Rename: to Qvisqve

39 files changed, 219 insertions, 204 deletions

diff --git a/NEWS b/NEWS
index 2c8b509..cf22ced 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,14 @@
-NEWS for Salami
+NEWS for Qvisqve
 =============================================================================
 
-This file has release notes for Salami
+This file has release notes for Qvisqve, an authorisation server and
+identity provider.
 
 Version 0.8+git, not yet released
 ---------------------------------
 
+* Rename from Salami to Qvisqve, which is Latin for "each and every
+  subject".
 
 Version 0.8, released 2018-02-03
 ---------------------------------
diff --git a/README b/README
index 5c624ed..56347de 100644
--- a/README
+++ b/README
@@ -1,58 +1,68 @@
-README for Salami
+README for Qvisqve
 =============================================================================
 
-This is identity provider; specifically, an OAuth2 authentication
-server. Originally developed to help development of Qvarn
-(<http://qvarn.org>). It currently supports only the **client
-credentials** grant. Later on, we hope to develop this into an OpenID
-Connect provider.
+This is an authorisation server and identity provider. Specifically,
+it implements the OAuth2 client credentials grant. Originally
+developed to help development of Qvarn (<http://qvarn.org>). Later on,
+we hope to develop this into an OpenID Connect provider with support
+for authenticating end users.
 
 
 Configuration for testing
 -----------------------------------------------------------------------------
 
-The `debug.yaml` file contains a sample configuration file for Salami
-for debugging and light testing. Use it with the `start_salami`
+The `debug.yaml` file contains a sample configuration file for Qvisqve
+for debugging and light testing. Use it with the `start_qvisqve`
 script.
 
 The config defines one API client, client id `test-client`, with a
 client secret of "hunter2".
 
 
-Running Salami for debugging
+Requirements
+-----------------------------------------------------------------------------
+
+The target environment is currently Debian stretch with
+stretch-backports enabled. The software might work elsewhere,
+especially later versions of Debian.
+
+You'll want to have Python 3.5 or later.
+
+
+Running Qvisqve for debugging
 -----------------------------------------------------------------------------
 
 At the root of the source tree, run the following:
 
-    ./start_salami debug.yaml
+    ./start_qvisqve debug.yaml
 
-This starts Salami using the Bottle.py built-in debug HTTP server,
-instead of gunicorn. This makes it easier to debug Salami. If you'd
-like to run it with gunicorn instead, add the following line to
+This starts Qvisqve using the Bottle.py built-in debug HTTP server,
+instead of gunicorn. This makes it easier to debug the server. If
+you'd like to run it with gunicorn instead, add the following line to
 `debug.yaml`:
 
     gunicorn: yes
 
 Then run this:
 
-    ./start_salami debug.yaml
+    ./start_qvisqve debug.yaml
 
-This runs Salami with gunicorn. Note that that means it is run in the
-background. You will need to kill the process manually.
+This runs the server with gunicorn. Note that that means it is run in
+the background. You will need to kill the process manually.
 
 
-Running Salami for production
+Running Qvisqve for production
 -----------------------------------------------------------------------------
 
-Install Salami and then run:
+Install Qvisqve and then run:
 
-    start_salami /etc/salamia/salami.yaml
+    start_qvirqve /etc/qvisqve/qvisqve.yaml
 
-This runs Salami using gunicorn. Better, install the `salami.service`
-systemd unit and start Salami with that.
+This runs Qvisqve using gunicorn. Better, install the `qvisqve.service`
+systemd unit and start Qvisqve with that.
 
 
-Merging workflow
+Git merging workflow for development
 -----------------------------------------------------------------------------
 
 All development will happen on branches other than master. Changes are
@@ -116,7 +126,7 @@ Legalese
 Qvarn in its entirety is copyright by its authorss, and released under
 the GNU Affero General Public Licence, version 3, or later.
 
-    Salami - an identity provider
+    Qvisqve - an authorisation server and an identity provider
     Copyright (C) 2018  Lars Wirzenius
 
     This program is free software: you can redistribute it and/or modify
diff --git a/check b/check
index 4d83e8f..1518c15 100755
--- a/check
+++ b/check
@@ -61,13 +61,13 @@ else
 fi
 
 title "Unit tests"
-python3 -m CoverageTestRunner --ignore-missing-from=without-tests salami
+python3 -m CoverageTestRunner --ignore-missing-from=without-tests qvisqve qvisqve_secrets
 
 title "Code style"
-pycodestyle salami
+pycodestyle qvisqve qvisqve_secrets
 
 title "Static checking"
-pylint3 -j0 --rcfile pylint.conf salami
+pylint3 -j0 --rcfile pylint.conf qvisqve qvisqve_secrets
 
 title "Run yarns"
 if [ "$remote" = no ]
diff --git a/debian/changelog b/debian/changelog
index 59d07c1..2e0b6ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
-salami (0.8+git-1) UNRELEASED; urgency=medium
+qvisqve (0.8+git-1) UNRELEASED; urgency=medium
 
   * New upstream version.
+  * Source and binary packages renamed to qvisqve.
 
  -- Lars Wirzenius <liw@liw.fi>  Sat, 03 Feb 2018 15:28:54 +0200
 
diff --git a/debian/control b/debian/control
index 15e2baa..c3d7166 100644
--- a/debian/control
+++ b/debian/control
@@ -1,4 +1,4 @@
-Source: salami
+Source: qvisqve
 Maintainer: QvarnLabs <info@qvarnlabs.com>
 Uploaders: Lars Wirzenius <liw@qvarnlabs.com>
 Section: web
@@ -25,7 +25,7 @@ Build-Depends: debhelper (>= 9), python3-all,
  cmdtest
 X-Python3-Version: >= 3.5
 
-Package: salami
+Package: qvisqve
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends},
  python3 (>= 3.5),
diff --git a/debian/copyright b/debian/copyright
index 687e273..99fb189 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: salami
+Upstream-Name: qvisqve
 
 Files: *
 Copyright: 2017, Lars Wirzenius
diff --git a/debian/qvisqve.install b/debian/qvisqve.install
new file mode 100644
index 0000000..46f71c1
--- /dev/null
+++ b/debian/qvisqve.install
@@ -0,0 +1 @@
+qvisqve.service lib/systemd/system
diff --git a/debian/salami.postinst b/debian/qvisqve.postinst
index f905b78..2711755 100644
--- a/debian/salami.postinst
+++ b/debian/qvisqve.postinst
@@ -32,7 +32,7 @@ create_user()
 }
 
 
-# Create a group and user for Salami
-create_user _salami /var/log/salami
+# Create a group and user for Qvisqve
+create_user _qvisqve /var/log/qvisqve
 
 #DEBHELPER#
diff --git a/debian/salami.install b/debian/salami.install
deleted file mode 100644
index a7c6c98..0000000
--- a/debian/salami.install
+++ /dev/null
@@ -1 +0,0 @@
-salami.service lib/systemd/system
diff --git a/doc/arch.mdwn b/doc/arch.mdwn
index c0dab97..62e46c9 100644
--- a/doc/arch.mdwn
+++ b/doc/arch.mdwn
@@ -1,23 +1,23 @@
 ---
-title: "Architecture of Salami, an authorization server"
+title: "Architecture of Qvisqve, an authorization server"
 author: QvarnLabs Ab
 date: work-in-progress
 ...
 
 # Introduction
 
-**What.** Salami is an authorization server. At this stage, it is an
+**What.** Qvisqve is an authorization server. At this stage, it is an
 [OAuth2][] authorization server, but later on it will grow into a
-provider for [OpenID Connect][]. Salami controls access to a web API:
-the API client authenticates itself to Salami, gets an access token
-from Salami, and gives the access token to the API server. This
+provider for [OpenID Connect][]. Qvisqve controls access to a web API:
+the API client authenticates itself to Qvisqve, gets an access token
+from Qvisqve, and gives the access token to the API server. This
 de-couples the acts of authentication and authorization and resource
 access, which simplifies the individual software components.
 
 [OAuth2]: https://en.wikipedia.org/wiki/OAuth
 [OpenID Connect]: https://en.wikipedia.org/wiki/OpenID_Connect
 
-**Why.** Salami is not the first server of its kind. We wrote Salami
+**Why.** Qvisqve is not the first server of its kind. We wrote Qvisqve
 because we wanted something we liked:
 
 * is fully free, open source software
@@ -41,7 +41,7 @@ is cumbersome, and not simple.
 
 [Gluu]: https://www.gluu.org/
 
-**Usage driven development.** We develop Salami mainly based on the
+**Usage driven development.** We develop Qvisqve mainly based on the
 needs of actual users, not to complete feature comparsion matrices.
 
 ## Glossary
@@ -52,12 +52,11 @@ needs of actual users, not to complete feature comparsion matrices.
 
 # Current state
 
-**Currently, Salami does not exist.** We have just started developing
-it. The first development phase of Salami aims to produce an OAuth2
-authorization server that supports the client credential grant only.
-This means only the API client authenticates itself to Salami, but not
-the actual end-user. This is so that we can use Salami with the
-[Qvarn][] server and have the Qvarn API tests pass.
+**Currently, alpha level.** Qvisqve is an OAuth2 authorization server
+that supports the client credential grant only. This means only the
+API client authenticates itself to Qvisqve, but not the actual
+end-user. This is so that we can use Qvisqve with the [Qvarn][] server
+and have the Qvarn API tests pass.
 
 [Qvarn]: http://qvarn.org/
 
@@ -69,7 +68,7 @@ clients.
 
 ## Vision for the future
 
-In the longer term, we aim for Salami to be an OpenID provider using
+In the longer term, we aim for Qvisqve to be an OpenID provider using
 the OpenID Connect protocol. This includes being able to have the
 end-user authenticate and authorize use of resources. We will make it
 simple and flexible to provide authentication methods (such as
@@ -77,31 +76,31 @@ username/password, client-side certificates, and U2F tokens).
 
 We will be replacing the static configuration file, with the list of
 clients, with Qvarn. Eventually, one goal is to make it possible to
-allow every person registered in Qvarn to authenticate with Salami.
+allow every person registered in Qvarn to authenticate with Qvisqve.
 
-Eventually, we aim to have Salami certified as a compliant OpenID
+Eventually, we aim to have Qvisqve certified as a compliant OpenID
 Connect implementation.
 
-We also intend to make Salami be flexible, easy, and secure.
+We also intend to make Qvisqve be flexible, easy, and secure.
 
 # Known problems and things to solve later
 
-The main problem of Salami at this stage is that it doesn't exist. All
+The main problem of Qvisqve at this stage is that it doesn't exist. All
 other problems can be derived from that.
 
 We don't have a good way of rotating the token signing keys.
 
 # Requirements
 
-For the first development phase of Salami, our acceptance criteria
+For the first development phase of Qvisqve, our acceptance criteria
 are:
 
-* setting up a Salami instance is simple: the software should be
+* setting up a Qvisqve instance is simple: the software should be
   provided as a Debian package installable on Debian 9 (stretch), and
   a corresponding Ansible playbook that configures the instance
 
-* configuring a Qvarn instance to use the Salami instance is simple:
-  the Ansible playbook for Qvarn should be updated to work with Salami
+* configuring a Qvarn instance to use the Qvisqve instance is simple:
+  the Ansible playbook for Qvarn should be updated to work with Qvisqve
   instead of Gluu
 
 * the Qvarn API tests pass
@@ -117,7 +116,7 @@ about storing API client secrets in an encrypted fashion.
 
 # Architecture overview
 
-Salami provides an HTTP API interface for authentication. The only
+Qvisqve provides an HTTP API interface for authentication. The only
 relevant endpoint is `/token` and to use it, the client must
 authenticate itself using its "client id" and "client secret" using
 HTTP Basic Authentication. A successful response will have the access
@@ -126,7 +125,7 @@ token in its JSON body.
 A request:
 
     POST /token HTTP/1.1
-    Host: salami.example.com
+    Host: qvisqve.example.com
     Authorization: Basic c2FsYW1pOnBhc3N3b3Jk
     Content-Type: application/x-www-form-urlencoded
 
@@ -153,15 +152,15 @@ into requests it makes.
 
 ## Components
 
-Salami consists of several components
+Qvisqve consists of several components
 
 @startuml
-title Salami components
+title Qvisqve components
 component [API client] as client
-node "Salami" {
+node "Qvisqve" {
     component [Haproxy] as haproxy
-    component [Salami\nbackend] as backend
-    component [Salami\nconfiguration] as config
+    component [backend] as backend
+    component [configuration] as config
 }
 
 client -> haproxy : 2. https
@@ -171,17 +170,17 @@ haproxy <- backend : 4. access token
 client <- haproxy : 5. access token
 @enduml
 
-**haproxy** is a load balancer. For Salami we use it to provide TLS
+**haproxy** is a load balancer. For Qvisqve we use it to provide TLS
 for communication with the client.
 
-The **backend** implements the actual Salami HTTP endpoints and
+The **backend** implements the actual Qvisqve HTTP endpoints and
 creates and returns access tokens to the client.
 
 The **configuration** lists the API clients (the id, the secret, and
 any scopes the client is allowed to have), as well as the RSA keys
 used to sign the access token. The API provider (Qvarn) will be
 configured to know the public RSA key so that it can verify that an
-access token has been created by Salami.
+access token has been created by Qvisqve.
 
 The client and haproxy use TLS. haproxy and the backend use plain
 HTTP, but they will be deployed in an environment where the plain text
diff --git a/doc/build.sh b/doc/build.sh
index 418fa26..661266f 100755
--- a/doc/build.sh
+++ b/doc/build.sh
@@ -40,4 +40,4 @@ pandoc --toc \
        -Vgeometry:"top=2cm, bottom=2.5cm, left=2cm, right=1cm" \
        --chapters \
        -o "$output.pdf" "$tmp/foo.mdwn"
-pandoc --toc -o "$output.html" --number-sections --self-contained -H salami.css "$tmp/foo.mdwn"
+pandoc --toc -o "$output.html" --number-sections --self-contained -H qvisqve.css "$tmp/foo.mdwn"
diff --git a/doc/config.mdwn b/doc/config.mdwn
index 278b99b..e803597 100644
--- a/doc/config.mdwn
+++ b/doc/config.mdwn
@@ -1,18 +1,18 @@
 ---
-title: "Configuring Salami, an authorization server"
+title: "Configuring Qvisqve, an authorization server"
 author: QvarnLabs Ab
 date: work-in-progress
 ...
 
 # Introduction
 
-This document explains how to configure Salami, which is an
-authorization server.
+This document explains how to configure Qvisqve, which is an
+authorization server and identity provider.
 
 # Installation
 
-Install Salami from a Debian package. There is one at 
-<http://code.liw.fi/debian/pool/main/s/salami/>. Add the following
+Install Qvisqve from a Debian package. There is one at 
+<http://code.liw.fi/debian/pool/main/s/qvisqve/>. Add the following
 line to the APT sources list:
 
   - deb http://code.liw.fi/debian stretch main
@@ -87,11 +87,11 @@ install, the current key is:
 
 # Configure
 
-Install a configuration at `/etc/salami/salami.yaml` with the
+Install a configuration at `/etc/qvisqve/qvisqve.yaml` with the
 following content:
 
     log: 
-      - filename: /var/log/salami.log
+      - filename: /var/log/qvisqve.log
     token-issuer: iss
     token-audience: aud
     token-public-key: ssh-rsa ...
@@ -100,12 +100,12 @@ For now, any ssh public key will do for the `token-public-key`.
 
 # Run
 
-To run Salami, run this command:
+To run Qvisqve, run this command:
 
-    /usr/bin/start_salami
+    /usr/bin/start_qvisqve
 
 After a few seconds, the 12765 port should be accepting requests:
 
     curl http://127.0.0.1:12765/version
 
-This should report the current Salami version.
+This should report the current Qvisqve version.
diff --git a/doc/salami.css b/doc/qvisqve.css
index 86f806e..86f806e 100644
--- a/doc/salami.css
+++ b/doc/qvisqve.css
diff --git a/salami-get-token b/qvisqve-get-token
index 8068585..8068585 100755
--- a/salami-get-token
+++ b/qvisqve-get-token
diff --git a/salami-hash b/qvisqve-hash
index 9a0c4ff..7a93ab7 100755
--- a/salami-hash
+++ b/qvisqve-hash
@@ -16,7 +16,7 @@
 
 
 # Run this and type the client secret at the prompt. Output is some YAML
-# that can be copy-pasted into the Salami config file.
+# that can be copy-pasted into the Qvisqve config file.
 
 
 import getpass
@@ -26,11 +26,11 @@ import sys
 import yaml
 
 
-import salami_secrets
+import qvisqve_secrets
 
 
 prompt = 'Give secret: '
 secret = getpass.getpass(prompt)
-sh = salami_secrets.SecretHasher()
+sh = qvisqve_secrets.SecretHasher()
 hashed = sh.hash(secret)
 yaml.safe_dump(hashed, sys.stdout, default_flow_style=False)
diff --git a/qvisqve.service b/qvisqve.service
new file mode 100644
index 0000000..4ea0ec7
--- /dev/null
+++ b/qvisqve.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Qvisqve OAuth2 authentication service
+Requires=network.target
+After=network.target
+ConditionPathExists=/etc/qvisqve/qvisqve.yaml
+
+[Service]
+Type=simple
+User=_qvisqve
+Group=_qvisqve
+ExecStart=/usr/bin/start_qvisqve /etc/qvisqve/qvisqve.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/salami/__init__.py b/qvisqve/__init__.py
index bc00c79..a1d80f9 100644
--- a/salami/__init__.py
+++ b/qvisqve/__init__.py
@@ -27,5 +27,5 @@ from .router import Router
 from .version_router import VersionRouter
 from .token_router import TokenRouter
 
-from .api import SalamiAPI
+from .api import API
 from .app import create_app
diff --git a/salami/api.py b/qvisqve/api.py
index 3d32b8d..2dee954 100644
--- a/salami/api.py
+++ b/qvisqve/api.py
@@ -14,20 +14,20 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-import salami
+import qvisqve
 
 
-class SalamiAPI:
+class API:
 
     def __init__(self, config):
         self._config = config
 
     def find_missing_route(self, path):
-        salami.log.log('info', msg_text='find_missing_route', path=path)
+        qvisqve.log.log('info', msg_text='find_missing_route', path=path)
 
         routers = [
-            salami.VersionRouter(),
-            salami.TokenRouter(
+            qvisqve.VersionRouter(),
+            qvisqve.TokenRouter(
                 self._create_token_generator(), self._get_clients()),
         ]
 
@@ -38,7 +38,7 @@ class SalamiAPI:
         return routes
 
     def _create_token_generator(self):
-        tg = salami.TokenGenerator()
+        tg = qvisqve.TokenGenerator()
         cfg = self._config
         tg.set_issuer(cfg['token-issuer'])
         tg.set_lifetime(cfg['token-lifetime'])
diff --git a/salami/app.py b/qvisqve/app.py
index 1a01c07..e608a39 100644
--- a/salami/app.py
+++ b/qvisqve/app.py
@@ -22,14 +22,14 @@ import slog
 import yaml
 
 
-import salami
+import qvisqve
 
 
 DEFAULT_CONFIG_FILE = '/dev/null'
 
 
 def dict_logger(log, stack_info=None):
-    salami.log.log(exc_info=stack_info, **log)
+    qvisqve.log.log(exc_info=stack_info, **log)
 
 
 def read_config(filename):
@@ -48,7 +48,7 @@ _counter = slog.Counter()
 
 def counter():
     new_context = 'HTTP transaction {}'.format(_counter.increment())
-    salami.log.set_context(new_context)
+    qvisqve.log.set_context(new_context)
 
 
 default_config = {
@@ -62,15 +62,15 @@ default_config = {
 
 
 def create_app():
-    config_filename = os.environ.get('SALAMI_CONFIG', DEFAULT_CONFIG_FILE)
+    config_filename = os.environ.get('QVISQVE_CONFIG', DEFAULT_CONFIG_FILE)
     actual_config = read_config(config_filename)
     config = dict(default_config)
     config.update(actual_config or {})
     if 'token-audience' not in config:
         config['token-audience'] = config.get('token-issuer')
     check_config(config)
-    salami.setup_logging(config)
-    salami.log.log('info', msg_text='Salami starting')
+    qvisqve.setup_logging(config)
+    qvisqve.log.log('info', msg_text='Qvisqve starting')
 
-    api = salami.SalamiAPI(config)
+    api = qvisqve.API(config)
     return apifw.create_bottle_application(api, counter, dict_logger, config)
diff --git a/salami/backend.py b/qvisqve/backend.py
index 3befdaf..3db3225 100644
--- a/salami/backend.py
+++ b/qvisqve/backend.py
@@ -14,7 +14,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-import salami
+import qvisqve
 
 
-app = salami.create_app()
+app = qvisqve.create_app()
diff --git a/salami/log_setup.py b/qvisqve/log_setup.py
index e32137c..e32137c 100644
--- a/salami/log_setup.py
+++ b/qvisqve/log_setup.py
diff --git a/salami/responses.py b/qvisqve/responses.py
index 281ec43..281ec43 100644
--- a/salami/responses.py
+++ b/qvisqve/responses.py
diff --git a/salami/router.py b/qvisqve/router.py
index 9f171b0..9f171b0 100644
--- a/salami/router.py
+++ b/qvisqve/router.py
diff --git a/salami/token.py b/qvisqve/token.py
index 953318b..3b343c2 100644
--- a/salami/token.py
+++ b/qvisqve/token.py
@@ -22,7 +22,7 @@ import Crypto.PublicKey.RSA
 import jwt
 
 
-import salami
+import qvisqve
 
 
 class TokenGenerator:
@@ -36,17 +36,17 @@ class TokenGenerator:
 
     def set_issuer(self, issuer):
         self._issuer = issuer
-        salami.log.log('info', msg_text='Set issuer', issuer=issuer)
+        qvisqve.log.log('info', msg_text='Set issuer', issuer=issuer)
 
     def set_lifetime(self, lifetime):
         self._lifetime = lifetime
-        salami.log.log(
+        qvisqve.log.log(
             'info', msg_text='Set token lifetime', lifetime=lifetime)
 
     def set_signing_key(self, key):
         imported_key = Crypto.PublicKey.RSA.importKey(key)
         self._key = imported_key.exportKey('PEM')
-        salami.log.log(
+        qvisqve.log.log(
             'info', msg_text='Set signing key', key=self._key,
             orig_key=key, imported_key=imported_key)
 
diff --git a/salami/token_router.py b/qvisqve/token_router.py
index 6b5cb6e..9acc924 100644
--- a/salami/token_router.py
+++ b/qvisqve/token_router.py
@@ -20,11 +20,11 @@ import urllib.parse
 import bottle
 
 
-import salami
-import salami_secrets
+import qvisqve
+import qvisqve_secrets
 
 
-class TokenRouter(salami.Router):
+class TokenRouter(qvisqve.Router):
 
     def __init__(self, token_generator, clients):
         super().__init__()
@@ -42,24 +42,24 @@ class TokenRouter(salami.Router):
         ]
 
     def _create_token(self, content_type, body, **kwargs):
-        salami.log.log('xxx', body=body, kwargs=kwargs)
+        qvisqve.log.log('xxx', body=body, kwargs=kwargs)
 
         if content_type != 'application/x-www-form-urlencoded':
-            return salami.bad_request_response('Wrong content type')
+            return qvisqve.bad_request_response('Wrong content type')
 
         client_id, client_secret = bottle.request.auth
         if not self._clients.is_correct_secret(client_id, client_secret):
-            return salami.unauthorized_response('Unauthorized')
+            return qvisqve.unauthorized_response('Unauthorized')
 
         params = self._get_form_params(body)
 
         grant_type = self._get_grant_type(params)
         if grant_type != 'client_credentials':
-            return salami.bad_request_response('Wrong grant type')
+            return qvisqve.bad_request_response('Wrong grant type')
 
         scope = self._get_scope(params)
         if scope is None:
-            return salami.bad_request_response('Bad scope')
+            return qvisqve.bad_request_response('Bad scope')
 
         allowed = self._clients.get_allowed_scopes(client_id)
         scope = ' '.join(
@@ -69,7 +69,7 @@ class TokenRouter(salami.Router):
         )
 
         token = self._generator.new_token(client_id, scope)
-        return salami.ok_response({
+        return qvisqve.ok_response({
             'access_token': token,
             'token_type': 'bearer',
             'scope': scope,
@@ -98,7 +98,7 @@ class Clients:
 
     def __init__(self, clients):
         self._clients = clients
-        self._hasher = salami_secrets.SecretHasher()
+        self._hasher = qvisqve_secrets.SecretHasher()
 
     def is_correct_secret(self, client_id, cleartext):
         client = self._get_client(client_id)
diff --git a/salami/version.py b/qvisqve/version.py
index 456773e..456773e 100644
--- a/salami/version.py
+++ b/qvisqve/version.py
diff --git a/salami/version_router.py b/qvisqve/version_router.py
index bc60d5c..311d505 100644
--- a/salami/version_router.py
+++ b/qvisqve/version_router.py
@@ -14,10 +14,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-import salami
+import qvisqve
 
 
-class VersionRouter(salami.Router):
+class VersionRouter(qvisqve.Router):
 
     def get_routes(self):
         return [
@@ -31,6 +31,6 @@ class VersionRouter(salami.Router):
 
     def _version(self, *args, **kwargs):
         version = {
-            'version': salami.__version__,
+            'version': qvisqve.__version__,
         }
-        return salami.ok_response(version)
+        return qvisqve.ok_response(version)
diff --git a/salami_secrets/__init__.py b/qvisqve_secrets/__init__.py
index d2eeaf3..d2eeaf3 100644
--- a/salami_secrets/__init__.py
+++ b/qvisqve_secrets/__init__.py
diff --git a/salami_secrets/secrets.py b/qvisqve_secrets/secrets.py
index b469ed8..b469ed8 100644
--- a/salami_secrets/secrets.py
+++ b/qvisqve_secrets/secrets.py
diff --git a/salami_secrets/secrets_tests.py b/qvisqve_secrets/secrets_tests.py
index 1f1f970..e7cce87 100644
--- a/salami_secrets/secrets_tests.py
+++ b/qvisqve_secrets/secrets_tests.py
@@ -17,72 +17,72 @@
 import unittest
 
 
-import salami
+import qvisqve_secrets
 
 
 class SecretHasherTests(unittest.TestCase):
 
     def test_byte_string_survives_hex_roundtrip(self):
         byte_string = b'\x00\x02\x03'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         encoded = sh.hex_encode(byte_string)
         self.assertEqual(byte_string, sh.hex_decode(encoded))
 
     def test_returns_sufficiently_long_salt(self):
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         salt = sh.get_salt()
         self.assertTrue(len(salt) >= 8)
 
     def test_produces_a_hash(self):
         cleartext = 'hunter2'
         salt = b'nacl'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed = sh.hash(cleartext, salt)
         self.assertTrue(isinstance(hashed, dict))
 
     def test_produces_a_hash_with_salt(self):
         cleartext = 'hunter2'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed = sh.hash(cleartext)
         self.assertTrue(isinstance(hashed, dict))
 
     def test_produces_same_hash_for_same_input(self):
         cleartext = 'hunter2'
         salt = b'nacl'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed1 = sh.hash(cleartext, salt)
         hashed2 = sh.hash(cleartext, salt)
         self.assertEqual(hashed1, hashed2)
 
     def test_produces_different_hashes_for_different_cleartext(self):
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         salt = b'nacl'
         hashed1 = sh.hash('hunter2', salt)
         hashed2 = sh.hash('swordfish', salt)
         self.assertNotEqual(hashed1, hashed2)
 
     def test_produces_different_hashes_for_same_cleartext(self):
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed1 = sh.hash('hunter2', b'nacl')
         hashed2 = sh.hash('hunter2', b'nh4cl')
         self.assertNotEqual(hashed1, hashed2)
 
     def test_accepts_correct_password(self):
         cleartext = 'hunter2'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed = sh.hash(cleartext, b'nacl')
         self.assertTrue(sh.is_correct(hashed, cleartext))
 
     def test_rejects_incorrect_password(self):
         cleartext = 'swordfish'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed = sh.hash(cleartext, b'nacl')
         self.assertTrue(sh.is_correct(hashed, cleartext))
 
     def test_handles_parameter_changes(self):
         cleartext = 'hunter2'
         salt = b'nacl'
-        sh = salami.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         hashed = sh.hash(cleartext, salt)
         sh.set_n(2**1)
         self.assertTrue(sh.is_correct(hashed, cleartext))
diff --git a/salami.service b/salami.service
deleted file mode 100644
index f02e8bb..0000000
--- a/salami.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Salami OpenID Connect provider
-Requires=network.target
-After=network.target
-ConditionPathExists=/etc/salami/salami.yaml
-
-[Service]
-Type=simple
-User=_salami
-Group=_salami
-ExecStart=/usr/bin/start_salami /etc/salami/salami.yaml
-
-[Install]
-WantedBy=multi-user.target
diff --git a/setup.py b/setup.py
index 8a8bf9f..c85e2e8 100644
--- a/setup.py
+++ b/setup.py
@@ -18,15 +18,15 @@
 
 from setuptools import setup
 
-import salami
+import qvisqve
 
 
 setup(
-    name='salami',
-    version=salami.__version__,
+    name='qvisqve',
+    version=qvisqve.__version__,
     description='OpenID Connect provider',
     author='Lars Wirzenius',
     author_email='liw@qvarnlabs.com',
-    packages=['salami', 'salami_secrets'],
-    scripts=['start_salami', 'salami-hash', 'salami-get-token'],
+    packages=['qvisqve', 'qvisqve_secrets'],
+    scripts=['start_qvisqve', 'qvisqve-hash', 'qvisqve-get-token'],
 )
diff --git a/start_salami b/start_qvisqve
index 83a5a60..fb50dc5 100755
--- a/start_salami
+++ b/start_qvisqve
@@ -34,8 +34,8 @@ run_bottle()
 {
     set -eu
     local port="$(get "$config" gunicorn-port)"
-    export SALAMI_CONFIG="$1"
-    python3 -c "import salami; salami.create_app().run(host='127.0.0.1', port=$port)"
+    export QVISQVE_CONFIG="$1"
+    python3 -c "import qvisqve; qvisqve.create_app().run(host='127.0.0.1', port=$port)"
 }
 
 
@@ -69,8 +69,8 @@ run_gunicorn()
         opts="$opts --daemon"
     fi
 
-    export SALAMI_CONFIG="$config"
-    gunicorn3 $opts salami.backend:app
+    export QVISQVE_CONFIG="$config"
+    gunicorn3 $opts qvisqve.backend:app
 }
 
 
diff --git a/without-tests b/without-tests
index e093520..45ab43b 100644
--- a/without-tests
+++ b/without-tests
@@ -1,14 +1,15 @@
 setup.py
 doc/build.py
-salami/__init__.py
-salami/api.py
-salami/app.py
-salami/backend.py
-salami/log_setup.py
-salami/responses.py
-salami/router.py
-salami/token.py
-salami/token_router.py
-salami/version.py
-salami/version_router.py
+qvisqve/__init__.py
+qvisqve/api.py
+qvisqve/app.py
+qvisqve/backend.py
+qvisqve/log_setup.py
+qvisqve/responses.py
+qvisqve/router.py
+qvisqve/token.py
+qvisqve/token_router.py
+qvisqve/version.py
+qvisqve/version_router.py
+qvisqve_secrets/__init__.py
 yarns/lib.py
diff --git a/yarns/100-version.yarn b/yarns/100-version.yarn
index 7786ee0..af28837 100644
--- a/yarns/100-version.yarn
+++ b/yarns/100-version.yarn
@@ -1,5 +1,5 @@
 ---
-title: Salami integration tests
+title: Qvisqve integration tests
 author: Lars Wirzenius / QvarnLabs Ab
 date: work in progress
 ...
@@ -7,21 +7,22 @@ date: work in progress
 
 # Introduction
 
-This is an integration test suite for Salami, an authorization server.
+This is an integration test suite for Qvisqve, an authorization server
+and identity provider.
 
 
 # Version checking
 
-This scenario tests whether Salami reports it version. This is not
-useful as such, but it makes sure we can start and stop Salami, and
+This scenario tests whether Qvisqve reports it version. This is not
+useful as such, but it makes sure we can start and stop Qvisqve, and
 that all the request routing works, and so on.
 
-    SCENARIO Salami reports its version
+    SCENARIO Qvisqve reports its version
 
-    GIVEN a Salami configuration for "https://salami.example.com"
-    AND a running salami instance
+    GIVEN a Qvisqve configuration for "https://qvisqve.example.com"
+    AND a running Qvisqve instance
 
     WHEN client requests GET /version without token
     THEN HTTP status code is 200 OK
 
-    FINALLY salami is stopped
+    FINALLY Qvisqve is stopped
diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn
index 78b082c..f251c71 100644
--- a/yarns/200-client-creds.yarn
+++ b/yarns/200-client-creds.yarn
@@ -6,7 +6,7 @@ See [RFC8252][] for a description of the client credentials grant.
 [RFC8252]: https://tools.ietf.org/html/rfc8252
 
 In the client credentials grant flow, the API client makes the
-following request to the authentication server (Salami):
+following request to the authentication server:
 
     EXAMPLE client credentials access token request
     POST /token HTTP/1.1
@@ -20,13 +20,13 @@ The `USERPASS` has the client id and secret encoded as is usual for
 
 [HTTP Basic authentication]: https://en.wikipedia.org/wiki/Basic_access_authentication
 
-Salami checks the `grant_type` parameter, and extracts `USERPASS` to
+Qvisqve checks the `grant_type` parameter, and extracts `USERPASS` to
 get the client id and secret. It compares them against a static list
 of clients, which it reads at startup from its configuration file:
 
-    EXAMPLE Salami configuration file in YAML
+    EXAMPLE Qvisqve configuration file in YAML
     config:
-      issuer: https://salami.example.com
+      issuer: https://qvisqve.example.com
       lifetime: 3600
       signing_key: |
         -----BEGIN RSA PRIVATE KEY-----
@@ -48,18 +48,18 @@ of clients, which it reads at startup from its configuration file:
         - foo
         - bar
 
-Salami checks that the client id given by the client is found, and
+Qvisqve checks that the client id given by the client is found, and
 that the offered client secret matches what's in the configuration
 file for the client id. It also takes the list of requested scopes,
 and drops any requested scopes that are not in the list of allowed
 scopes (in the example, it drops `foobar`).
 
-If all these checks pass, Salami will create a JWT with the following
+If all these checks pass, Qvisqve will create a JWT with the following
 claims:
 
     EXAMPLE sample access token claims
     {
-        "iss": "https://salami.example.com",
+        "iss": "https://qvisqve.example.com",
         "sub": "",
         "aud": "test-api",
         "exp": 123456,
@@ -79,9 +79,9 @@ scopes, as described above.
     AND API client has secret "secrit"
     AND API client has allowed scopes "read write"
 
-    AND a Salami configuration for "https://salami.example.com"
-    AND Salami configuration has a token lifetime of 3600
-    AND a running Salami instance
+    AND a Qvisqve configuration for "https://qvisqve.example.com"
+    AND Qvisqve configuration has a token lifetime of 3600
+    AND a running Qvisqve instance
 
     WHEN client requests POST /token 
     ... with client_id "bigco", client_secret "secrit", and 
@@ -90,10 +90,10 @@ scopes, as described above.
     THEN HTTP status code is 200 OK
     AND Content-Type is application/json
     AND body is a correctly signed JWT token
-    AND token has claim iss as "https://salami.example.com"
+    AND token has claim iss as "https://qvisqve.example.com"
     AND token has claim sub as ""
     AND token has claim aud as "bigco"
     AND token has claim scope as "read write"
     AND token expires in an hour
 
-    FINALLY Salami is stopped
+    FINALLY Qvisqve is stopped
diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn
index 09add3c..d5492d0 100644
--- a/yarns/900-local.yarn
+++ b/yarns/900-local.yarn
@@ -17,9 +17,9 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 -->
 
-# Scenario step implementations for locally managed Salami
+# Scenario step implementations for locally managed Qvisqve
 
-## Configure Salami and its API client
+## Configure Qvisqve and its API client
 
     IMPLEMENTS GIVEN an API client "(\S+)"
     V['client_id'] = get_next_match()
@@ -31,10 +31,10 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     scopes = get_next_match()
     V['allowed_scopes'] = scopes.split()
 
-    IMPLEMENTS GIVEN a Salami configuration for "(.+)"
+    IMPLEMENTS GIVEN a Qvisqve configuration for "(.+)"
     V['iss'] = get_next_match()
 
-    IMPLEMENTS GIVEN Salami configuration has a token lifetime of (\d+)
+    IMPLEMENTS GIVEN Qvisqve configuration has a token lifetime of (\d+)
     V['lifetime'] = int(get_next_match())
 
 
@@ -58,13 +58,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     token = cliapp.runcmd(argv, feed_stdin=key)
     store_token(user, token)
 
-## Start Salami
+## Start Qvisqve
 
-    IMPLEMENTS GIVEN a running salami instance
-    start_salami()
+    IMPLEMENTS GIVEN a running Qvisqve instance
+    start_qvisqve()
     assert V['API_URL'] is not None
 
-## Stop a Salami we started
+## Stop a Qvisqve we started
 
-    IMPLEMENTS FINALLY salami is stopped
-    stop_salami()
+    IMPLEMENTS FINALLY Qvisqve is stopped
+    stop_qvisqve()
diff --git a/yarns/900-remote.yarn b/yarns/900-remote.yarn
index e4d8852..0f53b97 100644
--- a/yarns/900-remote.yarn
+++ b/yarns/900-remote.yarn
@@ -17,7 +17,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 -->
 
-# Scenario step implementations for remote Salami
+# Scenario step implementations for remote Qvisqve
 
 ## Authentication setup
 
@@ -36,11 +36,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     token = cliapp.runcmd(argv, feed_stdin=key)
     store_token(user, token)
 
-## Start and stop Salami
+## Start and stop Qvisqve
 
-    IMPLEMENTS GIVEN a running salami instance
+    IMPLEMENTS GIVEN a running Qvisqve instance
     V['API_URL'] = os.environ['API_URL']
     assert 0
 
-    IMPLEMENTS FINALLY salami is stopped
+    IMPLEMENTS FINALLY Qvisqve is stopped
     pass
diff --git a/yarns/lib.py b/yarns/lib.py
index 8379b16..a9e1b87 100644
--- a/yarns/lib.py
+++ b/yarns/lib.py
@@ -31,7 +31,7 @@ import yaml
 from yarnutils import *
 
 
-import salami_secrets
+import qvisqve_secrets
 
 
 srcdir = os.environ['SRCDIR']
@@ -162,21 +162,21 @@ def values_match(wanted, actual):
     return True
 
 
-def start_salami():
+def start_qvisqve():
     privkey, pubkey = create_token_signing_key_pair()
     open('key', 'w').write(privkey)
     V['aud'] = 'http://api.test.example.com'
     V['privkey'] = privkey
     V['pubkey'] = pubkey
-    V['api.log'] = 'salami.log'
+    V['api.log'] = 'qvisqve.log'
     V['gunicorn3.log'] = 'gunicorn3.log'
-    V['pid-file'] = 'salami.pid'
+    V['pid-file'] = 'qvisqve.pid'
     V['port'] = cliapp.runcmd([os.path.join(srcdir, 'randport' )]).strip()
     V['API_URL'] = 'http://127.0.0.1:{}'.format(V['port'])
 
     clients = {}
     if V['client_id'] and V['client_secret']:
-        sh = salami_secrets.SecretHasher()
+        sh = qvisqve_secrets.SecretHasher()
         clients = {
             V['client_id']: {
                 'client_secret': sh.hash(V['client_secret']),
@@ -201,11 +201,11 @@ def start_salami():
         'clients': clients,
     }
     env = dict(os.environ)
-    env['SALAMI_CONFIG'] = os.path.join(datadir, 'salami.yaml')
-    yaml.safe_dump(config, open(env['SALAMI_CONFIG'], 'w'))
+    env['QVISQVE_CONFIG'] = os.path.join(datadir, 'qvisqve.yaml')
+    yaml.safe_dump(config, open(env['QVISQVE_CONFIG'], 'w'))
     argv = [
-        os.path.join(srcdir, 'start_salami'),
-        env['SALAMI_CONFIG'],
+        os.path.join(srcdir, 'start_qvisqve'),
+        env['QVISQVE_CONFIG'],
     ]
     cliapp.runcmd(argv, env=env, stdout=None, stderr=None)
     until = time.time() + 2.0
@@ -214,7 +214,7 @@ def start_salami():
     assert os.path.exists(V['pid-file'])
 
 
-def stop_salami():
+def stop_qvisqve():
     filename = V['pid-file']
     if os.path.exists(filename):
         pid = int(cat(filename))