Source: opendnssec
Section: admin
Priority: extra
Maintainer: Ondřej Surý <ondrej@debian.org>
Build-Depends: quilt (>= 0.46-7~),
	       debhelper (>= 7.0.50~),
	       hardening-wrapper,
	       autotools-dev,
	       automake,
	       autoconf,
	       libtool,
	       libdns-ruby (>= 1.49~),
	       rubygems,
	       ruby-pkg-tools,
	       ruby1.8,
	       libopenssl-ruby,
	       trang,
	       libxml2-utils,
	       xsltproc,
	       libxml2-dev,
	       libmysqlclient-dev,
	       mysql-client,
	       libsqlite3-dev,
	       sqlite3,
	       libldns-dev (>= 1.6.6~),
	       libcunit1-dev,
	       python-support,
	       python-4suite-xml,
	       python-dev,
	       libopensc2
Standards-Version: 3.9.1
Homepage: http://www.opendnssec.org/

Package: opendnssec-auditor
Section: admin
Architecture: all
Depends: ruby1.8, libdns-ruby (>= 1.49~), libopenssl-ruby, ${misc:Depends}
Recommends: opendnssec-signer, opendnssec-enforcer
Suggests: opendnssec, softhsm
Description: tool to audit DNS signed zones according to local policy
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 This package contains OpenDNSSEC Auditor, which is a tool to check
 whether DNSSEC signed zone complies to a local policy.  It is issued
 automatically (unless disabled) after each resigning of a zone
 and will stop the signed zone file from being distributed if any
 error is found.

Package: opendnssec-common
Section: misc
Architecture: all
Depends: ${misc:Depends}, ucf, adduser
Description: common configuration files for OpenDNSSEC suite
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 This package contains common configuration files and creates default
 user, group and opendnssec directories.

Package: opendnssec
Section: misc
Architecture: all
Depends: ${misc:Depends},
	 opendnssec-enforcer-sqlite3 (>= 1.1.0~) | opendnssec-enforcer (>= 1.1.0~),
	 opendnssec-enforcer-sqlite3 (<< 1.2.0~) | opendnssec-enforcer (<< 1.2.0~),
	 opendnssec-signer (>= 1.1.0~),
	 opendnssec-signer (<< 1.2.0~),
	 libhsm-bin (>= 1.1.0~),
	 libhsm-bin (<< 1.2.0~)
Recommends: opendnssec-auditor (>= 1.1.0~),
	    opendnssec-auditor (<< 1.2.0~)
Suggests: softhsm
Description: dependency package to install full OpenDNSSEC suite
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 This meta-package depends on the standard distribution of the OpenDNSSEC.

Package: opendnssec-enforcer
Section: admin
Architecture: all
Depends: opendnssec-enforcer-backend,
	 ${misc:Depends}
Recommends: opendnssec-signer, opendnssec-auditor
Suggests: opendnssec, softhsm
Description: tool to prepares DNSSEC keys (common package)
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 OpenDNSSEC Enforcer, which is a tool to make sure that there are
 enough keys for all of the zones, and take the policy and key
 information from the KASP database and turn it into an xml file that
 the signer can use.
 .
 The package contains OpenDNSSEC Enforcer documentation, manpages and
 it depends on either sqlite3 or mysql backend package with binaries.

Package: opendnssec-enforcer-mysql
Section: admin
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends},
	 opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~),
	 mysql-client, opendnssec-enforcer
Provides: opendnssec-enforcer-backend
Conflicts: opendnssec-enforcer-backend
Replaces: opendnssec-enforcer-backend
Description: tool to prepares DNSSEC keys (mysql backend)
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 OpenDNSSEC Enforcer, which is a tool to make sure that there are
 enough keys for all of the zones, and take the policy and key
 information from the KASP database and turn it into an xml file that
 the signer can use.
 .
 The package contains OpenDNSSEC Enforcer binaries with mysql backend.

Package: opendnssec-enforcer-sqlite3
Section: admin
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends},
	 opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~),
	 sqlite3, opendnssec-enforcer
Provides: opendnssec-enforcer-backend
Conflicts: opendnssec-enforcer-backend
Replaces: opendnssec-enforcer-backend
Description: tool to prepares DNSSEC keys (sqlite3 backend)
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 OpenDNSSEC Enforcer, which is a tool to make sure that there are
 enough keys for all of the zones, and take the policy and key
 information from the KASP database and turn it into an xml file that
 the signer can use.
 .
 The package contains OpenDNSSEC Enforcer binaries with sqlite3 backend.

Package: opendnssec-signer
Architecture: all
Depends: ${shlibs:Depends},
	 ${misc:Depends},
	 ${python:Depends},
	 python-4suite-xml,
	 opendnssec-signer-tools (>= ${source:Version}), opendnssec-signer-tools (<< ${source:Version}.1~),
	 opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~)
Recommends: opendnssec-auditor, opendnssec-enforcer
Suggests: opendnssec, softhsm
Description: daemon to sign DNS zone files periodically
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 This package contains OpenDNSSEC Signer Engine.  The task of the
 signer engine is to schedule signing operation on DNS zones.  Taking
 input from the KASP, it will automatically sign zones and keep their
 signatures up-to-date.

Package: opendnssec-signer-tools
Architecture: any
Depends: ${shlibs:Depends},
	 ${misc:Depends}
Description: set of tools used by OpenDNSSEC to sign zone files
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 This package contains OpenDNSSEC Signer Engine Tools.  The task of
 the signer engine is to schedule signing operation on DNS zones.
 Taking input from the KASP, it will automatically sign zones and keep
 their signatures up-to-date.

Package: libhsm-bin
Section: misc
Architecture: any
Depends: opendnssec-common (>= 1.1.0~), opendnssec-common (<< 1.2.0~), ${shlibs:Depends}, ${misc:Depends}
Description: library for interfacing PKCS#11 Hardware Security Modules
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 Support library for interfacing PKCS#11 compatible Hardware Security
 Modules (HSM).  This library allows programs to use cryptografic
 secure storages for keying material such as softhsm (HSM implemented
 in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
 .
 This package contains command line tools.

Package: libhsm-dev
Section: libdevel
Architecture: any
Depends: libhsm0 (= ${binary:Version}), ${misc:Depends}
Description: library for interfacing PKCS#11 Hardware Security Modules
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 Support library for interfacing PKCS#11 compatible Hardware Security
 Modules (HSM).  This library allows programs to use cryptografic
 secure storages for keying material such as softhsm (HSM implemented
 in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
 .
 This package contains development library and headers.

Package: libhsm0
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: libhsm-bin
Description: library for interfacing PKCS#11 Hardware Security Modules
 OpenDNSSEC is a complete DNSSEC zone signing system which is very
 easy to use with stability and security in mind.  There are a lot of
 details in signing zone files with DNSSEC and OpenDNSSEC covers most
 of it.
 .
 Support library for interfacing PKCS#11 compatible Hardware Security
 Modules (HSM).  This library allows programs to use cryptografic
 secure storages for keying material such as softhsm (HSM implemented
 in software), SCA6000, Aladdin eToken, OpenSC, nCipher or AEP Keyper.
 .
 This package contains shared library.
