- get rid of "uruk binary: groff-message" in debian/lintian-overrides :

      W: uruk: groff-message troff:<standard input>:100: warning: cannot
      select font 'C' [usr/share/man/man8/uruk.8.gz:8]   due to some long
      open bug in groff or what was it again?
      see also libopaque/debian/libopaque-bin.lintian-overrides :
      # see https://github.com/jgm/pandoc/issues/9020
      # and https://savannah.gnu.org/bugs/index.php?64594 : wait for
      # groff and pandoc to agree

      (sid)joostvb@agni:~/lo...k/20240719/uruk-20240719% LC_ALL=C.UTF-8 \
       MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 \
       -Z man/uruk.8 >/dev/null 2>&1 | grep warning | head
      troff:<standard input>:37: warning: cannot select font 'C'
      troff:<standard input>:49: warning: cannot select font 'C'
      troff:<standard input>:58: warning: cannot select font 'C'

      line 37 : the file \fC/etc/uruk/rc\fP is used
      line 49 :

       49  .nf \fC
       50   # cp /usr/share/doc/uruk/examples/rc \e
       51       /etc/uruk/rc
       52   # vi /etc/uruk/rc
       53   # urukctl start
       54  .fi \fR

      fwiw: fonts in this looks just fine to me:
       joostvb@agni:~/lo...k/20240719/uruk-20240719% evince man/uruk.ps

      N:   Aside from overrides, warnings can be disabled with the .warn directive.
      N:   Please see "Debugging" in the Groff manual.
      N:
      N:   Please refer to the groff_man(7) manual page and the groff_mdoc(7) manual
      N:   page for details.

    Is it a bug in zoem?

https://bugs.debian.org/1041809
https://bugs.debian.org/1043256

...to go-md2man...

https://github.com/cpuguy83/go-md2man/issues/99

...and to (Python) docutils, where a fix has been applied.

https://sourceforge.net/p/docutils/patches/205/

The main issue is that 'C' is not a groff font name and never has been.

https://www.gnu.org/software/groff/manual/groff.html.node/Using-Fonts.html

Use the `EX`/`EE` extension macros from Ninth Edition Unix (1986), which was reintroduced
to the world by groff 1.20 in 2009.·

Bug#1076648: aephea: causes groff warning "cannot select font 'C'"  when using \verbatim{
} or \tt{ })

---------

debian/watch:
use http://mdcc.cx/pub/uruk/uruk-20180528.tar.xz.asc ; check
supplied .asc: add pgp public key.

---------

when dhcp assigns a different ip to a networkinterface, ifupdown is _not_ noticed.
The uruk ifupdown hook claims to deal with dynamic networking, but therefore fails.

Cranking up limits in /lib/systemd/system/uruk.service wont really help; it
will break on system which have even more nics.

do we want this:

# systemctl -p CanReload show uruk
CanReload=no

?

the best solution very likely is: get rid of /etc/network/if-up.d/uruk .  however, this
needs a _lot_ of testing. e.g. on poncelet we've observed systemd feels uruk is "ok" after
boot, and no iptables rules have been loaded...

 * debian/{postinst,postrm}: ship a symlink to /dev/null as
   /lib/systemd/system/uruk.service since the uruk init script is not
   applicable in systemd: we use ifupdown.  Fixes "uruk: Has init script in
   runlevel S but no matching service file".  Thanks fsateler@d.o.
   Closes: #796700

nb: #796700 has been closed

 # systemd #796700 - uruk: Has init script in runlevel S but no matching service file
 # "[...] the script is simply not applicable in systemd, in which case the package
 # should ship a symlink to /dev/null as /lib/systemd/system/<initscript>.service."
 # https://wiki.debian.org/Teams/pkg-systemd/rcSMigration
 if ! test -L /lib/systemd/system/uruk.service
 then
     ln -s /dev/null /lib/systemd/system/uruk.service
 fi

https://wiki.debian.org/Teams/pkg-systemd/rcSMigration :

Your service is needed to configure firewalls or network interfaces

If you need to configure firewalls, network interfaces, or anything else which
needs to happen before bringing up the first network interface, then you should
order the service as follows (eg, if you need to run before ifupdown/networkd):

 [Unit]
 Description=An early boot service
 DefaultDependencies=no
 Wants=network-pre.target
 Before=network-pre.target shutdown.target
 Conflicts=shutdown.target


Lots of other ideas: drop default rule: "check if incoming traffic is targetted
at current IP": make it possible to have sane uruk rules _without_ knowing
current IP.   before any interface is up: drop all traffic, via init script or

---

Check out http://wiki.debian.org/FirewallByDefault and
http://wiki.debian.org/Firewalls .

Check out https://wiki.ubuntu.com/UbuntuFirewall

https://wiki.ubuntu.com/UncomplicatedFirewall aka "ufw"

Supply a script to consume /etc/ufw/applications.d/ , e.g.:

joostvb@incagijs:~% cat /etc/ufw/applications.d/openssh-server
[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp


We might want to check /var/lib/uruk/iptables stuff on
purge/removal/reinstallation.  (Currently, it's kept on purge.)

Recheck http://women.alioth.debian.org/wiki/index.php/English/MaintainerScripts
.

Use doc-base for registering documentation, replace our md5sums generating
stuff with something like:
.
 while read f; do \
  exclude="$$exclude ! -path \".$$f\" "; \
 done < debian/conffiles; \
  cd debian/$(package); \
  find . -type f $$exclude ! -regex '.*/DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums;
.
This honors conffiles.  Or just call dh_md5sums...  (And we might choose to go
use debhelper for all the rest, or cdbs, while we're at it.)