[Pkg-voip-commits] [SCM] UNNAMED PROJECT branch, master, updated. upstream/1.8.0_pre1-1-g99a5345
Daniel Pocock
daniel at pocock.com.au
Sun May 20 16:07:14 UTC 2012
The following commit has been merged in the master branch:
commit 99a5345401d2a47ab5238c8300e94c339b0a08bd
Author: Daniel Pocock <daniel at pocock.com.au>
Date: Sun May 20 18:07:10 2012 +0200
Initial import of Debian artefacts into new VCS for resiprocate >= 1.8
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..134fe88
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+resiprocate (1.8.0~pre1-1) unstable; urgency=low
+
+ * Initial release (Closes: #412427)
+
+ -- Daniel Pocock <daniel at pocock.com.au> Thu, 17 May 2012 19:29:59 +0000
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..45a4fb7
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+8
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..58e97ee
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,82 @@
+Source: resiprocate
+Section: libs
+Priority: extra
+Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
+Build-Depends: cdbs, debhelper (>= 7.0.0), gperf, libasio-dev (>= 1.2.0), libboost-dev, libc-ares-dev (>= 1.6.0), libdb++-dev, libpopt-dev, libssl-dev (>= 0.9.8), perl, libmysqlclient-dev, libradiusclient-ng-dev, libcppunit-dev, autotools-dev
+Homepage: http://www.resiprocate.org/
+Standards-Version: 3.9.3
+DM-Upload-Allowed: yes
+Vcs-Git: git://git.debian.org/pkg-voip/resiprocate.git
+Vcs-Browser: http://git.debian.org/?p=pkg-voip/resiprocate.git;a=summary
+
+Package: libresiprocate-1.8
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: reSIProcate SIP stack - shared libraries
+ reSIProcate is a library that aims to fully implement the SIP protocol
+ in first class C++. It is intended for use in other applications,
+ such as the repro SIP proxy.
+ .
+ This package provides the core libraries: librutil (utilities),
+ libresip (SIP stack/RFC compliant message parsing) and
+ libdum (SIP Dialog Usage Manager, a state machine for SIP dialogs).
+
+Package: libresiprocate-1.8-dev
+Section: libdevel
+Architecture: any
+Depends: libresiprocate-1.8 (= ${binary:Version}), ${misc:Depends}
+Description: reSIProcate SIP stack - development files
+ reSIProcate is a library that aims to fully implement the SIP protocol
+ in first class C++. It is intended for use in other applications,
+ such as the repro SIP proxy.
+ .
+ This package provides header files needed for developing applications
+ based on the core reSIProcate libraries.
+
+Package: repro
+Section: net
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Description: reSIProcate SIP stack - lightweight SIP proxy daemon
+ reSIProcate is a library that aims to fully implement the SIP protocol
+ in first class C++. It is intended for use in other applications,
+ such as the repro SIP proxy.
+ .
+ repro is the SIP proxy developed as part of the reSIProcate project.
+ It provides a high-quality, low maintenance solution for serving
+ small and large IP telephony installations.
+
+Package: resiprocate-turn-server
+Section: net
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Description: reSIProcate SIP stack - ICE/TURN server
+ reSIProcate is a library that aims to fully implement the SIP protocol
+ in first class C++. It is intended for use in other applications,
+ such as the repro SIP proxy.
+ .
+ reTurn is the TURN server developed as part of the reSIProcate project.
+ TURN (RFC 5766) provides a standardised solution for VoIP applications
+ to find the most efficient way to route media streams when NAT and
+ firewall devices may be present.
+ .
+ reTurn provides a high-quality, low maintenance solution for serving
+ small and large IP telephony installations. It has been used successfully
+ with a variety of SIP and Jabber applications, including Lumicall,
+ Jitsi, Empathy and Psi.
+
+Package: sipdialer
+Section: net
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: reSIProcate SIP stack - click-to-call utility
+ reSIProcate is a library that aims to fully implement the SIP protocol
+ in first class C++. It is intended for use in other applications,
+ such as the repro SIP proxy.
+ .
+ sipdialer is a click-to-call application that uses the SIP REFER
+ method to force a SIP phone (for example, the phone on your desk)
+ to dial another number. It can be registered in gconf to handle
+ clicks on sip:, sips: and tel: URIs in other applications and the
+ web browser.
+
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..cabcc7d
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,107 @@
+This package was prepared for Debian by the combined efforts of
+Daniel Pocock <daniel at pocock.com.au> and
+Gregor Jasny <gjasny at googlemail.com>
+
+upstream tarballs downloaded from http://www.resiprocate.org/
+
+Upstream Authors:
+
+ reSIProcate Developers <resiprocate-devel at list.resiprocate.org>
+
+Copyright:
+
+ 2000-2007 Vovida Networks, Inc. All rights reserved.
+ for the main reSIProcate stack
+
+ For some components, contributors have asserted individual copyright,
+ licensing their code under the same terms as the stack itself
+ or under compatible BSD terms (see further below)
+
+ Copyright 2005-2012 Daniel Pocock <daniel at pocock.com.au>
+ Copyright 2005-2012 Scott Godin / SIP Spectrum Inc.
+ Copyright 2007-2008, Plantronics, Inc.
+
+The main license terms:
+
+ The Vovida Software License, Version 1.0
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ 3. The names "VOCAL", "Vovida Open Communication Application Library",
+ and "Vovida Open Communication Application Library (VOCAL)" must
+ not be used to endorse or promote products derived from this
+ software without prior written permission. For written
+ permission, please contact vocal at vovida.org.
+
+ 4. Products derived from this software may not be called "VOCAL", nor
+ may "VOCAL" appear in their name, without prior written
+ permission of Vovida Networks, Inc.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
+ NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA
+ NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
+ IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
+
+The BSD license terms used in some specific contributions (identical to
+the Vocal terms but using the word `author' in place of `Vovida/VOCAL'):
+
+ BSD License
+ -----------
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ 3. Neither the name of the author nor the names of contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
+ NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR
+ OR ANY CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
+ NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
+
+The Debian packaging is
+
+ Copyright 2007-2012 Daniel Pocock <daniel at pocock.com.au>
+ Copyright 2009 Gregor Jasny <gjasny at googlemail.com>
+ and is licensed under the General Public License v3
+ which is available in
+ /usr/share/common-licenses/GPL-3
+
diff --git a/debian/libresiprocate-1.8-dev.install b/debian/libresiprocate-1.8-dev.install
new file mode 100644
index 0000000..d0f7724
--- /dev/null
+++ b/debian/libresiprocate-1.8-dev.install
@@ -0,0 +1,7 @@
+usr/include/rutil
+usr/include/resip
+usr/include/sipdial
+usr/lib/librutil.so
+usr/lib/libresip.so
+usr/lib/libdum.so
+usr/lib/libsipdial.so
diff --git a/debian/libresiprocate-1.8.README.Debian b/debian/libresiprocate-1.8.README.Debian
new file mode 100644
index 0000000..6d58c3c
--- /dev/null
+++ b/debian/libresiprocate-1.8.README.Debian
@@ -0,0 +1,21 @@
+
+About this package
+------------------
+
+This package just contains the shared libraries
+
+It is built against the SSL and RADIUS libraries, so you can
+use those features of the stack if you want to.
+
+Documentation for developers
+----------------------------
+
+There is a large amount of documentation in various formats
+in the reSIProcate source tree. Currently, it is not all
+packaged, some of it is in the form of Visio files that
+may not be readable on a Debian system anyway.
+
+To get the full reSIProcate source tree, please visit
+http://www.resiprocate.org
+
+
diff --git a/debian/libresiprocate-1.8.install b/debian/libresiprocate-1.8.install
new file mode 100644
index 0000000..fb1c9c1
--- /dev/null
+++ b/debian/libresiprocate-1.8.install
@@ -0,0 +1,4 @@
+usr/lib/librutil-*.so*
+usr/lib/libresip-*.so*
+usr/lib/libdum-*.so*
+usr/lib/libsipdial-*.so*
diff --git a/debian/libresiprocate-1.8.lintian-overrides b/debian/libresiprocate-1.8.lintian-overrides
new file mode 100644
index 0000000..7981c84
--- /dev/null
+++ b/debian/libresiprocate-1.8.lintian-overrides
@@ -0,0 +1,2 @@
+libresiprocate-1.8 binary: package-name-doesnt-match-sonames
+libresiprocate-1.8 binary: possible-gpl-code-linked-with-openssl
diff --git a/debian/reTurnServer.config-sample b/debian/reTurnServer.config-sample
new file mode 100644
index 0000000..c663cff
--- /dev/null
+++ b/debian/reTurnServer.config-sample
@@ -0,0 +1,33 @@
+TurnPort = 3478
+TlsTurnPort = 5349
+AltStunPort = 0
+TurnAddress = 0.0.0.0
+AltStunAddress = 0.0.0.0
+AuthenticationMode = 2
+AuthenticationRealm = reTurn
+NonceLifetime = 3600
+AllocationPortRangeMin = 49152
+AllocationPortRangeMax = 65535
+DefaultAllocationLifetime = 600
+MaxAllocationLifetime = 3600
+MaxAllocationsPerUser = 0
+TlsServerCertificateFilename = server.pem
+TlsTempDhFilename = dh512.pem
+# leave blank if key is not encrypted
+#TlsPrivateKeyPassword =
+# Logging Type: syslog|cerr|cout|file
+LoggingType = syslog
+# Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
+LoggingLevel = INFO
+LogFilename = reTurnServer.log
+LogFileMaxLines = 50000
+# It is highly recommended that these values are NOT left at their
+# default setting
+LongTermAuthUsername = test
+LongTermAuthPassword = 1234
+# Must be true or false, default = false, not supported on Windows
+Daemonize = true
+# On UNIX it is normal to create a PID file
+# if unspecified, no attempt will be made to create a PID file
+#PidFile = /var/run/reTurnServer/reTurnServer.pid
+
diff --git a/debian/repro.README.Debian b/debian/repro.README.Debian
new file mode 100644
index 0000000..70be8a8
--- /dev/null
+++ b/debian/repro.README.Debian
@@ -0,0 +1,122 @@
+
+Background
+----------
+
+The original goal of repro was to provide a SIP proxy that is
+very easy to get started with. That was summarised in a post
+to the mailing list from Cullen Jennings in 2004:
+
+ "I thought I would just start an email thread on thins
+ that would be nice in an open source proxy.
+
+ The key thing is the out of box experience, you can go
+ from nothing to having a running proxy that allows phone A
+ to call phone B in 15 minutes.
+
+ The key property of it is that it provides what is needed for
+ secure phone calls with devices behind a NAT."
+
+ http://list.resiprocate.org/archive/resiprocate-devel/msg00639.html
+
+This package aims to help fulfil that promise.
+
+Quick start
+-----------
+
+After installing the package, the daemon starts.
+
+There is a built-in web server listening on port 5080
+with username = admin, password = admin.
+
+You can (and definitely should) change the password in
+/etc/repro/repro.config
+
+Using the web interface, you can:
+- add SIP accounts for your devices
+- set routing rules for calls between devices or calls
+ to external gateways
+
+Most other things (e.g. setting up SSL/TLS) is currently done
+by modifying /etc/repro/repro.config
+
+More complete documentation is here:
+
+ http://www.resiprocate.org/Using_Repro
+
+SSL/TLS on Debian
+-----------------
+
+The normal place for certs on Debian is in /etc/ssl
+
+repro has particular expectations about certificate filenames
+and permissions.
+
+
+ Stategy A:
+ ----------
+
+ If the certs you need are shared, or if your local policy
+ is to keep all certs and keys under /etc/ssl, then you need
+ to do two things:
+
+ - add the repro user to the group ssl-cert
+
+ addgroup repro ssl-cert
+
+ - create symlinks in /etc/repro/ssl pointing to the real
+ certs and keys in /etc/ssl, e.g:
+
+ ln -s /etc/ssl/ssl.crt/sip-server.example.org.crt \
+ /etc/repro/ssl/domain_cert_sip-server.example.org.pem
+
+ ln -s /etc/ssl/ssl.key/sip-server.example.org.key \
+ /etc/repro/ssl/domain_key_sip-server.example.org.pem
+
+ Note that filenames must be in that exact format, with
+ the domain_ prefix and the .pem suffix
+
+ Strategy B:
+ -----------
+
+ If the certs you need are ONLY for repro, then create
+ the certs and keys in /etc/repro/ssl using the naming
+ convention expected by repro (see examples above)
+
+ They can be owned by root and readable for the `repro'
+ user.
+
+ Intermediate certificates
+ -------------------------
+
+ Sometimes the CA provides an intermediate certificate.
+ The intermediate certificate(s) should be appended to
+ the file containing the server certificate. repro
+ will read all the certificates in the file and
+ present them to the TLS client.
+
+ Please be aware that some older IP phones may not
+ work with intermediate certificates, 4096 bit certificates,
+ high-security hash algorithms such as SHA256.
+
+ Testing TLS with OpenSSL
+ ------------------------
+
+ You can make a test connection like this:
+
+ openssl s_client \
+ -connect secure.trendhosting.net:5061 \
+ -tls1 \
+ -CAfile /etc/ssl/certs/ca-certificates.crt
+
+ Once the connection is confirmed, you can cut and paste
+ SIP messages and see the replies from repro.
+
+Getting help
+------------
+
+Please feel free to join the repro-users mailing list
+if you have questions:
+
+ http://list.resiprocate.org/mailman/listinfo
+
+
diff --git a/debian/repro.config-sample b/debian/repro.config-sample
new file mode 100644
index 0000000..d0af8ac
--- /dev/null
+++ b/debian/repro.config-sample
@@ -0,0 +1,608 @@
+########################################################
+# repro configuration file
+########################################################
+
+
+########################################################
+# Log settings
+########################################################
+
+# Logging Type: syslog|cerr|cout|file
+# Note: Logging to cout can negatively effect performance.
+# When repro is placed into production 'file' or
+# 'syslog' should be used.
+LoggingType = syslog
+
+# Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
+LogLevel = INFO
+
+# Log Filename
+LogFilename = repro.log
+
+# Log file Max Bytes
+LogFileMaxBytes = 5242880
+
+
+########################################################
+# Transport settings
+########################################################
+
+# Local IP Address to bind SIP transports to. If left blank
+# repro will bind to all adapters.
+#IPAddress = 192.168.1.106
+#IPAddress = 2001:5c0:1000:a::6d
+IPAddress =
+
+# Local port to listen on for SIP messages over UDP - 0 to disable
+UDPPort = 5060
+
+# Local port to listen on for SIP messages over TCP - 0 to disable
+TCPPort = 5060
+
+# Local port to listen on for SIP messages over TLS - 0 to disable
+#TLSPort = 5061
+TLSPort = 0
+
+# Local port to listen on for SIP messages over DTLS - 0 to disable
+DTLSPort = 0
+
+# TLS domain name for this server (note: domain cert for this domain must be present)
+TLSDomainName =
+
+# Whether or not we ask for (Optional) or expect (Mandatory) TLS
+# clients to present a client certificate
+# Possible values:
+# None: client can connect without any cert, if a cert is sent, it is not checked
+# Optional: client can connect without any cert, if a cert is sent, it must be acceptable to us
+# Mandatory: client can not connect without any cert, cert must be acceptable to us
+# How we decide if a cert is acceptable: it must meet two criteria:
+# 1. it must be signed by a CA that we trust (see CADirectory)
+# 2. the domain or full sip: URI in the cert must match the From: URI of all
+# SIP messages coming from the peer
+TLSClientVerification = None
+
+# Whether we accept the subjectAltName email address as if it was a SIP
+# address (when checking the validity of a client certificate)
+# Very few commercial CAs offer support for SIP addresses in subjectAltName
+# For many purposes, an email address subjectAltName may be considered
+# equivalent within a specific domain.
+# Currently, this accepts such certs globally (for any incoming connection),
+# not just for connections from the local users.
+TLSUseEmailAsSIP = false
+
+# Alternate and more flexible method to specify transports to bind to. If specified here
+# then IPAddress, and port settings above are ignored.
+# Transports MUST be numbered in sequential order, starting from 1. Possible settings are:
+# Transport<Num>Interface = <IPAddress>:<Port>
+# Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'> - default is UDP if missing
+# Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS or DTLS
+# Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
+# Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
+# is automatically generated from the other
+# transport settings. Otherwise explicity
+# enter the full URI you want repro to use.
+# Do not specify 'auto' if you specified
+# the IPAddress as INADDR_ANY (0.0.0.0).
+# If nothing is specified then repro will
+# use the global RecordRouteUri setting.
+#
+# Transport<Num>RcvBufLen = <SocketReceiveBufferSize> - currently only applies to UDP transports,
+# leave empty to use OS default
+# Example:
+# Transport1Interface = 192.168.1.106:5060
+# Transport1Type = TCP
+# Transport1RecordRouteUri = auto
+#
+# Transport2Interface = 192.168.1.106:5060
+# Transport2Type = UDP
+# Transport2RecordRouteUri = auto
+# Transport2RcvBufLen = 10000
+#
+# Transport3Interface = 192.168.1.106:5061
+# Transport3Type = TLS
+# Transport3TlsDomain = sipdomain.com
+# Transport3TlsClientVerification = Mandatory
+# Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
+
+
+# Comma separated list of DNS servers, overrides default OS detected list (leave blank
+# for default)
+DNSServers =
+
+# Enable IPv6
+EnableIPv6 = false
+
+# Enable IPv4
+DisableIPv4 = false
+
+# Port on which to run the HTTP configuration interface and/or certificate server
+# 0 to disable (default: 5080)
+HttpPort = 5080
+
+# disable HTTP challenges for web based configuration GUI
+DisableHttpAuth = false
+
+# Web administrator password
+HttpAdminPassword = admin
+
+# Port on which to listen for and send XML RPC messaging used in command processing
+# 0 to disable (default: 5081)
+CommandPort = 5081
+
+# Port on which to listen for and send XML RPC messaging used in registration sync
+# process - 0 to disable (default: 0)
+RegSyncPort = 0
+
+# Hostname/ip address of another instance of repro to synchronize registrations with
+# (note xmlrpcport must also be specified)
+RegSyncPeer =
+
+
+########################################################
+# Misc settings
+########################################################
+
+# Must be true or false, default = false, not supported on Windows
+Daemonize = true
+
+# On UNIX it is normal to create a PID file
+# if unspecified, no attempt will be made to create a PID file
+PidFile = /var/run/repro/repro.pid
+
+# Path to load certificates from (default: "$(HOME)/.sipCerts on *nix, and c:\sipCerts
+# on windows)
+# Note that repro loads ALL root certificates found by the settings
+# CertificatePath, CADirectory and CAFile. Setting one option does
+# not disable the other options.
+# Certificates in this location have to match one of the filename
+# patterns expected by the legacy reSIProcate SSL code:
+# domain_cert_NAME.pem, root_cert_NAME.pem, ...
+CertificatePath = /etc/repro/ssl
+
+# Path to load root certificates from
+# Iff this directory is specified, all files in the directory
+# will be loaded as root certificates, prefixes and suffixes are
+# not considered
+# Note that repro loads ALL root certificates found by the settings
+# CertificatePath, CADirectory and CAFile. Setting one option does
+# not disable the other options.
+# On Debian, the typical location is /etc/ssl/certs
+CADirectory = /etc/ssl/certs
+
+# Specify a single file containing one or more root certificates
+# and possible chain/intermediate certificates to be loaded
+# Iff this filename is specified, the certificates in the file will
+# be loaded as root certificates
+#
+# This does NOT currently support bundles of unrelated root certificates
+# stored in the same PEM file, it ONLY supports related/chained root
+# certificates. If multiple roots must be supported, use the CADirectory
+# option.
+#
+# In the future, this behavior may change to load a bundle,
+# such as /etc/ssl/certs/ca-certificates.txt on Debian and
+# /etc/pki/tls/cert.pem on Red Hat/CentOS
+#
+# Note that repro loads ALL root certificates found by the settings
+# CertificatePath, CADirectory and CAFile. Setting one option does
+# not disable the other options.
+#
+# This example loads just the CACert.org chain, which typically
+# includes the class 1 root and the class 3 root (signed by the class 1 root)
+#CAFile = /etc/ssl/certs/cacert.org.pem
+
+# The Path to read and write Berkely DB database files
+DatabasePath = /var/lib/repro
+
+# The hostname running MySQL server to connect to, leave blank to use BerkelyDB
+# The value of host may be either a host name or an IP address. If host is "localhost",
+# a connection to the local host is assumed. For Windows, the client connects using a
+# shared-memory connection, if the server has shared-memory connections enabled. Otherwise,
+# TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of
+# "." on Windows, the client connects using a named pipe, if the server has named-pipe
+# connections enabled. If named-pipe connections are not enabled, an error occurs.
+# WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
+MySQLServer =
+
+# The MySQL login ID to use when connecting to the MySQL Server. If user is empty string "",
+# the current user is assumed. Under Unix, this is the current login name. Under Windows,
+# the current user name must be specified explicitly.
+MySQLUser = root
+
+# The password for the MySQL login ID specified.
+MySQLPassword = root
+
+# The database name on the MySQL server that contains the repro tables
+MySQLDatabaseName = repro
+
+# If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
+# the host parameter determines the type of the connection.
+MySQLPort = 3306
+
+# If you would like to be able to authenticate uses from a MySQL source other than the repro user
+# database table itself, then specify the query here. The following conditions apply:
+# 1. The database table must reside on the same MySQL server instance as the repro database.
+# 2. The statement provided will be UNION'd with the hardcoded repro query, so that auth from
+# both sources is possible. Note: If the same user exists in both tables, then the repro
+# auth info will be used.
+# 3. The provided SELECT statement must return the SIP A1 password hash of the user in question.
+# 4. The provided SELECT statement must contain two tags embedded into the query: $user and $domain
+# These tags should be used in the WHERE clause, and repro will replace these tags with the
+# actual user and domain being queried.
+# Example: SELECT sip_password_ha1 FROM directory.users WHERE sip_userid = '$user' AND
+# sip_domain = '$domain' AND account_status = 'active'
+MySQLCustomUserAuthQuery =
+
+# Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates
+EnableCertServer = false
+
+# Value of server header for local UAS responses
+ServerText =
+
+# Enables Congestion Management
+CongestionManagement = true
+
+# Congestion Management Metric - can take one of the following values:
+# SIZE : Based solely on the number of messages in each fifo
+# TIME_DEPTH : Based on the age of the oldest (front-most) message
+# in each fifo.
+# WAIT_TIME : Based on the expected wait time for each fifo; this is
+# calculated by multiplying the size by the average service time.
+# This is the recommended metric.
+CongestionManagementMetric = WAIT_TIME
+
+# Congestion Management Tolerance for the given metric. This determines when the RejectionBehavior
+# changes.
+# 0-80 percent of max tolerance -> NORMAL (Not rejecting any work.)
+# 80-100 percent of max tolerance -> REJECTING_NEW_WORK (Refuses new work,
+# not continuation of old work.)
+# >100 percent of max tolerance -> REJECTING_NON_ESSENTIAL (Rejecting all work
+# that is non-essential to the health of the system (ie, if dropping
+# something is liable to cause a leak, instability, or state-bloat, don't drop it.
+# Otherwise, reject it.)
+# Units specified are dependent on Metric specified above:
+# If Metric is SIZE then units are number of messages
+# If Metric is TIME_DEPTH then units are the number seconds old the oldest message is
+# If Metric is WAIT_TIME then units are the expected wait time of each fifo in milliseconds
+CongestionManagementTolerance = 200
+
+# Specify the number of seconds between writes of the stack statistics block to the log files.
+# Specifying 0 will disable the statistics collection entirely. If disabled the statistics
+# also cannot be retreived using the reprocmd interface.
+StatisticsLogInterval = 3600
+
+# Use MultipleThreads stack processing.
+ThreadedStack = true
+
+# The number of worker threads used to asynchronously retrieve user authentication information
+# from the database store.
+NumAuthGrabberWorkerThreads = 2
+
+# The number of worker threads in Async Processor tread pool. Used by all Async Processors
+# (ie. RequestFilter)
+NumAsyncProcessorWorkerThreads = 2
+
+# Specify domains for which this proxy is authorative (in addition to those specified on web
+# interface) - comma separate list
+# Note: Domains specified here cannot be used when creating users, domains used in user
+# AORs must be specified on the web interface.
+Domains =
+
+# Uri to use as Record-Route
+RecordRouteUri =
+
+# Force record-routing
+# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
+# the alternate transport specification mechanism and defining a RecordRouteUri per
+# transport: TransportXRecordRouteUri
+ForceRecordRouting = false
+
+# Assume path option
+AssumePath = false
+
+# Disable registrar
+DisableRegistrar = false
+
+# Specify a comma separate list of enum suffixes to search for enum dns resolution
+EnumSuffixes =
+
+# Specify length of timer C in sec (0 or negative will disable timer C) - default 180
+TimerC = 180
+
+# Override the default value of T1 in ms (you probably should not change this) - leave
+# as 0 to use default of 500ms)
+TimerT1 = 0
+
+# Disable outbound support (RFC5626)
+# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
+# the alternate transport specification mechanism and defining a RecordRouteUri per
+# transport: TransportXRecordRouteUri
+DisableOutbound = true
+
+# Set the draft version of outbound to support (default: RFC5626)
+# Other accepted values are the versions of the IETF drafts, before RFC5626 was issued
+# (ie. 5, 8, etc.)
+OutboundVersion = 5626
+
+# Enable use of flow-tokens in non-outbound cases
+# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
+# the alternate transport specification mechanism and defining a RecordRouteUri per
+# transport: TransportXRecordRouteUri
+EnableFlowTokens = false
+
+# Enable use of flow-tokens in non-outbound cases for clients detected to be behind a NAT.
+# This a more selective flow token hack mode for clients not supporting RFC5626. The
+# original flow token hack (EnableFlowTokens) will use flow tokens on all client requests.
+# Possible values are: DISABLED, ENABLED and PRIVATE_TO_PUBLIC.
+# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
+# the alternate transport specification mechanism and defining a RecordRouteUri per
+# transport: TransportXRecordRouteUri
+ClientNatDetectionMode = DISABLED
+
+# Set to greater than 0 to enable addition of Flow-Timer header to REGISTER responses if
+# outbound is enabled (default: 0)
+FlowTimer = 0
+
+
+########################################################
+# CertificateAuthenticator Monkey Settings
+########################################################
+
+# Enables certificate authenticator - note you MUST use a TlsTransport
+# with TlsClientVerification set to Optional or Mandatory.
+# There are two levels of checking:
+# a) cert must be signed by a CA trusted by the stack
+# b) the CN or one of the subjectAltName values must match the From:
+# header of each SIP message on the TlsConnection
+# Examples:
+# Cert 1:
+# common name = daniel at pocock.com.au
+# => From: <daniel at pocock.com.au> is the only value that will pass
+# Cert 2:
+# subjectAltName = pocock.com.au
+# => From: <<anything>@pocock.com.au> will be accepted
+# Typically, case 1 is for a real client connection (e.g. Jitsi), case 2
+# (whole domain) is for federated SIP proxy-to-proxy communication (RFC 5922)
+EnableCertificateAuthenticator = false
+
+
+########################################################
+# DigestAuthenticator Monkey Settings
+########################################################
+
+# Disable DIGEST challenges - disables this monkey
+DisableAuth = false
+
+# Http hostname for this server (used in Identity headers)
+HttpHostname =
+
+# Disable adding identity headers
+DisableIdentity = false
+
+# Enable addition and processing of P-Asserted-Identity headers
+EnablePAssertedIdentityProcessing = false
+
+# Disable auth-int DIGEST challenges
+DisableAuthInt = false
+
+# Send 403 if a client sends a bad nonce in their credentials (will send a new
+# challenge otherwise)
+RejectBadNonces = false
+
+# allow To tag in registrations
+AllowBadReg = false
+
+
+########################################################
+# RequestFilter Monkey Settings
+########################################################
+
+# Disable RequestFilter monkey processing
+DisableRequestFilterProcessor = false
+
+# Default behavior for when no matching filter is found. Leave empty to allow
+# request processing to continue. Otherwise set to a SIP status error code
+# (400-699) that should be used to reject the request (ie. 500, Server Internal
+# Error).
+# The status code can optionally be followed by a , and SIP reason text.
+RequestFilterDefaultNoMatchBehavior =
+
+# Default behavior for SQL Query db errors. Leave empty to allow request processing
+# to continue. Otherwise set to a SIP status error code (400-699) that should be
+# used to reject the request (ie. 500 - Server Internal Error).
+# The status code can optionally be followed by a , and SIP reason text.
+# Note: DB support for this action requires MySQL support.
+RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error
+
+# The hostname running MySQL server to connect to for any blocked entries
+# that are configured to used a SQL statement.
+# The value of host may be either a host name or an IP address. If host is "localhost",
+# a connection to the local host is assumed. For Windows, the client connects using a
+# shared-memory connection, if the server has shared-memory connections enabled. Otherwise,
+# TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of
+# "." on Windows, the client connects using a named pipe, if the server has named-pipe
+# connections enabled. If named-pipe connections are not enabled, an error occurs.
+# WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
+#
+# Note: If this setting is left blank then repro will fallback all remaining my sql
+# settings to use the global MySQLServer settings.
+RequestFilterMySQLServer =
+
+# The MySQL login ID to use when connecting to the MySQL Server.
+# Note: If the RequestFilterMySQLServer setting is left blank then repro will fallback to
+# using the global MySQL settings.
+RequestFilterMySQLUser = root
+
+# The password for the MySQL login ID specified.
+# Note: If the RequestFilterMySQLServer setting is left blank then repro will fallback to
+# using the global MySQL settings.
+RequestFilterMySQLPassword = root
+
+# The database name on the MySQL server that contains the repro tables
+# Note: If the RequestFilterMySQLServer setting is left blank then repro will fallback to
+# using the global MySQL settings.
+RequestFilterMySQLDatabaseName =
+
+# If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
+# the host parameter determines the type of the connection.
+# Note: If the RequestFilterMySQLServer setting is left blank then repro will fallback to
+# using the global MySQL settings.
+RequestFilterMySQLPort = 3306
+
+
+########################################################
+# StaticRoute Monkey Settings
+########################################################
+
+# Specify where to route requests that are in this proxy's domain - disables the
+# routes in the web interface and uses a SimpleStaticRoute monkey instead.
+# A comma seperated list of routes can be specified here and each route will
+# be added to the outbound Requests with the RequestUri left in tact.
+Routes =
+
+# Parallel fork to all matching static routes
+ParallelForkStaticRoutes = false
+
+# By default (false) we will stop looking for more Targets if we have found
+# matching routes. Setting this value to true will allow the LocationServer Monkey
+# to run after StaticRoutes have been found. In this case the matching
+# StaticRoutes become fallback targets, processed only after all location server
+# targets fail.
+ContinueProcessingAfterRoutesFound = false
+
+
+########################################################
+# Message Silo Monkey Settings
+########################################################
+
+# Specify where the Message Silo is enabled or not. If enabled,
+# then repro will store MESSAGE requests for users that are not online.
+# When the user is back online (ie. registers with repro), the stored
+# messages will be delivered.
+MessageSiloEnabled = false
+
+# A regular expression that can be used to filter which URI's not to
+# do message storage (siloing) for. Destination/To URI's matching
+# this regular expression will not be silo'd.
+MessageSiloDestFilterRegex =
+
+# A regular expression that can be used to filter which body/content/mime
+# types not to do message storage (siloing) for. Content-Type's matching
+# this regular expression will not be silo'd.
+MessageSiloMimeTypeFilterRegex = application\/im\-iscomposing\+xml
+
+# The number of seconds a message request will be stored in the message silo.
+# Messages older than this time, are candidates for deletion.
+# Default (259200 seconds = 30 days)
+MessageSiloExpirationTime = 2592000
+
+# Flag to indicate if a Date header should be added to replayed SIP
+# MESSAGEs from the silo, when a user registers.
+MessageSiloAddDateHeader = true
+
+# Defines the maximum message content length (bytes) that will be stored in
+# the message silo. Messages with a Content-Length larger than this
+# value will be discarded.
+# WARNING: Do not increasing this value beyond the capabilities of the
+# database storage or internal buffers.
+# Note: AbstractDb uses a read buffer size of 8192 - do not exceed this size.
+MessageSiloMaxContentLength = 4096
+
+# The status code returned to the sender when a messages is successfully
+# silo'd.
+MessageSiloSuccessStatusCode = 202
+
+# The status code returned to the sender when a messages mime-type matches
+# the MessageSiloMimeTypeFilterRegex. Can be used to avoid sending errors
+# to isComposing mime bodies that don't need to be silod. Set to 0 to use
+# repro standard response (ie. 480).
+MessageSiloFilteredMimeTypeStatusCode = 200
+
+# The status code returned to the sender when a messages is not silo'd due
+# to the MaxContentLength being exceeded.
+MessageSiloFailureStatusCode = 480
+
+
+########################################################
+# Recursive Redirect Lemur Settings
+########################################################
+
+# Handle 3xx responses in the proxy - enables the Recursive Redirect Lemur
+RecursiveRedirect = false
+
+
+########################################################
+# Geo Proximity Target Sorter Baboon Settings
+########################################################
+
+# If enabled, then this baboon can post-process the target list.
+# This includes targets from the StaticRoute monkey and/or targets
+# from the LocationServer monkey. Requests that meet the filter
+# criteria will have their Target list, flatened (serialized) and
+# ordered based on the proximity of the target to the client sending
+# the request. Proximity is determined by looking for a
+# x-repro-geolocation="<latitude>,<longitude>" parameter on the Contact
+# header of a received request, or the Contact headers of Registration
+# requests. If this parameter is not found, then this processor will
+# attempt to determine the public IP address closest to the client or
+# target and use the MaxMind Geo IP library to lookup the geo location.
+GeoProximityTargetSorting = false
+
+# Specify the full path to the IPv4 Geo City database file
+# Note: A free version of the database can be downloaded from here:
+# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+# For a more accurate database, please see the details here:
+# http://www.maxmind.com/app/city
+GeoProximityIPv4CityDatabaseFile = GeoLiteCity.dat
+
+# Specify the full path to the IPv6 Geo City database file
+# Note: A free version of the database can be downloaded from here:
+# http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/
+# For a more accurate database, please see the details here:
+# http://www.maxmind.com/app/city
+# Leave blank to disable V6 lookups. Saves memory (if not required).
+#GeoProximityIPv6CityDatabaseFile = GeoLiteCityv6.dat
+GeoProximityIPv6CityDatabaseFile =
+
+# This setting specifies a PCRE compliant regular expression to attempt
+# to match against the request URI of inbound requests. Any requests
+# matching this expression, will have its Targets sorted as described
+# above. Leave blank to match all requests.
+GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$
+
+# The distance (in Kilometers) to use for proximity sorting, when the
+# Geo Location of a target cannot be determined.
+GeoProximityDefaultDistance = 0
+
+# If enabled, then targets that are determined to be of equal distance
+# from the client, will be placed in a random order.
+LoadBalanceEqualDistantTargets = true
+
+
+########################################################
+# Q-Value Target Handler Baboon Settings
+########################################################
+
+# Enable sequential q-value processing - enables the Baboon
+QValue = true
+
+# Specify forking behavior for q-value targets: FULL_SEQUENTIAL, EQUAL_Q_PARALLEL,
+# or FULL_PARALLEL
+QValueBehavior = EQUAL_Q_PARALLEL
+
+# Whether to cancel groups of parallel forks after the period specified by the
+# QValueMsBeforeCancel parameter.
+QValueCancelBetweenForkGroups = true
+
+# msec to wait before cancelling parallel fork groups when QValueCancelBetweenForkGroups
+# is true
+QValueMsBeforeCancel = 30000
+
+# Whether to wait for parallel fork groups to terminate before starting new fork-groups.
+QValueWaitForTerminateBetweenForkGroups = true
+
+# msec to wait before starting new groups of parallel forks when
+# QValueWaitForTerminateBetweenForkGroups is false
+QValueMsBetweenForkGroups = 3000
+
+
diff --git a/debian/repro.init b/debian/repro.init
new file mode 100644
index 0000000..df0dcd9
--- /dev/null
+++ b/debian/repro.init
@@ -0,0 +1,80 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: repro
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: repro SIP Server
+# Description: repro SIP proxy server from the reSIProcate suite
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NAME=repro
+DESC="SIP proxy"
+DAEMON=/usr/sbin/$NAME
+USER=repro
+GROUP=repro
+PIDFILE="/var/run/$NAME/$NAME.pid"
+#PIDFILE="/var/run/${NAME}.pid"
+PIDFILE_DIR=`dirname $PIDFILE`
+
+test -x $DAEMON || exit 1
+umask 002
+
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+ . /etc/default/$NAME
+fi
+
+DAEMON_OPTS="/etc/repro/${NAME}.config --Daemonize=true --LoggingType=syslog --PidFile=${PIDFILE}"
+
+if [ ! -d "$PIDFILE_DIR" ];then
+ mkdir "$PIDFILE_DIR"
+ chown $USER:$GROUP "$PIDFILE_DIR"
+fi
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --quiet --chuid $USER:$GROUP --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --oknodo --user $USER --pidfile $PIDFILE --exec $DAEMON
+ echo "$NAME."
+ ;;
+ status)
+ echo -n "Status $DESC: "
+ PID=$(cat $PIDFILE)
+ kill -0 $PID
+ rc=$?
+ # Check exit code
+ if [ "$rc" -ne 0 ]
+ then
+ echo "$NAME is NOT running."
+ exit 7
+ else
+ echo "$NAME is running with PID: $PID"
+ fi
+ ;;
+ restart|force-reload)
+ echo -n "Restarting $DESC: "
+ #start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
+ $0 stop
+ sleep 10
+ #start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
+ $0 start
+ echo "$NAME."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|status|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/repro.install b/debian/repro.install
new file mode 100644
index 0000000..e32939e
--- /dev/null
+++ b/debian/repro.install
@@ -0,0 +1,2 @@
+usr/lib/librepro-*.so*
+usr/sbin/repro
diff --git a/debian/repro.lintian-overrides b/debian/repro.lintian-overrides
new file mode 100644
index 0000000..8799896
--- /dev/null
+++ b/debian/repro.lintian-overrides
@@ -0,0 +1,2 @@
+repro binary: package-name-doesnt-match-sonames
+repro binary: possible-gpl-code-linked-with-openssl
diff --git a/debian/repro.manpages b/debian/repro.manpages
new file mode 100644
index 0000000..53e1870
--- /dev/null
+++ b/debian/repro.manpages
@@ -0,0 +1 @@
+repro/doc/repro.8
diff --git a/debian/repro.postinst b/debian/repro.postinst
new file mode 100644
index 0000000..e6d556f
--- /dev/null
+++ b/debian/repro.postinst
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+# . /usr/share/debconf/confmodule
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+# $1 = version of the package being upgraded.
+install() {
+
+ if [ -f /etc/default/repro ]; then
+ . /etc/default/repro || true
+ fi
+
+ REPRO_GROUP=${REPRO_GROUP:-repro}
+ if ! getent group "$REPRO_GROUP" >/dev/null; then
+ addgroup --system "$REPRO_GROUP" || exit 1
+ fi
+
+ REPRO_HOME=${REPRO_HOME:-/var/lib/repro}
+ REPRO_USER=${REPRO_USER:-repro}
+ if ! getent passwd "$REPRO_USER" >/dev/null; then
+ adduser --system \
+ --home "${REPRO_HOME}" \
+ --shell /bin/false \
+ --no-create-home \
+ --ingroup "$REPRO_GROUP" \
+ --disabled-password \
+ --disabled-login \
+ --gecos "reTurnServer daemon" \
+ "$REPRO_USER" || exit 1
+ fi
+
+ if [ ! -d ${REPRO_HOME} ];
+ then
+ mkdir ${REPRO_HOME} || exit 1
+ chown ${REPRO_USER}:${REPRO_GROUP} "${REPRO_HOME}"
+ fi
+
+}
+
+case "$1" in
+ configure)
+ install "$2"
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
diff --git a/debian/resiprocate-turn-server.README.Debian b/debian/resiprocate-turn-server.README.Debian
new file mode 100644
index 0000000..18fa565
--- /dev/null
+++ b/debian/resiprocate-turn-server.README.Debian
@@ -0,0 +1,76 @@
+
+Quickstart
+----------
+
+Everything is controlled from /etc/reTurnServer.config
+
+The daemon must be restarted after changing the config.
+
+Background
+----------
+
+Internet Connectivity Establishment (ICE) provides
+a solid solution to the problem of getting VoIP calls
+(both SIP and Jabber) through NAT environments.
+
+In particular, devices supporting ICE are able to probe
+the network topology to find the most efficient way to
+route RTP media streams.
+
+In some cases, the devices discover they are both on the
+same NAT network, and they can route RTP media to each
+other without any translation issues.
+
+In other cases, the devices discover that there is
+a co-operative NAT router that works with STUN.
+
+In about 10% of cases, the NAT routers are not
+co-operating, and a relay is needed. reTurnServer
+provides a solid implementation of such a relay.
+
+Recommendations
+---------------
+
+As the ICE protocol is defined in a formal RFC and
+supported by a wide range of devices, it is highly
+recommended to use a solution like reTurn instead
+of solutions like rtpproxy (such solutions mangle
+the SIP packets and sometimes impose a relay when
+it is not actually required).
+
+When using ICE and TURN, it is highly recommended that
+SIP packets are routed over TLS (not regular TCP or UDP),
+for two reasons:
+- UDP packets are not big enough to store all the ICE
+ route discovery attributes, such packets can be
+ truncated or lost in the network
+- TCP and UDP can sometimes be mangled by SIP-aware
+ routers that are trying to help you. In fact,
+ this `help' was sometimes useful before ICE was
+ invented, but when you are using ICE, a
+ SIP-aware router can actually mangle the ICE attributes,
+ and prevent call establishment.
+Bottom line: always use TLS.
+
+Practical stuff
+---------------
+
+Set up DNS SRV records to help your devices discover
+the TURN server automatically. This makes it really
+easy. Lumicall, for example, will automatically
+discover TURN servers in this way.
+
+Some devices (such as Lumicall) will automatically try
+to authenticate their TURN session using the same
+credentials that they use for SIP. Therefore, it is
+a good idea to use RADIUS or some other mechanism to
+share credentials between the SIP proxy and TURN server.
+
+Getting help
+------------
+
+Please feel free to join the *-users mailing lists
+if you have questions:
+
+ http://list.resiprocate.org/mailman/listinfo
+
diff --git a/debian/resiprocate-turn-server.init b/debian/resiprocate-turn-server.init
new file mode 100644
index 0000000..9c37df1
--- /dev/null
+++ b/debian/resiprocate-turn-server.init
@@ -0,0 +1,78 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: resiprocate-turn-server
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: reTurn Server
+# Description: STUN and TURN Relay for VoIP media streams
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NAME=reTurnServer
+DESC="TURN relay"
+DAEMON=/usr/sbin/$NAME
+USER=return
+GROUP=return
+PIDFILE="/var/run/$NAME/$NAME.pid"
+#PIDFILE="/var/run/reTurnServer.pid"
+PIDFILE_DIR=`dirname $PIDFILE`
+
+test -x $DAEMON || exit 1
+umask 002
+
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+ . /etc/default/$NAME
+fi
+
+DAEMON_OPTS="/etc/reTurnServer.config --Daemonize=true --LoggingType=syslog --PidFile=${PIDFILE}"
+
+if [ ! -d "$PIDFILE_DIR" ];then
+ mkdir "$PIDFILE_DIR"
+ chown $USER:$GROUP "$PIDFILE_DIR"
+fi
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --quiet --chuid $USER:$GROUP --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --oknodo --user $USER --pidfile $PIDFILE --exec $DAEMON
+ echo "$NAME."
+ ;;
+ status)
+ echo -n "Status $DESC: "
+ PID=$(cat $PIDFILE)
+ kill -0 $PID
+ rc=$?
+ # Check exit code
+ if [ "$rc" -ne 0 ]
+ then
+ echo "$NAME is NOT running."
+ exit 7
+ else
+ echo "$NAME is running with PID: $PID"
+ fi
+ ;;
+ restart|force-reload)
+ echo -n "Restarting $DESC: "
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
+ sleep 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|status|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/resiprocate-turn-server.install b/debian/resiprocate-turn-server.install
new file mode 100644
index 0000000..9a158cf
--- /dev/null
+++ b/debian/resiprocate-turn-server.install
@@ -0,0 +1 @@
+usr/sbin/reTurnServer
diff --git a/debian/resiprocate-turn-server.lintian-overrides b/debian/resiprocate-turn-server.lintian-overrides
new file mode 100644
index 0000000..d5676c8
--- /dev/null
+++ b/debian/resiprocate-turn-server.lintian-overrides
@@ -0,0 +1 @@
+resiprocate-turn-server binary: possible-gpl-code-linked-with-openssl
diff --git a/debian/resiprocate-turn-server.manpages b/debian/resiprocate-turn-server.manpages
new file mode 100644
index 0000000..16ecee7
--- /dev/null
+++ b/debian/resiprocate-turn-server.manpages
@@ -0,0 +1 @@
+reTurn/reTurnServer.8
diff --git a/debian/resiprocate-turn-server.postinst b/debian/resiprocate-turn-server.postinst
new file mode 100644
index 0000000..20bf925
--- /dev/null
+++ b/debian/resiprocate-turn-server.postinst
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+# $1 = version of the package being upgraded.
+install() {
+
+ if [ -f /etc/default/resiprocate-turn-server ]; then
+ . /etc/default/resiprocate-turn-server || true
+ fi
+
+ RETURN_GROUP=${RETURN_GROUP:-return}
+ if ! getent group "$RETURN_GROUP" >/dev/null; then
+ addgroup --system "$RETURN_GROUP" || exit 1
+ fi
+
+ RETURN_USER=${RETURN_USER:-return}
+ if ! getent passwd "$RETURN_USER" >/dev/null; then
+ adduser --system \
+ --home / \
+ --shell /bin/false \
+ --no-create-home \
+ --ingroup "$RETURN_GROUP" \
+ --disabled-password \
+ --disabled-login \
+ --gecos "reTurnServer daemon" \
+ "$RETURN_USER" || exit 1
+ fi
+
+}
+
+case "$1" in
+ configure)
+ install "$2"
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..a2460fa
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+DEB_CONFIGURE_EXTRA_FLAGS := --with-ssl
+DEB_CONFIGURE_EXTRA_FLAGS += --with-mysql
+DEB_CONFIGURE_EXTRA_FLAGS += --with-apps
+DEB_CONFIGURE_EXTRA_FLAGS += --enable-ipv6
+DEB_CONFIGURE_EXTRA_FLAGS += --with-radius
+DEB_CONFIGURE_EXTRA_FLAGS += --with-c-ares
+
+CPPFLAGS += -DRESIP_FIXED_POINT
+LDFLAGS += -lcares
+
+install/repro::
+ mkdir -p debian/repro/etc/repro/ssl
+ cp debian/repro.config-sample debian/repro/etc/repro/repro.config
+ mkdir -p debian/repro/usr/share/doc/repro
+ cp repro/README_MySQL.txt debian/repro/usr/share/doc/repro
+
+install/resiprocate-turn-server::
+ mkdir -p debian/resiprocate-turn-server/etc
+ cp debian/reTurnServer.config-sample debian/resiprocate-turn-server/etc/reTurnServer.config
+ mkdir -p debian/resiprocate-turn-server/usr/share/doc/resiprocate-turn-server
+ cp reTurn/README.txt debian/resiprocate-turn-server/usr/share/doc/resiprocate-turn-server
+
diff --git a/debian/sipdialer.README.Debian b/debian/sipdialer.README.Debian
new file mode 100644
index 0000000..54e0fcf
--- /dev/null
+++ b/debian/sipdialer.README.Debian
@@ -0,0 +1,6 @@
+
+
+Please find detailed instructions in README.txt
+
+Please find a sample config file in sipdial.cfg
+
diff --git a/debian/sipdialer.docs b/debian/sipdialer.docs
new file mode 100644
index 0000000..6e47ff2
--- /dev/null
+++ b/debian/sipdialer.docs
@@ -0,0 +1,3 @@
+apps/sipdial/README.txt
+apps/sipdial/test.html
+apps/sipdial/sipdial.cfg
diff --git a/debian/sipdialer.install b/debian/sipdialer.install
new file mode 100644
index 0000000..3f12078
--- /dev/null
+++ b/debian/sipdialer.install
@@ -0,0 +1 @@
+usr/bin/sipdialer
diff --git a/debian/sipdialer.manpages b/debian/sipdialer.manpages
new file mode 100644
index 0000000..55644e5
--- /dev/null
+++ b/debian/sipdialer.manpages
@@ -0,0 +1 @@
+apps/sipdial/sipdialer.1
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..ccce960
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=3
+http://www.resiprocate.org/files/pub/reSIProcate/releases/resiprocate-(.+)\.tar\.gz
--
UNNAMED PROJECT
More information about the Pkg-voip-commits
mailing list