[SCM] Debian packaging for XML-Security-C branch, master, updated. debian/1.6.1-5-19-gffc25ee

Russ Allbery rra at debian.org
Thu May 23 07:22:20 UTC 2013 

The following commit has been merged in the master branch:
commit 9a7573b425fd86f4246e01a66c9d4acc7fcfba29
Author: Russ Allbery <rra at debian.org>
Date:   Wed May 22 23:34:25 2013 -0700

    Add man pages for utilities, rename them to add xmlsec-
    
    Rename the binaries to add "xmlsec-" to the beginning of the names,
    since some of the programs are otherwise rather generic.  Add man
    pages for each of the programs.
    
    Bail (mostly) on the xmlsec-xklient man page, which has a ton of
    possible options.

diff --git a/debian/changelog b/debian/changelog
index 9e2b278..3fd0872 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,7 +4,10 @@ xml-security-c (1.7.0-1) UNRELEASED; urgency=low
     - AES-GCM support.
     - XML Encryption 1.1 OAEP enhancements.
   * Add new xml-security-c-utils package that contains the utility
-    programs included with the library.  (Closes: #682830)
+    programs included with the library.  Rename the binaries to add
+    "xmlsec-" to the beginning of the names, since some of the programs
+    are otherwise rather generic.  Add man pages for each of the programs.
+    (Closes: #682830)
   * Switch from autotools-dev to dh-autoreconf and regenerate the entire
     build system during the build, not just the config.guess and
     config.sub scripts, and add --as-needed.
diff --git a/debian/man-pages/xmlsec-c14n.pod b/debian/man-pages/xmlsec-c14n.pod
new file mode 100644
index 0000000..badca9a
--- /dev/null
+++ b/debian/man-pages/xmlsec-c14n.pod
@@ -0,0 +1,60 @@
+=head1 NAME
+
+xmlsec-c14n - Canonicalize an XML file
+
+=head1 SYNOPSIS
+
+B<xmlsec-c14n> [B<-n>] [B<-x>] [B<-1.1>] [B<-id> I<id>] I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-c14n> canonicalizes an XML document following the W3C Canonical
+XML Recommendation.  By default, it uses version 1.0, but it can use
+version 1.1 with the B<-1.1> flag and Exclusive XML Canonicalization 1.0
+with the B<-x> flag.
+
+The source XML document is read from the provided I<input> file, and the
+canonicalized verison is written to standard output.
+
+=head1 OPTIONS
+
+Note that each option must be given as a separate argument.
+
+=over 4
+
+=item B<-n>
+
+Do not include XML comments in the output.
+
+=item B<-x>
+
+Canonicalize to the Exclusive XML Canonicalization 1.0 Recommendation
+instead of the default.
+
+=item B<-1.1>
+
+Canonicalizae to the Canonical XML 1.1 Recommendation instead of the
+default.
+
+=item B<-id> I<id>
+
+Rather than canonicalizing the entire input document, canonicalize and
+output only the subtree rooted at the node identified by I<id>.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-checksig.pod b/debian/man-pages/xmlsec-checksig.pod
new file mode 100644
index 0000000..7bd4001
--- /dev/null
+++ b/debian/man-pages/xmlsec-checksig.pod
@@ -0,0 +1,66 @@
+=head1 NAME
+
+xmlsec-checksig - Check a signature embedded in an XML file
+
+=head1 SYNOPSIS
+
+B<xmlsec-checksig> [B<-s>] [B<-h> I<string>] [B<-x>] [B<-d> I<ns-uri> I<name>]
+    [B<-i>] I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-checksig> checks a digital signature embedded in an XML file
+using the Apache XML Security for C++ library.  It reads the XML document
+to check from the provided I<input> file and expects the signature to
+follow the XML Digital Signature and Encryption specifications.
+
+=head1 OPTIONS
+
+Note that each option must be given as a separate argument.
+
+=over 4
+
+=item B<--hmackey> I<string>, B<-h> I<string>
+
+Use the HMAC key specified by I<string>.
+
+=item B<--idns> I<ns-uri> I<name>, B<-d> I<ns-uri> I<name>
+
+Use the attribute id specified by the namespace URI I<ns-uri> and the name
+I<name>.
+
+=item B<--interop>, B<-i>
+
+Use the interop resolver for the Baltimore interop examples.
+
+=item B<--skiprefs>, B<-s>
+
+Skip checking references and only check the signature.
+
+=item B<--xsecresolver>, B<-x>
+
+Use the Apache XML Security for C++ test XMLDSig URI resolver.
+
+=back
+
+=head1 RETURN STATUS
+
+B<xmlsec-checksig> exits with status 0 if the signature is valid and with
+status 1 if the signature is not valid.  If it cannot process the input
+file for some reason, it exits with status 2.
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-cipher.pod b/debian/man-pages/xmlsec-cipher.pod
new file mode 100644
index 0000000..69c3b65
--- /dev/null
+++ b/debian/man-pages/xmlsec-cipher.pod
@@ -0,0 +1,101 @@
+=head1 NAME
+
+xmlsec-cipher - Perform basic encryption and decryption of XML documents
+
+=head1 SYNOPSIS
+
+B<xmlsec-cipher> [B<-i>] ([B<-d>] | B<-de> | B<-ef> | B<-ex>) [B<-x>]
+    [B<-o> I<output>] B<-k> [kek] (I<filename> [I<password>] | I<key-string>)
+    I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-cipher> encrypts or decrypts an XML document following the XML
+Digital Signature and Encryption specifications using the Apache XML
+Security for C++ library.  The default action is to decrypt the input
+file.  Other operations can be selected with the B<-de>, B<-ef>, or B<-ex>
+options.  The result of the operation, whether encryption or decryption,
+will be printed to standard output.
+
+=head1 OPTIONS
+
+Note that each option must be given as a separate argument.
+
+=over 4
+
+=item B<--decrypt>, B<-d>
+
+Reads in the input file as an XML file, searches for an EncryptedData
+node, and decrypts the output, printing it to standard output.  This is
+the default operation and does not need to be specified.
+
+=item B<--decrypt-element>, B<-de>
+
+Reads in the input file as an XML file and prints it out with the fist
+encrypted element decrypted.
+
+=item B<--encrypt-file>, B<-ef>
+
+Reads the input file as raw data and creates an XML EncryptedData document
+as output, containing the encrypted version of that input data.
+
+=item B<--encrypt-xml>, B<-ex>
+
+Parse the input file as XML, find the document element, and encrypt the
+document, outputting the result as an XML EncryptedData document.
+
+=item (B<--key> | B<-k>) [kek] I<type> I<filename> [I<password>]
+
+=item (B<--key> | B<-k>) [kek] I<type> I<key-string>
+
+Specifies the key to use for encryption or decryption.
+
+If the first argument following the B<--key> or B<-k> option is the string
+C<kek>, the following key argument will be used as a Key EncryptionKey.
+
+I<type> specifies the key type and must be one of X509, RSA, AES128,
+AES192, AES256, AES128-GCM, AES192-GCM, AES256-GCM, or 3DES.
+
+The remaining arguments depend on the key type.  For X509, only a
+I<filename> may be given and must contain an RSA KEK certificate.  For
+RSA, a I<filename> and I<password> may specify an RSA private key file and
+its password (this must be a KEK).  For the other key types, the last
+argument is the string to use as the key.
+
+=item B<--xkms>, B<-x>
+
+The key specified after this argument on the command line is interpreted
+as an XKMS RSAKeyPair encryption key.
+
+=item B<--interop>, B<-i>
+
+Use hte interop resolver for Baltimore interop examples.
+
+=item B<--out-file> I<file>, B<-o> I<file>
+
+Rather than printing the result to standard output, write it to the
+specified file.
+
+=back
+
+=head1 RETURN STATUS
+
+B<xmlsec-cipher> exits with status 0 if the encryption or decryption
+operation was successful and with status 1 if it failed.  If it cannot
+process the input file for some reason, it exits with status 2.
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-siginf.pod b/debian/man-pages/xmlsec-siginf.pod
new file mode 100644
index 0000000..c5a75a0
--- /dev/null
+++ b/debian/man-pages/xmlsec-siginf.pod
@@ -0,0 +1,40 @@
+=head1 NAME
+
+xmlsec-siginf - Output information about a signature in an XML file
+
+=head1 SYNOPSIS
+
+B<xmlsec-siginf> [B<-s>] I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-siginf> prints to standard output various information about a
+signature found in an XML file.  The signature must comply with the XML
+Digital Signature and Encryption specifications.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--skiprefs>, B<-s>
+
+Skip information on references and print out only information about the
+main signature.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-templatesign.pod b/debian/man-pages/xmlsec-templatesign.pod
new file mode 100644
index 0000000..06933e3
--- /dev/null
+++ b/debian/man-pages/xmlsec-templatesign.pod
@@ -0,0 +1,65 @@
+=head1 NAME
+
+xmlsec-templatesign - Sign a template XML signature file
+
+=head1 SYNOPSIS
+
+B<xmlsec-templatesign> [B<-s> I<distinguished-name>] [B<-h> I<string>] [B<-c>]
+    (B<-d> | B<-e> | B<-r>) I<private-key> I<password> I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-templatesign> signs a template XML signature file using the
+Apache XML Security for C++ library.  The resulting signed file is printed
+to standard output.  The signing key is specified with one of B<-d> (for a
+DSA key), B<-e> (for an EC key), or B<-r> (for an RSA key).  The key must
+be stored in a PEM-encoded file, and the password for that file must be
+given on the command line.
+
+=head1 OPTIONS
+
+Note that each option must be given as a separate argument.
+
+=over 4
+
+=item B<--dsakey>, B<-d>
+
+The provided I<private-key> file is a PEM-encoded DSA private key.
+
+=item B<--eckey>, B<-e>
+
+The provided I<private-key> file is a PEM-encoded EC private key.
+
+=item B<--rsakey>, B<-r>
+
+The provided I<private-key> file is a PEM-encoded RSA private key.
+
+=item B<--clearkeys>, B<-c>
+
+Clear out any current KeyInfo elements in the file.
+
+=item B<--hmackey> I<string>, B<-h> I<string>
+
+Use the HMAC key specified by I<string>.
+
+=item B<--x509subjectname> I<name>, B<-s> I<name>
+
+The provided I<name> will be set as SubjectName in X.509.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-txfmout.pod b/debian/man-pages/xmlsec-txfmout.pod
new file mode 100644
index 0000000..9b2bcaf
--- /dev/null
+++ b/debian/man-pages/xmlsec-txfmout.pod
@@ -0,0 +1,57 @@
+=head1 NAME
+
+xmlsec-txfmout - Ouput XML transforms used when validating a signature
+
+=head1 SYNOPSIS
+
+B<xmlsec-txfmout> [B<-s>] [B<-o>] [B<-r> [I<n>]] [B<-n>] I<input>
+
+=head1 DESCRIPTION
+
+B<xmlsec-txfmout> outputs the results of various transforms that are used
+when verifying signatures on an XML document.  By default, the output is
+sent to standard output.
+
+=head1 OPTIONS
+
+Note that each option must be given as a separate argument.
+
+=over 4
+
+=item B<--newfiles>, B<-n>
+
+Create a new output file for each reference or SignedInfo.  This should be
+specified in conjunction with B<-o>.  The file names will be formed by
+appending C<.> and a number.
+
+=item B<--out> I<file>, B<-o> I<file>
+
+Instead of printing the transform results to standard output, write them
+to the specified file.
+
+=item B<--references> [I<num>], B<-r> [I<num>]
+
+Output only references.  If I<num> is given, it specifies a single
+numbered reference to output.
+
+=item B<--signedinfo>, B<-s>
+
+Output canonicalized SignedInfo only.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-xklient.pod b/debian/man-pages/xmlsec-xklient.pod
new file mode 100644
index 0000000..620d212
--- /dev/null
+++ b/debian/man-pages/xmlsec-xklient.pod
@@ -0,0 +1,84 @@
+=head1 NAME
+
+xmlsec-xklient - Client for an XKMS service
+
+=head1 SYNOPSIS
+
+B<xmlsec-xklient> [B<-t>] msgdump [I<options>] I<filename>
+
+B<xmlsec-xklient> [B<-t>] msgcreate LocateRequest [I<options>]
+
+B<xmlsec-xklient> [B<-t>] dorequest [I<options>] I<type> [I<options>]
+
+=head1 DESCRIPTION
+
+B<xmlsec-xklient> is a general client for web services that follows the
+XML Key Management Specification (XKMS).  It supports three basic
+operations:
+
+=over 4
+
+=item msgdump
+
+Given an input file name containing an XKMS message, dump that message to
+standard output.
+
+=item msgcreate
+
+Create an XKMS message and print the resulting message to standard output.
+The only supported message type to create is C<LocateRequest> or C<lr>.
+
+=item dorequest
+
+Send an XKMS request.  The request type is one of:
+
+    CompoundRequest (cr)
+    LocateRequest   (lr)
+    ValidateRequest (vr)
+    PendingRequest  (pr)
+    RegisterRequest (rr)
+    ReissueRequest  (ir)
+    RecoverRequest  (or)
+    RevokeRequest   (er)
+
+=back
+
+Each of these three operations have their own special command-line options
+that may be given after the operation, and each of the XKMS request types
+have their own set of options to specify what goes into the request.  Each
+operation supports the B<-h> or B<--help> flag to print out usage for that
+particular operation and, in the case of C<dorequest>, that operation and
+request type.
+
+All the specific per-operation options are not (yet) documented in this
+manual page.  Use the B<-h> or B<--help> option to get more usage
+information for the operation that you want to perform.
+
+=head1 OPTIONS
+
+This section only documents the general options that are supported before
+the operation type.
+
+=over 4
+
+=item B<--text>, B<-t>
+
+Print out any created XML when performing any of the other operations.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/man-pages/xmlsec-xtest.pod b/debian/man-pages/xmlsec-xtest.pod
new file mode 100644
index 0000000..74d2bcb
--- /dev/null
+++ b/debian/man-pages/xmlsec-xtest.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+
+xmlsec-xtest - Perform run-time tests of the XML Security library
+
+=head1 SYNOPSIS
+
+B<xmlsec-xtest> [B<--help>] [B<-p>]
+
+=head1 DESCRIPTION
+
+B<xmlsec-xtest> performs a set of run-time tests against the Apache XML
+Security for C++ library.  This is rarely of interest to a user of the
+library, but it can be used as a sanity check to ensure that the library
+is working properly.
+
+=head1 OPTIONS
+
+Note that the single-character options must still occur as separate
+options on the command line.  In other words, B<-pe> to specify both the
+B<-p> and B<-e> options is not allowed.
+
+=over 4
+
+=item B<--help>
+
+Print out usage information and exit.
+
+=item B<--print-docs>, B<-p>
+
+Print out the test documents while running each test.
+
+=item B<--encryption-only>, B<-e>
+
+=item B<--encryption-unit-only>, B<-u>
+
+=item B<--signature-only>, B<-s>
+
+=item B<--signature-unit-only>, B<-t>
+
+=item B<--xkms-only>, B<-x>
+
+By default, B<xmlsec-xtest> runs all of the tests.  One of these options
+may be specified to run only that set of tests.  All of these options are
+mutually exclusive; at most one of them should be specified.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian.
+
+=head1 MANUAL LICENSE
+
+The authors hereby relinquish any claim to any copyright that they may
+have in this work, whether granted under contract or by operation of law
+or international treaty, and hereby commit to the public, at large, that
+they shall not, at any time in the future, seek to enforce any copyright
+in this work against any person or entity, or prevent any person or entity
+from copying, publishing, distributing or creating derivative works of
+this work.
+
+=cut
diff --git a/debian/rules b/debian/rules
index ab11b38..502ae5f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,8 @@
 #!/usr/bin/make -f
 
+# Where the xml-security-c-utils man pages are installed.
+UTILS_MAN1DIR := debian/xml-security-c-utils/usr/share/man/man1
+
 # Enable compiler hardening flags.
 export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow,+pie
 
@@ -18,5 +21,22 @@ override_dh_auto_configure:
 override_dh_auto_clean:
 	dh_auto_clean
 
+# Install man pages for the xml-security-c-utils binaries and rename them
+# all to start with xmlsec-*.  Some of them otherwise have very generic
+# names.
+override_dh_install:
+	dh_install
+	mkdir -p '$(UTILS_MAN1DIR)'
+	set -e; for pod in debian/man-pages/*.pod ; do			\
+	    pod2man "$$pod" --section 1 --name=`basename "$$pod"`	\
+		--center 'Apache XML Security' --release '$(VERSION)'	\
+		'$(UTILS_MAN1DIR)'/`basename "$$pod" .pod`.1 ;		\
+	done
+	set -e; for path in debian/xml-security-c-utils/usr/bin/* ; do	\
+	    file=`basename "$$path"`					\
+	    mv debian/xml-security-c-utils/usr/bin/"$$file"		\
+		debian/xml-security-c-utils/usr/bin/xmlsec-"$$file" ;	\
+	done
+
 override_dh_builddeb:
 	dh_builddeb -- -Zxz

-- 
Debian packaging for XML-Security-C

More information about the Pkg-shibboleth-devel mailing list