debian/0000755000000000000000000000000012216317715007173 5ustar debian/yubikey-ksm.docs0000644000000000000000000000003412133542564012313 0ustar usr/share/doc/yubikey-ksm/* debian/compat0000644000000000000000000000000212133542564010371 0ustar 9 debian/copyright0000644000000000000000000000304412133542564011127 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: YubiKey KSM Upstream-Contact: ossmaint@yubico.com Source: https://github.com/Yubico/yubikey-ksm Files: * Copyright: Copyright (c) 2009-2013 Yubico AB License: BSD-2-clause All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/rules0000755000000000000000000000067412133542564010262 0ustar #!/usr/bin/make -f override_dh_auto_clean: # This only removes the man pages, which we would like to keep. override_dh_auto_build: # There is no default 'make' target for this package. # Build architecture-dependent files here. binary-arch: install # We have nothing to do. # Build architecture-independent files here. binary-indep: install dh $@ binary: binary-indep binary-arch .PHONY: binary-indep binary-arch binary build %: dh $@ debian/yubikey-ksm.postinst0000644000000000000000000000244012133542564013251 0ustar #!/bin/sh set -e . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/postinst php_cf="/etc/yubico/ksm/config-db.php" cfg_cf="/etc/yubico/ksm/config-db.cfg" # PHP include dbc_generate_include_owner="root:www-data" dbc_generate_include_perms="0640" dbc_generate_include=php:$php_cf dbc_go yubikey-ksm $@ #Fix permissions of ykksm-config.php chown $dbc_generate_include_owner /etc/yubico/ksm/ykksm-config.php chmod $dbc_generate_include_perms /etc/yubico/ksm/ykksm-config.php # Until dbconfig-common gets support for generating more than one include # file, we do it the hard way. (LP: #531722) touch $cfg_cf chown $dbc_generate_include_owner $cfg_cf chmod $dbc_generate_include_perms $cfg_cf ( echo "# yubikey-ksm database settings for perl scripts." echo "#" echo "# Generated from $php_cf by `basename $0`." cat $php_cf | grep ^\\$ | sed -e 's/^/our /g' echo "1;" ) > $cfg_cf if [ -d /etc/apache2/conf.d ] && [ ! -e /etc/apache2/conf.d/yubikey-ksm.conf ]; then ln -s ../../yubico/ksm/apache.conf /etc/apache2/conf.d/yubikey-ksm.conf fi if [ -f /etc/init.d/apache2 ] ; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 reload 3>/dev/null || true else /etc/init.d/apache2 reload 3>/dev/null || true fi fi #DEBHELPER# exit 0 debian/yubikey-ksm.config0000644000000000000000000000055312133542564012636 0ustar #!/bin/sh set -e # source debconf stuff . /usr/share/debconf/confmodule if [ -f /usr/share/dbconfig-common/dpkg/config ]; then # we support mysql and pgsql dbc_dbtypes="mysql, pgsql" dbc_dbname="ykksm" dbc_dbuser="ykksmreader" # source dbconfig-common stuff . /usr/share/dbconfig-common/dpkg/config dbc_go yubikey-ksm $@ fi debian/yubikey-ksm.prerm0000644000000000000000000000020612133542564012511 0ustar #!/bin/sh set -e . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/prerm dbc_go yubikey-ksm $@ #DEBHELPER# exit 0 debian/yubikey-ksm.install0000644000000000000000000000016512133542564013036 0ustar debian/conf/dbconfig/* /usr/share/dbconfig-common/data/yubikey-ksm/install/ debian/conf/apache.conf /etc/yubico/ksm/ debian/README.Debian0000644000000000000000000000041412133542564011233 0ustar yubikey-ksm for Debian ---------------------- This package contains the YubiKey Key Storage Module (YK-KSM) server. The homepage is: http://yubico.github.com/yubikey-ksm/ Documentation is available from here: https://github.com/Yubico/yubikey-ksm/wiki/_pages debian/watch0000644000000000000000000000020612133542564010222 0ustar version=3 http://yubico.github.com/yubikey-ksm/releases.html .*/yubikey-ksm-(\d[\d.]*)\.(?:zip|tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz) debian/README.source0000644000000000000000000000157012216317140011345 0ustar We describe here one way to work with the package sources. Initialize cowbuilder: sudo cowbuilder --create --distribution sid --mirror http://http.debian.net/debian --debootstrapopts "--keyring=/usr/share/keyrings/debian-archive-keyring.gpg" --basepath /var/cache/pbuilder/base-debian-sid.cow Optionally update cowbuilder: sudo cowbuilder --update --basepath /var/cache/pbuilder/base-debian-sid.cow Clone the repository: git clone git@github.com:Yubico/yubikey-ksm-dpkg.git Build the package: git-buildpackage --git-pristine-tar --git-builder="pdebuild --auto-debsign --pbuilder cowbuilder -- --twice --basepath /var/cache/pbuilder/base-debian-sid.cow" If all goes well, you should have newly built packages in /var/cache/pbuilder/result/. Update the package to a new upstream release (don't forget debian/changelog): git-import-orig --pristine-tar /path/to/new-release.tar.gz debian/control0000644000000000000000000000357512216317613010605 0ustar Source: yubikey-ksm Section: net Priority: extra Maintainer: Debian Authentication Maintainers Uploaders: Simon Josefsson , Klas Lindfors , Dain Nilsson , Tommaso Galassi De Orchi , Daniel Pocock Build-Depends: debhelper (>= 9) Standards-Version: 3.9.4 Homepage: https://github.com/Yubico/yubikey-ksm Vcs-Browser: https://github.com/Yubico/yubikey-ksm-dpkg Vcs-Git: git://github.com/Yubico/yubikey-ksm-dpkg.git Package: yubikey-ksm Architecture: all Depends: ${misc:Depends}, apache2, php5, php5-mcrypt, mysql-server | postgresql, php5-mysql | php5-pgsql, dbconfig-common, libdbi-perl Recommends: mysql-client | postgresql-client Suggests: yubikey-val Description: Key Storage Module for YubiKey One-Time Password (OTP) tokens YubiKeys are USB tokens that act like keyboards and generate one-time passwords. This package contains a server written in PHP for use with Apache that decrypt YubiKey One-Time Passwords (OTPs), normally only used by YubiKey OTP validation servers. The architecture is that a set of validation servers manage the token counters and respond to OTP requests from clients, and utilize a set of back-end YubiKey Key Storage Module (KSM) servers to perform the actual AES key decryption. The protocols are openly published. This implementation store the AES keys in a database unencrypted, which can be protected using file-system encryption mechanisms Another KSM implementation is available in the yhsm-yubikey-ksm package that use the YubiHSM hardware to protect the decryption process. Sometimes the KSM runs on another server than the validation server, but it is possible to run both on the same machine. After installing and configuring this package you will have a YubiKey KSM server up and running via Apache. debian/changelog0000644000000000000000000000055112216317632011044 0ustar yubikey-ksm (1.14-1) unstable; urgency=low * New upstream version. * Improve README.source. * Change my uploader email address. -- Simon Josefsson Wed, 18 Sep 2013 14:36:28 +0200 yubikey-ksm (1.13-1) unstable; urgency=low * Initial package (closes: #698839). -- Dain Nilsson Wed, 17 Apr 2013 17:53:36 +0200 debian/conf/0000755000000000000000000000000012133542564010120 5ustar debian/conf/apache.conf0000644000000000000000000000051412133542564012210 0ustar # yubikey-ksm default Apache configuration Alias /wsapi/decrypt /usr/share/yubikey-ksm/ykksm-decrypt.php Options None AllowOverride None Order allow,deny Allow from all php_value include_path ".:/etc/yubico/ksm:/usr/share/yubikey-ksm" debian/conf/dbconfig/0000755000000000000000000000000012133542564011673 5ustar debian/conf/dbconfig/mysql0000644000000000000000000000075512133542564012772 0ustar create table if not exists yubikeys ( -- identities: serialnr int not null, publicname varchar(16) unique not null, -- timestamps: created varchar(24) not null, -- the data: internalname varchar(12) not null, aeskey varchar(32) not null, lockcode varchar(12) not null, -- key creator, typically pgp key id of key generator creator varchar(8) not null, -- various flags: active boolean default true, hardware boolean default true, primary key (publicname) ); debian/conf/dbconfig/postgresql0000644000000000000000000000073712133542564014030 0ustar create table yubikeys ( -- identities: serialnr int not null, publicname varchar(16) unique not null, -- timestamps: created varchar(24) not null, -- the data: internalname varchar(12) not null, aeskey varchar(32) not null, lockcode varchar(12) not null, -- key creator, typically pgp key id of key generator creator varchar(8) not null, -- various flags: active boolean default true, hardware boolean default true, primary key (publicname) ); debian/yubikey-ksm.manpages0000644000000000000000000000000412133542564013153 0ustar *.1 debian/yubikey-ksm.postrm0000644000000000000000000000151212133542564012711 0ustar #!/bin/sh set -e if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi if [ -f /usr/share/dbconfig-common/dpkg/postrm ]; then . /usr/share/dbconfig-common/dpkg/postrm dbc_go yubikey-ksm $@ fi if [ "$1" = "purge" ]; then # these files are generated in postinst for cf in /etc/yubico/ksm/config-db.php /etc/yubico/ksm/config-db.cfg; do rm -f $cf if which ucf >/dev/null 2>&1; then ucf --purge $cf fi done rm -rf /etc/yubico/ksm fi if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then if [ -L /etc/apache2/conf.d/yubikey-ksm.conf ]; then rm -f /etc/apache2/conf.d/yubikey-ksm.conf fi if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 reload 3>/dev/null || true else /etc/init.d/apache2 reload 3>/dev/null || true fi fi #DEBHELPER# exit 0 debian/source/0000755000000000000000000000000012133542564010473 5ustar debian/source/format0000644000000000000000000000001412133542564011701 0ustar 3.0 (quilt)