overhaul/simplify keyring package

10 files changed, 53 insertions, 107 deletions

diff --git a/README b/README
deleted file mode 100644
index 5d55c43..0000000
--- a/README
+++ /dev/null
@@ -1,19 +0,0 @@
-Introduction
-------------
-
-LEAP signs its Debian archive Release files that are stored on
-deb.leap.se with the archive signing key contained in this package.
-
-A quick overview about this package:
-* This keyrings are used by "apt" versions 0.6 and later. They 
-  will be used with the apt-key command.
-* Normally (i.e. if the apt-key binary is found), the keys contained in
-  the debian-archive-keyring package will be automatically installed into
-  apt's trusted keyring by the package's postinst script and keys that are 
-  in the debian-archive-keyring-removed will be automatically removed.
-* If the automatic installation of the keys fails, then the user can run
-  "apt-key update" manually.
-
-More information about the archive authentication feature can be found 
-here: http://wiki.debian.org/SecureApt
-
diff --git a/debian/changelog b/debian/changelog
index 54ed1d4..9d8a817 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+leap-archive-keyring (2016.03.03) unstable; urgency=medium
+
+  * convert to debhelper
+  * avoid the use of flakey "apt-key del" upon package removal.
+  * rename package to leap-archive-keyring
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 03 Mar 2016 17:44:00 +0100
+
 leap-keyring (2015.02.26) unstable; urgency=medium
 
   * Update key expiration date to expire in 2 years
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
index 67d98c5..8cd9b95 100644
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,21 @@
-Source: leap-keyring
-Priority: important
+Source: leap-archive-keyring
+Priority: extra
 Section: misc
 Maintainer: Micah Anderson <micah@leap.se>
-Standards-Version: 3.9.6
+Standards-Version: 3.9.7
 Uploaders: Micah Anderson <micah@debian.org>
+Build-Depends: debhelper (>= 9)
+Vcs-Git: https://leap.se/git/leap-keyring.git
+Vcs-Browser: https://leap.se/git/leap-keyring.git
 
-Package: leap-keyring
+Package: leap-archive-keyring
+Priority: extra
 Architecture: all
-Depends: gnupg (>= 1.0.6-4)
-Description: GnuPG archive key of the leap.se repository
- The riseup repository digitally signs its Release files. This package
- contains the repository key and will be automatically installed into
- the apt-key list on the system when installed.
+Provides: leap-keyring
+Conflicts: leap-keyring
+Replaces: leap-keyring
+Depends: ${misc:Depends}
+Description: OpenPGP archive key for the leap.se software repositories
+ The leap.se software repositories digitally sign their Release
+ files. This package contains the repository keys used to verify those
+ files.
diff --git a/debian/copyright b/debian/copyright
index ca9a282..cb82ca3 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,8 +1,10 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: leap-archive-keyring
+Source: https://leap.se/git/leap-keyring.git
+Upstream-Contact: Micah Anderson <micah@leap.se>
 
 Files: *
-Copyright: 2006 Michael Vogt <mvo@debian.org>, 2013-2015 LEAP Encryption Access Project
-Comment: This is leap.se's GnuPG keyrings of archive keys. This package was originally put together by Michael Vogt <mvo@debian.org> based on the debian-keyring package maintained by James Troup. It was adapted to backports.org by Alexander Wirt <formorer@debian.org> and for leap.se by Micah Anderson <micah@leap.se>
+Copyright: 2013-2016 LEAP Encryption Access Project
 License: GPL-3+
  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -19,4 +21,3 @@ License: GPL-3+
  .
  On Debian GNU/Linux systems, the complete text of the GNU General Public
  License version 3 can be found in /usr/share/common-licenses/GPL-3.
-
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..e577cfc
--- /dev/null
+++ b/debian/install
@@ -0,0 +1 @@
+keyrings/*.gpg etc/apt/trusted.gpg.d
diff --git a/debian/postinst b/debian/postinst
deleted file mode 100644
index ebe1959..0000000
--- a/debian/postinst
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if which apt-key > /dev/null; then
-    apt-key add /usr/share/keyrings/leap-keyring.gpg
-    apt-key add /usr/share/keyrings/leap-experimental-keyring.gpg
-fi
diff --git a/debian/preinst b/debian/preinst
new file mode 100755
index 0000000..7524ff8
--- /dev/null
+++ b/debian/preinst
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+
+# cleanup keys from the old /etc/apt/trusted.gpg, because it was not
+# properly cleaned up by previous versions of leap-keyring.
+
+# we could try to limit this cleanup to just upgrade moving from
+# versions before 2016.03.03, but due to the package rename and the
+# possibility of someone having purged the old package before
+# installing this new one, it's better to do it unconditionally.
+
+# another way of looking at this is that the installation of this
+# package will ensure that the keys in question don't show up in two
+# keyrings at once.
+
+if [ -e /etc/apt/trusted.gpg ] && which gpg >/dev/null; then
+   # remove the version of the keys that were shipped in leap-keyring before version 2016.03.03:
+   gpg --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg --delete-key 0x1E453B2CE87BEE2F7DFE99661E34A1828E207901 || true
+   gpg --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg --delete-key 0xCE433F407BAB443AFEA196C1837C1AD5367429D9 || true
+fi
+
+#DEBHELPER#
diff --git a/debian/prerm b/debian/prerm
deleted file mode 100644
index 7548411..0000000
--- a/debian/prerm
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "$1" in
-    remove|purge)
-	if which apt-key > /dev/null; then
-		apt-key del 0x1E34A1828E207901
-		apt-key del 0x837C1AD5367429D9
-	fi
-	;;
-esac
diff --git a/debian/rules b/debian/rules
index cec1191..cbe925d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,57 +1,3 @@
 #!/usr/bin/make -f
-# debian/rules file - for debian/keyring
-
-install_dir=install -d -m 755
-install_file=install -m 644
-install_script=install -m 755
-install_binary=install -m 755 -s
-
-VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2)
-
-build:
-build-arch: build
-build-indep: build
-
-clean:
-	$(checkdir)
-	-rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars
-	-rm -rf debian/tmp
-
-binary-indep: checkroot
-	$(checkdir)
-	-rm -rf debian/tmp
-	$(install_dir) debian/tmp/DEBIAN/
-	$(install_script) debian/postinst debian/tmp/DEBIAN/
-	$(install_script) debian/prerm debian/tmp/DEBIAN/
-
-	$(install_dir) debian/tmp/usr/share/keyrings/
-	$(install_file) keyrings/leap-keyring.gpg debian/tmp/usr/share/keyrings/
-	$(install_file) keyrings/leap-experimental-keyring.gpg debian/tmp/usr/share/keyrings/
-
-	$(install_dir) debian/tmp/usr/share/doc/leap-keyring/
-	$(install_file) README debian/tmp/usr/share/doc/leap-keyring/
-	$(install_file) debian/changelog debian/tmp/usr/share/doc/leap-keyring/changelog
-	$(install_file) debian/copyright debian/tmp/usr/share/doc/leap-keyring/
-	gzip -9vn debian/tmp/usr/share/doc/leap-keyring/changelog
-	gzip -9vn debian/tmp/usr/share/doc/leap-keyring/README
-
-	cd debian/tmp && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums
-	cd debian/tmp && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 sha256sum > DEBIAN/sha256sums
-	dpkg-gencontrol -pleap-keyring -isp
-	chown -R root.root debian/tmp
-	chmod -R go=rX debian/tmp
-	dpkg --build debian/tmp ..
-
-define checkdir
-	test -f keyrings/leap-keyring.gpg
-endef
-
-# Below here is fairly generic really
-
-binary:		binary-indep
-
-checkroot:
-	$(checkdir)
-	test root = "`whoami`"
-
-.PHONY: binary binary-arch binary-indep clean checkroot
+%:
+	dh $@