10 files changed, 312 insertions, 387 deletions
diff --git a/debian/changelog b/debian/changelog
index a078f81c5..b330ee4ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,90 @@
+gnunet (0.15.3) unstable; urgency=low
+  * New upstream release, bumping version.
+ -- Christian Grothoff <grothoff@gnu.org>  Sat, 28 Aug 2021 21:14:18 +0200
+gnunet (0.15.2) unstable; urgency=low
+  * New upstream release, bumping version.
+  * Fixes linker issues. Very strange that Debian insists on explicit indirect dependencies for plugins.
+ -- Christian Grothoff <grothoff@gnu.org>  Tue, 24 Aug 2021 21:14:18 +0200
+gnunet (0.15.1) unstable; urgency=low
+  * New upstream release, bumping version.
+ -- Christian Grothoff <grothoff@gnu.org>  Mon, 23 Aug 2021 21:14:18 +0200
+gnunet (0.15.0) unstable; urgency=low
+  * New upstream release, bumping version.
+ -- Florian Dold <florian@dold.me>  Sun, 08 Aug 2021 21:14:18 +0200
+gnunet (0.14.1-13) unstable; urgency=low
+  * Minor upstream fixes.
+ -- Florian Dold <florian@dold.me>  Fri, 06 Aug 2021 11:56:29 +0200
+gnunet (0.14.1-12) unstable; urgency=low
+  * Lower debhelper compatibility level to 12.
+  * Do not inject user units in postinst for now.
+  * Tweaks to packaging.
+ -- Florian Dold <florian@dold.me>  Sat, 31 Jul 2021 20:04:42 +0200
+gnunet (0.14.1-11) unstable; urgency=low
+  * Make configuration parsing more permissive.
+ -- Florian Dold <florian@dold.me>  Sat, 31 Jul 2021 20:04:42 +0200
+gnunet (0.14.1-10) unstable; urgency=low
+  * Do not remove users/groups in postrm.
+ -- Florian Dold <florian@dold.me>  Sat, 31 Jul 2021 16:46:13 +0200
+gnunet (0.14.1-9) unstable; urgency=low
+  * Fix some bugs in configuration file parsing.
+ -- Florian Dold <florian@dold.me>  Sat, 31 Jul 2021 16:08:19 +0200
+gnunet (0.14.1-8) unstable; urgency=low
+  * Allow configuration entry point to fall back to /etc/.
+ -- Florian Dold <florian@dold.me>  Thu, 29 Jul 2021 15:03:08 +0200
+gnunet (0.14.1-7) unstable; urgency=low
+  * Implement new configuration directives and diagnostics.
+ -- Florian Dold <florian@dold.me>  Wed, 28 Jul 2021 21:23:36 +0200
+gnunet (0.14.1-6) unstable; urgency=low
+  * Fix path resolution of inlined config files.
+ -- Florian Dold <florian@dold.me>  Mon, 26 Jul 2021 19:35:45 +0200
+gnunet (0.14.1-5) unstable; urgency=low
+  * New JSON construction helpers.
+ -- Florian Dold <florian@dold.me>  Mon, 26 Jul 2021 17:49:20 +0200
+gnunet (0.14.1-4) unstable; urgency=low
+  * New absolute/relative time helpers.
+ -- Florian Dold <florian@dold.me>  Mon, 26 Jul 2021 15:44:44 +0200
 gnunet (0.14.1-3) unstable; urgency=low
  * Allow decoding larger JSON objects than 1 kb.
diff --git a/debian/control b/debian/control
index 01b549286..57acc6e1e 100644
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,7 @@ Build-Depends:
 autoconf (>=2.59),
 automake (>=1.11.1),
 autopoint,
- debhelper-compat (= 13),
+ debhelper-compat (= 12),
 gettext,
 iptables,
 libbluetooth-dev,
diff --git a/debian/gnunet.config b/debian/gnunet.config
index 6daa6818e..ebb94c56f 100644
--- a/debian/gnunet.config
+++ b/debian/gnunet.config
@@ -4,12 +4,6 @@ set -e
 . /usr/share/debconf/confmodule
-db_input low gnunet-systempeer/username || true
-db_go
-db_input low gnunet-systempeer/groupname || true
-db_go
 db_input medium gnunet-systempeer/autostart || true
 db_go
diff --git a/debian/gnunet.dirs b/debian/gnunet.dirs
index 1e2a7d4c0..e6da73664 100644
--- a/debian/gnunet.dirs
+++ b/debian/gnunet.dirs
@@ -1,2 +1 @@
 var/lib/gnunet
-var/log/gnunetd
diff --git a/debian/gnunet.install b/debian/gnunet.install
index 0de11b4c2..a19f47cc8 100644
--- a/debian/gnunet.install
+++ b/debian/gnunet.install
@@ -1,13 +1,9 @@
 etc/gnunet.conf
 usr/bin/
+usr/libexec/gnunet-cmds-helper
 usr/lib/*/gnunet/
 usr/lib/*/*.so.*
 usr/share/man/
 usr/share/info/
 usr/share/doc/gnunet/
 usr/share/gnunet/
-debian/etc/skel/.config/ etc/skel/
-debian/etc/skel/.config/gnunet.conf etc/skel/.config/
-debian/etc/skel/.config/systemd etc/skel/.config/
-debian/etc/skel/.config/systemd/gnunet-user-gns-proxy.service etc/skel/.config/systemd/
-debian/etc/skel/.config/systemd/gnunet-userpeer.service etc/skel/.config/systemd/
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst
index b6317f5be..fe36500c0 100644
--- a/debian/gnunet.postinst
+++ b/debian/gnunet.postinst
@@ -9,13 +9,13 @@ set -e
 # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
 # the configuration if the "hosts" line already references some gns lookups
 insert_gns() {
-        echo -n "Checking NSS setup..."
+  echo -n "Checking NSS setup..."
-        # abort if /etc/nsswitch.conf does not exist
+  # abort if /etc/nsswitch.conf does not exist
-        if ! [ -e /etc/nsswitch.conf ]; then
+  if ! [ -e /etc/nsswitch.conf ]; then
-                echo "Could not find /etc/nsswitch.conf."
+    echo "Could not find /etc/nsswitch.conf."
-                return 1
+    return 1
-        fi
+  fi
-        perl -i -pe '
+  perl -i -pe '
                sub insert {
                        # this also splits on tab
                        my @bits=split(" ", shift);
@@ -35,270 +35,169 @@ insert_gns() {
                }
                s/^(hosts:\s+)(.*)/$1.insert($2)/e;
        ' /etc/nsswitch.conf
-        echo " done."
+  echo " done."
 }
 case "${1}" in
-        configure)
+configure)
-                db_version 2.0
+  db_version 2.0
-                db_get gnunet-systempeer/username
+  _USERNAME="gnunet"
-                _USERNAME="${RET:-gnunet}"
+  _GROUPNAME="gnunet"
-                db_get gnunet-systempeer/groupname
+  db_get gnunet-systempeer/autostart
-                _GROUPNAME="${RET:-gnunet}"
+  _AUTOSTART="${RET}" # boolean
-                db_get gnunet-systempeer/autostart
+  db_get gnunet-dns/libnsswitch
-                _AUTOSTART="${RET}" # boolean
+  _LIBNSSWITCH="${RET}" # boolean
-                db_get gnunet-dns/libnsswitch
+  db_get gnunet-user/proxy
-                _LIBNSSWITCH="${RET}" # boolean
+  _PROXY="${RET}" # boolean
-                db_get gnunet-user/proxy
+  db_stop
-                _PROXY="${RET}" # boolean
+  # Read default values
-                db_stop
+  GNUNET_HOME="/var/lib/gnunet"
-                CONFIG_FILE="/etc/default/gnunet"
+  # Creating gnunet group if needed
+  if ! getent group ${_GROUPNAME} >/dev/null; then
-                # Read default values
+    echo -n "Creating new GNUnet group ${_GROUPNAME}:"
-                GNUNET_HOME="/var/lib/gnunet"
+    addgroup --quiet --system ${_GROUPNAME}
-                eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
+    echo " done."
+  fi
-                # Creating gnunet group if needed
-                if ! getent group ${_GROUPNAME} > /dev/null
+  # Creating gnunet user if needed
-                then
+  if ! getent passwd ${_USERNAME} >/dev/null; then
-                        echo -n "Creating new GNUnet group ${_GROUPNAME}:"
+    echo -n "Creating new GNUnet user ${_USERNAME}:"
-                        addgroup --quiet --system ${_GROUPNAME}
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
-                        echo " done."
+    echo " done."
-                fi
+  fi
-                # Creating gnunet user if needed
+  # Add a special secured group
-                if ! getent passwd ${_USERNAME} > /dev/null
+  GNUNETDNS_GROUP="gnunetdns"
-                then
-                        echo -n "Creating new GNUnet user ${_USERNAME}:"
+  # Creating gnunetdns group if needed
-                        adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
+  if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then
-                        echo " done."
+    echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
-                fi
+    addgroup --quiet --system ${GNUNETDNS_GROUP}
+    echo " done."
-                # Add a special secured group
+  fi
-                GNUNETDNS_GROUP="gnunetdns"
+  # Copy the libnss_gns files to the libnss directory
-                # Creating gnunetdns group if needed
+  if ${_LIBNSSWITCH}; then
-                if ! getent group ${GNUNETDNS_GROUP} > /dev/null
+    echo "Editing /etc/nsswitch.conf to use GNS before DNS"
-                then
+    # $2 equals the currently installed version if it exists
-                        echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
+    if [ -z "$2" ]; then
-                        addgroup --quiet --system ${GNUNETDNS_GROUP}
+      # first install: setup the recommended configuration (unless
-                        echo " done."
+      # nsswitch.conf already contains mdns entries)
-                fi
+      insert_gns
+      if [ "$?" -gt 0 ]; then
-                # Copy the libnss_gns files to the libnss directory
+        echo "nsswitch does not exist on this system"
-                if ${_LIBNSSWITCH}
+      fi
-                then
+    fi
-                        echo "Editing /etc/nsswitch.conf to use GNS before DNS"
+    echo " done."
-                        # $2 equals the currently installed version if it exists
+  fi
-                        if [ -z "$2" ]; then
-                                # first install: setup the recommended configuration (unless
+  #     # Change the proxy settings for Firefox and Chromium if desired
-                                # nsswitch.conf already contains mdns entries)
+  #             if ${_PROXY}
-                                insert_gns
+  #        then
-                                if [ "$?" -gt 0 ]; then
+  #                 mkdir -p /etc/X11/xinit/xinitrc.d/
-                                        echo "nsswitch does not exist on this system"
+  #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
-                                fi
+  ##!/bin/bash
-                        fi
+  #systemctl --user daemon-reload
-                        echo " done."
+  #systemctl --user start gnunet-user
-                fi
+  #systemctl --user enable gnunet-user
+  #user=$(whoami)
-                # Install GNUnet configuration for all users provided non exists
+  #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
-                userlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd)
+  #
-                users=($userlist)
+  ## Enable GNS proxy for new users informed by /etc/skel.
-                homedirlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $6}' /etc/passwd)
+  #if [ "$gnunet_proxy" ]; then
-                homedirs=($homedirlist)
+  #
+  #        # Calculate user specific port
-                for (( i=0; i<${#users[@]}; i++ )); do
+  #        port=$((8000+$(id -u $user)))
-                    usermod -aG gnunet ${users[$i]}
+  #
-                    if [ -n "$i" ]  && [ -d "${homedirs[$i]}" ]; then
+  #        gnunet-config -c $HOME/.config/gnunet.conf \
-                                    mkdir -p ${homedirs[$i]}/.config/systemd/user/
+  #                --section=gns-proxy \
+  #                --option=OPTIONS \
-                                    cat > "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" << EOF
+  #                --value="-p $port"
-# Copyright (C) 2019 GNUnet e.V.
+  #
-#
+  #        # Firefox
-# Copying and distribution of this file, with or without modification,
+  #        defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
-# are permitted in any medium without royalty provided the copyright
+  #        if [ ! "$defaultprofile" ];then
-# notice and this notice are preserved.  This file is offered as-is,
+  #                timeout 3s firefox --headless # dirty: create profile if not existent
-# without any warranty.
+  #        fi
+  #        for ffprofile in $HOME/.mozilla/firefox/*.*/; do
-[Unit]
+  #                js=$ffprofile/user.js
-Description=Service that runs a GNUnet for the user gnunet
+  #                if [ -f "$js" ]; then
-After=network.target
+  #                        sed -i '/Preferences for using the GNU Name System/d' "$js"
+  #                        sed -i '/network.proxy.socks/d' "$js"
-[Service]
+  #                        sed -i '/network.proxy.socks_port/d' "$js"
-Type=forking
+  #                        sed -i '/network.proxy.socks_remote_dns/d' "$js"
-ExecStart=/usr/bin/gnunet-arm -s -c ${homedirs[$i]}/.config/gnunet.conf
+  #                        sed -i '/network.proxy.type/d' "$js"
-ExecStop=/usr/bin/gnunet-arm -e -c ${homedirs[$i]}/.config/gnunet.conf
+  #                fi
+  #                echo "// Preferences for using the GNU Name System" >> "$js"
-[Install]
+  #                echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
-WantedBy=multi-user.target
+  #                echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
-EOF
+  #                echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
+  #                echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
-                                    chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/systemd/user/gnunet-user.service"
+  #        done
-                        if [ ! -f "${homedirs[$i]}/.config/gnunet.conf" ]; then
+  #
-                                            mkdir -p ${homedirs[$i]}/.config/
+  #        # Chromium
-                                            cp /etc/skel/.config/gnunet.conf "${homedirs[$i]}/.config/gnunet.conf"
+  #        profile="$HOME/.profile"
-                                            chmod 644 "${homedirs[$i]}/.config/gnunet.conf"
+  #        if [ -f "$profile" ]; then
-                        fi
+  #                sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
-                    fi
+  #        fi
-                    port=$((8000+$(id -u "${users[$i]}")))
+  #        echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
-                    gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
+  #                >> "$profile"
-                         --section=gns-proxy \
+  #fi
-                         --option=IMMEDIATE_START \
+  #
-                         --value=YES
+  ## Create/Renew GNS certificate authority (CA) per user.
-                    gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
+  #gnunet-gns-proxy-setup-ca
-                         --section=gns-proxy \
+  #EOF
-                         --option=OPTIONS \
+  #                fi
-                                     --value="-p $port"
-                                chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/gnunet.conf"
+  # Update files and directories permissions.
-                done
+  # Assuming default values, this *should* not be changed.
+  echo -n "Updating files and directories permissions:"
-                # Change the proxy settings for Firefox and Chromium if desired
+  # Secure access to the data directory
-                if ${_PROXY}
+  chmod 0700 "${GNUNET_HOME}" || true
-        then
+  # Restrict access on setuid binaries
-                    mkdir -p /etc/X11/xinit/xinitrc.d/
+  for file in /usr/bin/gnunet-helper-exit \
-cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
+    /usr/bin/gnunet-helper-nat-client \
-#!/bin/bash
+    /usr/bin/gnunet-helper-nat-server \
-systemctl --user daemon-reload
+    /usr/bin/gnunet-helper-transport-bluetooth \
-systemctl --user start gnunet-user
+    /usr/bin/gnunet-helper-transport-wlan \
-systemctl --user enable gnunet-user
+    /usr/bin/gnunet-helper-vpn; do
-user=$(whoami)
+    # only do something when no setting exists
-gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
+    if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then
+      chown root:${_GROUPNAME} $file
-# Enable GNS proxy for new users informed by /etc/skel.
+      chmod 4750 $file
-if [ "$gnunet_proxy" ]; then
+    fi
+  done
-        # Calculate user specific port
+  if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 &&
-        port=$((8000+$(id -u $user)))
+    [ -e /usr/bin/gnunet-helper-dns ]; then
+    chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
-        gnunet-config -c $HOME/.config/gnunet.conf \
+    chmod 4750 /usr/bin/gnunet-helper-dns
-                --section=gns-proxy \
+  fi
-                --option=OPTIONS \
+  if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 &&
-                --value="-p $port"
+    [ -e /usr/bin/gnunet-service-dns ]; then
+    chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
-        # Firefox
+    chmod 2750 /usr/bin/gnunet-service-dns
-        defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
+  fi
-        if [ ! "$defaultprofile" ];then
+  echo " done."
-                timeout 3s firefox --headless # dirty: create profile if not existent
-        fi
+  echo "All done."
-        for ffprofile in $HOME/.mozilla/firefox/*.*/; do
-                js=$ffprofile/user.js
+  ;;
-                if [ -f "$js" ]; then
-                        sed -i '/Preferences for using the GNU Name System/d' "$js"
+abort-upgrade | abort-remove | abort-deconfigure) ;;
-                        sed -i '/network.proxy.socks/d' "$js"
-                        sed -i '/network.proxy.socks_port/d' "$js"
+\
-                        sed -i '/network.proxy.socks_remote_dns/d' "$js"
+  \
-                        sed -i '/network.proxy.type/d' "$js"
+  *)
-                fi
+  echo "postinst called with unknown argument \`${1}'" >&2
-                echo "// Preferences for using the GNU Name System" >> "$js"
+  exit 1
-                echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
+  ;;
-                echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
-                echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
-                echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
-        done
-        # Chromium
-        profile="$HOME/.profile"
-        if [ -f "$profile" ]; then
-                sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
-        fi
-        echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
-                >> "$profile"
-fi
-# Create/Renew GNS certificate authority (CA) per user.
-gnunet-gns-proxy-setup-ca
-EOF
-                fi
-                # Update files and directories permissions.
-                # Assuming default values, this *should* not be changed.
-                echo -n "Updating files and directories permissions:"
-                chown -R ${_USERNAME}:${_GROUPNAME} /var/log/gnunetd
-                chown -R ${_USERNAME}:${_GROUPNAME} ${GNUNET_HOME}
-                # Secure access to the data directory
-                chmod 0700 "${GNUNET_HOME}" || true
-                # Restrict access on setuid binaries
-                for file in /usr/bin/gnunet-helper-exit \
-                        /usr/bin/gnunet-helper-nat-client \
-                        /usr/bin/gnunet-helper-nat-server \
-                        /usr/bin/gnunet-helper-transport-bluetooth \
-                        /usr/bin/gnunet-helper-transport-wlan \
-                        /usr/bin/gnunet-helper-vpn
-                do
-                        # only do something when no setting exists
-                        if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
-                        then
-                                chown root:${_GROUPNAME} $file
-                                chmod 4750 $file
-                        fi
-                done
-                if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
-                        && [ -e /usr/bin/gnunet-helper-dns ]
-                then
-                        chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
-                        chmod 4750 /usr/bin/gnunet-helper-dns
-                fi
-                if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
-                        && [ -e /usr/bin/gnunet-service-dns ]
-                then
-                        chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
-                        chmod 2750 /usr/bin/gnunet-service-dns
-                fi
-                echo  " done."
-                # Writing new values to configuration file
-                echo -n "Writing new configuration file:"
-                CONFIG_NEW=$(tempfile)
-cat > "${CONFIG_NEW}" <<EOF
-# This file controls the behaviour of the GNUnet init script.
-# It will be parsed as a shell script.
-# please do not edit by hand, use 'dpkg-reconfigure gnunet-systempeer'.
-GNUNET_USER=${_USERNAME}
-GNUNET_GROUP=${_GROUPNAME}
-GNUNET_AUTOSTART="${_AUTOSTART}"
-EOF
-cat > "/etc/systemd/system/gnunet.service" <<EOF
-[Unit]
-Description=A framework for secure peer-to-peer networking
-[Service]
-EnvironmentFile=/etc/default/gnunet
-User=${_USERNAME}
-Type=forking
-ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf
-ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf
-[Install]
-WantedBy=multi-user.target
-EOF
-                cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
-                echo " done."
-                # Cleaning
-                rm -f "${CONFIG_NEW}"
-                echo "All done."
-                ;;
-        abort-upgrade|abort-remove|abort-deconfigure)
-                ;;
-        *)
-                echo "postinst called with unknown argument \`${1}'" >&2
-                exit 1
-                ;;
 esac
 #DEBHELPER#
diff --git a/debian/gnunet.postrm b/debian/gnunet.postrm
index 2c3887202..592fe04a1 100644
--- a/debian/gnunet.postrm
+++ b/debian/gnunet.postrm
@@ -2,25 +2,12 @@
 set -e
-pathfind() {
-        OLDIFS="$IFS"
-        IFS=:
-        for p in $PATH; do
-                if [ -x "$p/$*" ]; then
-                        IFS="$OLDIFS"
-                        return 0
-                fi
-        done
-        IFS="$OLDIFS"
-        return 1
-}
 remove_gns() {
-        # abort if /etc/nsswitch.conf does not exist
+  # abort if /etc/nsswitch.conf does not exist
-        if ! [ -e /etc/nsswitch.conf ]; then
+  if ! [ -e /etc/nsswitch.conf ]; then
-                return
+    return
-        fi
+  fi
-        perl -i -pe '
+  perl -i -pe '
                my @remove=(
                        "gns [NOTFOUND=return]",
                );
@@ -35,67 +22,44 @@ remove_gns() {
        ' /etc/nsswitch.conf
 }
+_USERNAME="gnunet"
+_GROUPNAME="gnunet"
+GNUNETDNS_GROUP="gnunetdns"
+if [ -e /usr/share/debconf/confmodule ]; then
+  . /usr/share/debconf/confmodule
+  db_version 2.0
-case "${1}" in
+  db_get gnunet-dns/libnsswitch
-        purge)
+  _LIBNSSWITCH="${RET}"
-                if [ -e /usr/share/debconf/confmodule ]
+fi
-                then
-                        . /usr/share/debconf/confmodule
-                        db_version 2.0
-                        db_get gnunet-systempeer/username
-                        _USERNAME="${RET:-gnunet}"
-                        db_get gnunet-systempeer/groupname
-                        _GROUPNAME="${RET:-gnunet}"
-                        db_get gnunet-dns/libnsswitch
-                        _LIBNSSWITCH="${RET}"
-                else
-                        _USERNAME="gnunet"
-                        _GROUPNAME="gnunet"
-                fi
-                GNUNETDNS_GROUP="gnunetdns"
-                if $_LIBNSSWITCH
-                then
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2
-                        remove_gns
-                fi
-                if pathfind deluser
+case "${1}" in
-                then
+purge)
-                        deluser --quiet --system ${_USERNAME} || true
+  if $_LIBNSSWITCH; then
-                fi
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2
-                if pathfind delgroup
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2
-                then
+    remove_gns
-                        delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
+  fi
-                        delgroup --quiet --system --only-if-empty ${GNUNETDNS_GROUP} || true
-                fi
+  rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet
+  ;;
-                rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet
-                ;;
+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
-        remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+  if $_LIBNSSWITCH; then
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2
-                if $_LIBNSSWITCH
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2
-                then
+    rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2
+    remove_gns
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2
+  fi
-                        rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2
-                        remove_gns
+  ;;
-                fi
+*)
-                ;;
+  echo "postrm called with unknown argument \`${1}'" >&2
+  exit 1
-        *)
+  ;;
-                echo "postrm called with unknown argument \`${1}'" >&2
-                exit 1
-                ;;
 esac
 #DEBHELPER#
diff --git a/debian/gnunet.service b/debian/gnunet.service
index 4b650e5ff..b538802c4 100644
--- a/debian/gnunet.service
+++ b/debian/gnunet.service
@@ -1,12 +1,12 @@
 [Unit]
-Description=A framework for secure peer-to-peer networking
+Description=GNUnet system service
+After=network.target
 [Service]
-EnvironmentFile=/etc/default/gnunet
+Type=simple
-User=${GNUNET_USER}
+User=gnunet
-Type=forking
+ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
-ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf
+StateDirectory=gnunet
-ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/gnunet.templates b/debian/gnunet.templates
index 074fb41fe..df74f77f0 100644
--- a/debian/gnunet.templates
+++ b/debian/gnunet.templates
@@ -1,25 +1,6 @@
-Template: gnunet-systempeer/username
-Type: string
-Default: gnunet
-_Description: GNUnet user:
- Please choose the user that the GNUnet server process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-Template: gnunet-systempeer/groupname
-Type: string
-Default: gnunet
-_Description: GNUnet group:
- Please choose the group that the GNUnet peer process will run as.
- .
- This should be a dedicated group, not one that already owns data.
- Only the members of this group will have access to GNUnet data, and
- be allowed to start and stop the GNUnet server.
 Template: gnunet-systempeer/autostart
 Type: boolean
-Default: true
+Default: false
 _Description: Should the GNUnet server be launched on boot?
 If you choose this option, a GNUnet peer will be launched each time
 the system is started. Otherwise, you will need to launch
@@ -27,7 +8,7 @@ _Description: Should the GNUnet server be launched on boot?
 Template: gnunet-dns/libnsswitch
 Type: boolean
-Default: true
+Default: false
 _Description: Should GNS be hooked into the system resolution process?
 If you choose this option, GNS will be hooked into the system
 resolution process. Records that can be resolved using GNS are
@@ -37,7 +18,7 @@ _Description: Should GNS be hooked into the system resolution process?
 Template: gnunet-user/proxy
 Type: boolean
-Default: true
+Default: false
 _Description: Use the GNU Name System in Firefox/Chromium by default?"
 If you choose this option the proxy settings for Firefox and Chromium will be
 adjusted to use a user local running gnunet-gns-proxy to delegate DNS requests
diff --git a/debian/rules b/debian/rules
index 69f44aa80..136100584 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,6 +35,9 @@ override_dh_auto_install-arch:
 override_dh_auto_install-indep:
+override_dh_installsystemd:
+        dh_installsystemd -pgnunet --no-start --no-enable gnunet.service
 execute_after_dh_auto_install:
        dh_link -plibgnunet-dev \
                usr/lib/$(DEB_HOST_MULTIARCH)/gnunet/nss/libnss_gns.so.2 usr/lib/$(DEB_HOST_MULTIARCH)/libnss_gns.so \
@@ -46,7 +49,9 @@ override_dh_auto_clean:
        rm -rf contrib/gnunet_janitor.py contrib/gnunet_pyexpect.py libltdl/ \
                src/integration-tests/*.py
-# Remove files already present in libgnunet from main gnunet package
+# Remove files already present in libgnunet from main gnunet package and libgnunet-dev package
 override_dh_install:
        dh_install
        cd debian/libgnunet; find . -type f,l -exec rm -f ../gnunet/{} \;
+        cd debian/libgnunet; find . -type f,l -exec rm -f ../libgnunet-dev/{} \;
+        cd debian/gnunet; find . -type f,l -exec rm -f ../libgnunet-dev/{} \;