From aac4840653d44c6f0f45101d7adb27628c54eea7 Mon Sep 17 00:00:00 2001 From: openKylinBot Date: Mon, 25 Apr 2022 22:03:04 +0800 Subject: [PATCH] Import Debian changes 0.4.0-ok1 bubblewrap (0.4.0-ok1) yangtze; urgency=medium * Build for openKylin. --- debian/bubblewrap.examples | 1 + debian/changelog | 5 ++ debian/clean | 1 + debian/control | 36 ++++++++ debian/copyright | 68 +++++++++++++++ debian/docs | 1 + debian/gbp.conf | 6 ++ debian/lintian-overrides | 2 + debian/patches/CVE-2020-5291.patch | 84 +++++++++++++++++++ .../Use-Python-3-for-test-demo-code.patch | 33 ++++++++ debian/patches/series | 4 + .../update-output-patterns-libcap-2.29.patch | 36 ++++++++ debian/rules | 35 ++++++++ debian/salsa-ci.yml | 3 + debian/source/format | 1 + debian/tests/basic | 21 +++++ debian/tests/control | 36 ++++++++ debian/tests/dev | 40 +++++++++ debian/tests/net | 24 ++++++ debian/tests/upstream | 5 ++ debian/tests/upstream-as-root | 5 ++ debian/tests/upstream-usrmerge | 1 + debian/tests/userns | 42 ++++++++++ debian/upstream/metadata | 8 ++ debian/watch | 3 + 25 files changed, 501 insertions(+) create mode 100644 debian/bubblewrap.examples create mode 100644 debian/changelog create mode 100644 debian/clean create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/docs create mode 100644 debian/gbp.conf create mode 100644 debian/lintian-overrides create mode 100644 debian/patches/CVE-2020-5291.patch create mode 100644 debian/patches/debian/Use-Python-3-for-test-demo-code.patch create mode 100644 debian/patches/series create mode 100644 debian/patches/update-output-patterns-libcap-2.29.patch create mode 100755 debian/rules create mode 100644 debian/salsa-ci.yml create mode 100644 debian/source/format create mode 100755 debian/tests/basic create mode 100644 debian/tests/control create mode 100755 debian/tests/dev create mode 100755 debian/tests/net create mode 100755 debian/tests/upstream create mode 100755 debian/tests/upstream-as-root create mode 120000 debian/tests/upstream-usrmerge create mode 100755 debian/tests/userns create mode 100644 debian/upstream/metadata create mode 100644 debian/watch diff --git a/debian/bubblewrap.examples b/debian/bubblewrap.examples new file mode 100644 index 0000000..dde105a --- /dev/null +++ b/debian/bubblewrap.examples @@ -0,0 +1 @@ +demos/* diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..622ea7e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +bubblewrap (0.4.0-ok1) yangtze; urgency=medium + + * Build for openKylin. + + -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..5da17f8 --- /dev/null +++ b/debian/clean @@ -0,0 +1 @@ +config.log diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..11643a0 --- /dev/null +++ b/debian/control @@ -0,0 +1,36 @@ +Source: bubblewrap +Section: admin +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Utopia Maintenance Team +Uploaders: + Laszlo Boszormenyi (GCS) , + Simon McVittie , +Build-Depends: + automake (>= 1.14.1), + bash-completion, + debhelper-compat (= 12), + docbook-xml, + docbook-xsl, + libcap-dev, + libselinux1-dev (>= 2.1.9), + pkg-config, + python3 , + xsltproc, +Standards-Version: 4.4.1 +Homepage: https://github.com/projectatomic/bubblewrap +Vcs-Git: https://salsa.debian.org/debian/bubblewrap.git +Vcs-Browser: https://salsa.debian.org/debian/bubblewrap +Rules-Requires-Root: no + +Package: bubblewrap +Architecture: linux-any +Multi-arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + flatpak (<< 0.8.0-0), +Description: setuid wrapper for unprivileged chroot and namespace manipulation + Core execution engine for unprivileged containers that works as a setuid + binary on kernels without user namespaces. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e699dda --- /dev/null +++ b/debian/copyright @@ -0,0 +1,68 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: bubblewrap +Source: https://github.com/projectatomic/bubblewrap/ + +Files: * +Copyright: 2016 Alexander Larsson +License: LGPL-2+ + +Files: debian/* +Copyright: 2016 Laszlo Boszormenyi (GCS) +License: LGPL-2+ + +Files: m4/attributes.m4 +Copyright: + 2006-2008 Diego Pettenò + 2006-2008 xine project + 2012 Lucas De Marchi +License: GPL-2+ with Autoconf exception + +License: LGPL-2+ + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 + USA. + . + On Debian systems, the full text of the GNU Library General Public License + version 2 can be found in the file `/usr/share/common-licenses/LGPL-2'. + +License: GPL-2+ with Autoconf exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301, USA. + . + As a special exception, the copyright owners of the + macro gives unlimited permission to copy, distribute and modify the + configure scripts that are the output of Autoconf when processing the + Macro. You need not follow the terms of the GNU General Public + License when using or distributing such scripts, even though portions + of the text of the Macro appear in them. The GNU General Public + License (GPL) does govern all other use of the material that + constitutes the Autoconf Macro. + . + This special exception to the GPL applies to versions of the + Autoconf Macro released by this project. When you make and + distribute a modified version of the Autoconf Macro, you may extend + this special exception to the GPL to apply to your modified version as + well. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README.md diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..2e4fdd5 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,6 @@ +[DEFAULT] +pristine-tar = True +debian-branch = debian/master +upstream-branch = upstream/latest +patch-numbers = False +upstream-vcs-tag = v%(version)s diff --git a/debian/lintian-overrides b/debian/lintian-overrides new file mode 100644 index 0000000..822657b --- /dev/null +++ b/debian/lintian-overrides @@ -0,0 +1,2 @@ +# this is known and intentional +bubblewrap: setuid-binary usr/bin/bwrap 4755 root/root diff --git a/debian/patches/CVE-2020-5291.patch b/debian/patches/CVE-2020-5291.patch new file mode 100644 index 0000000..59eab4c --- /dev/null +++ b/debian/patches/CVE-2020-5291.patch @@ -0,0 +1,84 @@ +From 5404a15d34301a5a0dd5930203e03c76b80ebf21 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Thu, 26 Mar 2020 15:36:44 +0100 +Subject: [PATCH 1/3] Don't rely on geteuid() to know when to switch back from + setuid root +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As pointed out by Stephen Röttger , in +drop_privs() we only drop root in the setuid case if geteuid() is +0. Typically geteuid() == 0 means we were setuid root and have not yet +switched away from it. + +However, it is possible to make the geteuid call fail by passing a +--userns2 namespace which doesn't have 0 mapped (i.e. where geteuid() +will return the owerflow uid instead). + +If you do this, the pid 1 process in the sandbox will continue running +as host uid 0, while dropping the dumpable flag, and at this point the +user can ptrace attach the process and have root permissions. + +We fix this by not relying on the geteuid() call to know when we need +to drop root uid, but rather keep track of whether we already switched +from it. +--- + bubblewrap.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/bubblewrap.c ++++ b/bubblewrap.c +@@ -834,11 +834,13 @@ switch_to_user_with_privs (void) + + /* Call setuid() and use capset() to adjust capabilities */ + static void +-drop_privs (bool keep_requested_caps) ++drop_privs (bool keep_requested_caps, ++ bool already_changed_uid) + { + assert (!keep_requested_caps || !is_privileged); + /* Drop root uid */ +- if (geteuid () == 0 && setuid (opt_sandbox_uid) < 0) ++ if (is_privileged && !already_changed_uid && ++ setuid (opt_sandbox_uid) < 0) + die_with_error ("unable to drop root uid"); + + drop_all_caps (keep_requested_caps); +@@ -2296,6 +2298,9 @@ main (int argc, + if (opt_userns_fd != -1 && is_privileged) + die ("--userns doesn't work in setuid mode"); + ++ if (opt_userns2_fd != -1 && is_privileged) ++ die ("--userns2 doesn't work in setuid mode"); ++ + /* We have to do this if we weren't installed setuid (and we're not + * root), so let's just DWIM */ + if (!is_privileged && getuid () != 0 && opt_userns_fd == -1) +@@ -2499,7 +2504,7 @@ main (int argc, + die_with_error ("Setting userns2 failed"); + + /* We don't need any privileges in the launcher, drop them immediately. */ +- drop_privs (FALSE); ++ drop_privs (FALSE, FALSE); + + /* Optionally bind our lifecycle to that of the parent */ + handle_die_with_parent (); +@@ -2674,7 +2679,7 @@ main (int argc, + if (child == 0) + { + /* Unprivileged setup process */ +- drop_privs (FALSE); ++ drop_privs (FALSE, TRUE); + close (privsep_sockets[0]); + setup_newroot (opt_unshare_pid, privsep_sockets[1]); + exit (0); +@@ -2769,7 +2774,7 @@ main (int argc, + } + + /* All privileged ops are done now, so drop caps we don't need */ +- drop_privs (!is_privileged); ++ drop_privs (!is_privileged, TRUE); + + if (opt_block_fd != -1) + { diff --git a/debian/patches/debian/Use-Python-3-for-test-demo-code.patch b/debian/patches/debian/Use-Python-3-for-test-demo-code.patch new file mode 100644 index 0000000..f8c9c58 --- /dev/null +++ b/debian/patches/debian/Use-Python-3-for-test-demo-code.patch @@ -0,0 +1,33 @@ +From: Simon McVittie +Date: Wed, 17 Jan 2018 14:10:40 +0000 +Subject: Use Python 3 for test/demo code + +Forwarded: not-needed +--- + demos/userns-block-fd.py | 2 +- + tests/test-run.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/demos/userns-block-fd.py b/demos/userns-block-fd.py +index 4c68242..2ef2fd6 100755 +--- a/demos/userns-block-fd.py ++++ b/demos/userns-block-fd.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import os, select, subprocess, sys, json + +diff --git a/tests/test-run.sh b/tests/test-run.sh +index a404c4e..1d2ffbc 100755 +--- a/tests/test-run.sh ++++ b/tests/test-run.sh +@@ -215,7 +215,7 @@ fi + # Test --die-with-parent + + cat >lockf-n.py < +Date: Wed, 19 Feb 2020 10:03:05 +0100 +Subject: [PATCH] tests: Update output patterns for libcap >= 2.29 + +--- + tests/test-run.sh | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/tests/test-run.sh b/tests/test-run.sh +index a01f41c..702c480 100755 +--- a/tests/test-run.sh ++++ b/tests/test-run.sh +@@ -215,11 +215,18 @@ else + $RUN $OPT --cap-drop ALL --unshare-pid capsh --print >caps.test + assert_file_has_content caps.test 'Current: =$' + # Check for dropping kill/fowner (we assume all uid 0 callers have this) +- $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test +- assert_not_file_has_content caps.test '^Current: =.*cap_kill' +- assert_not_file_has_content caps.test '^Current: =.*cap_fowner' + # But we should still have net_bind_service for example +- assert_file_has_content caps.test '^Current: =.*cap_net_bind_service' ++ $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test ++ # capsh's output format changed from v2.29 -> drops are now indicated with -eip ++ if grep 'Current: =.*+eip$' caps.test; then ++ assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$' ++ assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$' ++ assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$' ++ else ++ assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$' ++ assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$' ++ assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$' ++ fi + echo "ok - we have the expected caps as uid 0" + fi + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9221b94 --- /dev/null +++ b/debian/rules @@ -0,0 +1,35 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +export DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +PKGDIR=$(CURDIR)/debian/bubblewrap + +%: + dh $@ + +override_dh_fixperms: + chmod a+x $(PKGDIR)/usr/share/bash-completion/completions/bwrap +# Ubuntu enables unprivileged user namespaces; no need for bwrap to be suid +# there. +ifneq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) + chmod 04755 $(PKGDIR)/usr/bin/bwrap + dh_fixperms -Xbin/bwrap +else + dh_fixperms +endif + +.PHONY: override_dh_fixperms + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # Remove LD_PRELOAD so we don't run with faketime. It uses + # sem_open(), but bubblewrap runs in an environment where that + # can't work. + env -u LD_PRELOAD dh_auto_test +endif + +.PHONY: override_dh_auto_test diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..0c22dc4 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,3 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/basic b/debian/tests/basic new file mode 100755 index 0000000..c8e3449 --- /dev/null +++ b/debian/tests/basic @@ -0,0 +1,21 @@ +#!/usr/bin/perl +# vim:set sw=4 sts=4 et ft=perl: + +use strict; +use warnings; +use Test::More; +use IPC::Run qw(run); + +sub run_ok { + my $argv = shift; + my $debug = join(' ', @$argv); + ok(run($argv, @_), qq{"$debug" should succeed}); +} + +my $out; +run_ok([qw(bwrap --ro-bind / / /usr/bin/id -u)], '<', \undef, '>', \$out); +is($out, `id -u`); +run_ok([qw(bwrap --ro-bind / / /usr/bin/id -g)], '<', \undef, '>', \$out); +is($out, `id -g`); + +done_testing; diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..a64434e --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,36 @@ +Tests: + basic + dev + net + upstream + userns +Restrictions: allow-stderr, isolation-machine +Depends: + bubblewrap, + iproute2:native, + libcap2-bin:native, + libipc-run-perl:native, + perl:native, + python3:native, + +Tests: upstream-usrmerge +Restrictions: allow-stderr, isolation-machine, breaks-testbed +Depends: + bubblewrap, + iproute2:native, + libcap2-bin:native, + libipc-run-perl:native, + perl:native, + python3:native, + usrmerge + +Tests: + upstream-as-root +Restrictions: allow-stderr, isolation-machine, needs-root +Depends: + bubblewrap, + iproute2:native, + libcap2-bin:native, + libipc-run-perl:native, + perl:native, + python3:native, diff --git a/debian/tests/dev b/debian/tests/dev new file mode 100755 index 0000000..ed797b1 --- /dev/null +++ b/debian/tests/dev @@ -0,0 +1,40 @@ +#!/usr/bin/perl +# vim:set sw=4 sts=4 et ft=perl: + +use strict; +use warnings; +use Test::More; +use IPC::Run qw(run); + +sub run_ok { + my $argv = shift; + my $debug = join(' ', @$argv); + ok(run($argv, @_), qq{"$debug" should succeed}); +} + +my $out; +run_ok([qw(bwrap --ro-bind / / --dev /dev //bin/sh -c), "echo /dev/*"], + '<', \undef, '>', \$out); +like($out, qr{(^| )/dev/full( |$)}); +like($out, qr{(^| )/dev/null( |$)}); +like($out, qr{(^| )/dev/pts( |$)}); +like($out, qr{(^| )/dev/random( |$)}); +like($out, qr{(^| )/dev/shm( |$)}); +like($out, qr{(^| )/dev/stderr( |$)}); +like($out, qr{(^| )/dev/stdin( |$)}); +like($out, qr{(^| )/dev/stdout( |$)}); +like($out, qr{(^| )/dev/tty( |$)}); +like($out, qr{(^| )/dev/urandom( |$)}); +like($out, qr{(^| )/dev/zero( |$)}); +unlike($out, qr{(^| )/dev/hda( |$)}); +unlike($out, qr{(^| )/dev/dsp( |$)}); +unlike($out, qr{(^| )/dev/fuse( |$)}); +unlike($out, qr{(^| )/dev/kmsg( |$)}); +unlike($out, qr{(^| )/dev/loop0( |$)}); +unlike($out, qr{(^| )/dev/mem( |$)}); +unlike($out, qr{(^| )/dev/sda( |$)}); +unlike($out, qr{(^| )/dev/snd( |$)}); +unlike($out, qr{(^| )/dev/tty1( |$)}); +unlike($out, qr{(^| )/dev/vda( |$)}); + +done_testing; diff --git a/debian/tests/net b/debian/tests/net new file mode 100755 index 0000000..c16fd78 --- /dev/null +++ b/debian/tests/net @@ -0,0 +1,24 @@ +#!/usr/bin/perl +# vim:set sw=4 sts=4 et ft=perl: + +use strict; +use warnings; +use Test::More; +use IPC::Run qw(run); + +sub run_ok { + my $argv = shift; + my $debug = join(' ', @$argv); + ok(run($argv, @_), qq{"$debug" should succeed}); +} + +my $out; +run_ok([qw(bwrap --ro-bind / / --unshare-net /bin/sh -c), "ip link ls"], + '<', \undef, '>', \$out); + +like($out, qr{^[0-9]+: lo:}); +unlike($out, qr{^[0-9]+: en[^:]*:}); +unlike($out, qr{^[0-9]+: eth[^:]*:}); +unlike($out, qr{^[0-9]+: wlan[^:]*:}); + +done_testing; diff --git a/debian/tests/upstream b/debian/tests/upstream new file mode 100755 index 0000000..1a7f399 --- /dev/null +++ b/debian/tests/upstream @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +exec tests/test-run.sh diff --git a/debian/tests/upstream-as-root b/debian/tests/upstream-as-root new file mode 100755 index 0000000..1a7f399 --- /dev/null +++ b/debian/tests/upstream-as-root @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +exec tests/test-run.sh diff --git a/debian/tests/upstream-usrmerge b/debian/tests/upstream-usrmerge new file mode 120000 index 0000000..2a767e2 --- /dev/null +++ b/debian/tests/upstream-usrmerge @@ -0,0 +1 @@ +upstream \ No newline at end of file diff --git a/debian/tests/userns b/debian/tests/userns new file mode 100755 index 0000000..143772a --- /dev/null +++ b/debian/tests/userns @@ -0,0 +1,42 @@ +#!/usr/bin/perl +# vim:set sw=4 sts=4 et ft=perl: + +use strict; +use warnings; +use Test::More; +use IPC::Run qw(run); + +sub run_ok { + my $argv = shift; + my $debug = join(' ', @$argv); + ok(run($argv, @_), qq{"$debug" should succeed}); +} + +my $out; + +diag("Unshare user ID"); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 /usr/bin/id -u)], + '<', \undef, '>', \$out); +is($out, "2\n"); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 /usr/bin/id -g)], + '<', \undef, '>', \$out); +is($out, "3\n"); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 /bin/sh -c), + 'ls -l /etc/passwd'], + '<', \undef, '>', \$out); +like($out, qr{ nobody nogroup }); + +diag("Combine new /dev with new user namespace (#71)"); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 --dev /dev /bin/sh -c), + 'echo /dev/*'], + '<', \undef, '>', \$out); +like($out, qr{(^| )/dev/full( |$)}); +unlike($out, qr{(^| )/dev/tty1( |$)}); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 --dev /dev /usr/bin/id -u)], + '<', \undef, '>', \$out); +is($out, "2\n"); +run_ok([qw(bwrap --ro-bind / / --unshare-user --uid 2 --gid 3 --dev /dev /usr/bin/id -g)], + '<', \undef, '>', \$out); +is($out, "3\n"); + +done_testing; diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..903a8af --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,8 @@ +--- +Name: Bubblewrap +Repository: https://github.com/projectatomic/bubblewrap +Repository-Browse: https://github.com/projectatomic/bubblewrap +Bug-Database: https://github.com/projectatomic/bubblewrap/issues +Bug-Submit: https://github.com/projectatomic/bubblewrap/issues/new +... +# vim:set ft=yaml: diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..6cc1827 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts="compression=xz,dversionmangle=s/\+(?:git)?[0-9]*\+g[0-9a-f]*//" \ +https://github.com/projectatomic/@PACKAGE@/releases .*/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@