diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8938a25
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,10 @@
+obj-*
+debian/.debhelper/
+debian/*.debhelper
+debian/debhelper-build-stamp
+debian/*.debhelper.log
+debian/*.substvars
+debian/files
+debian/dawn/
+debian/changelog
+debian/tmp/
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..7779973
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,27 @@
+Source: dawn
+Section: net
+Priority: optional
+Maintainer: Berlin Open Wireless Lab <maintainers@example.org>
+Build-Depends: debhelper-compat (= 13),
+               cmake,
+               pkg-config,
+               libnl-3-dev,
+               libnl-genl-3-dev,
+               libjson-c-dev,
+               libubus-dev,
+               libubox-dev,
+               libiwinfo-dev,
+               libuci-dev,
+               libgcrypt20-dev
+Standards-Version: 4.7.0
+Homepage: https://github.com/berlin-open-wireless-lab/DAWN
+Rules-Requires-Root: no
+
+Package: dawn
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, ubus, ubusd
+Recommends: hostapd
+Description: Decentralized Wi-Fi controller (client steering, 802.11k/v helper)
+ DAWN is a decentralized Wi-Fi controller intended to steer clients to the
+ best AP. This package installs the dawn daemon and a systemd service.
+ Assumes ubus/ubusd are present. Hostapd integration is recommended.
diff --git a/debian/dawn.service b/debian/dawn.service
new file mode 100644
index 0000000..b9b6886
--- /dev/null
+++ b/debian/dawn.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=DAWN decentralized Wi-Fi controller
+Documentation=https://github.com/berlin-open-wireless-lab/DAWN
+After=network-online.target ubusd.service
+Wants=network-online.target ubusd.service
+
+[Service]
+Type=simple
+EnvironmentFile=-/etc/default/dawn
+User=dawn
+Group=dawn
+ExecStart=/usr/sbin/dawn $DAWN_OPTS
+Restart=on-failure
+RestartSec=3
+SupplementaryGroups=ubus
+
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+ReadOnlyPaths=/etc/dawn /run/ubus/ubus.sock
+ReadWritePaths=/var/lib/dawn
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/dawn.tmpfiles b/debian/dawn.tmpfiles
new file mode 100644
index 0000000..a19dabb
--- /dev/null
+++ b/debian/dawn.tmpfiles
@@ -0,0 +1,3 @@
+# Create runtime/state directories
+d /var/lib/dawn 0750 dawn dawn -
+d /etc/dawn     0750 root dawn -
diff --git a/debian/default/dawn b/debian/default/dawn
new file mode 100644
index 0000000..78a8a54
--- /dev/null
+++ b/debian/default/dawn
@@ -0,0 +1,5 @@
+# Extra flags for DAWN. Examples:
+#  -c /etc/dawn/dawn.json
+#  --log-level debug
+#  --ubus-socket /run/ubus.sock
+DAWN_OPTS="-c /etc/dawn/dawn.json"
diff --git a/debian/examples/dawn.json.example b/debian/examples/dawn.json.example
new file mode 100644
index 0000000..503128c
--- /dev/null
+++ b/debian/examples/dawn.json.example
@@ -0,0 +1,15 @@
+{
+  "ubus": {
+    "socket": "/run/ubus.sock",
+    "timeout_ms": 2000
+  },
+  "logging": {
+    "level": "info",
+    "syslog": true
+  },
+  "steering": {
+    "enabled": true,
+    "rssi_threshold": -72
+  }
+}
+
diff --git a/debian/generate-changelog.sh b/debian/generate-changelog.sh
new file mode 100755
index 0000000..93ed82b
--- /dev/null
+++ b/debian/generate-changelog.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cd "$(dirname "$0")/.."
+
+COMMIT_DATE=$(git log -1 --format='%cd' --date=format:'%Y%m%d' 2>/dev/null || echo '00000000')
+COMMIT_HASH=$(git log -1 --format='%h' 2>/dev/null || echo 'unknown')
+COMMIT_TIMESTAMP=$(git log -1 --format='%cd' --date=rfc2822 2>/dev/null || date -R)
+
+cat > debian/changelog <<EOF
+dawn (0.0.${COMMIT_DATE}) unstable; urgency=medium
+
+  * Latest version (${COMMIT_HASH})
+
+ -- Russ Dill <russ.dill@gmail.com>  ${COMMIT_TIMESTAMP}
+EOF
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..cf3d12a
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,3 @@
+debian/dawn.service lib/systemd/system/
+debian/default/dawn etc/default/
+debian/examples/dawn.json.example  usr/share/doc/dawn/examples/
diff --git a/debian/postinst b/debian/postinst
new file mode 100644
index 0000000..6d194f9
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,33 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+  configure)
+    if ! getent group dawn >/dev/null; then
+      addgroup --system dawn
+    fi
+    if ! id dawn >/dev/null 2>&1; then
+      adduser --system --ingroup dawn --home /var/lib/dawn --no-create-home \
+        --disabled-login --shell /usr/sbin/nologin dawn
+    fi
+
+    # Ensure dirs exist with right perms
+    install -d -o dawn -g dawn -m 0750 /var/lib/dawn
+    install -d -o root -g dawn -m 0750 /etc/dawn
+
+    # Drop a minimal config if none exists yet
+    if [ ! -e /etc/dawn/dawn.json ] && [ -f /usr/share/doc/dawn/examples/dawn.json.example ]; then
+      cp /usr/share/doc/dawn/examples/dawn.json.example /etc/dawn/dawn.json
+      chown root:dawn /etc/dawn/dawn.json
+      chmod 0640 /etc/dawn/dawn.json
+    fi
+
+    # Register tmpfiles + service (don’t auto-enable on install)
+    if command -v systemd-tmpfiles >/dev/null 2>&1; then
+      systemd-tmpfiles --create /usr/lib/tmpfiles.d/dawn.conf 2>/dev/null || true
+    fi
+    systemctl --system daemon-reload >/dev/null 2>&1 || true
+  ;;
+esac
+
+exit 0
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..7b5e893
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@ --buildsystem=cmake
+
+override_dh_auto_configure:
+	dh_auto_configure -- \
+	  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+	  -DDAWN_DEFAULT_CONFIG_DIR=/etc/dawn
+
+override_dh_installsystemd:
+	dh_installsystemd --name=dawn --no-enable --no-start
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..dd75d26
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=4
+# Fill this when you start tagging releases
diff --git a/src/include/multicastsocket.h b/src/include/multicastsocket.h
index 1624c21..984f307 100644
--- a/src/include/multicastsocket.h
+++ b/src/include/multicastsocket.h
@@ -1,5 +1,5 @@
 #ifndef __DAWN_MULTICASTSTSOCKET_H
-#define __DAWN_MULTICASTSSOCKET_H
+#define __DAWN_MULTICASTSTSOCKET_H
 
 #include <arpa/inet.h>
 
diff --git a/src/storage/datastorage.c b/src/storage/datastorage.c
index d254246..0184b50 100644
--- a/src/storage/datastorage.c
+++ b/src/storage/datastorage.c
@@ -1332,8 +1332,8 @@ void insert_macs_from_file() {
         }
     }
 
-    fclose(fp);
     dawn_unregmem(fp);
+    fclose(fp);
     if (line)
     {
         free(line);