Bug#1060815: ITP: relic -- digitally sign Linux/Java/Windows packages

To: submit@bugs.debian.org
Subject: Bug#1060815: ITP: relic -- digitally sign Linux/Java/Windows packages
From: Simon Josefsson <simon@josefsson.org>
Date: Sun, 14 Jan 2024 23:48:27 +0100
Message-id: <[🔎] 877ckb7cqs.fsf@kaka.sjd.se>
Reply-to: Simon Josefsson <simon@josefsson.org>, 1060815@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <simon@josefsson.org>

* Package name    : relic
  Version         : 7.6.1-1
  Upstream Author : SAS Institute, Inc.
* URL             : https://github.com/sassoftware/relic
* License         : Apache-2.0
  Programming Lang: Go
  Description     : digitally sign Linux/Java/Windows packages

 relic is a multi-tool and server for package signing and working with
 hardware security modules (HSMs).
 .
 Package types
 .
  * RPM - RedHat packages
  * DEB - Debian packages
  * JAR - Java archives
  * EXE (PE/COFF) - Windows executable
  * MSI - Windows installer
  * appx, appxbundle - Windows universal application
  * CAB - Windows cabinet file
  * CAT - Windows security catalog
  * XAP - Silverlight and legacy Windows Phone applications
  * PS1, PS1XML, MOF, etc. - Microsoft Powershell scripts and modules
  * manifest, application - Microsoft ClickOnce manifest
  * VSIX - Visual Studio extension
  * Mach-O - macOS/iOS signed executables
  * DMG, PKG - macOS disk images / installer packages
  * APK - Android package
  * PGP - inline, detached or cleartext signature of data
 .
 Token types
 .
 relic can work with several types of token:
 .
  * pkcs11 - Industry standard PKCS#11 HSM interface using shared object
    files
  * Cloud services - AWS, Azure and Google Cloud managed keys
  * scdaemon - The GnuPG scdaemon service can enable access to OpenPGP
    cards (such as Yubikey NEO)
  * file - Private keys stored in a password-protected file
 .
 Features
 .
 Relic is primarily meant to operate as a signing server, allowing
 clients to authenticate with a TLS certificate and sign packages
 remotely. It can also be used as a standalone signing tool.
 .
 Other features include:
 .
  * Generating and importing keys in the token
  * Importing certificate chains from a PKCS#12 file
  * Creating X509 certificate signing requests (CSR) and self-signed
    certificates
  * Limited X509 CA support -- signing CSRs and cross-signing certificates
  * Creating simple PGP public keys
  * RSA and ECDSA supported for all signature types
  * Verify signatures, certificate chains and timestamps on all supported
    package types
  * Sending audit logs to an AMQP broker, with an optional sealing
    signature
  * Save token PINs in the system keyring
 .
 Linux, Windows and MacOS are supported. Other platforms probably work as
 well.
 .
 relic is tested using libsofthsm2 and Gemalto SafeNet Network HSM (Luna
 SA).

I hope to maintain this package as part of Debian Go Packaging Team:

https://salsa.debian.org/go-team/packages/relic

/Simon

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: RFS: golang-github-go-webauthn-webauthn
Next by Date: Bug#1060816: ITP: golang-github-shibumi-go-pathspec -- gitignore-style pathspec pattern matching in Go
Previous by thread: Bug#1060813: ITP: golang-github-qur-ar -- Golang ar archive file library
Next by thread: Bug#1060816: ITP: golang-github-shibumi-go-pathspec -- gitignore-style pathspec pattern matching in Go
Index(es):
- Date
- Thread