debian/0000755000000000000000000000000012245166612007173 5ustar debian/README.source0000644000000000000000000000024412245166221011346 0ustar The upstream tarball has been repacked to remove a precompiled version of the server code. -- Luke Faraone Tue, 03 Sep 2013 12:33:00 -0400 debian/copyright0000644000000000000000000000244112245166221011123 0ustar Format: http://dep.debian.net/deps/dep5 Upstream-Name: camo Source: Files: * Copyright: 2010, Corey Donohoe 2010, Rick Olson License: Expat Files: debian/* Copyright: 2013, Zulip, Inc. License: Expat License: Expat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/control0000644000000000000000000000347712245166452010613 0ustar Source: camo Section: web Priority: extra Maintainer: Zulip Debian Packaging Team Uploaders: Luke Faraone Build-Depends: debhelper (>= 8.0.0), coffeescript, rake, thin, ruby-rest-client (>=1.3), ruby-addressable (>=2.3), procps Standards-Version: 3.9.5 Homepage: https://github.com/atmos/camo Vcs-Git: git://git.debian.org/collab-maint/camo.git Vcs-Browser: http://git.debian.org/?p=collab-maint/camo.git;a=summary Package: camo Architecture: all Depends: nodejs (>= 0.10.0) , ${misc:Depends} Description: SSL/TLS image proxy to prevent mixed-content warnings Camo is an image proxy to prevent mixed content warnings on secure pages. . It should not be installed by an end-user; instead people who operate websites that allow user-specified image embeds by URL can run this as a daemon to proxy such images through their own servers and serve the resulting content over SSL/TLS. . This provides integrity protection and last-mile confidentiality to images, thus preventing a local network attacker from seeing the images you request (allowing for possible disclosure of the content you're viewing) or changing their content (to misinform, confuse, or shock). . It of course does not prevent an attacker from modifying the content or noticing its access if the attacker is in the path between your datacentre and the image source. . However, even in this case, it provides some security insofar as it may prevent the attacker from knowing who is accessing the image. . Using a shared key, proxy URLs are encrypted with hmac so we can bust caches/ban/rate limit if needed. . Features include: * Proxy Google charts * Proxy images under 5 MB * Follow redirects to a configurable depth * Proxy remote images with a content-type of image/* * Disallows proxying to private IP ranges debian/source/0000755000000000000000000000000012245166221010467 5ustar debian/source/format0000644000000000000000000000001412245166221011675 0ustar 3.0 (quilt) debian/postinst0000644000000000000000000000045412245166221011000 0ustar #!/bin/sh set -e mkdir -p /var/log/camo/ if ! [ -f /etc/default/camo ]; then echo "ENABLED=yes" > /etc/default/camo echo "PORT=9292" >> /etc/default/camo echo "CAMO_KEY=`openssl rand -hex 20`" >> /etc/default/camo echo "CAMO_LOGGING_ENABLED=1" >> /etc/default/camo fi #DEBHELPER# debian/compat0000644000000000000000000000000212245166221010365 0ustar 8 debian/docs0000644000000000000000000000001212245166221010033 0ustar README.md debian/patches/0000755000000000000000000000000012245166221010616 5ustar debian/patches/0001-Don-t-use-bundle-in-the-test-suite.patch0000644000000000000000000000121312245166221020522 0ustar From: Luke Faraone Date: Tue, 3 Sep 2013 11:51:19 -0400 Subject: Don't use bundle in the test suite We don't actually require it to run the tests or anywhere else. Origin: vendor Forwarded: not-needed --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index c82f435..fea80b1 100644 --- a/Rakefile +++ b/Rakefile @@ -15,7 +15,7 @@ namespace :test do desc "Run the tests against localhost" task :check do |t| - system("BUNDLE_GEMFILE=test.gemfile bundle exec ruby test/proxy_test.rb") + system("ruby test/proxy_test.rb") end desc "Kill test server" -- debian/patches/series0000644000000000000000000000005612245166221012034 0ustar 0001-Don-t-use-bundle-in-the-test-suite.patch debian/changelog0000644000000000000000000000023212245166452011044 0ustar camo (1.3.0+dfsg-1) unstable; urgency=low * Initial release (Closes: #721731) -- Luke Faraone Tue, 26 Nov 2013 13:45:34 -0500 debian/install0000644000000000000000000000003312245166221010554 0ustar server.js /usr/share/camo/ debian/rules0000755000000000000000000000214312245166221010247 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ CURVER=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^-(+dfsg)]+).*,\1,p') FULLVER=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^-]+).*,\1,p') PACKAGE_NAME=camo TARBALL=$(PACKAGE_NAME)_$(FULLVER).orig.tar.gz ORIG_TARBALL=v$(CURVER).tar get-orig-source: wget https://github.com/atmos/camo/archive/$(ORIG_TARBALL).gz gunzip $(ORIG_TARBALL).gz tar --delete -f $(ORIG_TARBALL) camo-$(CURVER)/server.js gzip $(ORIG_TARBALL) mv $(ORIG_TARBALL).gz $(TARBALL) override_dh_auto_build: rake --trace build override_dh_auto_test: nodejs server.js & rake --trace test:check pkill -KILL -xf "nodejs server.js" override_dh_auto_clean: rm -f tmp/camo.pid server.js debian/init0000644000000000000000000000764612245166221010072 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: camo # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: initscript to start the camo image proxy service ### END INIT INFO # Author: Luke Faraone # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="manage the camo image proxy service" NAME=camo SCRIPT_PATH=/usr/share/camo/server.js DAEMON="/usr/bin/nodejs $SCRIPT_PATH" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # Exit if the package is not installed [ -e "$SCRIPT_PATH" ] || exit 0 ENABLED=yes # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME export CAMO_KEY PORT if [ "$ENABLED" != "yes" ]; then log_warning_msg "Service is disabled" exit 0 fi # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE -bm --exec $DAEMON --no-close -c nobody --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE -bm --no-close -c nobody --exec $DAEMON -- \ $DAEMON_ARGS >> /var/log/camo/camo.log \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac :