fix: use os-provided public suffix Change-Id: I9b4fc3d9d0a6cbb54c3d8165bf225241041b9cf7
add: optionally check pwned passwords A new configuration option is added, specifying the path to a file of known password hashes which Gigi will refuse to accept for user accounts. If the option is not specified, Gigi attempts to use the Pwned Passwords database (see the pwned-passwords-bin package) but continues startup if the database cannot be opened. This is intended to be useful for developers: production users should always configure the path to the file explicitly, so that Gigi will refuse to start if the file cannot be accessed for whatever reason. The PasswordHashChecker, if used, is chained behind the usual PasswordStrengthChecker using a DelegatingPasswordChecker. Change-Id: I9e54bd45fa35d7ea81d44677f50635d6ab8514e0
add: ant and wget in build dependencies Ant is clearly used for the whole build process, and wget is used to download the public suffix list as part of the update-effective-tlds Ant build target. Change-Id: Ic167f4dc062c38cba309ab44d25a497703c4c847
add: dnsjava 2.1.8 dependency and sanity test Change-Id: I2cd200f3c63f9482cfe23c33a873525f8d0e6261
upd: rename package name and all references to it Change-Id: Ie1e938a864ad93732201643f42a83148dd2f137d
Replace init scripts with systemd unit files The package installs four unit files. gigi-standalone.service works just like the old cacert-gigi service: gigi will start as root, manage its own ports, then drop privileges. gigi-proxy.service and .socket let systemd manage the port and start gigi as its dedicated user. These services need different configuration for gigi: for the proxy version, the configuration must contain proxy=true and http.bindPort=stdin, while for the standalone version the configuration must have proxy=false and specify real ports. For this reason, we also disable Debian's policy to automatically start services upon package installation. (gigi-simple-signer.service is a direct conversion of cacert-gigi-signer.init.) Very simple init scripts for gigi-standalone and gigi-simple-signer are provided, so that running /etc/init.d/gigi-standalone start will still work. The scripts simply redirect to systemctl; the LSB header is not included, since the scripts are useless on their own. Change-Id: I53f0c825880d1b8c082496106a018957d6128392
Generalize Debian package dependencies We can build with any JDK, and run on any JVM, as long as it’s at least Java 7. Change-Id: Ic16afe94e648686c5cf3532ed12c120a4843c9a8
upd: postgresql adding debian dpendencies
UPD: split debian packages, so we have a "-testing" package
Adding debian package