Add debian metadata

Used these instructions as guide to create debian metadata:
https://wiki.debian.org/Packaging/Intro#The_packaging_work_flow
https://wiki.debian.org/Python/LibraryStyleGuide

Debian build instructions for upstream release 0.11.2.dev3:
-----------------------------------------------------------
 # Assuming sbuild is installed and chroot is created
 # https://wiki.debian.org/sbuild

 # Download upstream tarball + signature and rename to expected pattern
 wget https://github.com/theupdateframework/tuf/releases/download/v0.11.2.dev3/tuf-0.11.2.dev3.tar.gz \
  -O python-tuf_0.11.2.dev3.orig.tar.gz
 wget https://github.com/theupdateframework/tuf/releases/download/v0.11.2.dev3/tuf-0.11.2.dev3.tar.gz.asc \
  -O python-tuf_0.11.2.dev3.orig.tar.gz.asc

 # Extract upstream tarball
 tar xf python-tuf_0.11.2.dev3.orig.tar.gz

 # Clone upstream repo for debian files and tests
 git clone https://github.com/theupdateframework/tuf.git \
  tuf-upstream

 # Copy debian files (from debian branch)
 git -C tuf-upstream checkout debian --
 cp -r tuf-upstream/debian tuf-0.11.2.dev3/

 # Change to unpacked tarball
 cd tuf-0.11.2.dev3

 # Build (w/o tests)
 # NOTE: (1) Securessystemslib is not yet in debian, you need to first build it
 # locally (see instructions at
 # 9d36a9fb3c)
 # and pass it as `--extra-package`
 # NOTE: (2) `--extra-package` does not seem to work for tests during sbuild,
 # hence the nocheck option. This should be easier once securesystemslib is in.
 DEB_BUILD_OPTIONS=nocheck sbuild -A -s -d unstable \
    --extra-package /path/to/python3-securesystemslib_0.11.3-1_all.deb

 # Sign debian files (replace keyid if necessary)
 debsign -k 8BA69B87D43BE294F23E812089A2AD3C07D962E8

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

debian/changelog

@@ -0,0 +1,5 @@
+python-tuf (0.11.2.dev3-1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Lukas Puehringer <lukas.puehringer@nyu.edu>  Thu, 27 Jun 2019 09:06:21 -0400

debian/compat

@@ -0,0 +1 @@
+12

debian/control

@@ -0,0 +1,32 @@
+Source: python-tuf
+Section: devel
+Priority: optional
+Maintainer: tuf developers <theupdateframework@googlegroups.com>
+Uploaders:
+ Lukas Puehringer <lukas.puehringer@nyu.edu>,
+ Justin Cappos <jcappos@nyu.edu>,
+Build-Depends:
+ dh-python,
+ debhelper (>= 12~),
+ python3-all,
+ python3-setuptools,
+ python3-six,
+ python3-iso8601,
+ python3-requests,
+ python3-securesystemslib (>= 0.11.3),
+Standards-Version: 4.3.0
+Homepage: https://theupdateframework.com
+Vcs-Git: https://github.com/theupdateframework/tuf.git
+Vcs-Browser: https://github.com/theupdateframework/tuf
+
+Package: python3-tuf
+Architecture: all
+Depends:
+  ${python3:Depends},
+  ${misc:Depends},
+Description: plug-and-play library for securing a software updater
+ The Update Framework (TUF) helps developers to maintain the security of a
+ software update system, even against attackers that compromise the repository
+ or signing keys.
+ .
+ tuf is developed at the Secure Systems Lab of NYU.

debian/copyright

@@ -0,0 +1,24 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: tuf
+Source: https://github.com/theupdateframework
+
+Files: *
+Copyright: 2018 New York University
+License: Apache-2.0
+ Copyright 2018 New York University
+ .
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the full text of the Apache-2.0
+ License can be found in the file
+ `/usr/share/common-licenses/Apache-2.0'.

debian/rules

@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = tuf
+
+%:
+	dh $@ --with python3  --buildsystem=pybuild

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/options

@@ -0,0 +1,11 @@
+# Default ignore patterns contains *.o and *.a. So we need to define our own
+# patterns to get them included.
+--tar-ignore=.*.sw?
+--tar-ignore=*/*~
+--tar-ignore=,,*
+--tar-ignore=.[#~]*
+--tar-ignore=.deps
+--tar-ignore=.git
+--tar-ignore=.gitattributes
+--tar-ignore=.gitignore
+--tar-ignore=.gitmodules

debian/upstream/signing-key.asc

@@ -0,0 +1,56 @@
+pub   rsa4096 2015-11-24 [SC] [expires: 2019-11-24]
+      C2FB9C910758B6827BC43233BC0C6DEDD5E5CC03
+uid           [  full  ] Sebastien Awwad <sebastien.awwad@gmail.com>
+sub   rsa4096 2015-11-24 [E] [expires: 2019-11-24]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFZUo/cBEAD4iHZNshzRMPlF1BjaTM0ZeUMMlEm6j6Ej8QuuRqu4rcHm1yUA
+Lht3vPy58SvwEezdsbRTAsYTCxMJ970wROy7XlOOKUqK09jnrUFvYfIQbgulBBcF
+yGKyKBy6nNwDVBPWVk9gW/hL5JM42K1lK6m+/nUAnW1ntR+ApBbiA0o7nGLeNVhU
+6KLgQFWgQpVkpoD1oEpbmHwxiBcrGdwDGJM7Pit/T46M161PPmYs4c4x2VRR5YdH
+q9M+fjWp0hWD+0K62UGtHGJVc36pY/jniJbvAre1dw3kDxhrB7/DIF1GHZNWTysr
+eiEp21k7trZ0iqd9aQbeA9a8BfjwEqnAqfLsnqNmKJR5+cmucy5I+Ar74+65Fxsp
+QGrMtJvBn10GF2KX80RiqThcLwZKvorb2w2Jcmw1lfl8E/9HNq6XL2becVeuck2N
+g+bH7LSZj1PjpXDd0SR0thxx83bl1ekPFMvIYsJl4eQ+8wYNe46YXI5ozEGTXSb+
+i86RYzdm+443LRFTdkG4o+1NjzS1EtJ2mX/7UXqHE2TIyMlZh86Ch1LQrT26Z8mr
+eXlO8oyFeNq5jfkiUzwxPW7NHhfKXJDiebyA8VnR/yLjGcUBau+e7KW81ZwK/2pM
+6iSVNQKZSwKcMLjHwhgPzMblG9wW9dv3ujucwX9kKRSfX3/iZzfNS9NJrQARAQAB
+tCtTZWJhc3RpZW4gQXd3YWQgPHNlYmFzdGllbi5hd3dhZEBnbWFpbC5jb20+iQI9
+BBMBCgAnBQJWVKP3AhsDBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+ELwMbe3V5cwDSZcQANt227S6PdzZZssLJllAcpU8o7N1A+n6H04ReUEgYaXpSkgC
+XtyYhDotL90fJ6aiN9cG0UKmf4jFJYfqXkUj7cBFdQF/vmhDcxUQg1U3HZ/+0Hvv
+jiVE3Es6XgkniYxeBMww4ZvaSFMZvFUBzyemg881zXc1O2IU/H5XKImzN5NzP7js
+oQwPVqa0x1Feqox5TXCWloEsW3YyHllnvqcD6WGjOh7jeave0U8Wl8MsZ1s3bNkM
+pctbKIhPWsJRT49aRDeq1DkfW7Dv2+FahZZKqbvAObBtQrJe4QL4jbHzNbmHEZGm
+Zf+UtVJWvYbWixvW/rduOaNlJzudCb5hqBYnmt78OzdB4GzzCbkpTOwFqeSF7tco
+3Npf5/bgvp49kSKSHFNKVQZcQeAKd4fHA8sV8px7qVDk0+sQcjPP8EhCQnoy7+pM
+dpdkKXd1DSbBS+bb9QOQ/hOpyAOFSb0dXUhtTTmkz+/kp/5CWgc/yBKh9EWbmCYf
+3FXHnQpzKWudatEWVZ0vAZLltxBJ9ObGf5/Mcz4WPceTLMaXEAyLbQYNKbbNMGxL
+r93s/YnCHyD9SgB0nAKE1KD/Am0tVEF9gIbp+plAXjc9yulWPYRb8hXAVCAEtRs2
+h2QBYxPCm7y3Mw8OuTB6ObloH7Nw6BrVC6EkRbyeym0xTrGcfHO9C4X1tOT8uQIN
+BFZUo/cBEAChUVlyFFPFNc/kI5n4dkxqjJVVOyDq0MCT3F4BnQc/XD2BdMyUycGF
+FxPWYcf0M0ZLClZj0dF1iT0gmW3OGn4/8exgwIdQE6ylw3xx+Qp1dSdIk3yARciz
+Ak+0rFKWBV8Rehu+U4OvUhh2lswPXpAnR5upReuzUafYqPzVoTooFGIS09hWEOek
+nDwIVfI19QEGSbyM3yF6OrxUAorKercv94MmBz+LnHNe6uE8KfGxUtrEZnr0M/Vk
+GnotvUMrtql+hCRGQSOFFhj+uXa++0yTkg1mV7XsMmmh0ipSRx9dNcxal6VF+1di
+CIVy0BBH8CCRY698gXOUgjZlKmBijk41vOvRuZtrZkQFlxSgFDn9iS0LUDmnQVBx
+8FcRFb+AW9RHA8A2Ofj1IimI/tQ8Lbgeh+9Ro35rs3ngTYCJSMZ4UFPUhccS3LFM
+xX4xoSfl8nx5iDLXtVgLMl4bhWUmSr7ejzQYTJeX2cugvERRC2ygHv21/p0IduoW
+sz2kvtU01nwl4pVEQWsQb0JFMUKrPhLZVKkvqYo91n21YUO8Sq4A/IWJ9adQsUzp
+3QHLdVz2PzXn7Ea7/YBjV1GMOS6/ysFsD49LXyk4+J+dBW9soXf4gOGXFZB4l8RU
+jCg2qsoDKdl9ZVKK8n+GnUJck6tNIDhV/WXsjSr2kR7EpION08g4HwARAQABiQIl
+BBgBCgAPBQJWVKP3AhsMBQkHhh+AAAoJELwMbe3V5cwDS+sP/jZsgboeMJNwlE1c
+I4214kiJG4Xe6fWRJsuFY5HkfbAPrkmOtwYpLmlOl2MDglgacHgM17F9lSoOHBFf
+cfWw7yoN3ymVxKALbFw7E4oIxw/0oWJ8jDc7y/rx26nAZty5HjAUbGbEUZFZdPHc
+oXaghj5Mu5VId/cBytxMPwP8g2IOrAHu9hgLSLtS/iHz2Kgfr0llo7pDjfTpkZhO
+AXIJ4VOZCvkfpSzws/4h7EhDlakfQEOKGDG1VVe8mhsCMh2ZqCvXFtxMJHVODTYv
+U5jc6c2C3zAfQmmNwHCz1gnI0uE8xYIAyTINIax3QUbfSJI9un71kxH3faNqCiLh
+NghzcfBGO5K7JU1lfwUOE5GOZqgPp0pjPEa9UckvQ0q1+j4uSuKGi77ej0EfGHCB
+IHA3B9DT8MDeiQZdCewiEgBcdKkZn4sm6EBqsYdwcYiJwAYxje2ZqWcAQijfo3XW
+kqscWLBSDLM0uTSbOwUylk9VPF7bFKPQT7qxcBK0QWhA1DR8VNucSNynnz9uYOzO
+UbMNkFTxgC1ehWk+WQUlW+e3QL9xaF5GjIuaw5gDveORUV6se82e1+0dp/pi/rRX
+mLv3/HMgMgxRVJtTm2PUO0PYWk4aJux5FP0LKek999mx87rpm7rK0SMjAUnRqoJc
+rwDr2z4WuRfiMt+fGtbk9HRaLJvx
+=Cr7l
+-----END PGP PUBLIC KEY BLOCK-----

debian/watch

@@ -0,0 +1,3 @@
+version=3
+opts=uversionmangle=s/(rc|a|b|c)/~$1/,pgpsigurlmangle=s/$/.asc/ \
+https://pypi.debian.net/tuf/tuf-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))