Commit 4db03972 authored by Ondrej Sury's avatar Ondrej Sury

Initial merge of debian/ dir from subprojects

parent 744c659b
opendnssec-enforcer for Debian
------------------------------
This package is part of OpenDNSSEC suite, and is probably useless
without the other parts (unless you really know, what you're doing),
so you may want to install opendnssec meta package which pulls all
necessary dependencies to run OpenDNSSEC system.
If you are going to use softhsm, you need to allow opendnssec user
to access /var/lib/softhsm (or another place where you keep your
softHSM database). On standard debian system, it should be sufficient
to add opendnssec user to softhsm group by issuing:
# adduser opendnssec softhsm
-- Ondřej Surý <ondrej@debian.org>, Fri, 26 Mar 2010 05:10:25 +0100
opendnssec-conf for Debian
----------------------------
This package uses quilt to manage all modifications to the upstream
source. Changes are stored in the source package as diffs in
debian/patches and applied during the build. Please see:
/usr/share/doc/quilt/README.source
for more information on how to apply the patches, modify patches, or
remove a patch.
-- Ondřej Surý <ondrej@debian.org>, Tue, 13 Apr 2010 11:40:10 +0200
This package sources was DFSGed by removing included trang XML schema
converter. You can create DFSG sources by running debian/dfsg-repack.sh
script.
-- Ondřej Surý <ondrej@debian.org>, Tue, 13 Apr 2010 11:40:01 +0200
Source: opendnssec
Section: admin
Priority: extra
Maintainer: Ondřej Surý <ondrej@debian.org>
Build-Depends: quilt,
debhelper (>= 7.0.50~),
hardening-wrapper,
autotools-dev,
automake,
autoconf,
libtool,
libdns-ruby (>= 1.42),
rubygems,
ruby-pkg-tools,
ruby1.8,
libopenssl-ruby,
trang,
libxml2-utils,
xsltproc
libxml2-dev,
libmysqlclient-dev,
mysql-client,
libsqlite3-dev,
sqlite3,
libldns-dev (>= 1.6.4~),
libcunit1-dev,
python-support,
python-4suite-xml,
python-dev,
libopensc2
Standards-Version: 3.9.0
Homepage: http://www.opendnssec.org/
Package: opendnssec-auditor
Section: admin
Architecture: all
Depends: ruby1.8, libdns-ruby (>= 1.42), libopenssl-ruby, ${misc:Depends}
Recommends: opendnssec-signer, opendnssec-enforcer
Suggests: opendnssec, softhsm
Description: tool to audit DNS signed zones according to local policy
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
This package contains OpenDNSSEC Auditor, which is a tool to check
whether DNSSEC signed zone complies to a local policy. It is issued
automatically (unless disabled) after each resigning of a zone
and will stop the signed zone file from being distributed if any
error is found.
Package: opendnssec-common
Section: misc
Architecture: all
Depends: ${misc:Depends}, ucf, adduser
Description: common configuration files for OpenDNSSEC suite
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
This package contains common configuration files and creates default
user, group and opendnssec directories.
Package: opendnssec
Section: misc
Architecture: all
Depends: ${misc:Depends},
opendnssec-enforcer-sqlite3 (>= 1.1.0~) | opendnssec-enforcer (>= 1.1.0~),
opendnssec-enforcer-sqlite3 (<< 1.2.0~) | opendnssec-enforcer (<< 1.2.0~),
opendnssec-signer (>= 1.1.0~),
opendnssec-signer (<< 1.2.0~),
libhsm-bin (>= 1.1.0~),
libhsm-bin (<< 1.2.0~)
Recommends: opendnssec-auditor (>= 1.1.0~),
opendnssec-auditor (<< 1.2.0~)
Suggests: softhsm
Description: dependency package to install full OpenDNSSEC suite
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
This meta-package depends on the standard distribution of the OpenDNSSEC.
Package: opendnssec-enforcer
Section: admin
Architecture: all
Depends: opendnssec-enforcer-backend,
${misc:Depends}
Recommends: opendnssec-signer, opendnssec-auditor
Suggests: opendnssec, softhsm
Description: tool to prepares DNSSEC keys (common package)
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
OpenDNSSEC Enforcer, which is a tool to make sure that there are
enough keys for all of the zones, and take the policy and key
information from the KASP database and turn it into an xml file that
the signer can use.
.
The package contains OpenDNSSEC Enforcer documentation, manpages and
it depends on either sqlite3 or mysql backend package with binaries.
Package: opendnssec-enforcer-mysql
Section: admin
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends},
opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~),
mysql-client, opendnssec-enforcer
Provides: opendnssec-enforcer-backend
Conflicts: opendnssec-enforcer-backend
Replaces: opendnssec-enforcer-backend
Description: tool to prepares DNSSEC keys (mysql backend)
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
OpenDNSSEC Enforcer, which is a tool to make sure that there are
enough keys for all of the zones, and take the policy and key
information from the KASP database and turn it into an xml file that
the signer can use.
.
The package contains OpenDNSSEC Enforcer binaries with mysql backend.
Package: opendnssec-enforcer-sqlite3
Section: admin
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends},
opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~),
sqlite3, opendnssec-enforcer
Provides: opendnssec-enforcer-backend
Conflicts: opendnssec-enforcer-backend
Replaces: opendnssec-enforcer-backend
Description: tool to prepares DNSSEC keys (sqlite3 backend)
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
OpenDNSSEC Enforcer, which is a tool to make sure that there are
enough keys for all of the zones, and take the policy and key
information from the KASP database and turn it into an xml file that
the signer can use.
.
The package contains OpenDNSSEC Enforcer binaries with sqlite3 backend.
Package: opendnssec-signer
Architecture: all
Depends: ${shlibs:Depends},
${misc:Depends},
${python:Depends},
python-4suite-xml,
opendnssec-signer-tools (>= ${source:Version}), opendnssec-signer-tools (<< ${source:Version}.1~),
opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~)
Recommends: opendnssec-auditor, opendnssec-enforcer
Suggests: opendnssec, softhsm
Description: daemon to sign DNS zone files periodically
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
This package contains OpenDNSSEC Signer Engine. The task of the
signer engine is to schedule signing operation on DNS zones. Taking
input from the KASP, it will automatically sign zones and keep their
signatures up-to-date.
Package: opendnssec-signer-tools
Architecture: any
Depends: ${shlibs:Depends},
${misc:Depends}
Description: set of tools used by OpenDNSSEC to sign zone files
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
This package contains OpenDNSSEC Signer Engine Tools. The task of
the signer engine is to schedule signing operation on DNS zones.
Taking input from the KASP, it will automatically sign zones and keep
their signatures up-to-date.
Package: libhsm-bin
Section: misc
Architecture: any
Depends: opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~), ${shlibs:Depends}, ${misc:Depends}
Description: library for interfacing PKCS#11 Hardware Security Modules
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
Support library for interfacing PKCS#11 compatible Hardware Security
Modules (HSM). This library allows programs to use cryptografic
secure storages for keying material such as softhsm (HSM implemented
in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
.
This package contains command line tools.
Package: libhsm-dev
Section: libdevel
Architecture: any
Depends: libhsm0 (= ${binary:Version}), ${misc:Depends}
Description: library for interfacing PKCS#11 Hardware Security Modules
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
Support library for interfacing PKCS#11 compatible Hardware Security
Modules (HSM). This library allows programs to use cryptografic
secure storages for keying material such as softhsm (HSM implemented
in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
.
This package contains development library and headers.
Package: libhsm0
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: libhsm-bin
Description: library for interfacing PKCS#11 Hardware Security Modules
OpenDNSSEC is a complete DNSSEC zone signing system which is very
easy to use with stability and security in mind. There are a lot of
details in signing zone files with DNSSEC and OpenDNSSEC covers most
of it.
.
Support library for interfacing PKCS#11 compatible Hardware Security
Modules (HSM). This library allows programs to use cryptografic
secure storages for keying material such as softhsm (HSM implemented
in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
.
This package contains shared library.
This package was debianized by Ondřej Surý <ondrej@debian.org> on
Mon, 25 Jan 2010 22:40:39 +0100.
It was downloaded from http://www.opendnssec.org/
Upstream Authors:
Roy Arends
Rickard Bellgrim
Alex Dalitz
John A Dickinson
Jelte Jansen
Sion Lloyd
Matthijs Mekking
Stephen Morris
Jakob Schlyter
Patrik Wallström
Copyright:
Copyright (c) 2009 Nominet UK. All rights reserved.
Copyright (c) 2009 .SE (The Internet Infrastructure Foundation).
Copyright (c) 2009 NLNet Labs.
All rights reserved.
License:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
libhsm/src/cryptoki_compat/pkcs11.h License:
Copyright 2006, 2007 g10 Code GmbH
Copyright 2006 Andreas Jellinghaus
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
libhsm/src/compat/strl{cat,cpy}.{c,h} License:
Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
On Debian systems, the complete text of the BSD License can be
found in `/usr/share/common-licenses/BSD'.
The Debian packaging is:
Copyright (C) 2010 Ondřej Surý <ondrej@debian.org>
and is licensed under the GPL version 3,
see `/usr/share/common-licenses/GPL-3'.
#!/bin/bash
set -e
if [ ! -f "$3" ] && [ ! -f "$1" ]; then
echo "This script must be run via uscan or by manually specifying the tarball" >&2
exit 1
fi
tarball=
[ -f "$3" ] && tarball="$3"
[ -z "$tarball" -a -f "$1" ] && tarball="$1"
fname="$(basename "$tarball")"
tarball="$(readlink -f "$tarball")"
tdir="$(mktemp -d)"
trap '[ ! -d "$tdir" ] || rm -r "$tdir"' EXIT
zcat "$tarball" | tar --wildcards --delete '*/trang/*' > "$tdir/${fname/.gz}"
#touch -m -r "$tarball" "$tdir/${fname/.gz}"
gzip -9 "$tdir/${fname/.gz}"
mv "$tarball" "$tarball.bkp"
mv "$tdir/$fname" "$tarball"
KNOWN_ISSUES
README
NEWS
[DEFAULT]
debian-branch = debian-sid
debian-tag = debian/%(version)s
upstream-branch = upstream
upstream-tag = upstream/%(version)s
pristine-tar = True
[git-dch]
meta = 1
usr/bin
usr/share/man/man1
debian/tmp/usr/bin/*
debian/tmp/usr/share/man/man1/*
usr/lib
usr/include
debian/tmp/usr/include/*
debian/tmp/usr/lib/lib*.a
debian/tmp/usr/lib/lib*.so
debian/tmp/usr/lib/*.la
debian/tmp/usr/lib/lib*.so.*
libhsm.so.0 libhsm0 #MINVER#
hsm_attach@Base 1.0.0~rc3
hsm_close@Base 1.0.0~rc3
hsm_count_keys@Base 1.0.0~rc3
hsm_count_keys_repository@Base 1.0.0~rc3
hsm_count_keys_session@Base 1.0.0~rc3
hsm_create_context@Base 1.0.0~rc3
hsm_destroy_context@Base 1.0.0~rc3
hsm_detach@Base 1.0.0~rc3
hsm_find_key_by_id@Base 1.0.0~rc3
hsm_generate_rsa_key@Base 1.0.0~rc3
hsm_get_dnskey@Base 1.0.0~rc3
hsm_get_error@Base 1.0.0~rc3
hsm_get_key_id@Base 1.0.0~rc3
hsm_get_key_info@Base 1.0.0~rc3
hsm_key_free@Base 1.0.0~rc3
hsm_key_info_free@Base 1.0.0~rc3
hsm_key_list_free@Base 1.0.0~rc3
hsm_list_keys@Base 1.0.0~rc3
hsm_list_keys_repository@Base 1.0.0~rc3
hsm_list_keys_session@Base 1.0.0~rc3
hsm_nsec3_hash_name@Base 1.0.0~rc3
hsm_open@Base 1.0.0~rc3
hsm_print_ctx@Base 1.0.0~rc3
hsm_print_error@Base 1.0.0~rc3
hsm_print_key@Base 1.0.0~rc3
hsm_print_session@Base 1.0.0~rc3
hsm_prompt_pin@Base 1.0.0~rc3
hsm_random32@Base 1.0.0~rc3
hsm_random64@Base 1.0.0~rc3
hsm_random_buffer@Base 1.0.0~rc3
hsm_remove_key@Base 1.0.0~rc3
hsm_sign_params_free@Base 1.0.0~rc3
hsm_sign_params_new@Base 1.0.0~rc3
hsm_sign_rrset@Base 1.0.0~rc3
hsm_supported_algorithm@Base 1.0.0~rc3
hsm_token_attached@Base 1.0.0~rc3
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36.
.TH ODS-AUDITOR "1" "January 2010" "ods-auditor 1.0.0rc3" "OpenDNSSEC"
.SH NAME
ods-auditor \- auditor component of OpenDNSSEC
.SH SYNOPSIS
.B ods-auditor
[\fIoptions\fR]
.SH DESCRIPTION
\fBods-auditor\fP is a module which provides auditing capabilities to
OpenDNSSEC.
Once an unsigned zone has been signed, this module is used to check
that the signing process has run successfully. It checks that no data
has been lost (or non-DNSSEC data added), and that all the DNSSEC
records are correct. It used the OpenDNSSEC standard logging (defined
in /etc/opendnssec/conf.xml).
The Auditor takes the signed and unsigned zones and compares them. It
first parses both files, and creates transient files which are then
sorted into canonical order. These files are then processed by the
Auditor. If processing an NSEC3-signed file, the Auditor will create
additional temporary files, which are processed after the main
auditing run.
.SS "Specific options:"
.TP
\fB\-c\fR, \fB\-\-conf\fR [PATH_TO_CONF_FILE]
Path to OpenDNSSEC configuration file
(defaults to /etc/opendnssec/conf.xml)
.TP
\fB\-k\fR, \fB\-\-kasp\fR [PATH_TO_KASP_FILE]
Path to KASP policy file
(defaults to the path given in the configuration file)
.TP
\fB\-z\fR, \fB\-\-zone\fR [ZONE_NAME]
Single zone to audit
(defaults to audit all zones)
.TP
\fB\-s\fR,\fB\-\-signed\fR [PATH_TO_SIGNED_FILE]
If a single zone is specified, then this option may override
the specified signed file with another. This is for use by
the signer.
(defaults to the path given in the zone list)
.TP
\fB\-v\fR, \fB\-\-version\fR
Display version information
.SS "Common options:"
.TP
\fB\-h\fR, \-?, \fB\-\-help\fR
Show this message
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36.
.TH ODS-KASPCHECK "1" "January 2010" "ods-kaspcheck 1.0.0rc3" "OpenDNSSEC"
.SH NAME
ods-kaspcheck \- KASP policy check component of OpenDNSSEC
.SH SYNOPSIS
.B ods-kaspcheck
[\fIoptions\fR]
.SH DESCRIPTION
\fBods-kaspcheck\fP is a module which provides KASP policy checking
capabilities to OpenDNSSEC.
.SS "Specific options:"
.TP
\fB\-c\fR, \fB\-\-conf\fR [PATH_TO_CONF_FILE]
Path to OpenDNSSEC configuration file
(defaults to /etc/opendnssec/conf.xml)
.TP
\fB\-k\fR, \fB\-\-kasp\fR [PATH_TO_KASP_FILE]
Path to KASP policy file
(defaults to the path given in the configuration file)
.TP
\fB\-v\fR, \fB\-\-version\fR
Display version information
.SS "Common options:"
.TP
\fB\-h\fR, \-?, \fB\-\-help\fR
Show this message
usr/bin
usr/lib/opendnssec
debian/ods-auditor.1
debian/ods-kaspcheck.1
/usr/share/opendnssec/
/var/lib/opendnssec/
/etc/opendnssec/
/var/lib/opendnssec/tmp
/var/lib/opendnssec/signconf
/var/lib/opendnssec/unsigned
/var/lib/opendnssec/signed
/var/lib/opendnssec/db
debian/opendnssec-conf/etc/opendnssec/*.sample
\ No newline at end of file
etc/opendnssec/*.xml /usr/share/opendnssec/
usr/share/opendnssec/
#!/bin/sh
# postinst script for opendnssec-conf
set -e
set_perms() {
if ! dpkg-statoverride --list "$4" >/dev/null; then
dpkg-statoverride --update --add "$@"
fi
}
case "$1" in
configure)
if ! getent passwd opendnssec > /dev/null; then
adduser --quiet --system --group --no-create-home --home /var/lib/opendnssec opendnssec
fi
set_perms root opendnssec 0750 /etc/opendnssec
set_perms root opendnssec 0750 /var/lib/opendnssec
for dir in tmp signconf unsigned signed db; do
set_perms opendnssec opendnssec 0755 /var/lib/opendnssec/$dir
done
for conf in conf.xml kasp.xml zonefetch.xml zonelist.xml; do
ucf /usr/share/opendnssec/$conf /etc/opendnssec/$conf
ucfr opendnssec /etc/opendnssec/$conf
set_perms root opendnssec 0640 /etc/opendnssec/$conf
done
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0
#!/bin/sh
# postrm script for opendnssec-conf
set -e
unset_perms() {
dpkg-statoverride --remove "$1" >/dev/null 2>/dev/null || true
}
case "$1" in
purge)
deluser --quiet opendnssec > /dev/null || true
unset_perms /etc/opendnssec
for dir in tmp signconf unsigned signed db; do
unset_perms /var/lib/opendnssec/$dir
done
for conf in conf.xml kasp.xml zonefetch.xml zonelist.xml; do
# unset dpkg-statoverride permissions
unset_perms /etc/opendnssec/$conf
for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do
rm -f /etc/opendnssec/$conf$ext
done
# remove the configuration file itself
rm -f /etc/opendnssec/$conf
# and finally clear it out from the ucf database
if which ucf >/dev/null; then
ucf --purge /etc/opendnssec/$conf
fi
if which ucfr >/dev/null; then
ucfr --purge opendnssec /etc/opendnssec/$conf
fi
done
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0
/usr/share/doc/opendnssec-enforcer/ /usr/share/doc/opendnssec-enforcer-mysql
opendnssec-enforcer-mysql: binary-without-manpage usr/sbin/ods-enforcerd
opendnssec-enforcer-mysql: binary-without-manpage usr/bin/ods-ksmutil
usr/bin/
usr/sbin/
usr/share/opendnssec/
/usr/share/doc/opendnssec-enforcer/ /usr/share/doc/opendnssec-enforcer-sqlite3
opendnssec-enforcer-sqlite3: binary-without-manpage usr/sbin/ods-enforcerd
opendnssec-enforcer-sqlite3: binary-without-manpage usr/bin/ods-ksmutil
#! /bin/sh
### BEGIN INIT INFO
# Provides: opendnssec-enforcer
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: OpenDNSSEC Enforcer
# Description: Daemon to create and enforce DNSSEC KASP policy
### END INIT INFO
# Author: Ondřej Surý <ondrej@debian.org>
#
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="OpenDNSSEC Enforcer"
NAME=ods-enforcerd
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS=""
PIDFILE=/var/run/opendnssec/enforcerd.pid
SCRIPTNAME=/etc/init.d/opendnssec-enforcer
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
#
# Function to create piddir if it doesn't exists
#
create_piddir() {
PIDDIR="$(dirname $PIDFILE)"
[ -d "$PIDDIR" ] && return 0
mkdir -p "$PIDDIR" || return 1
chown opendnssec:opendnssec "$PIDDIR" || return 1
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped