debian/0000755000000000000000000000000011763071461007174 5ustar debian/libpam-encfs.preinst0000644000000000000000000000113511532750034013134 0ustar #!/bin/sh set -e LASTVERSION="0.1.2-4" # Prepare to move a conffile without triggering a dpkg question prep_mv_conffile() { CONFFILE="$1" if [ -e "$CONFFILE" ]; then md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`" old_md5sum="`dpkg-query -W -f='${Conffiles}' libpam-encfs | grep "$CONFFILE" | awk '{print $2}'`" if [ "$md5sum" = "$old_md5sum" ]; then rm -f "$CONFFILE" fi fi } case "$1" in install|upgrade) if dpkg --compare-versions "$2" le "$LASTVERSION"; then prep_mv_conffile "/etc/pam_encfs.conf" fi esac #DEBHELPER# debian/control0000644000000000000000000000165311756410422010600 0ustar Source: libpam-encfs Section: admin Priority: optional Maintainer: Agustin Martin Domingo Uploaders: Bartosz Fenski Build-Depends: debhelper (>= 7.0.0), dpkg-dev (>= 1.15.7~), libpam0g-dev, quilt Standards-Version: 3.9.3 Vcs-Git: git://git.debian.org/collab-maint/libpam-encfs.git Vcs-Browser: http://git.debian.org/?p=collab-maint/libpam-encfs.git;a=summary Homepage: http://code.google.com/p/pam-encfs Package: libpam-encfs Architecture: linux-any Depends: encfs, libpam-runtime (>= 1.0.1-6), ${shlibs:Depends}, ${misc:Depends} Description: PAM module to automatically mount encfs filesystems on login This PAM module integrates encfs and PAM, so home directories are automatically mounted on login. EncFS provides an encrypted filesystem in user-space, this PAM module easily allow each user to have an encrypted home, and mount it automatically using its login password as encfs password. debian/source/0000755000000000000000000000000011607053633010472 5ustar debian/source/format0000644000000000000000000000001411607053633011700 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000001474411763071461011060 0ustar libpam-encfs (0.1.4.4-6) unstable; urgency=low * Fix FTBFS with multiple -Wl,... flags. Thanks Ilya Barygin from Ubuntu for report and fix (Closes: #675581). -- Agustin Martin Domingo Mon, 04 Jun 2012 10:34:57 +0200 libpam-encfs (0.1.4.4-5) unstable; urgency=low * debian/rules: - Fix lintian debian-rules-missing-recommended-target build-{arch,indep}. * 01_pam_encfs.c_hint-console-login-on-error.patch: - Hint using a console login to get more info on login failure (Closes: #648704). * debian/README.Debian: - More detailed info about selected default options, password change and security implications. * debian/control: - Bump Standards-Version. No changes required. -- Agustin Martin Domingo Mon, 28 May 2012 15:08:07 +0200 libpam-encfs (0.1.4.4-4) unstable; urgency=low * debian/rules: - Make sure libraries are sanely ordered for linking. Thanks David Shorten (Closes: #633448). - Fix typo (as-needed -> add-needed). - Use dpkg-buildflags to get standard buildflags. * debian/control: - Bump Standards version. No changes required. - Build depend on dpkg-dev (>= 1.15.7~) because of dpkg-buildflags. * Make package dpkg 3.0 (quilt). -- Agustin Martin Domingo Tue, 12 Jul 2011 16:10:38 +0200 libpam-encfs (0.1.4.4-3) unstable; urgency=low * debian/NEWS,README.Debian: Document possible behavior changes on session end after upgrade to pam-auth-update based files (Closes: #621018). -- Agustin Martin Domingo Tue, 12 Apr 2011 13:06:10 +0200 libpam-encfs (0.1.4.4-2) unstable; urgency=low * Build only for linux, Currently, fuse is not available outside it. * Keep a separate debian/pam_encfs.conf and ship upstream's at doc dir. * debian/copyright: Update years and origin. * debian/libpam-encfs.preinst: Fix 'Conffiles' for dpkg-query -f option. -- Agustin Martin Domingo Mon, 28 Feb 2011 17:34:22 +0100 libpam-encfs (0.1.4.4-1) unstable; urgency=low * New (temporary) maintainer. * New upstream release. * Integrate libpam-encfs with pam-auth-update (Closes: #605559). Original pam-config by Simon Mungewell (LP: #287904). * Update watch file. Thanks Yan Morin (Closes: #550802). * debian/README.source: Added. Package uses dpatch patch system. * debian/control: - Update Homepage. - Fix lintian debhelper-but-no-misc-depends. - Bump Standards-Version. No changes required. * debian/copyright. Fix unversioned GPL version. * {pre,post}inst: Fix lintian maintainer-script-ignores-errors. * Remove some patches for changes included by upstream in 0.1.4.2: - 04_possible_buffer_overflow.dpatch. - 05_wait_for_fusermount.dpatch. - 06_link_with_gcc.dpatch: Removed. Partially integrated in 0.1.4.2. For the rest, upstream prefers to stay with ld, so we use it consistently. * 03_Changelog.dpatch: Removed. Create a pseudo upstream Changelog under debian/ and make sure it is installed. * 02_pam_encfs.conf: - Update for new upstream releases. - Fix conflicting options in config. Thanks again Simon Mungewell (LP: #287929). - Do not set allow_root in global fuse options, as this implies that different choice cannot be used for any user. - Use allow_root as default in specific definitions. - Warn that allow_user and allow_root cannot be used simultaneously. * debian/rules: Pass LD_FLAGS from debian/rules, including -x and explicit -lc. This last should also close (LP: #205783), already closed differently in 0.1.4.1-4. * Really close (Closes: #465558). It was indeed closed in 0.1.4.1-4, but mistyped as #1465558, and fix is included in upstream 0.1.4.2. -- Agustin Martin Domingo Tue, 15 Feb 2011 12:37:04 +0100 libpam-encfs (0.1.4.1-4) unstable; urgency=low * Link using gcc instead calling ld directly. Hopefuly closes ubuntu bug number 205783. * Activate patch 05_wait_for_fusermount. The patch was created to solve bug #1465558 in 0.1.4.1-3, but I forgot to activate it. -- Rubén Porras Campo Tue, 22 Apr 2008 23:02:23 +0200 libpam-encfs (0.1.4.1-3) unstable; urgency=low * Wait for fusermount after exiting the session. Closes: #1465558 -- Rubén Porras Campo Mon, 18 Feb 2008 18:26:13 +0100 libpam-encfs (0.1.4.1-2) unstable; urgency=low * Fix possible buffer overflow. Thanks to Max Vozeler. -- Rubén Porras Campo Thu, 08 Nov 2007 22:40:41 +0100 libpam-encfs (0.1.4.1-1) unstable; urgency=low * New upstream release. * Preinst does not use anymore /var/lib/dpkg/status directly. * Do not ignore errors in clean targen of debian/rules. * Update to Debian Policy 2.7.2.2. * Correct handling of chdir when using sudo. Closes: #425656. * Update maintainer address. -- Rubén Porras Campo Wed, 12 Sep 2007 10:20:43 +0200 libpam-encfs (0.1.3-1) unstable; urgency=low * New upstream version * Cleaned 02_pam_encfs.conf.dpatch removing some things I should have left during my test. * Rewrite Debian changelog, the package is intended to go in admin, not in base * Include changelog based on information provided in upstream web page -- Rubén Porras Campo Tue, 24 Jan 2006 17:54:55 +0100 libpam-encfs (0.1.2-4) unstable; urgency=low * Change section from libs to admin. Closes: #341165 -- Rubén Porras Campo Tue, 13 Dec 2005 22:12:52 +0100 libpam-encfs (0.1.2-3) unstable; urgency=low * Change architecture from i386 to any. Closes: #340575 -- Rubén Porras Campo Thu, 24 Nov 2005 23:40:09 +0100 libpam-encfs (0.1.2-2) unstable; urgency=low * Remove commented dh_* calls from debian/rules * Depend on encfs instead of recomend it * Remove debian/pam-encfs.substvars from the diff.gz * Add Bartosz Fenski as uploader -- Rubén Porras Campo Sat, 19 Nov 2005 17:04:39 +0100 libpam-encfs (0.1.2-1) unstable; urgency=low * Initial release Closes: #327860 * Change Makefile to install pam_encfs.conf * Change default dir for encfs home directories from /mnt/storage/enc/ to /home/.enc. Rationale: Under a common setup, that is, one partition for /home and another for /, putting the encrypted data into /mnt/storage/enc/ uses space in /, not in /home. * Create README.Debian. -- Rubén Porras Campo Mon, 12 Sep 2005 17:11:01 +0200 debian/copyright0000644000000000000000000000207211532750034011122 0ustar This package was debianized by Rubén Porras Campo on Mon, 12 Sep 2005 17:11:01 +0200. It was downloaded from http://pam-encfs.googlecode.com/files/pam_encfs-0.1.4.4.tar.gz Copyright (C) 2004-2010 by Anders Aagaard This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. On Debian systems, the complete text of the GNU General Public License can be found in the file `/usr/share/common-licenses/GPL-2'. debian/libpam-encfs.prerm0000644000000000000000000000015311532750034012574 0ustar #!/bin/sh set -e if [ "$1" = remove ]; then pam-auth-update --package --remove encfs fi #DEBHELPER# debian/encfs.pam-config0000644000000000000000000000025511712552703012233 0ustar Name: encfs encrypted home directories Default: yes Priority: 257 Auth-Type: Primary Auth: sufficient pam_encfs.so Auth-Initial: sufficient pam_encfs.so debian/compat0000644000000000000000000000000211517314240010362 0ustar 7 debian/patches/0000755000000000000000000000000011712554272010623 5ustar debian/patches/series0000644000000000000000000000006111712553375012040 0ustar 01_pam_encfs.c_hint-console-login-on-error.patch debian/patches/01_pam_encfs.c_hint-console-login-on-error.patch0000644000000000000000000000161711712554272021656 0ustar Author: Description: Help getting useful information in case of login failure in non-console login. Bug-Debian: http://bugs.debian.org/648704 Bug: http://code.google.com/p/pam-encfs/issues/detail?id=7 Index: libpam-encfs/pam_encfs.c =================================================================== --- libpam-encfs.orig/pam_encfs.c 2011-01-24 16:20:00.000000000 +0100 +++ libpam-encfs/pam_encfs.c 2012-02-02 19:37:16.048103292 +0100 @@ -624,8 +624,8 @@ buff[len] = 0; if (!checkmnt(targetpath) && (len > 0 || exitstatus > 0)) { - _pam_log(LOG_ERR, "exitcode : %d, errorstring : %s", exitstatus, - buff); + // _pam_log(LOG_ERR, "exitcode : %d, errorstring : %s", exitstatus, buff); + _pam_log(LOG_ERR, "exitcode : %d, login failed, try a console login to get more info.\n", exitstatus); return PAM_AUTH_ERR; } else debian/watch0000644000000000000000000000057311517314240010222 0ustar # Example watch control file for uscan # Rename this file to "watch" and then you can run the "uscan" command # to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 # http://code.google.com/p/pam-encfs/downloads/list \ http://pam-encfs.googlecode.com/files/pam_encfs-(.*)\.tar\.gz debian/pam_encfs.conf0000644000000000000000000000413011532750034011766 0ustar #This file is parsed top to bottom, until the first mount line that matches is found, then it stops. #Note that I dont support spaces in params #So if your for example gonna specify idle time use --idle=X not -i X. #If this is specified program will attempt to drop permissions before running encfs. #(will not work with --public for example, as that requires encfs to run as root) drop_permissions #This specifies which options to pass to encfs for every user. #You can find encfs options by running encfs without any arguments encfs_default --idle=1 #Same for fuse, note that allow_root (or allow_other, or --public in encfs) is needed to run gdm/X. #you can find fuse options with encfs -H # - Debian Note: # allow_other and allow_root are mutually incompatible and cannot be set # simultaneously. If we set any of them here (as done before) all users # inherit it and the other option cannot be set for any user. We better # do not set it here, but in specific definitions at the end of this file. fuse_default nonempty #For a mount line, - = generic, we try to fill in what we need. #A Mount line is constructed like this: #USERNAME if "-" or "*" gets replaced with $USER #SOURCE if USERNAME is -, replace with path + /$USER # if USERNAME is *, replace with $HOME/ + sourcepath #TARGET PATH if - replace with $HOME # if USERNAME is *, replace with $HOME/ + targetpath #ENCFS OPTIONS encfs options here is encfs_default + encfs_options #FUSE OPTIONS encfs options here is fuse_default + fuse_options #Keep in mind that the configuration file is parsed top to bottom, so if you put your generic line on top, #that will always match before any custom lines under it. #In this example, with example_user uncommented, the "-" line will never be parsed if you login as example_user. #In the lines with the USERNAME "*", all paths are relative to $HOME #USERNAME SOURCE TARGET PATH ENCFS Options FUSE Options #example_user /mnt/enc/example_user /home/example_user -v,--idle=1 allow_root #* .private private -v allow_other #- /mnt/enc - -v allow_other - /home/.enc - -v allow_root debian/Upstream.Changelog0000644000000000000000000000173711526446077012623 0ustar Release 0.1.4.4 - July 20 2010. * Use fuse lazy umount by default. Release 0.1.4.3 - May 16 2010. * Applied patch from Francesco Sacchi to allow auto mounting subdirectories (like .private) with wildcards. Release 0.1.4.2 - Apr 21 2008. * Applied 2 patches from the debian package. (Thanks Rubèn Porras for mailing em to me). * Removed -x from the Makefile, god knows why that was there in the first place. Release 0.1.4.1 - Jul 28 2006. * Applied a patch from Yves Perrenoud fixing an odd bug in gdm logins introduced in 0.1.4. Release 0.1.4 - Jul 27 2006. * Fixed a bug related to sudo and chdir (not a security issue), now using stat instead, thanks to Yves Perrenoud for the bugreport + suggested fix. Release 0.1.3 - Dec 1 2005. * Fixed a few misc bugs, no critical stuff so if you had it working before there's no reason to update. * Thanks to Philippe Teuwen for some patches. Release 0.1.2 * Updates are documentation/contact information. debian/rules0000755000000000000000000000544411763071200010252 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PACKAGE = libpam-encfs PAM_CONFIG_DIR = $(CURDIR)/debian/libpam-encfs/usr/share/pam-configs PAM_SEC_DIR = $(CURDIR)/debian/libpam-encfs/etc/security # Original CFLAGS upstream value (Check!) CFLAGS := -fPIC -O2 -c -g -Wall -Wformat-security -fno-strict-aliasing # Original LDFLAGS upstream value (Check!) LDFLAGS := --shared # Make linker have binutils-gold like behavior # LDFLAGS += --no-add-needed # Delete all local symbols. LDFLAGS += -x # Original PAMLIB upstream value (Check!) PAMLIB := -lpam # Explicitly link to C library (we use ld). Put as last -l. PAMLIB += -lc include /usr/share/quilt/quilt.make export QUILT_PATCHES=debian/patches CFLAGS += $(shell dpkg-buildflags --get CFLAGS) CPPFLAGS += $(shell dpkg-buildflags --get CPPFLAGS) LDFLAGS += $(shell dpkg-buildflags --get LDFLAGS | sed -e 's/,/ /g' -e 's/-Wl//g' ) configure: configure-stamp configure-stamp: dh_testdir # Add here commands to configure the package. touch configure-stamp changelog: debian/Upstream.Changelog cp -i debian/Upstream.Changelog changelog build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: patch configure-stamp changelog dh_testdir # Add here commands to compile the package. $(MAKE) CFLAGS="$(CFLAGS) $(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" PAMLIB="$(PAMLIB)" #docbook-to-man debian/pam-encfs.sgml > pam-encfs.1 touch build-stamp clean: clean-patched unpatch clean-patched: dh_testdir rm -f build-stamp configure-stamp rm -f changelog # Add here commands to clean up after the build process. $(MAKE) clean dh_clean install: build dh_testdir dh_prep dh_installdirs # Add here commands to install the package into debian/libpam-encfs. $(MAKE) install DESTDIR=$(CURDIR)/debian/libpam-encfs # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs mkdir -p $(PAM_CONFIG_DIR) install -m 0644 debian/encfs.pam-config $(PAM_CONFIG_DIR)/encfs mkdir -p $(PAM_SEC_DIR) install -m 0644 debian/pam_encfs.conf $(PAM_SEC_DIR) dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure patch \ unpatch debian/libpam-encfs.postinst0000644000000000000000000000107111532750034013332 0ustar #!/bin/sh set -e LASTVERSION="0.1.2-4" # Move a conffile without triggering a dpkg question mv_conffile() { OLDCONFFILE="$1" NEWCONFFILE="$2" if [ -e "$OLDCONFFILE" ]; then echo "Preserving user changes to $NEWCONFFILE ..." mv -f "$NEWCONFFILE" "$NEWCONFFILE".dpkg-new mv -f "$OLDCONFFILE" "$NEWCONFFILE" fi } case "$1" in configure) if dpkg --compare-versions "$2" le "$LASTVERSION"; then mv_conffile "/etc/pam_encfs.conf" "/etc/security/pam_encfs.conf" fi esac pam-auth-update --package encfs #DEBHELPER# debian/README.Debian0000644000000000000000000001166611755202511011240 0ustar As of libpam-encfs (>> 0.1.4.1-4) there is no longer need to manually edit /etc/pam.d/common-auth. Do not manually edit that file unless you know *very well* what you are doing, may break login. libpam-encfs (>> 0.1.4.1-4) package will take care of properly modifying /etc/pam.d/common-auth. Remember that: * User using this module must be member of 'fuse' group. * You may still need to enable user_allow_other in /etc/fuse.conf. Some other info, Automatic umount of encfs volume on end of session ================================================== To handle automatic umount of encfs volume on end of session, two methods are available, * In "/etc/security/pam_encfs.conf", pass an idle=X option to encfs (where X stands for minutes) to have encfs volume umounted after X minutes idle. Default configuration uses this method with a 1 minute delay. * Umount immediately by adding to "/etc/pam.d/common-session" a line session required pam_encfs.so This will umount encfs immediately after session end. While this may look more secure it has some possible drawbacks: - pam_encfs filesystem auto-unmount when user still has a login (multiple logins) (http://code.google.com/p/pam-encfs/issues/detail?id=11) Seems that under some shells if there are multiple logins by the same user and one of these sessions is terminated (and pam_encfs is setup in PAM against session, such that is unmounts the filesystem on logout) that pam_encfs dismounts the filesystem, even though the user still has a session and may be using the filesystem. - I have read that with graphical logins and things like some gnome apps, some stuff may still be written to home directory after session is over. If session is finished immediately this may be written unencrypted. (https://help.ubuntu.com/community/EncryptedHomeDirectoryHowto) Using idle should decrease this risk. Since this method unconditionally affects all users, makes idle a no-op for use under libpam-encfs and cannot be reverted by modifying files under "/etc", libpam-encfs does not provide an snippet for automatic handling of "/etc/pam.d/common-session". If this method was previously enabled, it may have disappeared and get disabled when upgrading pam and libpam-encfs to use pam-auth-update, if automatic mode is selected. If you want to keep this method enabled, so encfs volume is unconditionally umounted immediately on session end (Remember that it sets that option for all users and makes idle a no-op for use under libpam-encfs) you need to manually edit "/etc/pam.d/common-session" and put above session stanza *outside* the automatically generated block. This will enable this method for all password based login systems. If you want to enable it only for some of them, you will need to modify only relevant entries under /etc/pam.d. Change your password (Thanks https://wiki.edubuntu.org/EncryptedHomeFolder) =========================================================================== Prior to anything else, consider making a backup of your encfs volume in a safe place. First, change your account password like normal. Then change the filesystem password. Open a terminal and do the following. Remember to change "testuser" with your username. Change your account login password: * $ passwd o (current) UNIX password: Then you can change the encfs password: * $ encfsctl passwd /home/.enc/testuser * Enter current Encfs password * EncFS Password: You should reboot to fully test as the folder often doesn't unmount at logout if you're not on a text login. Security Notes (Thanks https://wiki.edubuntu.org/EncryptedHomeFolder) ===================================================================== Normally fuse only allows access to the user who mounted an encrypted share; this is irrespective of the filesystem permissions. Because we used allow_root, the root user will be able to access your decrypted mount point so long as your files are mounted. Unfortunately, this is necessary for the pam module as the mounting is done by the root user. Sometimes pam fails to unmount your folder (esp if use graphical login), leaving it open even though your logged out. As stated, root will have access, but other users won't be able to access the folder (unless you set allow_other as a parameter). So as long as you're the only user with sudo access, you're fine. Otherwise you should reboot after logout to be sure, or log in as the root user and check with the mount command. Truthfully, if your this concerned, you should probably be doing something like dmcrypt instead. Without an encrypted swap partition, its possible for unencrypted file parts, passwords, or even the encfs key to be written to your swap partition. If swap is not encrypted, this can all be read by an attacker. Downside of this is that hibernate will no longer function. Enjoy. -- Agustin Martin Domingo , Thu, 17 May 2012 16:03:53 +0200 debian/NEWS0000644000000000000000000000161211712552703007670 0ustar libpam-encfs (0.1.4.4-3) unstable; urgency=low Starting with 0.1.4.1-4, libpam-encfs uses "pam-auth-update" for automatic handling of "/etc/pam.d/common-*" stuff. libpam-encfs does not provide a snippet for automatically adding "session required pam_encfs.so" to "/etc/pam.d/common-session" because is not required for all libpam-encfs uses and sets a default that cannot be reverted by editing files in "/etc". If you previously put a "session required pam_encfs.so" line in files under "/etc/pam.d/" and selected automatic mode, it may have been removed on upgrade and immediate encfs umount after session end disabled. If you want to still have that line and unconditionally set that behavior for all users, you need to re-add it manually. See README.Debian for guidelines and alternatives. -- Agustin Martin Domingo Tue, 12 Apr 2011 12:17:35 +0200 debian/libpam-encfs.docs0000644000000000000000000000006511551030563012400 0ustar README debian/README.source changelog pam_encfs.conf debian/README.source0000644000000000000000000000353511607053633011357 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. To configure quilt to use debian/patches instead of patches, you want either to export QUILT_PATCHES=debian/patches in your environment or use this snippet in your ~/.quiltrc: for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then export QUILT_PATCHES=debian/patches break fi done To get the fully patched source after unpacking the source package, cd to the root level of the source package and run: quilt push -a The last patch listed in debian/patches/series will become the current patch. To add a new set of changes, first run quilt push -a, and then run: quilt new where is a descriptive name for the patch, used as the filename in debian/patches. Then, for every file that will be modified by this patch, run: quilt add before editing those files. You must tell quilt with quilt add what files will be part of the patch before making changes or quilt will not work properly. After editing the files, run: quilt refresh to save the results as a patch. Alternately, if you already have an external patch and you just want to add it to the build system, run quilt push -a and then: quilt import -P /path/to/patch quilt push -a (add -p 0 to quilt import if needed). as above is the filename to use in debian/patches. The last quilt push -a will apply the patch to make sure it works properly. To remove an existing patch from the list of patches that will be applied, run: quilt delete You may need to run quilt pop -a to unapply patches first before running this command.