Source: gokr-rsync
Section: golang
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Uploaders: Samuel Henrique <samueloph@debian.org>,
           Guilherme Puida Moreira <puida@debian.org>
Build-Depends: debhelper-compat (= 13),
               dh-sequence-golang,
               golang-any,
               golang-github-coreos-go-systemd-dev,
               golang-github-google-go-cmp-dev,
               golang-github-google-renameio-dev,
               golang-github-google-shlex-dev,
               golang-github-landlock-lsm-go-landlock-dev,
               golang-github-mmcloughlin-md4-dev,
               golang-golang-x-crypto-dev,
               golang-golang-x-sync-dev,
               golang-golang-x-sys-dev,
               golang-toml-dev,
               openssh-client <!nocheck>,
               rsync <!nocheck>,
Testsuite: autopkgtest-pkg-go
Standards-Version: 4.7.4
Vcs-Browser: https://salsa.debian.org/go-team/packages/gokr-rsync
Vcs-Git: https://salsa.debian.org/go-team/packages/gokr-rsync.git
Homepage: https://github.com/gokrazy/rsync
XS-Go-Import-Path: github.com/gokrazy/rsync

Package: gokr-rsync
Section: net
Architecture: any
Depends: ${misc:Depends},
         ${shlibs:Depends},
Static-Built-Using: ${misc:Static-Built-Using}
Description: rsync client and daemon, implemented in Go
 gokr-rsync is a native Go implementation of the rsync file transfer
 protocol, wire-compatible with the original tridge rsync (from the Samba
 project) and openrsync (used on OpenBSD and macOS 15+). It implements
 both client and server roles and can send or receive files in either
 direction.
 .
 The same gokr-rsync binary can run as:
  * a one-shot client, similar to rsync(1);
  * a server invoked by a remote rsync(1) client over SSH;
  * a standalone daemon, served either directly on port 873/tcp or
    wrapped in anonymous or authorized SSH.
 .
 On Linux, gokr-rsync sandboxes itself using the Landlock LSM,
 restricting filesystem access to only the source and destination paths
 involved in each transfer. When started as root in daemon mode, it
 additionally enters a mount namespace with the configured rsync modules
 bind-mounted read-only, chroots into it, and drops privileges. These
 layers limit the blast radius of bugs in the protocol handler.
 .
 Example systemd unit and socket files from upstream are installed under
 /usr/share/doc/gokr-rsync/examples/ as a starting point for running
 gokr-rsync as a hardened daemon (DynamicUser, RestrictNamespaces,
 system call filtering, etc.). They are not enabled by default; copy
 them into /etc/systemd/system/ and adjust ExecStart for your modules.
 .
 Note that this implementation is younger and less battle-tested than
 the C rsync from the Samba project; users are encouraged to verify
 their transfers and report discrepancies upstream.