initial debian packaging

[adrelanos]

Since I got quite some routine packaging simple shell scripts as .deb packages, I thought why not package corridor. Equally simple. It even is deterministic (reproducible with matching checksums)! Hope you like it.

I am not a professional packager yet as debian developers, so I wouldn't know if this package would get accepted into official Debian repository. Sooner or later I probably apply to get one of my own packages into offical Debian repo, and then I'll learn to fix their complaints (which are mostly policy/stylistic, not functional). Nevertheless, the package should be fully functional (untested, but the .deb looks good).

Files have been moved from the root source tarball to usr/sbin. Now, if you were to create a file usr/share/xxx/yyy, then the file would get installed to usr/share/xxx/yyy. Should make moving/adding additional files in usual file hirarchy system pretty simple and the debian packaging as transparent as possible.

Instructions on how to build this package can be found here: https://www.whonix.org/wiki/Dev/Build_Documentation/apparmor-profile-torbrowser

• When reading that page, simply replace apparmor-profile-torbrowser with corridor.
• You won't need config-package-dev for this package.
• You won't need my signing key / openpgp verify.

I could also aid creating man pages. Using ruby-ronn, using markdown. (Example: https://github.com/Whonix/sdwdate/blob/master/man/sdwdate.8.ronn) (You could write them, and I would help packaging them.)

I could also help creating an /etc/init.d script for autostarting and/or creating a stackable /etc/corridor.d .d style config folder.

[rustybird]

There's really no way around moving configuration to /etc, is there. But I was going to do a single file, not a directory. Seems good enough?

Not so sure about merging distro-specific stuff, especially ones I don't use. Maybe let's leave the pull request open, so Debian users can find what they need? Nice touch though, the deterministic packaging.

I'm working on systemd units. It'll benefit lots of distros, including Debian eventually, and it's great being able to concisely and reliably express relations like "start this before setting up the network interfaces, and in case iptables-restore is also started on boot, then run it after that".

[adrelanos]

There's really no way around moving configuration to /etc, is there.

Why not? I am not sure I followed what you mean.

But I was going to do a single file, not a directory. Seems good enough?

.d style is much better. It would allow you to ship a default config and users or distros could add their settings on top. Without forking the file. Without interfering when upstream (you) makes changes. I had in mind of eventually creating a Corridor-Gateway as fully ready to download distribution (but don't make a big news splash of this yet, still considering).

The code for this is quite simple and I am happy to help with it.

for i in /etc/corridor.d/*; do
   if [ -f "$i" ]; then
      ## If the last character is a ~, ignore that file, because it was created
      ## by some editor, which creates backup files.
      if [ "${i: -1}" = "~" ]; then
         continue
      fi
      ## Skipping files such as .dpkg-old and .dpkg-dist.
      if ( echo "$i" | grep -q ".dpkg-" ); then
         continue
      fi
      source "$i"
   fi
done

Any any files (with variables) in /etc/corridor.d/ are sourced in lexical order. (30_default before 50_user.)

See also: https://www.whonix.org/wiki/Whonix_Configuration_Files

Not so sure about merging distro-specific stuff, especially ones I don't use. Maybe let's leave the pull request open, so Debian users can find what they need?

No idea how other upstreams handle this. I for one would welcome a fedora, etc. specific packaging file/folder for projects where I am admin, but not do any bug fixing/development if I am not using it myself. Having a central place where everyone cooperates.

I'm working on systemd units. It'll benefit lots of distros, including Debian eventually,

I guess I will also be able to package that.

and it's great being able to concisely and reliably express relations like "start this before setting up the network interfaces, and in case iptables-restore is also started on boot, then run it after that".

By the way, that's not a new feature, also works with sysvinit (/etc/init.d/) but nevermind which system. Systemd probably is the future.

[rustybird]

There's really no way around moving configuration to /etc, is there.

Why not? I am not sure I followed what you mean.

I'm saying I've avoided moving the configuration to /etc for too long. It's time to finally do it.

But I was going to do a single file, not a directory. Seems good enough?

.d style is much better. It would allow you to ship a default config and users or distros could add their settings on top. Without forking the file. Without interfering when upstream (you) makes changes.

You're right, and it worked out nicely.

for i in /etc/corridor.d/*; do
   if [ -f "$i" ]; then
      ## If the last character is a ~, ignore that file, because it was created
      ## by some editor, which creates backup files.
      if [ "${i: -1}" = "~" ]; then
         continue
      fi
      ## Skipping files such as .dpkg-old and .dpkg-dist.
      if ( echo "$i" | grep -q ".dpkg-" ); then
         continue
      fi
      source "$i"
   fi
done

• * globs don't match dotfiles
• source is a bashism

I've scythed this down :) into corridor-load-config, among the recent commits in master, and put some untested systemd units in systemd.

[adrelanos]

When using bash, I would advise to use shopt -s nullglob. Otherwise when folder /etc/corridor.d doesn't exist, it would attempt to . /etc/corridor.d/*[!~]. No good idea how to solve this in sh.

I also advice to skip *.dpkg-old and *.dpkg-dist, otherwise this will cause some pretty confusing results.

• globs don't match dotfiles

True. There is shopt -s dotglob (unfortunately another bashism) to make it match dotfiles.

is a bashism

What's wrong with bash? Why use sh when there is the successor bash?

[rustybird]

When using bash, I would advise to use shopt -s nullglob. Otherwise when folder /etc/corridor.d doesn't exist, it would attempt to . /etc/corridor.d/*[!~]. No good idea how to solve this in sh.

If the configuration hasn't been installed, then corridor just prints

Can't open /etc/corridor.d/*[!~]

and fails, which is a good enough error message in my book.

Why use sh when there is the successor bash?

I'm not anti-bash or anything, but sh is what many lightweight environments offer (provided by dash or busybox), and I don't need any bash features so far.

[rustybird]

I also advice to skip *.dpkg-old and *.dpkg-dist, otherwise this will cause some pretty confusing results.

Oh now I get it, Debian inserts .dpkg-whatever at the end of the file name? shudders You could put this into your fork:

case "$f" in *.dpkg-*) continue; esac

[adrelanos]

I am not too eager to maintain a fork. This git branch already can't merge latest upstream commits.

Eventually, should I need to package it, the old hard way using debian.install file, where each file is grabbed from the upstream source and installed wherever desired.

If not merged upstream (here) (the dpkg stuff), I would have to add a patch on top during packaging. Not pretty, but works.

[rustybird]

I've committed the workaround to master. Sorry for having to refactor so much, things should be more stable now.

[HulaHoopWhonix]

Hi any progress on Debian packaging?

[adrelanos]

new attempt: https://github.com/rustybird/corridor/issues/10