diff --git a/_service b/_service
new file mode 100644
index 0000000..9eccebb
--- /dev/null
+++ b/_service
@@ -0,0 +1,79 @@
+
+
+ git://github.com/opensuse/pesign-obs-integration.git
+ git
+ _none_
+ .git
+ disable
+ pesign-obs-integration
+ pesign-obs-integration.changes
+ pesign-obs-integration.spec
+ brp-99-compress-vmlinux
+ brp-99-pesign
+ COPYING
+ gen-hmac
+ kernel-sign-file
+ modsign-repackage
+ pesign-gen-repackage-spec
+ pesign-obs-integration.changes
+ pesign-obs-integration.spec
+ pesign-repackage.spec.in
+ README
+
+
+
+ *.tar
+ */debian/changelog
+ debian.changelog
+
+
+ *.tar
+ */debian/compat
+ debian.compat
+
+
+ *.tar
+ */debian/control
+ debian.control
+
+
+ *.tar
+ */debian/copyright
+ debian.copyright
+
+
+ *.tar
+ */debian/rules
+ debian.rules
+
+
+ *.tar
+ */debian/docs
+ debian.docs
+
+
+ *.tar
+ */debian/pesign-obs-integration.install
+ debian.pesign-obs-integration.install
+
+
+ *.tar
+ */debian/dh-signobs.manpages
+ debian.dh-signobs.manpages
+
+
+ *.tar
+ */debian/dh-signobs.install
+ debian.dh-signobs.install
+
+
+ *.tar
+ */debian/dh-signobs.links
+ debian.dh-signobs.links
+
+
+
+ *.tar
+ gz
+
+
diff --git a/_service:extract_file:debian.changelog b/_service:extract_file:debian.changelog
new file mode 100644
index 0000000..9f79845
--- /dev/null
+++ b/_service:extract_file:debian.changelog
@@ -0,0 +1,5 @@
+pesign-obs-integration (10.0) unstable; urgency=medium
+
+ * Initial Debian packaging.
+
+ -- Michal Marek Tue, 31 Oct 2017 17:44:08 +0000
diff --git a/_service:extract_file:debian.compat b/_service:extract_file:debian.compat
new file mode 100644
index 0000000..79115bb
--- /dev/null
+++ b/_service:extract_file:debian.compat
@@ -0,0 +1 @@
+7
diff --git a/_service:extract_file:debian.control b/_service:extract_file:debian.control
new file mode 100644
index 0000000..b91dc88
--- /dev/null
+++ b/_service:extract_file:debian.control
@@ -0,0 +1,22 @@
+Source: pesign-obs-integration
+Section: devel
+Priority: optional
+Maintainer: Michal Marek
+Build-Depends: debhelper (>= 7), openssl, shellcheck
+Standards-Version: 3.9.8
+
+Package: pesign-obs-integration
+Architecture: all
+Depends: ${perl:Depends}, ${misc:Depends}, libnss3-tools, openssl, pesign
+Description: Automate signing EFI binaries and kernel modules on OBS
+ This package provides scripts and rpm macros to automate signing of the
+ boot loader, kernel and kernel modules in the openSUSE Buildservice.
+
+Package: dh-signobs
+Architecture: all
+Enhances: debhelper
+Depends: ${misc:Depends}, debhelper, cpio, libnss3-tools, jq, pesign,
+ pesign-obs-integration, openssl
+Description: Debian Helper for EFI signing on OBS
+ Adds a helper sequence to dh to send EFI signatures to OBS and to
+ re-package them using the templates.
diff --git a/_service:extract_file:debian.copyright b/_service:extract_file:debian.copyright
new file mode 100644
index 0000000..3f69718
--- /dev/null
+++ b/_service:extract_file:debian.copyright
@@ -0,0 +1,47 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://github.com/openSUSE/pesign-obs-integration
+
+Files: *
+Copyright: 2013-2017 SUSE LINUX Products GmbH
+License: GPL-2
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 as
+ published by the Free Software Foundation.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the complete text of the GNU General Public
+ License version 2 can be found in `/usr/share/common-licenses/GPL-2'.
+
+Files: dh_signobs
+ signobs.pm
+ debian/*
+Copyright: 2018 Luca Boccassi
+License: GPL-2+
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2'.
diff --git a/_service:extract_file:debian.dh-signobs.install b/_service:extract_file:debian.dh-signobs.install
new file mode 100644
index 0000000..a88294e
--- /dev/null
+++ b/_service:extract_file:debian.dh-signobs.install
@@ -0,0 +1,2 @@
+dh_signobs usr/bin/
+signobs.pm usr/share/perl5/Debian/Debhelper/Sequence
diff --git a/_service:extract_file:debian.dh-signobs.links b/_service:extract_file:debian.dh-signobs.links
new file mode 100644
index 0000000..b3e6c09
--- /dev/null
+++ b/_service:extract_file:debian.dh-signobs.links
@@ -0,0 +1,6 @@
+usr/bin/dh_signobs usr/bin/dh_signobs_pack
+usr/bin/dh_signobs usr/bin/dh_signobs_unpack
+usr/bin/dh_signobs usr/bin/dh_signobs_getcert
+usr/share/man/man1/dh_signobs.1 usr/share/man/man1/dh_signobs_pack.1
+usr/share/man/man1/dh_signobs.1 usr/share/man/man1/dh_signobs_unpack.1
+usr/share/man/man1/dh_signobs.1 usr/share/man/man1/dh_signobs_getcert.1
diff --git a/_service:extract_file:debian.dh-signobs.manpages b/_service:extract_file:debian.dh-signobs.manpages
new file mode 100644
index 0000000..2732943
--- /dev/null
+++ b/_service:extract_file:debian.dh-signobs.manpages
@@ -0,0 +1 @@
+dh_signobs.1
diff --git a/_service:extract_file:debian.docs b/_service:extract_file:debian.docs
new file mode 100644
index 0000000..0960002
--- /dev/null
+++ b/_service:extract_file:debian.docs
@@ -0,0 +1 @@
+README
diff --git a/_service:extract_file:debian.pesign-obs-integration.install b/_service:extract_file:debian.pesign-obs-integration.install
new file mode 100644
index 0000000..81ac33f
--- /dev/null
+++ b/_service:extract_file:debian.pesign-obs-integration.install
@@ -0,0 +1,7 @@
+pesign-gen-repackage-spec usr/lib/rpm/pesign/
+kernel-sign-file usr/lib/rpm/pesign/
+gen-hmac usr/lib/rpm/pesign/
+pesign-repackage.spec.in usr/lib/rpm/pesign/
+brp-99-pesign usr/lib/rpm/brp-suse.d/
+brp-99-compress-vmlinux usr/lib/rpm/brp-suse.d/
+modsign-repackage usr/bin/
diff --git a/_service:extract_file:debian.rules b/_service:extract_file:debian.rules
new file mode 100644
index 0000000..807f8f1
--- /dev/null
+++ b/_service:extract_file:debian.rules
@@ -0,0 +1,28 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+ dh $@
+
+override_dh_auto_clean:
+ rm -f pesign-cert.x509
+ dh_auto_clean
+
+override_dh_auto_build:
+ if test -e ../SOURCES/_projectcert.crt; then \
+ openssl x509 -inform PEM -in ../SOURCES/_projectcert.crt \
+ -outform DER -out pesign-cert.x509; \
+ fi
+ dh_auto_build
+
+override_dh_install:
+ dh_install
+ if test -e pesign-cert.x509; then \
+ dh_install -p pesign-obs-integration pesign-cert.x509 /usr/lib/rpm/pesign; \
+ fi
+
+override_dh_auto_test:
+ shellcheck dh_signobs
diff --git a/_service:recompress:tar_scm:pesign-obs-integration.tar.gz b/_service:recompress:tar_scm:pesign-obs-integration.tar.gz
new file mode 100644
index 0000000..df33ea1
--- /dev/null
+++ b/_service:recompress:tar_scm:pesign-obs-integration.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:570ab90869469403e2b86640b27441f7f7e722b8a5763370afa3592ffc84f487
+size 31207
diff --git a/COPYING b/_service:tar_scm:COPYING
similarity index 100%
rename from COPYING
rename to _service:tar_scm:COPYING
diff --git a/README b/_service:tar_scm:README
similarity index 70%
rename from README
rename to _service:tar_scm:README
index 90beb51..73aa695 100644
--- a/README
+++ b/_service:tar_scm:README
@@ -1,13 +1,19 @@
Signing kernel modules and EFI binaries in the Open Build Service
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Packages that need to sign files during build should add the following lines
+RPM packages that need to sign files during build should add the following lines
to the specfile
# needssslcertforbuild
export BRP_PESIGN_FILES='pattern...'
BuildRequires: pesign-obs-integration
+Debian packages need to add the following line to the Source stanza in the
+debian/control file, which will add "Obs: needssslcertforbuild" to the generated
+.dsc file:
+
+XS-Obs: needssslcertforbuild
+
The "# needssslcertforbuild" comment tells the buildservice to store the
signing certificate in %_sourcedir/_projectcert.crt. At the end of the
install phase, the brp-99-pesign script computes hashes of all
@@ -26,3 +32,7 @@ builds new RPMs with signed files. The supported file types are:
efi binaries - Signature embedded in a header. If a HMAC checksum named
.$file.hmac exists, it is regenerated
+Debian packages can use the dh-signobs debhelper to automate signing and
+repacking. Build-depend on dh-signobs and add --with signobs to the dh line
+in debian/rules to use the fully automated helper.
+Consult the dh_signobs manpage for more information.
diff --git a/brp-99-compress-vmlinux b/_service:tar_scm:brp-99-compress-vmlinux
similarity index 100%
rename from brp-99-compress-vmlinux
rename to _service:tar_scm:brp-99-compress-vmlinux
diff --git a/brp-99-pesign b/_service:tar_scm:brp-99-pesign
similarity index 100%
rename from brp-99-pesign
rename to _service:tar_scm:brp-99-pesign
diff --git a/gen-hmac b/_service:tar_scm:gen-hmac
similarity index 100%
rename from gen-hmac
rename to _service:tar_scm:gen-hmac
diff --git a/kernel-sign-file b/_service:tar_scm:kernel-sign-file
similarity index 99%
rename from kernel-sign-file
rename to _service:tar_scm:kernel-sign-file
index 8f4d8b0..cfda78c 100644
--- a/kernel-sign-file
+++ b/_service:tar_scm:kernel-sign-file
@@ -4,8 +4,8 @@
#
my $USAGE =
-"Usage: scripts/sign-file [-dkpv] [-i ] []\n" .
-" scripts/sign-file [-dkpv] [-i ] -s []\n";
+"Usage: scripts/sign-file [-dkpv] [-i ] []\n" .
+" scripts/sign-file [-dkpv] [-i ] -s []\n";
use strict;
use FileHandle;
diff --git a/modsign-repackage b/_service:tar_scm:modsign-repackage
similarity index 100%
rename from modsign-repackage
rename to _service:tar_scm:modsign-repackage
diff --git a/pesign-gen-repackage-spec b/_service:tar_scm:pesign-gen-repackage-spec
similarity index 100%
rename from pesign-gen-repackage-spec
rename to _service:tar_scm:pesign-gen-repackage-spec
diff --git a/pesign-obs-integration.changes b/_service:tar_scm:pesign-obs-integration.changes
similarity index 100%
rename from pesign-obs-integration.changes
rename to _service:tar_scm:pesign-obs-integration.changes
diff --git a/pesign-obs-integration.spec b/_service:tar_scm:pesign-obs-integration.spec
similarity index 100%
rename from pesign-obs-integration.spec
rename to _service:tar_scm:pesign-obs-integration.spec
diff --git a/pesign-repackage.spec.in b/_service:tar_scm:pesign-repackage.spec.in
similarity index 100%
rename from pesign-repackage.spec.in
rename to _service:tar_scm:pesign-repackage.spec.in
diff --git a/pesign-obs-integration.dsc b/pesign-obs-integration.dsc
new file mode 100644
index 0000000..f4f8592
--- /dev/null
+++ b/pesign-obs-integration.dsc
@@ -0,0 +1,17 @@
+Format: 1.0
+Source: pesign-obs-integration
+Binary: pesign-obs-integration, dh-signobs
+Architecture: all
+Version: 10.0
+Maintainer: Michal Marek
+Standards-Version: 3.9.8
+Build-Depends: debhelper (>= 7), openssl, shellcheck
+Package-List:
+ dh-signobs deb devel optional arch=all
+ pesign-obs-integration deb devel optional arch=all
+Checksums-Sha1:
+ e6339c1f0f8f9ea015d673ccc1083cfb67e1fc1b 254957 pesign-obs-integration_10.0.tar.gz
+Checksums-Sha256:
+ 64a5bf9f4ccc32525c33f9e231679786327424e9668b6a252c24cf14a30054fa 254957 pesign-obs-integration_10.0.tar.gz
+Files:
+ 983834c7295faecd090ffceaff24a61d 254957 pesign-obs-integration_10.0.tar.gz