Debian package internals template.

Used for creating a source debian package which can later
be build into binary packages. Not yet finished.

examples/otpasswd_oob.sh

@@ -8,14 +8,26 @@
 # Passcode with extended alphabet can contain 
 # ' " ~ etc. Keep it safe!
 
+# Warning - contact data is settable by user. Make sure
+# to SANITIZE it correctly! If it's a phone number you can 
+# check it with regular expression
+
 # Exemplary simple OOB utility. (Polish 'Plus' operator internet gateway)
 # Change it before using.
 # Contacts are phone numbers in format "48xxxyyyzzz"
 
 SENDMAIL=/usr/sbin/sendmail # Update to match your system. 
 
-TO="<$1@text.plusgsm.pl>"
-echo -en "To:$TO\nFrom: OTP <Ted@thera.be>\nSubject: OTP password\n\nPasscode = $2\n" | $SENDMAIL "$TO" 
+# Sanitize contact data
+echo "$1" | egrep '^[0-9]+$' > /dev/null 
+if [ $? != 0 ] then
+	echo "Contact data is not a valid phone number"
+	exit 1
+fi
+
+# Send email
+TO="<$1@text.plusgsm.CHANGEME.pl>"
+echo -en "To:$TO\nFrom: OTP <Ted@SETME.be>\nSubject: OTP password\n\nPasscode = $2\n" | $SENDMAIL "$TO" 
 
 # Tests.
 # whoami >> /tmp/OOB_TEST

tools/debian_pkg_template/README.Debian

@@ -0,0 +1,14 @@
+otpasswd for Debian
+-------------------
+
+This package is in rapid flux, and should not be used on mission critical
+systems.
+
+ -- Luke Faraone <luke@faraone.cc>  Fri, 18 Dec 2009 20:46:18 -0500
+
+
+Getting back to maintain the upstream, stabilize it and test it.
+Development got stopped almost before getting a stable release due
+to lack of time and valgrind problems.
+
+ -- Tomasz Fortuna <bla@thera.be  Sat 26 Oct 13:50:20 CEST 2013

tools/debian_pkg_template/changelog

@@ -0,0 +1,16 @@
+otpasswd (0.8) experimental; urgency=low
+
+  * Major update since 0.4 release, see the upstream Changelog
+  * Upstream maintenance and development reinstated
+  * Divided into utility, agent and PAM module for security reasons
+  * OOB (sms/email) one-time-pad transmission using external scripts
+  * This is a package suitable for tests on non-critical systems.
+  * Updated package (Closes: #562968)
+
+ -- Tomasz bla Fortuna (bla@thera.be) Sat 26 Oct 14:20:55 CEST 2013
+
+otpasswd (0.4-0local1) experimental; urgency=low
+
+  * Initial release (Closes: #562968)
+
+ -- Luke Faraone <luke@faraone.cc>  Fri, 18 Dec 2009 20:46:18 -0500

tools/debian_pkg_template/compat

@@ -0,0 +1 @@
+9

tools/debian_pkg_template/control

@@ -0,0 +1,42 @@
+Source: otpasswd
+Section: admin
+Priority: extra
+Maintainer: Tomasz bla Fortuna <bla@thera.be>
+Build-Depends: cdbs, debhelper (>= 7), cmake, libpam0g-dev
+Standards-Version: 3.8.3
+Homepage: http://otpasswd.thera.be
+
+Package: otpasswd-bin
+Section: admin
+Architecture: any
+Suggests: libpam-otpasswd
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: one-time passwords implementation for PAM
+ otpasswd consists of a pam module and an user utility. With the
+ utility user manages his "state" file: creates his KEY, manages flags
+ and prints passcards with one-time passwords.
+ .
+ PAM module enables (for example) OpenSSH to do an authentication
+ using one-time password with the information from user state file. By
+ using an external script, an out-of-band channel can be used for
+ one-time-pad transmission. OTPasswd by default works in a local mode,
+ as optional security layer without a need for a SUID binary. One can
+ alternatively configure a mode with enforced system policy which
+ requires SUID bit.
+ .
+ The program is written in C (C99) and implements OTP as described in
+ "Perfect Paper Passwords" description of which can be found here
+ https://www.grc.com/ppp.htm
+ This program also kind of extends this idea with "salt".
+
+Package: libpam-otpasswd
+Section: libs
+Architecture: any
+Recommends: otpasswd
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: one-time passwords implementation for PAM
+ otpasswd consists of a pam module and an user utility. With the
+ utility user manages his "state" file: creates his key, manages flags
+ and prints passcards with one-time passwords.
+ .
+ This package contains the otpasswd shared library.

tools/debian_pkg_template/copyright

@@ -0,0 +1,50 @@
+This package was debianized by Luke Faraone <luke@faraone.cc> on Fri,
+18 Dec 2009 20:46:18 -0500. New package created by Tomasz bla Fortuna
+on Sat 26 Oct 2013.
+
+It was downloaded from <https://savannah.nongnu.org/projects/otpasswd/>
+
+Upstream Author:
+
+    Tomasz bla Fortuna <bla@thera.be>
+
+Copyright:
+
+    Copyright © 2009-2013 Tomasz bla Fortuna <bla@thera.be>
+
+License:
+    This package is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This package is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this package; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of portions of this program with the
+    OpenSSL library under certain conditions as described in each
+    individual source file, and distribute linked combinations including
+    the two. You must obey the GNU General Public License in all
+    respects  for all of the code used other than OpenSSL.  If you
+    modify file(s) with this exception, you may extend this exception to your
+    version of the file(s), but you are not obligated to do so.  If you
+    do not wish to do so, delete this exception statement from your
+    version.  If you delete this exception statement from all source
+    files in the program, then also delete it here.
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL-3'.
+
+The Debian packaging is:
+
+    Copyright © 2009 Luke Faraone <luke@faraone.cc>
+
+and is licensed under the GPL version 3, see above.
+

tools/debian_pkg_template/libpam-otpasswd.install

@@ -0,0 +1,2 @@
+etc/pam.d/otpasswd-login
+lib/security/pam_otpasswd.so

tools/debian_pkg_template/libpam-otpasswd.manpages

@@ -0,0 +1 @@
+docs/pam_otpasswd.8

tools/debian_pkg_template/otpasswd-bin.docs

@@ -0,0 +1,4 @@
+docs/README
+docs/INSTALL
+docs/ChangeLog
+docs/SECURITY

tools/debian_pkg_template/otpasswd-bin.install

@@ -0,0 +1,3 @@
+usr/bin/otpasswd
+usr/bin/agent_otp
+etc/otpasswd/otpasswd.conf

tools/debian_pkg_template/otpasswd-bin.manpages

@@ -0,0 +1,3 @@
+docs/otpasswd.1
+docs/otpasswd.5
+docs/agent_otp.1

tools/debian_pkg_template/rules

@@ -0,0 +1,34 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/cmake.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
+
+
+# Add here any variable or target overrides you need.
+.PHONY: get-orig-source 
+
+
+# Rules for fetching the upstream tarball
+CURRENT_TREEISH =$(shell dpkg-parsechangelog | sed -rne 's,^Version: .*git([^-]+).*,\1,p')
+CURVER=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^-]+).*,\1,p')
+
+SOURCE_DIR=otpasswd-$(CURVER)
+TARBALL=otpasswd_$(CURVER).orig.tar.gz
+
+
+$(SOURCE_DIR): https://github.com/blaa/OTPasswd.git
+	git clone https://github.com/blaa/OTPasswd.git $(SOURCE_DIR)
+	if [ x$(CURRENT_TREEISH) = x ]; then \
+	 cd $(SOURCE_DIR) && git checkout v$(CURVER); \
+	else \
+	 cd $(SOURCE_DIR) && git checkout $(CURRENT_TREEISH); \
+	fi
+
+
+$(TARBALL): $(SOURCE_DIR)
+	tar czvf $(TARBALL) $(SOURCE_DIR)
+
+get-orig-source: $(TARBALL)
+	rm -rf $(SOURCE_DIR) $(SOURCE_DIR).temp
+

tools/debian_pkg_template/watch

@@ -0,0 +1,4 @@
+# See uscan(1) for format
+
+version=3
+http://download.savannah.gnu.org/releases-noredirect/otpasswd/otpasswd-([\d\.]+)\.tar\.gz