2013 16:16:54 +0100
686
687 anerd (2.3-0ubuntu1) saucy; urgency=low
688
689 [ Matthias Klose ]
690 * debian/control: LP: #1139188
691 - Don't build anerd-server on powerpc (no golang-go, prevents
692 migration from raring-proposed to raring).
693
694 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 02 Aug 2013 12:40:00 -0500
695
696 anerd (2.2-0ubuntu1) saucy; urgency=low
697
698 * === added directory img, img/anerd_14.png, img/anerd_192.png,
699 img/anerd_64.png, img/anerd.png:
700 - added icons
701 * anerd-server-tcp.go:
702 - gofmt
703 * anerd-server-tcp.go:
704 - make this code more go-like, after some code review with Tim Penney
705 * anerd-server-tcp.go:
706 - drop unnecessary json formatting
707
708 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 01 Aug 2013 09:21:13 -0500
709
710 anerd (2.1-0ubuntu1) saucy; urgency=low
711
712 * anerd-client-tcp.go:
713 - default to anerd.us
714 * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/anerd-
715 client.default:
716 - anerd.us is now serving on 443
717 * anerd, anerd-server-tcp.go:
718 - add syslog logging to the anerd tcp server
719 - use post for the tip from the anerd tcp client
720 * anerd, debian/control:
721 - use uuidgen -r for uuid and tip
722 * anerd, anerd-server-udp.c:
723 - add UDP to syslog messages
724 - fix uuid related typo
725 - add --insecure option
726 * anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/control:
727 - use sha512sum rather than uuidgen
728 * anerd, debian/anerd-client.cron.d:
729 - run at reboot, and hourly thereafter
730 - shorten some function names
731 * debian/anerd-client.cron.d, debian/anerd-client.postinst:
732 - randomize the hourly cronjob to distribute load on the
733 server, if possible
734 * debian/control:
735 - fix a lintian annoyance
736 * anerd, anerd-server-tcp.go, anerd-server-udp.c:
737 - drop byte counts in logging, as these can be misleading
738 * anerd-server-tcp.go:
739 - salt data with nanosecond timestamp
740
741 -- Dustin Kirkland <kirkland@ubuntu.com> Mon, 29 Jul 2013 15:24:29 -0500
742
743 anerd (2.0-0ubuntu1) saucy; urgency=low
744
745 * anerd-tcp.go:
746 - pretty print the json
747 * anerd-client, anerd-client.1, anerd-tcp, anerd-tcp.1, anerd-tcp.go,
748 anerd-udp.1, anerd-udp.c, debian/anerd-server.anerd-tcp.upstart,
749 debian/anerd-server.anerd-udp.upstart, debian/control:
750 - drop the "asynchronous" part of aNerd, this really isn't
751 necessary in the description anymore
752 * anerd-tcp.go:
753 - reduce the default size to 64 bytes, which is sufficient to seed
754 any random number generator
755 * anerd-tcp.go, debian/anerd-server.default:
756 - change the default size to 64 bytes
757 - add some notes in the comments in the configuration file
758 - always uses TLS encryption for the TCP implementation
759 * anerd-tcp.1 => anerd-server-tcp.1, anerd-tcp => anerd-server-tcp,
760 anerd-tcp.go => anerd-server-tcp.go, anerd-udp.1 => anerd-server-
761 udp.1, anerd-udp.c => anerd-server-udp.c, debian/anerd-server.anerd-
762 tcp.upstart => debian/anerd-server.anerd-server-tcp.upstart,
763 debian/anerd-server.anerd-udp.upstart => debian/anerd-server.anerd-
764 server-udp.upstart, debian/anerd-server.install, debian/anerd-
765 server.manpages, debian/rules, Makefile.am:
766 - rename anerd-tcp to anerd-server-tcp
767 - rename anerd-udp to anerd-server-udp
768 * debian/anerd-client.default:
769 - change to the new anerd.us server, which supports TCP, TLS, and UDP
770 * anerd, anerd-client, anerd-client.1 => anerd.1, anerd-client-tcp.go,
771 anerd-server-tcp, debian/anerd-client.cron.d, debian/anerd-
772 client.default, debian/anerd-client.install, debian/anerd-
773 client.manpages, debian/anerd-server.anerd-server-tcp.upstart,
774 debian/anerd-server.install, debian/control, initramfs/hooks/anerd-
775 client => initramfs/hooks/anerd-client-udp, initramfs/scripts/init-
776 bottom/anerd-client => initramfs/scripts/init-bottom/anerd,
777 Makefile.am:
778 - major rework of client, combine udp/tcp clients into a single
779 shell script
780 * anerd, anerd-client-tcp.go, anerd-server-tcp, anerd-server-tcp.go,
781 anerd-server-udp.c, COPYING, debian/copyright,
782 initramfs/scripts/init-bottom/anerd:
783 - changed license back to AGPL
784 * debian/anerd-client.default, debian/anerd-server.default:
785 - deprecate hash as a configurable; use sha512sum
786 * anerd:
787 - use socat in verbose mode, to add more timestamps to the log
788 - hash the timestamped log output
789 * debian/control:
790 - bump standards
791
792 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 25 Jul 2013 16:34:54 -0500
793
794 anerd (1.4-0ubuntu1) raring; urgency=low
795
796 [ Dustin Kirkland ]
797 * anerd-tcp.go:
798 - add a very small, basic anerd-tcp server
799 - clean up via gofmt
800 * anerd-client:
801 - count the number of bytes received correctly using a tmpfile
802 - adjust info messages slightly
803 * anerd.c:
804 - drop crc from logging, change messages to info from debug
805 * debian/anerd-client.default:
806 - default to anerd.gazzang.net now that its up for good
807 * anerd-tcp, anerd-tcp.go, debian/anerd-tcp-common.install,
808 debian/anerd-tcp.postinst, debian/anerd-tcp.upstart, debian/anerd-
809 web.upstart, debian/control:
810 - create two small packages, one to launch anerd-tcp->80 and
811 anerd-tcp->443
812 + both depend on anerd-tcp-common, which provides the go script
813 - add a postinst that generates a self-signed cert if there is none;
814 obviously, one would want to replace these with real certs if
815 security matters to you
816 - create two upstart scripts that start the web service on each port
817 + means you can install one, or the other, or both
818 * anerd-client, debian/anerd-client.default:
819 - fix communication with remote servers
820 - make the wait time configurable, 0.1s by default
821 - only broadcast when no specific servers are specified
822 - add message on broadcast bytes sent
823 * anerd-tcp:
824 - add interpreter
825 * anerd-tcp.1, debian/anerd-tcp-common.manpages:
826 - add documentation
827 * anerd-tcp.go:
828 - ensure that we read enough bytes
829 * anerd.1 => anerd-udp.1, anerd.c => anerd-udp.c, anerd-web.1 =>
830 anerd-tcp.1, anerd-web => anerd-tcp, anerd-web.go => anerd-tcp.go,
831 debian/anerd-server.anerd-udp.upstart, debian/anerd-server.default,
832 debian/anerd-server.install, debian/anerd-server.manpages,
833 debian/anerd-server.upstart => debian/anerd-server.anerd-
834 tcp.upstart, debian/anerd-web-common.install, debian/anerd-web-
835 common.manpages, debian/anerd-webs.postinst => debian/anerd-
836 server.postinst, debian/anerd-webs.upstart, debian/anerd-
837 web.upstart, debian/control, debian/rules, Makefile.am:
838 - rename the C program to anerd-udp
839 - create separate upstart scripts for anerd-tcp and anerd-udp
840 - update documentation
841 - drop anerd-web* packages
842 * debian/anerd-client.postinst, debian/control, debian/anerd-client.install:
843 - keep the initramfs code, but don't automatically update the initramfs
844 for now, as this can render a machine without networking unbootable;
845 re-enable this when we have a workaround for that
846 * debian/anerd-server.postinst:
847 - fix typo
848
849 [ Hector Acosta ]
850 * anerd.c:
851 - Only call srandom() once
852
853 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 15 Feb 2013 13:02:50 -0600
854
855 anerd (1.3-0ubuntu1) raring; urgency=low
856
857 * anerd.1, anerd.c, anerd-client, anerd-client.1, AUTHORS,
858 debian/anerd-server.upstart, debian/copyright:
859 - updated email addresses and author information
860
861 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 05 Feb 2013 09:50:23 -0600
862
863 anerd (1.2-0ubuntu1) raring; urgency=low
864
865 [ Dustin Kirkland ]
866 * debian/control, debian/cron.d:
867 - use run-one for cronjob
868 * anerd-client:
869 - clean up client, make more modular, remove some variables, uses pipes
870 to keep everything in memory
871 * debian/anerd-client.install, debian/anerd-server.install,
872 debian/control, debian/copyright, debian/cron.d => debian/anerd-
873 client.cron.d, debian/default => debian/anerd-client.default,
874 debian/upstart => debian/anerd-server.upstart:
875 - split package into a server and client package, with a meta
876 package depending on both
877 * anerd.1, anerd-client.1:
878 - manpage fixes
879 * debian/anerd-client.cron.d, debian/anerd-client.default:
880 - add some inline documentation
881 - use the default file for setting defaults (ie, uncomment)
882 * debian/control:
883 - bump standards
884 * debian/anerd-server.manpages, debian/manpages => debian/anerd-
885 client.manpages, Makefile.am:
886 - install manpages (perhaps there's a better automake way of doing this?)
887 * anerd.c:
888 - rename "sum" to "crc"
889 * debian/anerd-server.upstart:
890 - upstart needs to expect the fork
891 - upstart does not need to sudo to the daemon user because anerd does
892 this automatically
893 * anerd-client:
894 - use a $cmd variable populated with correct parameters
895 * anerd-client, debian/control:
896 - reluctantly add support for netcat
897 * anerd-client, anerd-client.1:
898 - use a default file for configuration
899 * anerd-client:
900 - emulate the syslog printing from the server
901
902 [ Wesley Wiedenmeier ]
903 * anerd.c, anerd-client, debian/default:
904 - add ipv6 support
905 * anerd.1, anerd.c, anerd-client.1, debian/manpages:
906 - added manpages
907 - dropped unused global
908
909 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 22 Jan 2013 10:38:24 -0600
910
911 anerd (1.1-0ubuntu1) quantal; urgency=low
912
913 * anerd.c:
914 - define the default total exchange size
915 - also define and use a default payload size
916 - break up the total exchange to a bunch of smaller payloads, to increase
917 the randomness of UDP packet ordering and timing
918 - improve some inline documentation
919 - lower logging to debug from info
920 - allocate an extra byte for the data binary string
921 - use a separate pointer for segmenting and moving through the data string
922 - no need for null-bytes, since binary data could have null bytes within
923 - alphabetize includes
924 - change perrors to syslog errors
925 - move daemon() function
926 * Makefile.am:
927 - fix up the build, clean out the binary and log files
928 * anerd.c, anerd-client, debian/control, debian/cron.d,
929 debian/default, debian/install, Makefile.am:
930 - drop the anerd client in the C program entirely
931 - the C program is now the server exclusively
932 - add a bash script client, which can loop over a pool of anerd servers,
933 and broadcast to the local network
934 - recommend the socat package/utility, which is used to broadcast to the
935 local network from the bash script
936 - add a cron job to run the anerd-client regularly
937 - add a default configuration file for configuring the pool and other
938 tunables
939 - remove the unnessary install file
940
941 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 27 Sep 2012 15:40:23 -0500
942
943 anerd (1.0-0ubuntu1) quantal; urgency=low
944
945 [ Dustin Kirkland ]
946 * initial release
947 * === added directory debian, === added directory debian/source,
948 anerd, debian/compat, debian/control, debian/copyright,
949 debian/install, debian/rules, debian/source/format, debian/upstart:
950 - added packaging
951 * anerd, anerd.conf, debian/install, debian/upstart:
952 - add a configuration file
953 - run as daemon (non-root) user
954 * anerd.c, AUTHORS, ChangeLog, configure.ac, COPYING,
955 debian/copyright, debian/upstart, INSTALL, Makefile.am, NEWS,
956 README:
957 - ported from python to C
958 - added autoconf/automake build
959 - changed license from GPLv3 to Apache2.0 for portability to other
960 UNIX platforms
961 * anerd.conf, debian/control, debian/install, debian/upstart:
962 - drop conf file, add options to upstart script
963 - update build deps
964 * anerd.c:
965 - use syslog, open files/sockets only once per fork
966 - catch all responses to a client broadcast
967 - use a common function for salt calculation
968 - implement a very simple checksum of random data
969 - use uint64_t for platform compatibility
970 - add entropy to pool in client read
971 - simplify salt generation
972 - simplify log printing
973 - whitespace changes only, 80 char width
974 * debian/install:
975 - drop installation of default file
976
977 [ Wesley Wiedenmeier ]
978 * anerd.c:
979 - use getopt for command line parsing
980 - Modified code to fork twice then kill the parent process,
981 freeing the terminal that spawns the daemons, added daemonize()
982 function to safely daemonize the program.
983 - Improved entering into daemon status by moving daemon() call to
984 after intilization of server and client, so that errors
985 encountered in intilization are written to the terminal.
986
987 -- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Sep 2012 18:14:40 -0500
0 Source: pollen
1 Section: admin
2 Priority: optional
3 Maintainer: Thorsten Alteholz <debian@alteholz.de>
4 Build-Depends: debhelper (>= 11)
5 , dh-apparmor
6 , dh-golang
7 , golang-go
8 Standards-Version: 4.3.0
9 Homepage: http://launchpad.net/pollen
10
11 Package: pollen
12 Architecture: any
13 Built-Using: ${misc:Built-Using}
14 Depends: ${misc:Depends}, ${shlibs:Depends}
15 , libcap2-bin
16 , ent
17 , adduser
18 Recommends: pollinate
19 , rng-tools
20 Suggests: apparmor (>= 2.3)
21 Description: Entropy-as-a-Service web server
22 Pollen is an Entropy-as-a-Service web server, providing random seeds.
23 This can be performed over both cleartext http and encrypted
24 https TLS connections.
0 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
1 Upstream-Name: pollen
2 Upstream-Contact: Dustin Kirkland <dustin.kirkland@gmail.com>
3 Source: http://launchpad.net/pollen
4
5 Files: *
6 Copyright: 2012-2014, Dustin Kirkland <dustin.kirkland@gmail.com>
7 License: AGPL-3
8
9 Files: usr.bin.pollen
10 Copyright: 2014, Dustin Kirkland <dustin.kirkland@gmail.com>
11 2014 Canonical Ltd.
12 License: GPL-3
13
14 Files: debian/*
15 Copyright: 2012-2014, Dustin Kirkland <dustin.kirkland@gmail.com>
16 2019, Thorsten Alteholz <debian@alteholz.de>
17 License: AGPL-3
18
19 License: AGPL-3
20 GNU AFFERO GENERAL PUBLIC LICENSE
21 Version 3, 19 November 2007
22 .
23 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
24 Everyone is permitted to copy and distribute
25 verbatim copies of this license document,
26 but changing it is not allowed.
27 .
28 Preamble
29 .
30 The GNU Affero General Public License is a free, copyleft license
31 for software and other kinds of works,
32 specifically designed to ensure cooperation with the community
33 in the case of network server software.
34 .
35 The licenses for most software and other practical works
36 are designed to take away your freedom to share and change the works.
37 By contrast, our General Public Licenses are intended
38 to guarantee your freedom to share
39 and change all versions of a program--
40 to make sure it remains free software for all its users.
41 .
42 When we speak of free software,
43 we are referring to freedom, not price.
44 Our General Public Licenses are designed
45 to make sure that you have the freedom
46 to distribute copies of free software
47 (and charge for them if you wish),
48 that you receive source code or can get it if you want it,
49 that you can change the software
50 or use pieces of it in new free programs,
51 and that you know you can do these things.
52 .
53 Developers that use our General Public Licenses
54 protect your rights with two steps:
55 (1) assert copyright on the software,
56 and (2) offer you this License
57 which gives you legal permission
58 to copy, distribute and/or modify the software.
59 .
60 A secondary benefit of defending all users' freedom is
61 that improvements made in alternate versions of the program,
62 if they receive widespread use,
63 become available for other developers to incorporate.
64 Many developers of free software are heartened and encouraged
65 by the resulting cooperation.
66 However, in the case of software used on network servers,
67 this result may fail to come about.
68 The GNU General Public License permits
69 making a modified version and letting the public access it on a server
70 without ever releasing its source code to the public.
71 .
72 The GNU Affero General Public License is designed
73 specifically to ensure that, in such cases,
74 the modified source code becomes available to the community.
75 It requires the operator of a network server to provide
76 the source code of the modified version running there
77 to the users of that server.
78 Therefore, public use of a modified version,
79 on a publicly accessible server,
80 gives the public access to the source code of the modified version.
81 .
82 An older license,
83 called the Affero General Public License and published by Affero,
84 was designed to accomplish similar goals.
85 This is a different license, not a version of the Affero GPL,
86 but Affero has released a new version of the Affero GPL
87 which permits relicensing under this license.
88 .
89 The precise terms and conditions
90 for copying, distribution and modification follow.
91 .
92 TERMS AND CONDITIONS
93 .
94 0. Definitions.
95 .
96 "This License" refers to version 3
97 of the GNU Affero General Public License.
98 .
99 "Copyright" also means copyright-like laws that apply
100 to other kinds of works, such as semiconductor masks.
101 .
102 "The Program" refers to any copyrightable work
103 licensed under this License.
104 Each licensee is addressed as "you".
105 "Licensees" and "recipients" may be individuals or organizations.
106 .
107 To "modify" a work means to copy from or adapt all or part of the work
108 in a fashion requiring copyright permission,
109 other than the making of an exact copy.
110 The resulting work is called a "modified version" of the earlier work
111 or a work "based on" the earlier work.
112 .
113 A "covered work" means either the unmodified Program
114 or a work based on the Program.
115 .
116 To "propagate" a work means to do anything with it
117 that, without permission, would make you directly or secondarily liable
118 for infringement under applicable copyright law,
119 except executing it on a computer or modifying a private copy.
120 Propagation includes copying,
121 distribution (with or without modification),
122 making available to the public,
123 and in some countries other activities as well.
124 .
125 To "convey" a work means any kind of propagation
126 that enables other parties to make or receive copies.
127 Mere interaction with a user through a computer network,
128 with no transfer of a copy,
129 is not conveying.
130 .
131 An interactive user interface displays "Appropriate Legal Notices"
132 to the extent that it includes
133 a convenient and prominently visible feature
134 that (1) displays an appropriate copyright notice,
135 and (2) tells the user that there is no warranty for the work
136 (except to the extent that warranties are provided),
137 that licensees may convey the work under this License,
138 and how to view a copy of this License.
139 If the interface presents
140 a list of user commands or options, such as a menu,
141 a prominent item in the list meets this criterion.
142 .
143 1. Source Code.
144 .
145 The "source code" for a work means
146 the preferred form of the work for making modifications to it.
147 "Object code" means any non-source form of a work.
148 .
149 A "Standard Interface" means
150 an interface that either is an official standard
151 defined by a recognized standards body,
152 or, in the case of interfaces
153 specified for a particular programming language,
154 one that is widely used among developers working in that language.
155 .
156 The "System Libraries" of an executable work include anything,
157 other than the work as a whole,
158 that (a) is included in the normal form of packaging a Major Component,
159 but which is not part of that Major Component,
160 and (b) serves only
161 to enable use of the work with that Major Component,
162 or to implement a Standard Interface
163 for which an implementation is available to the public
164 in source code form.
165 A "Major Component", in this context, means
166 a major essential component (kernel, window system, and so on)
167 of the specific operating system (if any)
168 on which the executable work runs,
169 or a compiler used to produce the work,
170 or an object code interpreter used to run it.
171 .
172 The "Corresponding Source" for a work in object code form means
173 all the source code needed to generate, install,
174 and (for an executable work) run the object code
175 and to modify the work,
176 including scripts to control those activities.
177 However, it does not include the work's System Libraries,
178 or general-purpose tools or generally available free programs
179 which are used unmodified in performing those activities
180 but which are not part of the work.
181 For example, Corresponding Source includes
182 interface definition files associated with source files for the work,
183 and the source code for shared libraries
184 and dynamically linked subprograms
185 that the work is specifically designed to require,
186 such as by intimate data communication or control flow
187 between those subprograms and other parts of the work.
188 .
189 The Corresponding Source need not include
190 anything that users can regenerate automatically
191 from other parts of the Corresponding Source.
192 .
193 The Corresponding Source for a work in source code form
194 is that same work.
195 .
196 2. Basic Permissions.
197 .
198 All rights granted under this License are granted
199 for the term of copyright on the Program,
200 and are irrevocable provided the stated conditions are met.
201 This License explicitly affirms your unlimited permission
202 to run the unmodified Program.
203 The output from running a covered work is covered by this License
204 only if the output, given its content, constitutes a covered work.
205 This License acknowledges your rights of fair use
206 or other equivalent, as provided by copyright law.
207 .
208 You may make, run and propagate
209 covered works that you do not convey,
210 without conditions
211 so long as your license otherwise remains in force.
212 You may convey covered works to others
213 for the sole purpose of having them
214 make modifications exclusively for you,
215 or provide you with facilities for running those works,
216 provided that you comply with the terms of this License
217 in conveying all material
218 for which you do not control copyright.
219 Those thus making or running the covered works for you
220 must do so exclusively on your behalf,
221 under your direction and control,
222 on terms that prohibit them from making any copies
223 of your copyrighted material
224 outside their relationship with you.
225 .
226 Conveying under any other circumstances is permitted
227 solely under the conditions stated below.
228 Sublicensing is not allowed;
229 section 10 makes it unnecessary.
230 .
231 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
232 .
233 No covered work shall be deemed
234 part of an effective technological measure
235 under any applicable law fulfilling obligations
236 under article 11 of the WIPO copyright treaty
237 adopted on 20 December 1996,
238 or similar laws prohibiting or restricting
239 circumvention of such measures.
240 .
241 When you convey a covered work,
242 you waive any legal power
243 to forbid circumvention of technological measures
244 to the extent such circumvention is effected
245 by exercising rights under this License
246 with respect to the covered work,
247 and you disclaim any intention
248 to limit operation or modification of the work
249 as a means of enforcing, against the work's users,
250 your or third parties' legal rights
251 to forbid circumvention of technological measures.
252 .
253 4. Conveying Verbatim Copies.
254 .
255 You may convey verbatim copies of the Program's source code
256 as you receive it, in any medium,
257 provided that you conspicuously and appropriately publish
258 on each copy an appropriate copyright notice;
259 keep intact all notices
260 stating that this License and any non-permissive terms
261 added in accord with section 7 apply to the code;
262 keep intact all notices
263 of the absence of any warranty;
264 and give all recipients a copy of this License
265 along with the Program.
266 .
267 You may charge any price or no price
268 for each copy that you convey,
269 and you may offer support or warranty protection for a fee.
270 .
271 5. Conveying Modified Source Versions.
272 .
273 You may convey a work based on the Program,
274 or the modifications to produce it from the Program,
275 in the form of source code
276 under the terms of section 4,
277 provided that you also meet all of these conditions:
278 .
279 a) The work must carry prominent notices
280 stating that you modified it, and giving a relevant date.
281 .
282 b) The work must carry prominent notices
283 stating that it is released under this License
284 and any conditions added under section 7.
285 This requirement modifies
286 the requirement in section 4 to "keep intact all notices".
287 .
288 c) You must license the entire work, as a whole, under this License
289 to anyone who comes into possession of a copy.
290 This License will therefore apply,
291 along with any applicable section 7 additional terms,
292 to the whole of the work, and all its parts,
293 regardless of how they are packaged.
294 This License gives no permission
295 to license the work in any other way,
296 but it does not invalidate such permission
297 if you have separately received it.
298 .
299 d) If the work has interactive user interfaces,
300 each must display Appropriate Legal Notices;
301 however, if the Program has interactive interfaces
302 that do not display Appropriate Legal Notices,
303 your work need not make them do so.
304 .
305 A compilation of a covered work
306 with other separate and independent works,
307 which are not by their nature extensions of the covered work,
308 and which are not combined with it such as to form a larger program,
309 in or on a volume of a storage or distribution medium,
310 is called an "aggregate"
311 if the compilation and its resulting copyright are not used
312 to limit the access or legal rights of the compilation's users
313 beyond what the individual works permit.
314 Inclusion of a covered work in an aggregate
315 does not cause this License to apply
316 to the other parts of the aggregate.
317 .
318 6. Conveying Non-Source Forms.
319 .
320 You may convey a covered work in object code form
321 under the terms of sections 4 and 5,
322 provided that you also convey the machine-readable Corresponding Source
323 under the terms of this License,
324 in one of these ways:
325 .
326 a) Convey the object code in, or embodied in, a physical product
327 (including a physical distribution medium),
328 accompanied by the Corresponding Source
329 fixed on a durable physical medium
330 customarily used for software interchange.
331 .
332 b) Convey the object code in, or embodied in, a physical product
333 (including a physical distribution medium),
334 accompanied by a written offer,
335 valid for at least three years
336 and valid for as long as you offer spare parts or customer support
337 for that product model,
338 to give anyone who possesses the object code
339 either (1) a copy of the Corresponding Source
340 for all the software in the product that is covered by this License,
341 on a durable physical medium
342 customarily used for software interchange,
343 for a price no more than your reasonable cost
344 of physically performing this conveying of source,
345 or (2) access to copy the Corresponding Source
346 from a network server at no charge.
347 .
348 c) Convey individual copies of the object code
349 with a copy of the written offer to provide the Corresponding Source.
350 This alternative is allowed only occasionally and noncommercially,
351 and only if you received the object code with such an offer,
352 in accord with subsection 6b.
353 .
354 d) Convey the object code by offering access from a designated place
355 (gratis or for a charge),
356 and offer equivalent access to the Corresponding Source
357 in the same way through the same place at no further charge.
358 You need not require recipients to copy the Corresponding Source
359 along with the object code.
360 If the place to copy the object code is a network server,
361 the Corresponding Source may be on a different server
362 (operated by you or a third party)
363 that supports equivalent copying facilities,
364 provided you maintain clear directions next to the object code
365 saying where to find the Corresponding Source.
366 Regardless of what server hosts the Corresponding Source,
367 you remain obligated to ensure that it is available
368 for as long as needed to satisfy these requirements.
369 .
370 e) Convey the object code using peer-to-peer transmission,
371 provided you inform other peers
372 where the object code and Corresponding Source of the work
373 are being offered to the general public
374 at no charge under subsection 6d.
375 .
376 A separable portion of the object code,
377 whose source code is excluded
378 from the Corresponding Source as a System Library,
379 need not be included in conveying the object code work.
380 .
381 A "User Product" is either (1) a "consumer product",
382 which means any tangible personal property
383 which is normally used for personal, family, or household purposes,
384 or (2) anything designed or sold for incorporation into a dwelling.
385 In determining whether a product is a consumer product,
386 doubtful cases shall be resolved in favor of coverage.
387 For a particular product received by a particular user,
388 "normally used" refers to a typical or common use
389 of that class of product,
390 regardless of the status of the particular user
391 or of the way in which the particular user actually uses,
392 or expects or is expected to use,
393 the product.
394 A product is a consumer product
395 regardless of whether the product has substantial commercial,
396 industrial or non-consumer uses,
397 unless such uses represent the only significant mode
398 of use of the product.
399 .
400 "Installation Information" for a User Product means
401 any methods, procedures, authorization keys, or other information
402 required to install and execute modified versions of a covered work
403 in that User Product
404 from a modified version of its Corresponding Source.
405 The information must suffice to ensure
406 that the continued functioning of the modified object code
407 is in no case prevented or interfered with
408 solely because modification has been made.
409 .
410 If you convey an object code work under this section
411 in, or with, or specifically for use in, a User Product,
412 and the conveying occurs as part of a transaction
413 in which the right of possession and use of the User Product
414 is transferred to the recipient
415 in perpetuity or for a fixed term
416 (regardless of how the transaction is characterized),
417 the Corresponding Source conveyed under this section must
418 be accompanied by the Installation Information.
419 But this requirement does not apply
420 if neither you nor any third party retains
421 the ability to install modified object code on the User Product
422 (for example, the work has been installed in ROM).
423 .
424 The requirement to provide Installation Information does not include
425 a requirement to continue to provide support service, warranty,
426 or updates for a work
427 that has been modified or installed by the recipient,
428 or for the User Product in which it has been modified or installed.
429 Access to a network may be denied
430 when the modification itself materially and adversely affects
431 the operation of the network
432 or violates the rules and protocols
433 for communication across the network.
434 .
435 Corresponding Source conveyed,
436 and Installation Information provided,
437 in accord with this section must be in a format
438 that is publicly documented
439 (and with an implementation available to the public
440 in source code form),
441 and must require no special password or key
442 for unpacking, reading or copying.
443 .
444 7. Additional Terms.
445 .
446 "Additional permissions" are terms
447 that supplement the terms of this License
448 by making exceptions from one or more of its conditions.
449 Additional permissions that are applicable to the entire Program
450 shall be treated as though they were included in this License,
451 to the extent that they are valid under applicable law.
452 If additional permissions apply only to part of the Program,
453 that part may be used separately under those permissions,
454 but the entire Program remains governed by this License
455 without regard to the additional permissions.
456 .
457 When you convey a copy of a covered work,
458 you may at your option remove any additional permissions
459 from that copy, or from any part of it.
460 (Additional permissions may be written to require their own removal
461 in certain cases when you modify the work.)
462 You may place additional permissions on material,
463 added by you to a covered work,
464 for which you have or can give appropriate copyright permission.
465 .
466 Notwithstanding any other provision of this License,
467 for material you add to a covered work, you may
468 (if authorized by the copyright holders of that material)
469 supplement the terms of this License with terms:
470 .
471 a) Disclaiming warranty or limiting liability
472 differently from the terms of sections 15 and 16 of this License; or
473 .
474 b) Requiring preservation
475 of specified reasonable legal notices
476 or author attributions in that material
477 or in the Appropriate Legal Notices
478 displayed by works containing it; or
479 .
480 c) Prohibiting misrepresentation of the origin of that material,
481 or requiring that modified versions of such material be marked
482 in reasonable ways as different from the original version; or
483 .
484 d) Limiting the use for publicity purposes
485 of names of licensors or authors of the material; or
486 .
487 e) Declining to grant rights under trademark law
488 for use of some trade names, trademarks, or service marks; or
489 .
490 f) Requiring indemnification
491 of licensors and authors of that material
492 by anyone who conveys the material (or modified versions of it)
493 with contractual assumptions of liability to the recipient,
494 for any liability that these contractual assumptions directly impose
495 on those licensors and authors.
496 .
497 All other non-permissive additional terms
498 are considered "further restrictions"
499 within the meaning of section 10.
500 If the Program as you received it, or any part of it,
501 contains a notice stating that it is governed by this License
502 along with a term that is a further restriction,
503 you may remove that term.
504 If a license document contains a further restriction
505 but permits relicensing or conveying under this License,
506 you may add to a covered work material governed
507 by the terms of that license document,
508 provided that the further restriction does not survive
509 such relicensing or conveying.
510 .
511 If you add ter a covered work in accord with this section,
512 you must place, in the relevant source files, a statement
513 of the additional terms that apply to those files,
514 or a notice indicating where to find the applicable terms.
515 .
516 Additional terms, permissive or non-permissive, may be stated
517 in the form of a separately written license,
518 or stated as exceptions;
519 the above requirements apply either way.
520 .
521 8. Termination.
522 .
523 You may not propagate or modify a covered work
524 except as expressly provided under this License.
525 Any attempt otherwise to propagate or modify it is void,
526 and will automatically terminate your rights under this License
527 (including any patent licenses granted
528 under the third paragraph of section 11).
529 .
530 However, if you cease all violation of this License,
531 then your license from a particular copyright holder is reinstated
532 (a) provisionally,
533 unless and until the copyright holder explicitly and finally
534 terminates your license,
535 and (b) permanently,
536 if the copyright holder fails to notify you of the violation
537 by some reasonable means prior to 60 days after the cessation.
538 .
539 Moreover, your license from a particular copyright holder
540 is reinstated permanently
541 if the copyright holder notifies you
542 of the violation by some reasonable means,
543 this is the first time you have received notice
544 of violation of this License (for any work)
545 from that copyright holder,
546 and you cure the violation
547 prior to 30 days after your receipt of the notice.
548 .
549 Termination of your rights under this section does not terminate
550 the licenses of parties who have received copies or rights
551 from you under this License.
552 If your rights have been terminated and not permanently reinstated,
553 you do not qualify to receive new licenses for the same material
554 under section 10.
555 .
556 9. Acceptance Not Required for Having Copies.
557 .
558 You are not required to accept this License
559 in order to receive or run a copy of the Program.
560 Ancillary propagation
561 of a covered work occurring solely as a consequence
562 of using peer-to-peer transmission to receive a copy
563 likewise does not require acceptance.
564 However, nothing other than this License grants you
565 permission to propagate or modify any covered work.
566 These actions infringe copyright
567 if you do not accept this License.
568 Therefore, by modifying or propagating a covered work,
569 you indicate your acceptance of this License to do so.
570 .
571 10. Automatic Licensing of Downstream Recipients.
572 .
573 Each time you convey a covered work,
574 the recipient automatically receives
575 a license from the original licensors,
576 to run, modify and propagate that work,
577 subject to this License.
578 You are not responsible for enforcing compliance by third parties
579 with this License.
580 .
581 An "entity transaction" is a transaction transferring control
582 of an organization, or substantially all assets of one,
583 or subdividing an organization,
584 or merging organizations.
585 If propagation of a covered work results from an entity transaction,
586 each party to that transaction who receives a copy of the work
587 also receives whatever licenses to the work
588 the party's predecessor in interest had or could give
589 under the previous paragraph,
590 plus a right to possession of the Corresponding Source of the work
591 from the predecessor in interest,
592 if the predecessor has it or can get it with reasonable efforts.
593 .
594 You may not impose any further restrictions
595 on the exercise of the rights granted or affirmed under this License.
596 For example, you may not impose
597 a license fee, royalty, or other charge
598 for exercise of rights granted under this Licensend you may not initiate litigation
599 (including a cross-claim or counterclaim in a lawsuit)
600 alleging that any patent claim is infringed
601 by making, using, selling, offering for sale, or importing
602 the Program or any portion of it.
603 .
604 11. Patents.
605 .
606 A "contributor" is a copyright holder
607 who authorizes use under this License of the Program
608 or a work on which the Program is based.
609 The work thus licensed is called
610 the contributor's "contributor version".
611 .
612 A contributor's "essential patent claims" are all patent claims
613 owned or controlled by the contributor,
614 whether already acquired or hereafter acquired,
615 that would be infringed by some manner,
616 permitted by this License,
617 of making, using, or selling its contributor version,
618 but do not include claims
619 that would be infringed only as a consequence
620 of further modification of the contributor version.
621 For purposes of this definition, "control" includes the right
622 to grant patent sublicenses in a manner
623 consistent with the requirements of this License.
624 .
625 Each contributor grants you
626 a non-exclusive, worldwide, royalty-free patent license
627 under the contributor's essential patent claims,
628 to make, use, sell, offer for sale, import and otherwise run, modify
629 and propagate the contents of its contributor version.
630 .
631 In the following three paragraphs,
632 a "patent license" is any express agreement or commitment,
633 however denominated, not to enforce a patent
634 (such as an express permission to practice a patent
635 or covenant not to sue for patent infringement).
636 To "grant" such a patent license to a party means
637 to make such an agreement or commitment
638 not to enforce a patent against the party.
639 .
640 If you convey a covered work,
641 knowingly relying on a patent license,
642 and the Corresponding Source of the work is not available
643 for anyone to copy,
644 free of charge and under the terms of this License,
645 through a publicly available network server
646 or other readily accessible means,
647 then you must either
648 (1) cause the Corresponding Source to be so available,
649 or (2) arrange to deprive yourself of the benefit
650 of the patent license for this particular work,
651 or (3) arrange,
652 in a manner consistent with the requirements of this License,
653 to extend the patent license to downstream recipients.
654 "Knowingly relying" means
655 you have actual knowledge that, but for the patent license,
656 your conveying the covered work in a country,
657 or your recipient's use of the covered work in a country,
658 would infringe one or more identifiable patents in that country
659 that you have reason to believe are valid.
660 .
661 If, pursuant to or in connection
662 with a single transaction or arrangement,
663 you convey, or propagate by procuring conveyance of, a covered work,
664 and grant a patent license to some of the parties
665 receiving the covered work authorizing them
666 to use, propagate, modify or convey a specific copy of the covered work,
667 then the patent license you grant is automatically extended
668 to all recipients of the covered work and works based on it.
669 .
670 A patent license is "discriminatory"
671 if it does not include within the scope of its coverage,
672 prohibits the exercise of, or is conditioned on
673 the non-exercise of one or more of the rights
674 that are specifically granted under this License.
675 You may not convey a covered work
676 if you are a party to an arrangement with a third party
677 that is in the business of distributing software,
678 under which you make payment to the third party
679 based on the extent of your activity of conveying the work,
680 and under which the third party grants,
681 to any of the partieo would receive the covered work from you,
682 a discriminatory patent license
683 (a) in connection with copies of the covered work conveyed by you
684 (or copies made from those copies),
685 or (b) primarily for and in connection with specific products
686 or compilations that contain the covered work,
687 unless you entered into that arrangement,
688 or that patent license was granted,
689 prior to 28 March 2007.
690 .
691 Nothing in this License shall be construed as excluding or limiting
692 any implied license or other defenses to infringement
693 that may otherwise be available to you under applicable patent law.
694 .
695 12. No Surrender of Others' Freedom.
696 .
697 If conditions are imposed on you
698 (whether by court order, agreement or otherwise)
699 that contradict the conditions of this License,
700 they do not excuse you from the conditions of this License.
701 If you cannot convey a covered work
702 so as to satisfy simultaneously your obligations
703 under this License and any other pertinent obligations,
704 then as a consequence you may not convey it at all.
705 For example, if you agree to terms that obligate you
706 to collect a royalty for further conveying from those
707 to whom you convey the Program,
708 the only way you could satisfy both those terms and this License
709 would be to refrain entirely from conveying the Program.
710 .
711 13. Remote Network Interaction;
712 Use with the GNU General Public License.
713 .
714 Notwithstanding any other provision of this License,
715 if you modify the Program,
716 your modified version must prominently offer
717 all users interacting with it remotely through a computer network
718 (if your version supports such interaction)
719 an opportunity to receive the Corresponding Source of your version
720 by providing access to the Corresponding Source
721 from a network server at no charge,
722 through some standard or customary means
723 of facilitating copying of software.
724 This Corresponding Source shall include
725 the Corresponding Source for any work covered
726 by version 3 of the GNU General Public License
727 that is incorporated pursuant to the following paragraph.
728 .
729 Notwithstanding any other provision of this License,
730 you have permission to link or combine any covered work
731 with a work licensed
732 under version 3 of the GNU General Public License
733 into a single combined work, and to convey the resulting work.
734 The terms of this License will continue to apply
735 to the part which is the covered work,
736 but the work with which it is combined will remain governed
737 by version 3 of the GNU General Public License.
738 .
739 14. Revised Versions of this License.
740 .
741 The Free Software Foundation may publish revised and/or new versions
742 of the GNU Affero General Public License from time to time.
743 Such new versions will be similar in spirit to the present version,
744 but may differ in detail to address new problems or concerns.
745 .
746 Each version is given a distinguishing version number.
747 If the Program specifies that a certain numbered version
748 of the GNU Affero General Public License
749 "or any later version" applies to it,
750 you have the option of following the terms and conditions
751 either of that numbered version
752 or of any later version
753 published by the Free Software Foundation.
754 If the Program does not specify a version number
755 of the GNU Affero General Public License,
756 you may choose any version ever
757 published by the Free Software Foundation.
758 .
759 If the Program specifies that a proxy can decide
760 which future versions
761 of the GNU Affero General Public License can be used,
762 that proxy's public statement of acceptance of a version
763 permanently authorizes you to choose that version for the Progr.
764 Later license versions may give you
765 additional or different permissions.
766 However, no additional obligations are imposed
767 on any author or copyright holder
768 as a result of your choosing to follow a later version.
769 .
770 15. Disclaimer of Warranty.
771 .
772 THERE IS NO WARRANTY FOR THE PROGRAM,
773 TO THE EXTENT PERMITTED BY APPLICABLE LAW.
774 EXCEPT WHEN OTHERWISE STATED IN WRITING
775 THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
776 WITHOUT WARRANTY OF ANY KIND,
777 EITHER EXPRESSED OR IMPLIED,
778 INCLUDING, BUT NOT LIMITED TO,
779 THE IMPLIED WARRANTIES OF MERCHANTABILITY
780 AND FITNESS FOR A PARTICULAR PURPOSE.
781 THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
782 IS WITH YOU.
783 SHOULD THE PROGRAM PROVE DEFECTIVE,
784 YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
785 .
786 16. Limitation of Liability.
787 .
788 IN NO EVENT
789 UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
790 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY
791 WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE,
792 BE LIABLE TO YOU FOR DAMAGES,
793 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
794 ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
795 (INCLUDING BUT NOT LIMITED TO
796 LOSS OF DATA OR DATA BEING RENDERED INACCURATE
797 OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES
798 OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
799 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED
800 OF THE POSSIBILITY OF SUCH DAMAGES.
801 .
802 17. Interpretation of Sections 15 and 16.
803 .
804 If the disclaimer
805 of warranty and limitation of liability provided above
806 cannot be given local legal effect according to their terms,
807 reviewing courts shall apply local law
808 that most closely approximates an absolute waiver
809 of all civil liability in connection with the Program,
810 unless a warranty or assumption of liability accompanies
811 a copy of the Program in return for a fee.
812 .
813 END OF TERMS AND CONDITIONS
814 .
815 How to Apply These Terms to Your New Programs
816 .
817 If you develop a new program,
818 and you want it to be of the greatest possible use to the public,
819 the best way to achieve this is to make it free software
820 which everyone can redistribute and change under these terms.
821 .
822 To do so, attach the following notices to the program.
823 It is safest to attach them to the start of each source file
824 to most effectively state the exclusion of warranty;
825 and each file should have at least the "copyright" line
826 and a pointer to where the full notice is found.
827 .
828 <one line to give the program's name and a brief idea of what it does.>
829 Copyright (C) <year> <name of author>
830 .
831 This program is free software:
832 you can redistribute it and/or modify it
833 under the terms of the GNU Affero General Public License
834 as published by the Free Software Foundation,
835 either version 3 of the License, or (at your option) any later version.
836 .
837 This program is distributed in the hope that it will be useful,
838 but WITHOUT ANY WARRANTY;
839 without even the implied warranty
840 of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
841 See the GNU Affero General Public License for more details.
842 .
843 You should have received
844 a copy of the GNU Affero General Public License
845 along with this program.
846 If not, see <http://www.gnu.org/licenses/>.
847 .
848 Also add information on how to contact you
849 by electronic and paper mail.
850 .
851 If your software can interact with users
852 remotely through a computer network,
853 you should also make sure that it provides
854 a way for users to get its source.
855 For example, if your program is a web application,
856 its interface could display a "Source"at leads users to an archive of the code.
857 There are many ways you could offer source,
858 and different solutions will be better for different programs;
859 see section 13 for the specific requirements.
860 .
861 You should also get your employer (if you work as a programmer)
862 or school, if any, to sign
863 a "copyright disclaimer" for the program, if necessary.
864 For more information on this,
865 and how to apply and follow the GNU AGPL,
866 see <http://www.gnu.org/licenses/>.
867
868 License: GPL-3
869 This program is free software; you can redistribute it and/or modify
870 it under the terms of the GNU General Public License as published by
871 the Free Software Foundation; version 3.
872 .
873 This program is distributed in the hope that it will be useful,
874 but WITHOUT ANY WARRANTY; without even the implied warranty of
875 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
876 GNU General Public License for more details.
877 .
878 You should have received a copy of the GNU General Public License
879 along with this program; if not, write to the Free Software
880 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
881 MA 02110-1301, USA
882 .
883 On Debian systems the full text of the GNU General Public License can be found
884 in the `/usr/share/common-licenses/GPL-3' file.
0 Description: check_pollen needs pollinate, so this script is better suited
1 in package pollinate
2 Author: Thorsten Alteholz <debian@alteholz.de>
3 Index: pollen-4.21/check_pollen
4 ===================================================================
5 --- pollen-4.21.orig/check_pollen 2019-02-06 19:42:04.054819853 +0100
6 +++ pollen-4.21/check_pollen 2019-02-06 19:42:52.346819200 +0100
7 @@ -1,54 +1 @@
8 -#!/bin/sh
9 -#
10 -# check_pollen - verify the pollen server on localhost is operating correctly
11 -#
12 -# Copyright (C) 2013 Dustin Kirkland <dustin.kirkland@gmail.com>
13 -#
14 -# This program is free software: you can redistribute it and/or modify
15 -# it under the terms of the GNU Affero General Public License as published by
16 -# the Free Software Foundation, version 3 of the License.
17 -#
18 -# This program is distributed in the hope that it will be useful,
19 -# but WITHOUT ANY WARRANTY; without even the implied warranty of
20 -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 -# GNU Affero General Public License for more details.
22 -#
23 -# You should have received a copy of the GNU Affero General Public License
24 -# along with this program. If not, see <http://www.gnu.org/licenses/>.
25 -
26 -
27 -TMPDIR=$(mktemp -d -t "pollen.XXXXXXXXXXXX")
28 -trap "rm -rf ${TMPDIR} 2>/dev/null || true" EXIT HUP INT QUIT TERM
29 -
30 -md5sum1=$(grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true | md5sum)
31 -pollinate -t -i -s localhost -b -d - >"$TMPDIR/out" 2>"$TMPDIR/err" && RC=0 || RC=$?
32 -md5sum2=$(grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true | md5sum)
33 -bytes=$(wc -c "$TMPDIR/out" | awk '{print $1}')
34 -bpb=$(ent -t "$TMPDIR/out" | tail -n1 | awk -F, '{print $3}' | awk -F. '{print $1}')
35 -mean=$(ent -t "$TMPDIR/out" | tail -n1 | awk -F, '{print $5}' | awk -F. '{print $1}')
36 -
37 -if [ "$RC" != "0" ]; then
38 - echo "CRITICAL - pollen server did not properly respond to the test request [$RC]"
39 - cat "$TMPDIR/err" 1>&2
40 - exit 2
41 -fi
42 -if [ "$md5sum1" = "$md5sum2" ]; then
43 - echo "CRITICAL - pollen server did not properly log the test request [$RC]"
44 - grep pollen /var/log/syslog /var/log/pollen/pollen.log 2>/dev/null || true
45 - exit 2
46 -fi
47 -if [ -z "$bytes" ] || [ "$bytes" -lt 64 ]; then
48 - echo "WARNING - pollen server did not respond with at least 64 bytes [$bytes]"
49 - exit 1
50 -fi
51 -if [ -z "$bpb" ] || [ "$bpb" -lt 5 ]; then
52 - echo "WARNING - pollen server did not respond with sufficient entropy bits per byte [$bpb]"
53 - exit 1
54 -fi
55 -if [ -z "$mean" ] || [ "$mean" -lt 95 ] || [ "$mean" -gt 160 ]; then
56 - echo "WARNING - pollen server responded with poor entropy (bad arithmetic mean [$mean])"
57 - exit 1
58 -fi
59 -
60 -echo "OK - pollen server is online and responded correctly to the test request"
61 -exit 0
62 +# This has been moved to package pollinate
0 check-pollen-to-pollianet.patch
0 # HTTP_PORT is the http port on which the pollen server should listen and respond.
1 # Note that these connections will not be encrypted
2 # Default: 80
3 HTTP_PORT="42080"
4
5 # HTTPS_PORT is the https port on which the pollen server should listen and respond.
6 # Note that these connections will be encrypted using TLS
7 # Default: 443
8 HTTPS_PORT="42443"
9
10 # DEVICE is the source of randomness for entropy read by the server,
11 # and the destination for received and whitened entropy.
12 # Default: /dev/random
13 # Alternative: /dev/urandom
14 DEVICE="/dev/random"
15
16 # BYTES is the size in bytes to transmit and receive each time, to peers
17 # or neighbors listening for broadcast in the pool. It is rude to set this
18 # very high.
19 # Default: 64
20 BYTES="64"
21
22 # In case you don't want to have the stuff created during install,
23 # the files below need to be obtained for example from Let's Encrypt
24 #
25 # CERT is the location of the TLS certificate
26 # Default: /etc/pollen/cert.pem
27 CERT="/etc/pollen/cert.pem"
28
29 # KEY is the location of the TLS key
30 # Default: /etc/pollen/key.pem
31 KEY="/etc/pollen/key.pem"
0 pollen /usr/bin/
1 usr.bin.pollen /etc/apparmor.d/
0 # Golang code expects to be statically linked and built in this way
1 pollen: unstripped-binary-or-object
0 #!/bin/sh
1 set -e
2
3 PKG="pollen"
4 DIR="/etc/$PKG"
5 mkdir -p -m 700 "$DIR"
6 PUB_CERT="$DIR/cert.pem"
7 PK="$DIR/key.pem"
8 CA="$DIR/ca.pem"
9
10 # Create the pollen user if necessary
11 if ! getent passwd $PKG >/dev/null; then
12 adduser --disabled-password --quiet --system --home /var/cache/pollen --ingroup daemon $PKG --shell /bin/false
13 fi
14
15 # Set capabilities on the pollen binary to bind to privileged ports
16 setcap 'cap_net_bind_service=+ep' /usr/bin/pollen
17 [ -e /etc/apparmor.d/local/usr.bin.pollen ] || touch /etc/apparmor.d/local/usr.bin.pollen
18
19 if [ ! -r "$PUB_CERT" ] || [ ! -r "$PK" ]; then
20 install -m 600 /dev/null "$PUB_CERT"
21 install -m 600 /dev/null "$PK"
22 # Auto generate self signed certs if we don't have one already in place
23 openssl req -new -newkey rsa:4096 -nodes -x509 -out "$PUB_CERT" -keyout "$PK" -days 3650 -subj "/C=US/ST=TX/L=Austin/CN=localhost/emailAddress=pollen@example.com"
24 fi
25
26 chown $PKG:root $DIR
27 chown $PKG:root $DIR/*
28
29 #DEBHELPER#
0 #! /bin/sh
1
2 set -e
3 PKG=pollen
4
5 if [ "$1" = "purge" ]; then
6 deluser --quiet --system $PKG > /dev/null || true
7 rm -rf /etc/pollen || true
8 fi
9
10 #DEBHELPER#
0 [Unit]
1 Description=Entropy as a Service
2 After=network.target
3
4 [Service]
5 User=pollen
6 EnvironmentFile=/etc/default/pollen
7 # Ensure our device exists, and is a character device
8 ExecStartPre=/bin/sh -c '[ -c "$DEVICE" ]'
9 ExecStart=/usr/bin/pollen -http-port=${HTTP_PORT} -https-port=${HTTPS_PORT} -device=${DEVICE} -bytes=${BYTES} -cert=${CERT} -key=${KEY}
10 Restart=on-failure
11
12 [Install]
13 WantedBy=multi-user.target
0 #!/usr/bin/make -f
1
2 %:
3 dh $@ --with golang
4
5 override_dh_strip:
6 true
7
8 override_dh_installdeb:
9 dh_apparmor --profile-name=usr.bin.pollen -ppollen
10 dh_installdeb
11
12 override_dh_installinit:
13 dh_installinit --name=pollen-restart
14 dh_installinit
0 3.0 (quilt)