From: Frank Brehm Date: Wed, 5 Dec 2012 08:42:32 +0000 (+0100) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=37bc33f05a76d13fdf0f7c4f95a1267f8c161e38;p=config%2Fhelga%2Fetc.git Current state --- diff --git a/DIR_COLORS b/DIR_COLORS index bb01137..ca474ae 100644 --- a/DIR_COLORS +++ b/DIR_COLORS @@ -55,6 +55,8 @@ TERM screen-w TERM screen.Eterm TERM screen.rxvt TERM screen.linux +TERM st +TERM st-256color TERM terminator TERM vt100 TERM xterm diff --git a/apache2/modules.d/47_mod_dav_svn.conf b/apache2/modules.d/47_mod_dav_svn.conf index df85f85..ab8906c 100644 --- a/apache2/modules.d/47_mod_dav_svn.conf +++ b/apache2/modules.d/47_mod_dav_svn.conf @@ -6,12 +6,12 @@ # Example configuration: # -# DAV svn -# SVNPath /var/svn/repos -# AuthType Basic -# AuthName "Subversion repository" -# AuthUserFile /var/svn/conf/svnusers -# Require valid-user +# DAV svn +# SVNPath ${SVN_REPOS_LOC}/repos +# AuthType Basic +# AuthName "Subversion repository" +# AuthUserFile ${SVN_REPOS_LOC}/conf/svnusers +# Require valid-user # diff --git a/auto.master b/auto.master deleted file mode 100644 index 9fe5609..0000000 --- a/auto.master +++ /dev/null @@ -1,23 +0,0 @@ -# -# Sample auto.master file -# This is an automounter map and it has the following format -# key [ -mount-options-separated-by-comma ] location -# For details of the format look at autofs(5). -# -/misc /etc/auto.misc -# -# NOTE: mounts done from a hosts map will be mounted with the -# "nosuid" and "nodev" options unless the "suid" and "dev" -# options are explicitly given. -# -/net -hosts -# -# Include central master map if it can be found using -# nsswitch sources. -# -# Note that if there are entries for /net or /misc (as -# above) in the included master map any keys that are the -# same will not be seen as the first read key seen takes -# precedence. -# -+auto.master diff --git a/auto.misc b/auto.misc deleted file mode 100644 index 0ee5e75..0000000 --- a/auto.misc +++ /dev/null @@ -1,15 +0,0 @@ -# -# This is an automounter map and it has the following format -# key [ -mount-options-separated-by-comma ] location -# Details may be found in the autofs(5) manpage - -cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom - -# the following entries are samples to pique your imagination -#linux -ro,soft,intr ftp.example.org:/pub/linux -#boot -fstype=ext2 :/dev/hda1 -#floppy -fstype=auto :/dev/fd0 -#floppy -fstype=ext2 :/dev/fd0 -#e2floppy -fstype=ext2 :/dev/fd0 -#jaz -fstype=ext2 :/dev/sdc1 -#removable -fstype=ext2 :/dev/hdd diff --git a/auto.net b/auto.net deleted file mode 100755 index ba03447..0000000 --- a/auto.net +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -# This file must be executable to work! chmod 755! - -# Look at what a host is exporting to determine what we can mount. -# This is very simple, but it appears to work surprisingly well - -key="$1" - -# add "nosymlink" here if you want to suppress symlinking local filesystems -# add "nonstrict" to make it OK for some filesystems to not mount -opts="-fstype=nfs,hard,intr,nodev,nosuid" - -# Showmount comes in a number of names and varieties. "showmount" is -# typically an older version which accepts the '--no-headers' flag -# but ignores it. "kshowmount" is the newer version installed with knfsd, -# which both accepts and acts on the '--no-headers' flag. -#SHOWMOUNT="kshowmount --no-headers -e $key" -#SHOWMOUNT="showmount -e $key | tail -n +2" - -for P in /bin /sbin /usr/bin /usr/sbin -do - for M in showmount kshowmount - do - if [ -x $P/$M ] - then - SMNT=$P/$M - break - fi - done -done - -[ -x $SMNT ] || exit 1 - -# Newer distributions get this right -SHOWMOUNT="$SMNT --no-headers -e $key" - -$SHOWMOUNT | LC_ALL=C sort -k 1 | \ - awk -v key="$key" -v opts="$opts" -- ' - BEGIN { ORS=""; first=1 } - { if (first) { print opts; first=0 }; print " \\\n\t" $1, key ":" $1 } - END { if (!first) print "\n"; else exit 1 } - ' | sed 's/#/\\#/g' diff --git a/auto.smb b/auto.smb deleted file mode 100755 index 2dfb8f8..0000000 --- a/auto.smb +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -# This file must be executable to work! chmod 755! - -key="$1" -opts="-fstype=cifs" - -for P in /bin /sbin /usr/bin /usr/sbin -do - if [ -x $P/smbclient ] - then - SMBCLIENT=$P/smbclient - break - fi -done - -[ -x $SMBCLIENT ] || exit 1 - -$SMBCLIENT -gNL $key 2>/dev/null| awk -v key="$key" -v opts="$opts" -F'|' -- ' - BEGIN { ORS=""; first=1 } - /Disk/ { - if (first) - print opts; first=0 - dir = $2 - loc = $2 - # Enclose mount dir and location in quotes - # Double quote "$" in location as it is special - gsub(/\$$/, "\\$", loc); - gsub(/\&/,"\\\\&",loc) - print " \\\n\t \"/" dir "\"", "\"://" key "/" loc "\"" - } - END { if (!first) print "\n"; else exit 1 } - ' - diff --git a/autofs_ldap_auth.conf b/autofs_ldap_auth.conf deleted file mode 100644 index 4033ba0..0000000 --- a/autofs_ldap_auth.conf +++ /dev/null @@ -1,11 +0,0 @@ - - - - diff --git a/bind/named.conf b/bind/named.conf index a545669..56cb07c 100644 --- a/bind/named.conf +++ b/bind/named.conf @@ -48,6 +48,17 @@ options { 2a01:238:4239:8a00:d4da:215d:3d01:f9b9; }; + allow-recursion { + 127.0.0.0/8; + 85.214.134.152; + 85.214.109.1; + 46.16.73.175; + 46.16.73.212; + ::1/128; + fe80::/10; + 2a01:238:4225:6e00:8f8c:808a:7fb8:88df; + }; + // if you have problems and are behind a firewall: //query-source address * port 53; pid-file "/var/run/named/named.pid"; diff --git a/conf.d/autofs b/conf.d/autofs index 491b3b0..6c8d9c7 100644 --- a/conf.d/autofs +++ b/conf.d/autofs @@ -117,7 +117,7 @@ BROWSE_MODE="no" # AUTH_CONF_FILE - set the default location for the SASL # authentication configuration file. # -#AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" +#AUTH_CONF_FILE="/etc/autofs/autofs_ldap_auth.conf" # # MAP_HASH_TABLE_SIZE - set the map cache hash table size. # Should be a power of 2 with a ratio roughly diff --git a/conf.d/consolefont b/conf.d/consolefont index 21c260f..f17baba 100644 --- a/conf.d/consolefont +++ b/conf.d/consolefont @@ -1,9 +1,10 @@ +# The consolefont service is not activated by default. If you need to +# use it, you should run "rc-update add consolefont boot" as root. +# # consolefont specifies the default font that you'd like Linux to use on the # console. You can find a good selection of fonts in /usr/share/consolefonts; # you shouldn't specify the trailing ".psf.gz", just the font name below. # To use the default console font, comment out the CONSOLEFONT setting below. -# This setting is used by the /etc/init.d/consolefont script (NOTE: if you do -# not want to use it, run "rc-update del consolefont boot" as root). consolefont="default8x16" # consoletranslation is the charset map file to use. Leave commented to use diff --git a/conf.d/dmesg b/conf.d/dmesg index eb065f2..cd4b8b3 100644 --- a/conf.d/dmesg +++ b/conf.d/dmesg @@ -1,3 +1,3 @@ # Sets the level at which logging of messages is done to the -# console. See dmesg(8) for more info. +# console. See dmesg(1) for more info. dmesg_level="1" diff --git a/conf.d/hwclock b/conf.d/hwclock index 4e66ff9..59bb732 100644 --- a/conf.d/hwclock +++ b/conf.d/hwclock @@ -1,22 +1,20 @@ # Set CLOCK to "UTC" if your Hardware Clock is set to UTC (also known as -# Greenwich Mean Time). If that clock is set to the local time, then -# set CLOCK to "local". Note that if you dual boot with Windows, then +# Greenwich Mean Time). If that clock is set to the local time, then +# set CLOCK to "local". Note that if you dual boot with Windows, then # you should set it to "local". clock="UTC" -# If you want to set the Hardware Clock to the current System Time -# (software clock) during shutdown, then say "YES" here. -# You normally don't need to do this if you run a ntp daemon. -clock_systohc="NO" +# If you want the hwclock script to set the system time (software clock) +# to match the current hardware clock during bootup, leave this +# commented out. +# However, you can set this to "NO" ifyou are running a modern kernel +# with CONFIG_RTC_HCTOSYS set to y and your hardware clock set to UTC. +#clock_hctosys="YES" + +# If you do not want to set the hardware clock to the current system +# time (software clock) during shutdown, set this to no. +#clock_systohc="YES" -# If you want to set the system time to the current hardware clock -# during bootup, then say "YES" here. You do not need this if you are -# running a modern kernel with CONFIG_RTC_HCTOSYS set to y. -# Also, be aware that if you set this to "NO", the system time will -# never be saved to the hardware clock unless you set -# clock_systohc="YES" above. -clock_hctosys="YES" - # If you wish to pass any other arguments to hwclock during bootup, # you may do so here. Alpha users may wish to use --arc or --srm here. clock_args="" diff --git a/conf.d/ip6tables b/conf.d/ip6tables index 93c0bc8..3bb3698 100644 --- a/conf.d/ip6tables +++ b/conf.d/ip6tables @@ -9,3 +9,11 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/conf.d/iptables b/conf.d/iptables index 91287de..7225374 100644 --- a/conf.d/iptables +++ b/conf.d/iptables @@ -9,3 +9,11 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/conf.d/keymaps b/conf.d/keymaps index 52bd111..6debfc9 100644 --- a/conf.d/keymaps +++ b/conf.d/keymaps @@ -13,7 +13,7 @@ windowkeys="YES" extended_keymaps="" #extended_keymaps="backspace keypad euro2" -# Tell dumpkeys(1) to interpret character action codes to be +# Tell dumpkeys(1) to interpret character action codes to be # from the specified character set. # This only matters if you set unicode="yes" in /etc/rc.conf. # For a list of valid sets, run `dumpkeys --help` @@ -22,4 +22,3 @@ dumpkeys_charset="" # Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € # To fix this, set to "yes" fix_euro="NO" - diff --git a/conf.d/netmount b/conf.d/netmount new file mode 100644 index 0000000..fc19fd4 --- /dev/null +++ b/conf.d/netmount @@ -0,0 +1,40 @@ +# You will need to set the dependencies in the netmount script to match +# the network configuration tools you are using. This should be done in +# this file by following the examples below, and not by changing the +# service script itself. +# +# Each of these examples is meant to be used separately. So, for +# example, do not set rc_need to something like "net.eth0 dhcpcd". +# +# If you are using newnet and configuring your interfaces with static +# addresses with the network script, you should use this setting. +# +#rc_need="network" +# +# If you are using oldnet, you must list the specific net.* services you +# need. +# +# This example assumes all of your netmounts can be reached on +# eth0. +# +#rc_need="net.eth0" +# +# This example assumes some of your netmounts are on eth1 and some +# are on eth2. +# +#rc_need="net.eth1 net.eth2" +# +# If you are using a dynamic network management tool like +# networkmanager, dhcpcd in standalone mode, wicd, badvpn-ncd, etc, to +# manage the network interfaces with the routes to your netmounts, you +# should list that tool. +# +#rc_need="networkmanager" +#rc_need="dhcpcd" +#rc_need="wicd" +# +# The default setting is designed to be backward compatible with our +# current setup, but you are highly discouraged from using this. In +# other words, please change it to be more suited to your system. +# +rc_need="net" diff --git a/conf.d/slapd b/conf.d/slapd index 13bbff9..ef19899 100644 --- a/conf.d/slapd +++ b/conf.d/slapd @@ -3,11 +3,6 @@ # To enable both the standard unciphered server and the ssl encrypted # one uncomment this line or set any other server starting options # you may desire. -# -# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -#OPTS="-h 'ldaps:/// ldap:/// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -# Uncomment the below to use the new slapd configuration for openldap 2.3 -#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" # If you have multiple slapd instances per #376699, this will provide a default config INSTANCE="openldap${SVCNAME#slapd}" diff --git a/conf.d/tmpfiles b/conf.d/tmpfiles new file mode 100644 index 0000000..c3f208f --- /dev/null +++ b/conf.d/tmpfiles @@ -0,0 +1,3 @@ +# Extra options for tmpfiles.sh +#tmpfiles_opts="--verbose" +tmpfiles_opts="" diff --git a/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf b/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf new file mode 100644 index 0000000..df85f85 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf @@ -0,0 +1,45 @@ + + LoadModule dav_svn_module modules/mod_dav_svn.so + + LoadModule authz_svn_module modules/mod_authz_svn.so + + +# Example configuration: +# +# DAV svn +# SVNPath /var/svn/repos +# AuthType Basic +# AuthName "Subversion repository" +# AuthUserFile /var/svn/conf/svnusers +# Require valid-user +# + + + DAV svn + SVNParentPath /var/lib/svn-repos + AuthType Basic + AuthName "Subversion repository" + AuthUserFile /etc/apache2/svnusers + + Require valid-user + + + + + DAV svn + SVNParentPath /var/lib/svn-repos-priv + AuthType Basic + AuthName "Subversion private repository" + AuthUserFile /etc/apache2/svnusers + + Require valid-user + + + + + SVNIndexXSLT /repo-browser/books/svnindex.xsl + + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist b/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist new file mode 100644 index 0000000..52d08b7 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist @@ -0,0 +1,16 @@ + +LoadModule dav_svn_module modules/mod_dav_svn.so + +LoadModule authz_svn_module modules/mod_authz_svn.so + + +# Example configuration: +# +# DAV svn +# SVNPath ${SVN_REPOS_LOC}/repos +# AuthType Basic +# AuthName "Subversion repository" +# AuthUserFile ${SVN_REPOS_LOC}/conf/svnusers +# Require valid-user +# + diff --git a/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist.new b/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist.new deleted file mode 100644 index 52d08b7..0000000 --- a/config-archive/etc/apache2/modules.d/47_mod_dav_svn.conf.dist.new +++ /dev/null @@ -1,16 +0,0 @@ - -LoadModule dav_svn_module modules/mod_dav_svn.so - -LoadModule authz_svn_module modules/mod_authz_svn.so - - -# Example configuration: -# -# DAV svn -# SVNPath ${SVN_REPOS_LOC}/repos -# AuthType Basic -# AuthName "Subversion repository" -# AuthUserFile ${SVN_REPOS_LOC}/conf/svnusers -# Require valid-user -# - diff --git a/config-archive/etc/conf.d/consolefont b/config-archive/etc/conf.d/consolefont new file mode 100644 index 0000000..21c260f --- /dev/null +++ b/config-archive/etc/conf.d/consolefont @@ -0,0 +1,17 @@ +# consolefont specifies the default font that you'd like Linux to use on the +# console. You can find a good selection of fonts in /usr/share/consolefonts; +# you shouldn't specify the trailing ".psf.gz", just the font name below. +# To use the default console font, comment out the CONSOLEFONT setting below. +# This setting is used by the /etc/init.d/consolefont script (NOTE: if you do +# not want to use it, run "rc-update del consolefont boot" as root). +consolefont="default8x16" + +# consoletranslation is the charset map file to use. Leave commented to use +# the default one. Have a look in /usr/share/consoletrans for a selection of +# map files you can use. +consoletranslation="8859-1_to_uni" + +# unicodemap is the unicode map file to use. Leave commented to use the +# default one. Have a look in /usr/share/unimaps for a selection of map files +# you can use. +#unicodemap="iso01" diff --git a/config-archive/etc/conf.d/consolefont.dist b/config-archive/etc/conf.d/consolefont.dist new file mode 100644 index 0000000..e01ae84 --- /dev/null +++ b/config-archive/etc/conf.d/consolefont.dist @@ -0,0 +1,18 @@ +# The consolefont service is not activated by default. If you need to +# use it, you should run "rc-update add consolefont boot" as root. +# +# consolefont specifies the default font that you'd like Linux to use on the +# console. You can find a good selection of fonts in /usr/share/consolefonts; +# you shouldn't specify the trailing ".psf.gz", just the font name below. +# To use the default console font, comment out the CONSOLEFONT setting below. +consolefont="default8x16" + +# consoletranslation is the charset map file to use. Leave commented to use +# the default one. Have a look in /usr/share/consoletrans for a selection of +# map files you can use. +#consoletranslation="8859-1_to_uni" + +# unicodemap is the unicode map file to use. Leave commented to use the +# default one. Have a look in /usr/share/unimaps for a selection of map files +# you can use. +#unicodemap="iso01" diff --git a/config-archive/etc/conf.d/keymaps b/config-archive/etc/conf.d/keymaps new file mode 100644 index 0000000..52bd111 --- /dev/null +++ b/config-archive/etc/conf.d/keymaps @@ -0,0 +1,25 @@ +# Use keymap to specify the default console keymap. There is a complete tree +# of keymaps in /usr/share/keymaps to choose from. +#keymap="us" +keymap="de-latin1-nodeadkeys" + +# Should we first load the 'windowkeys' console keymap? Most x86 users will +# say "yes" here. Note that non-x86 users should leave it as "no". +# Loading this keymap will enable VT switching (like ALT+Left/Right) +# using the special windows keys on the linux console. +windowkeys="YES" + +# The maps to load for extended keyboards. Most users will leave this as is. +extended_keymaps="" +#extended_keymaps="backspace keypad euro2" + +# Tell dumpkeys(1) to interpret character action codes to be +# from the specified character set. +# This only matters if you set unicode="yes" in /etc/rc.conf. +# For a list of valid sets, run `dumpkeys --help` +dumpkeys_charset="" + +# Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € +# To fix this, set to "yes" +fix_euro="NO" + diff --git a/config-archive/etc/conf.d/keymaps.dist b/config-archive/etc/conf.d/keymaps.dist new file mode 100644 index 0000000..35d5b89 --- /dev/null +++ b/config-archive/etc/conf.d/keymaps.dist @@ -0,0 +1,23 @@ +# Use keymap to specify the default console keymap. There is a complete tree +# of keymaps in /usr/share/keymaps to choose from. +keymap="us" + +# Should we first load the 'windowkeys' console keymap? Most x86 users will +# say "yes" here. Note that non-x86 users should leave it as "no". +# Loading this keymap will enable VT switching (like ALT+Left/Right) +# using the special windows keys on the linux console. +windowkeys="YES" + +# The maps to load for extended keyboards. Most users will leave this as is. +extended_keymaps="" +#extended_keymaps="backspace keypad euro2" + +# Tell dumpkeys(1) to interpret character action codes to be +# from the specified character set. +# This only matters if you set unicode="yes" in /etc/rc.conf. +# For a list of valid sets, run `dumpkeys --help` +dumpkeys_charset="" + +# Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € +# To fix this, set to "yes" +fix_euro="NO" diff --git a/config-archive/etc/conf.d/slapd b/config-archive/etc/conf.d/slapd new file mode 100644 index 0000000..13bbff9 --- /dev/null +++ b/config-archive/etc/conf.d/slapd @@ -0,0 +1,31 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. +# +# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +#OPTS="-h 'ldaps:/// ldap:/// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Uncomment the below to use the new slapd configuration for openldap 2.3 +#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/config-archive/etc/conf.d/slapd.dist b/config-archive/etc/conf.d/slapd.dist new file mode 100644 index 0000000..ef19899 --- /dev/null +++ b/config-archive/etc/conf.d/slapd.dist @@ -0,0 +1,26 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/config-archive/etc/courier/authlib/authdaemonrc b/config-archive/etc/courier/authlib/authdaemonrc new file mode 100644 index 0000000..f11ec92 --- /dev/null +++ b/config-archive/etc/courier/authlib/authdaemonrc @@ -0,0 +1,103 @@ +##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ +# +# Copyright 2000-2005 Double Precision, Inc. See COPYING for +# distribution information. +# +# authdaemonrc created from authdaemonrc.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# This file configures authdaemond, the resident authentication daemon. +# +# Comments in this file are ignored. Although this file is intended to +# be sourced as a shell script, authdaemond parses it manually, so +# the acceptable syntax is a bit limited. Multiline variable contents, +# with the \ continuation character, are not allowed. Everything must +# fit on one line. Do not use any additional whitespace for indentation, +# or anything else. + +##NAME: authmodulelist:2 +# +# The authentication modules that are linked into authdaemond. The +# default list is installed. You may selectively disable modules simply +# by removing them from the following list. The available modules you +# can use are: authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe + +authmodulelist="authmysql authpam" + +##NAME: authmodulelistorig:3 +# +# This setting is used by Courier's webadmin module, and should be left +# alone + +authmodulelistorig="authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe" + +##NAME: daemons:0 +# +# The number of daemon processes that are started. authdaemon is typically +# installed where authentication modules are relatively expensive: such +# as authldap, or authmysql, so it's better to have a number of them running. +# PLEASE NOTE: Some platforms may experience a problem if there's more than +# one daemon. Specifically, SystemV derived platforms that use TLI with +# socket emulation. I'm suspicious of TLI's ability to handle multiple +# processes accepting connections on the same filesystem domain socket. +# +# You may need to increase daemons if as your system load increases. Symptoms +# include sporadic authentication failures. If you start getting +# authentication failures, increase daemons. However, the default of 5 +# SHOULD be sufficient. Bumping up daemon count is only a short-term +# solution. The permanent solution is to add more resources: RAM, faster +# disks, faster CPUs... + +daemons=5 + +##NAME: authdaemonvar:2 +# +# authdaemonvar is here, but is not used directly by authdaemond. It's +# used by various configuration and build scripts, so don't touch it! + +authdaemonvar=/var/lib/courier/authdaemon + +##NAME: DEBUG_LOGIN:0 +# +# Dump additional diagnostics to syslog +# +# DEBUG_LOGIN=0 - turn off debugging +# DEBUG_LOGIN=1 - turn on debugging +# DEBUG_LOGIN=2 - turn on debugging + log passwords too +# +# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. +# +# Note that most information is sent to syslog at level 'debug', so +# you may need to modify your /etc/syslog.conf to be able to see it. + +DEBUG_LOGIN=0 + +##NAME: DEFAULTOPTIONS:0 +# +# A comma-separated list of option=value pairs. Each option is applied +# to an account if the account does not have its own specific value for +# that option. So for example, you can set +# DEFAULTOPTIONS="disablewebmail=1,disableimap=1" +# and then enable webmail and/or imap on individual accounts by setting +# disablewebmail=0 and/or disableimap=0 on the account. + +DEFAULTOPTIONS="" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options, e.g. to set syslog facility +# + +LOGGEROPTS="" + +##NAME: LDAP_TLS_OPTIONS:0 +# +# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. +# Examples: +# +#LDAPTLS_CACERT=/path/to/cacert.pem +#LDAPTLS_REQCERT=demand +#LDAPTLS_CERT=/path/to/clientcert.pem +#LDAPTLS_KEY=/path/to/clientkey.pem diff --git a/config-archive/etc/courier/authlib/authdaemonrc.dist b/config-archive/etc/courier/authlib/authdaemonrc.dist new file mode 100644 index 0000000..c382447 --- /dev/null +++ b/config-archive/etc/courier/authlib/authdaemonrc.dist @@ -0,0 +1,103 @@ +##VERSION: $Id: authdaemonrc.in 17 2011-04-04 02:07:37Z mrsam $ +# +# Copyright 2000-2005 Double Precision, Inc. See COPYING for +# distribution information. +# +# authdaemonrc created from authdaemonrc.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# This file configures authdaemond, the resident authentication daemon. +# +# Comments in this file are ignored. Although this file is intended to +# be sourced as a shell script, authdaemond parses it manually, so +# the acceptable syntax is a bit limited. Multiline variable contents, +# with the \ continuation character, are not allowed. Everything must +# fit on one line. Do not use any additional whitespace for indentation, +# or anything else. + +##NAME: authmodulelist:2 +# +# The authentication modules that are linked into authdaemond. The +# default list is installed. You may selectively disable modules simply +# by removing them from the following list. The available modules you +# can use are: authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe + +authmodulelist="authmysql " + +##NAME: authmodulelistorig:3 +# +# This setting is used by Courier's webadmin module, and should be left +# alone + +authmodulelistorig="authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe" + +##NAME: daemons:0 +# +# The number of daemon processes that are started. authdaemon is typically +# installed where authentication modules are relatively expensive: such +# as authldap, or authmysql, so it's better to have a number of them running. +# PLEASE NOTE: Some platforms may experience a problem if there's more than +# one daemon. Specifically, SystemV derived platforms that use TLI with +# socket emulation. I'm suspicious of TLI's ability to handle multiple +# processes accepting connections on the same filesystem domain socket. +# +# You may need to increase daemons if as your system load increases. Symptoms +# include sporadic authentication failures. If you start getting +# authentication failures, increase daemons. However, the default of 5 +# SHOULD be sufficient. Bumping up daemon count is only a short-term +# solution. The permanent solution is to add more resources: RAM, faster +# disks, faster CPUs... + +daemons=5 + +##NAME: authdaemonvar:2 +# +# authdaemonvar is here, but is not used directly by authdaemond. It's +# used by various configuration and build scripts, so don't touch it! + +authdaemonvar=/var/lib/courier/authdaemon + +##NAME: DEBUG_LOGIN:0 +# +# Dump additional diagnostics to syslog +# +# DEBUG_LOGIN=0 - turn off debugging +# DEBUG_LOGIN=1 - turn on debugging +# DEBUG_LOGIN=2 - turn on debugging + log passwords too +# +# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. +# +# Note that most information is sent to syslog at level 'debug', so +# you may need to modify your /etc/syslog.conf to be able to see it. + +DEBUG_LOGIN=0 + +##NAME: DEFAULTOPTIONS:0 +# +# A comma-separated list of option=value pairs. Each option is applied +# to an account if the account does not have its own specific value for +# that option. So for example, you can set +# DEFAULTOPTIONS="disablewebmail=1,disableimap=1" +# and then enable webmail and/or imap on individual accounts by setting +# disablewebmail=0 and/or disableimap=0 on the account. + +DEFAULTOPTIONS="" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options, e.g. to set syslog facility +# + +LOGGEROPTS="" + +##NAME: LDAP_TLS_OPTIONS:0 +# +# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. +# Examples: +# +#LDAPTLS_CACERT=/path/to/cacert.pem +#LDAPTLS_REQCERT=demand +#LDAPTLS_CERT=/path/to/clientcert.pem +#LDAPTLS_KEY=/path/to/clientkey.pem diff --git a/config-archive/etc/courier/authlib/authdaemonrc.dist.new b/config-archive/etc/courier/authlib/authdaemonrc.dist.new deleted file mode 100644 index 9dba818..0000000 --- a/config-archive/etc/courier/authlib/authdaemonrc.dist.new +++ /dev/null @@ -1,103 +0,0 @@ -##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ -# -# Copyright 2000-2005 Double Precision, Inc. See COPYING for -# distribution information. -# -# authdaemonrc created from authdaemonrc.dist by sysconftool -# -# Do not alter lines that begin with ##, they are used when upgrading -# this configuration. -# -# This file configures authdaemond, the resident authentication daemon. -# -# Comments in this file are ignored. Although this file is intended to -# be sourced as a shell script, authdaemond parses it manually, so -# the acceptable syntax is a bit limited. Multiline variable contents, -# with the \ continuation character, are not allowed. Everything must -# fit on one line. Do not use any additional whitespace for indentation, -# or anything else. - -##NAME: authmodulelist:2 -# -# The authentication modules that are linked into authdaemond. The -# default list is installed. You may selectively disable modules simply -# by removing them from the following list. The available modules you -# can use are: authuserdb authpam authshadow authldap authmysql authcustom authpipe - -authmodulelist="authmysql " - -##NAME: authmodulelistorig:3 -# -# This setting is used by Courier's webadmin module, and should be left -# alone - -authmodulelistorig="authuserdb authpam authshadow authldap authmysql authcustom authpipe" - -##NAME: daemons:0 -# -# The number of daemon processes that are started. authdaemon is typically -# installed where authentication modules are relatively expensive: such -# as authldap, or authmysql, so it's better to have a number of them running. -# PLEASE NOTE: Some platforms may experience a problem if there's more than -# one daemon. Specifically, SystemV derived platforms that use TLI with -# socket emulation. I'm suspicious of TLI's ability to handle multiple -# processes accepting connections on the same filesystem domain socket. -# -# You may need to increase daemons if as your system load increases. Symptoms -# include sporadic authentication failures. If you start getting -# authentication failures, increase daemons. However, the default of 5 -# SHOULD be sufficient. Bumping up daemon count is only a short-term -# solution. The permanent solution is to add more resources: RAM, faster -# disks, faster CPUs... - -daemons=5 - -##NAME: authdaemonvar:2 -# -# authdaemonvar is here, but is not used directly by authdaemond. It's -# used by various configuration and build scripts, so don't touch it! - -authdaemonvar=/var/lib/courier/authdaemon - -##NAME: DEBUG_LOGIN:0 -# -# Dump additional diagnostics to syslog -# -# DEBUG_LOGIN=0 - turn off debugging -# DEBUG_LOGIN=1 - turn on debugging -# DEBUG_LOGIN=2 - turn on debugging + log passwords too -# -# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. -# -# Note that most information is sent to syslog at level 'debug', so -# you may need to modify your /etc/syslog.conf to be able to see it. - -DEBUG_LOGIN=0 - -##NAME: DEFAULTOPTIONS:0 -# -# A comma-separated list of option=value pairs. Each option is applied -# to an account if the account does not have its own specific value for -# that option. So for example, you can set -# DEFAULTOPTIONS="disablewebmail=1,disableimap=1" -# and then enable webmail and/or imap on individual accounts by setting -# disablewebmail=0 and/or disableimap=0 on the account. - -DEFAULTOPTIONS="" - -##NAME: LOGGEROPTS:0 -# -# courierlogger(1) options, e.g. to set syslog facility -# - -LOGGEROPTS="" - -##NAME: LDAP_TLS_OPTIONS:0 -# -# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. -# Examples: -# -#LDAPTLS_CACERT=/path/to/cacert.pem -#LDAPTLS_REQCERT=demand -#LDAPTLS_CERT=/path/to/clientcert.pem -#LDAPTLS_KEY=/path/to/clientkey.pem diff --git a/config-archive/etc/courier/authlib/authmysqlrc b/config-archive/etc/courier/authlib/authmysqlrc new file mode 100644 index 0000000..eba3f98 --- /dev/null +++ b/config-archive/etc/courier/authlib/authmysqlrc @@ -0,0 +1,297 @@ +##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $ +# +# Copyright 2000-2007 Double Precision, Inc. See COPYING for +# distribution information. +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# authmysqlrc created from authmysqlrc.dist by sysconftool +# +# DO NOT INSTALL THIS FILE with world read permissions. This file +# might contain the MySQL admin password! +# +# Each line in this file must follow the following format: +# +# field[spaces|tabs]value +# +# That is, the name of the field, followed by spaces or tabs, followed by +# field value. Trailing spaces are prohibited. + + +##NAME: LOCATION:0 +# +# The server name, userid, and password used to log in. +# +#MYSQL_SERVER mysql.example.com +#MYSQL_USERNAME admin +#MYSQL_PASSWORD admin +# + +MYSQL_SERVER localhost +MYSQL_USERNAME vmail +MYSQL_PASSWORD Pee5au0T + +##NAME: SSLINFO:0 +# +# The SSL information. +# +# To use SSL-encrypted connections, define the following variables (available +# in MySQL 4.0, or higher): +# +# +# MYSQL_SSL_KEY /path/to/file +# MYSQL_SSL_CERT /path/to/file +# MYSQL_SSL_CACERT /path/to/file +# MYSQL_SSL_CAPATH /path/to/file +# MYSQL_SSL_CIPHERS ALL:!DES + +##NAME: MYSQL_SOCKET:0 +# +# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the +# filesystem pipe used for the connection +# +MYSQL_SOCKET /var/run/mysqld/mysqld.sock + +##NAME: MYSQL_PORT:0 +# +# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to +# connect to. + +MYSQL_PORT 0 + +##NAME: MYSQL_OPT:0 +# +# Leave MYSQL_OPT as 0, unless you know what you're doing. + +MYSQL_OPT 0 + +##NAME: MYSQL_DATABASE:0 +# +# The name of the MySQL database we will open: + +MYSQL_DATABASE vmail + +#NAME: MYSQL_CHARACTER_SET:0 +# +# This is optional. MYSQL_CHARACTER_SET installs a character set. This option +# can be used with MySQL version 4.1 or later. MySQL supports 70+ collations +# for 30+ character sets. See MySQL documentations for more detalis. +# +# MYSQL_CHARACTER_SET latin1 + +##NAME: MYSQL_USER_TABLE:0 +# +# The name of the table containing your user data. See README.authmysqlrc +# for the required fields in this table. + +MYSQL_USER_TABLE users + +##NAME: MYSQL_CRYPT_PWFIELD:0 +# +# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both +# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext +# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow +# CRAM-MD5 authentication to be implemented. + +#MYSQL_CRYPT_PWFIELD crypt + +##NAME: MYSQL_CLEAR_PWFIELD:0 +# +# +MYSQL_CLEAR_PWFIELD clear + +##NAME: MYSQL_DEFAULT_DOMAIN:0 +# +# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', +# we will look up 'user@DEFAULT_DOMAIN' instead. +# +# +# DEFAULT_DOMAIN example.com + +##NAME: MYSQL_UID_FIELD:0 +# +# Other fields in the mysql table: +# +# MYSQL_UID_FIELD - contains the numerical userid of the account +# +MYSQL_UID_FIELD uid + +##NAME: MYSQL_GID_FIELD:0 +# +# Numerical groupid of the account + +MYSQL_GID_FIELD gid + +##NAME: MYSQL_LOGIN_FIELD:0 +# +# The login id, default is id. Basically the query is: +# +# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid' +# + +MYSQL_LOGIN_FIELD email + +##NAME: MYSQL_HOME_FIELD:0 +# + +MYSQL_HOME_FIELD homedir + +##NAME: MYSQL_NAME_FIELD:0 +# +# The user's name (optional) + +MYSQL_NAME_FIELD name + +##NAME: MYSQL_MAILDIR_FIELD:0 +# +# This is an optional field, and can be used to specify an arbitrary +# location of the maildir for the account, which normally defaults to +# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD). +# +# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this +# out. +# +MYSQL_MAILDIR_FIELD maildir + +##NAME: MYSQL_DEFAULTDELIVERY:0 +# +# Courier mail server only: optional field specifies custom mail delivery +# instructions for this account (if defined) -- essentially overrides +# DEFAULTDELIVERY from ${sysconfdir}/courierd +# +# MYSQL_DEFAULTDELIVERY defaultdelivery + +##NAME: MYSQL_QUOTA_FIELD:0 +# +# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally +# specify a maildir quota. See README.maildirquota for more information +# +MYSQL_QUOTA_FIELD quota + +##NAME: MYSQL_AUXOPTIONS:0 +# +# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that +# contains a single string consisting of comma-separated "ATTRIBUTE=NAME" +# pairs. These names are additional attributes that define various per-account +# "options", as given in INSTALL's description of the "Account OPTIONS" +# setting. +# +# MYSQL_AUXOPTIONS_FIELD auxoptions +# +# You might want to try something like this, if you'd like to use a bunch +# of individual fields, instead of a single text blob: +# +# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup) +# +# This will let you define fields called "disableimap", etc, with the end result +# being something that the OPTIONS parser understands. + + +##NAME: MYSQL_WHERE_CLAUSE:0 +# +# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary +# fixed string that is appended to the WHERE clause of our query +# +MYSQL_WHERE_CLAUSE enabled='y' + +##NAME: MYSQL_SELECT_CLAUSE:0 +# +# (EXPERIMENTAL) +# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database, +# which is structuraly different from proposed. The fixed string will +# be used to do a SELECT operation on database, which should return fields +# in order specified bellow: +# +# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options +# +# The username field should include the domain (see example below). +# +# Enabling this option causes ignorance of any other field-related +# options, excluding default domain. +# +# There are two variables, which you can use. Substitution will be made +# for them, so you can put entered username (local part) and domain name +# in the right place of your query. These variables are: +# $(local_part), $(domain), $(service) +# +# If a $(domain) is empty (not given by the remote user) the default domain +# name is used in its place. +# +# $(service) will expand out to the service being authenticated: imap, imaps, +# pop3 or pop3s. Courier mail server only: service will also expand out to +# "courier", when searching for local mail account's location. In this case, +# if the "maildir" field is not empty it will be used in place of +# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing +# authenticated ESMTP. +# +# This example is a little bit modified adaptation of vmail-sql +# database scheme: +# +# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ +# CONCAT('{MD5}', popbox.password_hash), \ +# popbox.clearpw, \ +# domain.uid, \ +# domain.gid, \ +# CONCAT(domain.path, '/', popbox.mbox_name), \ +# '', \ +# domain.quota, \ +# '', \ +# CONCAT("disableimap=",disableimap,",disablepop3=", \ +# disablepop3,",disablewebmail=",disablewebmail, \ +# ",sharedgroup=",sharedgroup) \ +# FROM popbox, domain \ +# WHERE popbox.local_part = '$(local_part)' \ +# AND popbox.domain_name = '$(domain)' \ +# AND popbox.domain_name = domain.domain_name + + +##NAME: MYSQL_ENUMERATE_CLAUSE:1 +# +# {EXPERIMENTAL} +# Optional custom SQL query used to enumerate accounts for authenumerate, +# in order to compile a list of accounts for shared folders. The query +# should return the following fields: name, uid, gid, homedir, maildir, options +# +# Example: +# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ +# domain.uid, \ +# domain.gid, \ +# CONCAT(domain.path, '/', popbox.mbox_name), \ +# '', \ +# CONCAT('sharedgroup=', sharedgroup) \ +# FROM popbox, domain \ +# WHERE popbox.local_part = '$(local_part)' \ +# AND popbox.domain_name = '$(domain)' \ +# AND popbox.domain_name = domain.domain_name + + + +##NAME: MYSQL_CHPASS_CLAUSE:0 +# +# (EXPERIMENTAL) +# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database, +# which is structuraly different from proposed. The fixed string will +# be used to do an UPDATE operation on database. In other words, it is +# used, when changing password. +# +# There are four variables, which you can use. Substitution will be made +# for them, so you can put entered username (local part) and domain name +# in the right place of your query. There variables are: +# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) +# +# If a $(domain) is empty (not given by the remote user) the default domain +# name is used in its place. +# $(newpass) contains plain password +# $(newpass_crypt) contains its crypted form +# +# MYSQL_CHPASS_CLAUSE UPDATE popbox \ +# SET clearpw='$(newpass)', \ +# password_hash='$(newpass_crypt)' \ +# WHERE local_part='$(local_part)' \ +# AND domain_name='$(domain)' +# + +MYSQL_CHPASS_CLAUSE UPDATE users \ + SET clear='$(newpass)' \ + WHERE email='$(local_part)@$(domain)' diff --git a/config-archive/etc/courier/authlib/authmysqlrc.dist b/config-archive/etc/courier/authlib/authmysqlrc.dist new file mode 100644 index 0000000..c2640c5 --- /dev/null +++ b/config-archive/etc/courier/authlib/authmysqlrc.dist @@ -0,0 +1,288 @@ +##VERSION: $Id: authmysqlrc 17 2011-04-04 02:07:37Z mrsam $ +# +# Copyright 2000-2007 Double Precision, Inc. See COPYING for +# distribution information. +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# authmysqlrc created from authmysqlrc.dist by sysconftool +# +# DO NOT INSTALL THIS FILE with world read permissions. This file +# might contain the MySQL admin password! +# +# Each line in this file must follow the following format: +# +# field[spaces|tabs]value +# +# That is, the name of the field, followed by spaces or tabs, followed by +# field value. Trailing spaces are prohibited. + + +##NAME: LOCATION:0 +# +# The server name, userid, and password used to log in. + +MYSQL_SERVER mysql.example.com +MYSQL_USERNAME admin +MYSQL_PASSWORD admin + +##NAME: SSLINFO:0 +# +# The SSL information. +# +# To use SSL-encrypted connections, define the following variables (available +# in MySQL 4.0, or higher): +# +# +# MYSQL_SSL_KEY /path/to/file +# MYSQL_SSL_CERT /path/to/file +# MYSQL_SSL_CACERT /path/to/file +# MYSQL_SSL_CAPATH /path/to/file +# MYSQL_SSL_CIPHERS ALL:!DES + +##NAME: MYSQL_SOCKET:0 +# +# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the +# filesystem pipe used for the connection +# +# MYSQL_SOCKET /var/mysql/mysql.sock + +##NAME: MYSQL_PORT:0 +# +# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to +# connect to. + +MYSQL_PORT 0 + +##NAME: MYSQL_OPT:0 +# +# Leave MYSQL_OPT as 0, unless you know what you're doing. + +MYSQL_OPT 0 + +##NAME: MYSQL_DATABASE:0 +# +# The name of the MySQL database we will open: + +MYSQL_DATABASE mysql + +#NAME: MYSQL_CHARACTER_SET:0 +# +# This is optional. MYSQL_CHARACTER_SET installs a character set. This option +# can be used with MySQL version 4.1 or later. MySQL supports 70+ collations +# for 30+ character sets. See MySQL documentations for more detalis. +# +# MYSQL_CHARACTER_SET latin1 + +##NAME: MYSQL_USER_TABLE:0 +# +# The name of the table containing your user data. See README.authmysqlrc +# for the required fields in this table. + +MYSQL_USER_TABLE passwd + +##NAME: MYSQL_CRYPT_PWFIELD:0 +# +# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both +# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext +# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow +# CRAM-MD5 authentication to be implemented. + +MYSQL_CRYPT_PWFIELD crypt + +##NAME: MYSQL_CLEAR_PWFIELD:0 +# +# +# MYSQL_CLEAR_PWFIELD clear + +##NAME: MYSQL_DEFAULT_DOMAIN:0 +# +# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', +# we will look up 'user@DEFAULT_DOMAIN' instead. +# +# +# DEFAULT_DOMAIN example.com + +##NAME: MYSQL_UID_FIELD:0 +# +# Other fields in the mysql table: +# +# MYSQL_UID_FIELD - contains the numerical userid of the account +# +MYSQL_UID_FIELD uid + +##NAME: MYSQL_GID_FIELD:0 +# +# Numerical groupid of the account + +MYSQL_GID_FIELD gid + +##NAME: MYSQL_LOGIN_FIELD:0 +# +# The login id, default is id. Basically the query is: +# +# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid' +# + +MYSQL_LOGIN_FIELD id + +##NAME: MYSQL_HOME_FIELD:0 +# + +MYSQL_HOME_FIELD home + +##NAME: MYSQL_NAME_FIELD:0 +# +# The user's name (optional) + +MYSQL_NAME_FIELD name + +##NAME: MYSQL_MAILDIR_FIELD:0 +# +# This is an optional field, and can be used to specify an arbitrary +# location of the maildir for the account, which normally defaults to +# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD). +# +# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this +# out. +# +# MYSQL_MAILDIR_FIELD maildir + +##NAME: MYSQL_DEFAULTDELIVERY:0 +# +# Courier mail server only: optional field specifies custom mail delivery +# instructions for this account (if defined) -- essentially overrides +# DEFAULTDELIVERY from ${sysconfdir}/courierd +# +# MYSQL_DEFAULTDELIVERY defaultdelivery + +##NAME: MYSQL_QUOTA_FIELD:0 +# +# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally +# specify a maildir quota. See README.maildirquota for more information +# +# MYSQL_QUOTA_FIELD quota + +##NAME: MYSQL_AUXOPTIONS:0 +# +# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that +# contains a single string consisting of comma-separated "ATTRIBUTE=NAME" +# pairs. These names are additional attributes that define various per-account +# "options", as given in INSTALL's description of the "Account OPTIONS" +# setting. +# +# MYSQL_AUXOPTIONS_FIELD auxoptions +# +# You might want to try something like this, if you'd like to use a bunch +# of individual fields, instead of a single text blob: +# +# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup) +# +# This will let you define fields called "disableimap", etc, with the end result +# being something that the OPTIONS parser understands. + + +##NAME: MYSQL_WHERE_CLAUSE:0 +# +# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary +# fixed string that is appended to the WHERE clause of our query +# +# MYSQL_WHERE_CLAUSE server='mailhost.example.com' + +##NAME: MYSQL_SELECT_CLAUSE:0 +# +# (EXPERIMENTAL) +# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database, +# which is structuraly different from proposed. The fixed string will +# be used to do a SELECT operation on database, which should return fields +# in order specified bellow: +# +# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options +# +# The username field should include the domain (see example below). +# +# Enabling this option causes ignorance of any other field-related +# options, excluding default domain. +# +# There are two variables, which you can use. Substitution will be made +# for them, so you can put entered username (local part) and domain name +# in the right place of your query. These variables are: +# $(local_part), $(domain), $(service) +# +# If a $(domain) is empty (not given by the remote user) the default domain +# name is used in its place. +# +# $(service) will expand out to the service being authenticated: imap, imaps, +# pop3 or pop3s. Courier mail server only: service will also expand out to +# "courier", when searching for local mail account's location. In this case, +# if the "maildir" field is not empty it will be used in place of +# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing +# authenticated ESMTP. +# +# This example is a little bit modified adaptation of vmail-sql +# database scheme: +# +# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ +# CONCAT('{MD5}', popbox.password_hash), \ +# popbox.clearpw, \ +# domain.uid, \ +# domain.gid, \ +# CONCAT(domain.path, '/', popbox.mbox_name), \ +# '', \ +# domain.quota, \ +# '', \ +# CONCAT("disableimap=",disableimap,",disablepop3=", \ +# disablepop3,",disablewebmail=",disablewebmail, \ +# ",sharedgroup=",sharedgroup) \ +# FROM popbox, domain \ +# WHERE popbox.local_part = '$(local_part)' \ +# AND popbox.domain_name = '$(domain)' \ +# AND popbox.domain_name = domain.domain_name + + +##NAME: MYSQL_ENUMERATE_CLAUSE:1 +# +# {EXPERIMENTAL} +# Optional custom SQL query used to enumerate accounts for authenumerate, +# in order to compile a list of accounts for shared folders. The query +# should return the following fields: name, uid, gid, homedir, maildir, options +# +# Example: +# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ +# domain.uid, \ +# domain.gid, \ +# CONCAT(domain.path, '/', popbox.mbox_name), \ +# '', \ +# CONCAT('sharedgroup=', sharedgroup) \ +# FROM popbox, domain \ +# WHERE popbox.local_part = '$(local_part)' \ +# AND popbox.domain_name = '$(domain)' \ +# AND popbox.domain_name = domain.domain_name + + + +##NAME: MYSQL_CHPASS_CLAUSE:0 +# +# (EXPERIMENTAL) +# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database, +# which is structuraly different from proposed. The fixed string will +# be used to do an UPDATE operation on database. In other words, it is +# used, when changing password. +# +# There are four variables, which you can use. Substitution will be made +# for them, so you can put entered username (local part) and domain name +# in the right place of your query. There variables are: +# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) +# +# If a $(domain) is empty (not given by the remote user) the default domain +# name is used in its place. +# $(newpass) contains plain password +# $(newpass_crypt) contains its crypted form +# +# MYSQL_CHPASS_CLAUSE UPDATE popbox \ +# SET clearpw='$(newpass)', \ +# password_hash='$(newpass_crypt)' \ +# WHERE local_part='$(local_part)' \ +# AND domain_name='$(domain)' +# diff --git a/config-archive/etc/courier/authlib/authmysqlrc.dist.new b/config-archive/etc/courier/authlib/authmysqlrc.dist.new deleted file mode 100644 index dd645e1..0000000 --- a/config-archive/etc/courier/authlib/authmysqlrc.dist.new +++ /dev/null @@ -1,288 +0,0 @@ -##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $ -# -# Copyright 2000-2007 Double Precision, Inc. See COPYING for -# distribution information. -# -# Do not alter lines that begin with ##, they are used when upgrading -# this configuration. -# -# authmysqlrc created from authmysqlrc.dist by sysconftool -# -# DO NOT INSTALL THIS FILE with world read permissions. This file -# might contain the MySQL admin password! -# -# Each line in this file must follow the following format: -# -# field[spaces|tabs]value -# -# That is, the name of the field, followed by spaces or tabs, followed by -# field value. Trailing spaces are prohibited. - - -##NAME: LOCATION:0 -# -# The server name, userid, and password used to log in. - -MYSQL_SERVER mysql.example.com -MYSQL_USERNAME admin -MYSQL_PASSWORD admin - -##NAME: SSLINFO:0 -# -# The SSL information. -# -# To use SSL-encrypted connections, define the following variables (available -# in MySQL 4.0, or higher): -# -# -# MYSQL_SSL_KEY /path/to/file -# MYSQL_SSL_CERT /path/to/file -# MYSQL_SSL_CACERT /path/to/file -# MYSQL_SSL_CAPATH /path/to/file -# MYSQL_SSL_CIPHERS ALL:!DES - -##NAME: MYSQL_SOCKET:0 -# -# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the -# filesystem pipe used for the connection -# -# MYSQL_SOCKET /var/mysql/mysql.sock - -##NAME: MYSQL_PORT:0 -# -# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to -# connect to. - -MYSQL_PORT 0 - -##NAME: MYSQL_OPT:0 -# -# Leave MYSQL_OPT as 0, unless you know what you're doing. - -MYSQL_OPT 0 - -##NAME: MYSQL_DATABASE:0 -# -# The name of the MySQL database we will open: - -MYSQL_DATABASE mysql - -#NAME: MYSQL_CHARACTER_SET:0 -# -# This is optional. MYSQL_CHARACTER_SET installs a character set. This option -# can be used with MySQL version 4.1 or later. MySQL supports 70+ collations -# for 30+ character sets. See MySQL documentations for more detalis. -# -# MYSQL_CHARACTER_SET latin1 - -##NAME: MYSQL_USER_TABLE:0 -# -# The name of the table containing your user data. See README.authmysqlrc -# for the required fields in this table. - -MYSQL_USER_TABLE passwd - -##NAME: MYSQL_CRYPT_PWFIELD:0 -# -# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both -# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext -# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow -# CRAM-MD5 authentication to be implemented. - -MYSQL_CRYPT_PWFIELD crypt - -##NAME: MYSQL_CLEAR_PWFIELD:0 -# -# -# MYSQL_CLEAR_PWFIELD clear - -##NAME: MYSQL_DEFAULT_DOMAIN:0 -# -# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', -# we will look up 'user@DEFAULT_DOMAIN' instead. -# -# -# DEFAULT_DOMAIN example.com - -##NAME: MYSQL_UID_FIELD:0 -# -# Other fields in the mysql table: -# -# MYSQL_UID_FIELD - contains the numerical userid of the account -# -MYSQL_UID_FIELD uid - -##NAME: MYSQL_GID_FIELD:0 -# -# Numerical groupid of the account - -MYSQL_GID_FIELD gid - -##NAME: MYSQL_LOGIN_FIELD:0 -# -# The login id, default is id. Basically the query is: -# -# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid' -# - -MYSQL_LOGIN_FIELD id - -##NAME: MYSQL_HOME_FIELD:0 -# - -MYSQL_HOME_FIELD home - -##NAME: MYSQL_NAME_FIELD:0 -# -# The user's name (optional) - -MYSQL_NAME_FIELD name - -##NAME: MYSQL_MAILDIR_FIELD:0 -# -# This is an optional field, and can be used to specify an arbitrary -# location of the maildir for the account, which normally defaults to -# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD). -# -# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this -# out. -# -# MYSQL_MAILDIR_FIELD maildir - -##NAME: MYSQL_DEFAULTDELIVERY:0 -# -# Courier mail server only: optional field specifies custom mail delivery -# instructions for this account (if defined) -- essentially overrides -# DEFAULTDELIVERY from ${sysconfdir}/courierd -# -# MYSQL_DEFAULTDELIVERY defaultdelivery - -##NAME: MYSQL_QUOTA_FIELD:0 -# -# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally -# specify a maildir quota. See README.maildirquota for more information -# -# MYSQL_QUOTA_FIELD quota - -##NAME: MYSQL_AUXOPTIONS:0 -# -# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that -# contains a single string consisting of comma-separated "ATTRIBUTE=NAME" -# pairs. These names are additional attributes that define various per-account -# "options", as given in INSTALL's description of the "Account OPTIONS" -# setting. -# -# MYSQL_AUXOPTIONS_FIELD auxoptions -# -# You might want to try something like this, if you'd like to use a bunch -# of individual fields, instead of a single text blob: -# -# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup) -# -# This will let you define fields called "disableimap", etc, with the end result -# being something that the OPTIONS parser understands. - - -##NAME: MYSQL_WHERE_CLAUSE:0 -# -# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary -# fixed string that is appended to the WHERE clause of our query -# -# MYSQL_WHERE_CLAUSE server='mailhost.example.com' - -##NAME: MYSQL_SELECT_CLAUSE:0 -# -# (EXPERIMENTAL) -# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database, -# which is structuraly different from proposed. The fixed string will -# be used to do a SELECT operation on database, which should return fields -# in order specified bellow: -# -# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options -# -# The username field should include the domain (see example below). -# -# Enabling this option causes ignorance of any other field-related -# options, excluding default domain. -# -# There are two variables, which you can use. Substitution will be made -# for them, so you can put entered username (local part) and domain name -# in the right place of your query. These variables are: -# $(local_part), $(domain), $(service) -# -# If a $(domain) is empty (not given by the remote user) the default domain -# name is used in its place. -# -# $(service) will expand out to the service being authenticated: imap, imaps, -# pop3 or pop3s. Courier mail server only: service will also expand out to -# "courier", when searching for local mail account's location. In this case, -# if the "maildir" field is not empty it will be used in place of -# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing -# authenticated ESMTP. -# -# This example is a little bit modified adaptation of vmail-sql -# database scheme: -# -# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ -# CONCAT('{MD5}', popbox.password_hash), \ -# popbox.clearpw, \ -# domain.uid, \ -# domain.gid, \ -# CONCAT(domain.path, '/', popbox.mbox_name), \ -# '', \ -# domain.quota, \ -# '', \ -# CONCAT("disableimap=",disableimap,",disablepop3=", \ -# disablepop3,",disablewebmail=",disablewebmail, \ -# ",sharedgroup=",sharedgroup) \ -# FROM popbox, domain \ -# WHERE popbox.local_part = '$(local_part)' \ -# AND popbox.domain_name = '$(domain)' \ -# AND popbox.domain_name = domain.domain_name - - -##NAME: MYSQL_ENUMERATE_CLAUSE:1 -# -# {EXPERIMENTAL} -# Optional custom SQL query used to enumerate accounts for authenumerate, -# in order to compile a list of accounts for shared folders. The query -# should return the following fields: name, uid, gid, homedir, maildir, options -# -# Example: -# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ -# domain.uid, \ -# domain.gid, \ -# CONCAT(domain.path, '/', popbox.mbox_name), \ -# '', \ -# CONCAT('sharedgroup=', sharedgroup) \ -# FROM popbox, domain \ -# WHERE popbox.local_part = '$(local_part)' \ -# AND popbox.domain_name = '$(domain)' \ -# AND popbox.domain_name = domain.domain_name - - - -##NAME: MYSQL_CHPASS_CLAUSE:0 -# -# (EXPERIMENTAL) -# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database, -# which is structuraly different from proposed. The fixed string will -# be used to do an UPDATE operation on database. In other words, it is -# used, when changing password. -# -# There are four variables, which you can use. Substitution will be made -# for them, so you can put entered username (local part) and domain name -# in the right place of your query. There variables are: -# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) -# -# If a $(domain) is empty (not given by the remote user) the default domain -# name is used in its place. -# $(newpass) contains plain password -# $(newpass_crypt) contains its crypted form -# -# MYSQL_CHPASS_CLAUSE UPDATE popbox \ -# SET clearpw='$(newpass)', \ -# password_hash='$(newpass_crypt)' \ -# WHERE local_part='$(local_part)' \ -# AND domain_name='$(domain)' -# diff --git a/config-archive/etc/mysql/my.cnf b/config-archive/etc/mysql/my.cnf new file mode 100644 index 0000000..8cd84f0 --- /dev/null +++ b/config-archive/etc/mysql/my.cnf @@ -0,0 +1,160 @@ +# /etc/mysql/my.cnf: The global mysql configuration file. +# $Header: /etc/mysql/.rcs/my.cnf,v 1.5 2010/11/30 08:33:13 root Exp $ + +# The following options will be passed to all MySQL clients +[client] +#password = your_password +port = 3306 +socket = /var/run/mysqld/mysqld.sock + +[mysql] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 +prompt=MySQL \u@\h:\d >\_ + +[mysqladmin] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlcheck] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqldump] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlimport] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlshow] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[myisamchk] +character-sets-dir=/usr/share/mysql/charsets + +[myisampack] +character-sets-dir=/usr/share/mysql/charsets + +# use [safe_mysqld] with mysql-3 +[mysqld_safe] +err-log = /var/log/mysql/mysql.err + +# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations +[mysqld] +character-set-server = utf8 +#default-character-set = utf8 +user = mysql +port = 3306 +socket = /var/run/mysqld/mysqld.sock +pid-file = /var/run/mysqld/mysqld.pid +log-error = /var/log/mysql/mysqld.err +basedir = /usr +datadir = /var/lib/mysql +skip-external-locking +key_buffer = 32M +max_allowed_packet = 4M +table_cache = 64 +sort_buffer_size = 2M +net_buffer_length = 8K +read_buffer_size = 2M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 32M +#language = /usr/share/mysql/english +language = /usr/share/mysql/german + +# security: +# using "localhost" in connects uses sockets by default +# skip-networking +#bind-address = 127.0.0.1 + +#log-bin = helga-mysql-bin +server-id = 2 + +#auto_increment_increment = 2 +#auto_increment_offset = 2 + +#master-host = sarah.brehm-online.com +#master-port = 3306 +#master-user = replication +#master-password = uhu +#master-connect-retry = 60 +#report-host = helga.brehm-online.com + +# point the following paths to different dedicated disks +tmpdir = /tmp/ +#log-update = /path-to-dedicated-directory/hostname + +# you need the debug USE flag enabled to use the following directives, +# if needed, uncomment them, start the server and issue +# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace +# this will show you *exactly* what's happening in your server ;) + +#log = /tmp/mysqld.sql +#gdb +#debug = d:t:i:o,/tmp/mysqld.trace +#one-thread + +# uncomment the following directives if you are using BDB tables +#bdb_cache_size = 4M +#bdb_max_lock = 10000 + +# the following is the InnoDB configuration +# if you wish to disable innodb instead +# uncomment just the next line +#skip-innodb +# +# the rest of the innodb config follows: +# don't eat too much memory, we're trying to be safe on 64Mb boxes +# you might want to bump this up a bit on boxes with more RAM +innodb_buffer_pool_size = 64M +# this is the default, increase it if you have lots of tables +innodb_additional_mem_pool_size = 4M +# +# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( +# and upstream wants things to be under /var/lib/mysql/, so that's the route +# we have to take for the moment +#innodb_data_home_dir = /var/lib/mysql/ +#innodb_log_arch_dir = /var/lib/mysql/ +#innodb_log_group_home_dir = /var/lib/mysql/ +# you may wish to change this size to be more suitable for your system +# the max is there to avoid run-away growth on your machine +innodb_data_file_path = ibdata1:10M:autoextend:max:128M +# we keep this at around 25% of of innodb_buffer_pool_size +# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) +innodb_log_file_size = 5M +# this is the default, increase it if you have very large transactions going on +innodb_log_buffer_size = 8M +# this is the default and won't hurt you +# you shouldn't need to tweak it +innodb_log_files_in_group=2 +# see the innodb config docs, the other options are not always safe +innodb_flush_log_at_trx_commit = 1 +innodb_lock_wait_timeout = 50 +innodb_file_per_table +sync_binlog = 1 + +[mysqldump] +quick +max_allowed_packet = 64M + +[mysql] +# uncomment the next directive if you are not familiar with SQL +#safe-updates + +[isamchk] +key_buffer = 20M +sort_buffer_size = 20M +read_buffer = 2M +write_buffer = 2M + +[myisamchk] +key_buffer = 40M +sort_buffer_size = 40M +read_buffer = 4M +write_buffer = 4M + +[mysqlhotcopy] +interactive-timeout diff --git a/config-archive/etc/openldap/ldap.conf b/config-archive/etc/openldap/ldap.conf new file mode 100644 index 0000000..6178d7f --- /dev/null +++ b/config-archive/etc/openldap/ldap.conf @@ -0,0 +1,14 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +BASE dc=brehm-online,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +SIZELIMIT 12 +TIMELIMIT 15 +DEREF never diff --git a/config-archive/etc/openldap/schema/authldap.schema b/config-archive/etc/openldap/schema/authldap.schema new file mode 100644 index 0000000..4df51a0 --- /dev/null +++ b/config-archive/etc/openldap/schema/authldap.schema @@ -0,0 +1,100 @@ +#$Id: authldap.schema,v 1.2 2010/05/10 15:34:23 root Exp $ +# +# OID prefix: 1.3.6.1.4.1.10018 +# +# Attributes: 1.3.6.1.4.1.10018.1.1 +# +# Depends on: nis.schema, which depends on cosine.schema + +attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' + DESC 'The absolute path to the mailbox for a mail account in a non-default location' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota' + DESC 'A string that represents the quota on a mailbox' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword' + DESC 'A separate text that stores the mail account password in clear text' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}) + +attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' + DESC 'RFC822 Mailbox - mail alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource' + DESC 'Message source' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain' + DESC 'A mail domain that is mapped to a single mail account' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser' + DESC 'Mailbox that receives mail for a mail domain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery' + DESC 'Default mail delivery instructions' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.9 NAME 'disableimap' + DESC 'Set this attribute to 1 to disable IMAP access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.10 NAME 'disablepop3' + DESC 'Set this attribute to 1 to disable POP3 access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.11 NAME 'disablewebmail' + DESC 'Set this attribute to 1 to disable IMAP access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.12 NAME 'sharedgroup' + DESC 'Virtual shared group' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared' + DESC 'Set this attribute to 1 to disable shared mailbox usage' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( 1.3.6.1.4.1.10018.1.1.14 NAME 'mailhost' +# DESC 'Host to which incoming POP/IMAP connections should be proxied' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# +# Objects: 1.3.6.1.4.1.10018.1.2 +# + +objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY + DESC 'Mail account object as used by the Courier mail server' + MUST ( mail $ homeDirectory ) + MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailHost) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' SUP top AUXILIARY + DESC 'Mail aliasing/forwarding entry' + MUST ( mail $ maildrop ) + MAY ( mailsource $ description ) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' SUP top AUXILIARY + DESC 'Domain mail aliasing/forwarding entry' + MUST ( virtualdomain $ virtualdomainuser ) + MAY ( mailsource $ description ) ) diff --git a/config-archive/etc/openldap/schema/authldap.schema.dist b/config-archive/etc/openldap/schema/authldap.schema.dist new file mode 100644 index 0000000..72a7494 --- /dev/null +++ b/config-archive/etc/openldap/schema/authldap.schema.dist @@ -0,0 +1,102 @@ +# +# OID prefix: 1.3.6.1.4.1.10018 +# +# Attributes: 1.3.6.1.4.1.10018.1.1 +# +# Depends on: nis.schema, which depends on cosine.schema + +attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' + DESC 'The absolute path to the mailbox for a mail account in a non-default location' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota' + DESC 'A string that represents the quota on a mailbox' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword' + DESC 'A separate text that stores the mail account password in clear text' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' + DESC 'RFC822 Mailbox - mail alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource' + DESC 'Message source' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain' + DESC 'A mail domain that is mapped to a single mail account' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser' + DESC 'Mailbox that receives mail for a mail domain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery' + DESC 'Default mail delivery instructions' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.9 NAME 'disableimap' + DESC 'Set this attribute to 1 to disable IMAP access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.10 NAME 'disablepop3' + DESC 'Set this attribute to 1 to disable POP3 access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.11 NAME 'disablewebmail' + DESC 'Set this attribute to 1 to disable IMAP access' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.12 NAME 'sharedgroup' + DESC 'Virtual shared group' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared' + DESC 'Set this attribute to 1 to disable shared mailbox usage' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( 1.3.6.1.4.1.10018.1.1.14 NAME 'mailhost' +# DESC 'Host to which incoming POP/IMAP connections should be proxied' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +# +# Objects: 1.3.6.1.4.1.10018.1.2 +# + +objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' + DESC 'Mail account object as used by the Courier mail server' + SUP top AUXILIARY + MUST ( mail $ homeDirectory ) + MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailhost ) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' + DESC 'Mail aliasing/forwarding entry' + SUP top AUXILIARY + MUST ( mail $ maildrop ) + MAY ( mailsource $ description ) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' + DESC 'Domain mail aliasing/forwarding entry' + SUP top AUXILIARY + MUST ( virtualdomain $ virtualdomainuser ) + MAY ( mailsource $ description ) ) diff --git a/config-archive/etc/openldap/schema/authldap.schema.dist.new b/config-archive/etc/openldap/schema/authldap.schema.dist.new deleted file mode 100644 index 802b18c..0000000 --- a/config-archive/etc/openldap/schema/authldap.schema.dist.new +++ /dev/null @@ -1,103 +0,0 @@ -#$Id: authldap.schema,v 1.9 2009/12/18 04:24:20 mrsam Exp $ -# -# OID prefix: 1.3.6.1.4.1.10018 -# -# Attributes: 1.3.6.1.4.1.10018.1.1 -# -# Depends on: nis.schema, which depends on cosine.schema - -attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' - DESC 'The absolute path to the mailbox for a mail account in a non-default location' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota' - DESC 'A string that represents the quota on a mailbox' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword' - DESC 'A separate text that stores the mail account password in clear text' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' - DESC 'RFC822 Mailbox - mail alias' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource' - DESC 'Message source' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain' - DESC 'A mail domain that is mapped to a single mail account' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser' - DESC 'Mailbox that receives mail for a mail domain' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery' - DESC 'Default mail delivery instructions' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.9 NAME 'disableimap' - DESC 'Set this attribute to 1 to disable IMAP access' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.10 NAME 'disablepop3' - DESC 'Set this attribute to 1 to disable POP3 access' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.11 NAME 'disablewebmail' - DESC 'Set this attribute to 1 to disable IMAP access' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.12 NAME 'sharedgroup' - DESC 'Virtual shared group' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared' - DESC 'Set this attribute to 1 to disable shared mailbox usage' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -#attributetype ( 1.3.6.1.4.1.10018.1.1.14 NAME 'mailhost' -# DESC 'Host to which incoming POP/IMAP connections should be proxied' -# EQUALITY caseIgnoreIA5Match -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# -# -# Objects: 1.3.6.1.4.1.10018.1.2 -# - -objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' - DESC 'Mail account object as used by the Courier mail server' - SUP top AUXILIARY - MUST ( mail $ homeDirectory ) - MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailhost ) ) - -objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' - DESC 'Mail aliasing/forwarding entry' - SUP top AUXILIARY - MUST ( mail $ maildrop ) - MAY ( mailsource $ description ) ) - -objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' - DESC 'Domain mail aliasing/forwarding entry' - SUP top AUXILIARY - MUST ( virtualdomain $ virtualdomainuser ) - MAY ( mailsource $ description ) ) diff --git a/config-archive/etc/openldap/slapd.conf b/config-archive/etc/openldap/slapd.conf new file mode 100644 index 0000000..8d1bdae --- /dev/null +++ b/config-archive/etc/openldap/slapd.conf @@ -0,0 +1,97 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/extension.schema +#include /etc/openldap/schema/mozilla.schema +include /etc/openldap/schema/mozillaorg.schema +include /etc/openldap/schema/ppolicy.schema +include /etc/openldap/schema/nis.schema +include /etc/openldap/schema/samba.schema +include /etc/openldap/schema/misc.schema +include /etc/openldap/schema/evolutionperson.schema +include /etc/openldap/schema/authldap.schema +include /etc/openldap/schema/openssh.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/openldap/slapd.pid +argsfile /var/run/openldap/slapd.args + +loglevel config ACL stats stats2 + +TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem +TLSCertificateFile /etc/openldap/ssl/ldap.pem + +# Load dynamic backend modules: +# modulepath /usr/lib64/openldap/openldap +# moduleload back_sql.so +# moduleload back_sock.so +# moduleload back_shell.so +# moduleload back_relay.so +# moduleload back_perl.so +# moduleload back_passwd.so +# moduleload back_null.so +# moduleload back_monitor.so +# moduleload back_meta.so +# moduleload back_ldap.so +# moduleload back_dnssrv.so + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! +access to * + by dn="cn=frank, dc=brehm-online, dc=com" write + by anonymous read + by users write + +####################################################################### +# BDB database definitions +####################################################################### + +database hdb +suffix "dc=brehm-online, dc=com" +# +checkpoint 32 30 +rootdn "cn=frank, dc=brehm-online, dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw {SSHA}9cKLW4uzCU0YDM7zCkfsBH9XfXG2YCMR +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq +index mail,cn,givenName,sn sub diff --git a/config-archive/etc/rc.conf b/config-archive/etc/rc.conf new file mode 100644 index 0000000..e0be8cb --- /dev/null +++ b/config-archive/etc/rc.conf @@ -0,0 +1,135 @@ +# Global OpenRC configuration settings + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be attempted. +# Note that autodetection will not work in a prefix environment or in a +# linux container. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 diff --git a/config-archive/etc/rc.conf.dist b/config-archive/etc/rc.conf.dist new file mode 100644 index 0000000..f0058cd --- /dev/null +++ b/config-archive/etc/rc.conf.dist @@ -0,0 +1,162 @@ +# Global OpenRC configuration settings + +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +#rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +#rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be used. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +#rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/courier/authlib/authdaemonrc b/courier/authlib/authdaemonrc index f11ec92..e36d896 100644 --- a/courier/authlib/authdaemonrc +++ b/courier/authlib/authdaemonrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ +##VERSION: $Id: authdaemonrc.in 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authdaemonrc.dist b/courier/authlib/authdaemonrc.dist index b1b2670..e66f635 100644 --- a/courier/authlib/authdaemonrc.dist +++ b/courier/authlib/authdaemonrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ +##VERSION: $Id: authdaemonrc.in 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authldaprc b/courier/authlib/authldaprc index 79bfa94..6ff1d1b 100644 --- a/courier/authlib/authldaprc +++ b/courier/authlib/authldaprc @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc,v 1.25 2005/10/05 00:07:32 mrsam Exp $ +##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authldaprc.dist b/courier/authlib/authldaprc.dist index 79bfa94..6ff1d1b 100644 --- a/courier/authlib/authldaprc.dist +++ b/courier/authlib/authldaprc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc,v 1.25 2005/10/05 00:07:32 mrsam Exp $ +##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authmysqlrc b/courier/authlib/authmysqlrc index eba3f98..512ebc9 100644 --- a/courier/authlib/authmysqlrc +++ b/courier/authlib/authmysqlrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $ +##VERSION: $Id: authmysqlrc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2007 Double Precision, Inc. See COPYING for # distribution information. @@ -22,11 +22,6 @@ ##NAME: LOCATION:0 # # The server name, userid, and password used to log in. -# -#MYSQL_SERVER mysql.example.com -#MYSQL_USERNAME admin -#MYSQL_PASSWORD admin -# MYSQL_SERVER localhost MYSQL_USERNAME vmail diff --git a/courier/authlib/authmysqlrc.dist b/courier/authlib/authmysqlrc.dist index dd645e1..c2640c5 100644 --- a/courier/authlib/authmysqlrc.dist +++ b/courier/authlib/authmysqlrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $ +##VERSION: $Id: authmysqlrc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2007 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authpgsqlrc b/courier/authlib/authpgsqlrc index 2e44999..ab85c8e 100644 --- a/courier/authlib/authpgsqlrc +++ b/courier/authlib/authpgsqlrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authpgsqlrc,v 1.13 2008/12/18 12:08:25 mrsam Exp $ +##VERSION: $Id: authpgsqlrc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authpgsqlrc.dist b/courier/authlib/authpgsqlrc.dist index 2e44999..ab85c8e 100644 --- a/courier/authlib/authpgsqlrc.dist +++ b/courier/authlib/authpgsqlrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authpgsqlrc,v 1.13 2008/12/18 12:08:25 mrsam Exp $ +##VERSION: $Id: authpgsqlrc 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. diff --git a/csh.env b/csh.env index c46bda6..8f2a8bb 100644 --- a/csh.env +++ b/csh.env @@ -13,7 +13,9 @@ setenv HG '/usr/bin/hg' setenv INFOPATH '/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/info' setenv LESS '-R -M --shift 5' setenv LESSOPEN '|lesspipe %s' -setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.1/man/' +setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' +setenv MULTIOSDIRS '../lib64:../lib32' +setenv OPENGL_PROFILE 'xorg-x11' setenv PAGER '/usr/bin/less' setenv PATH '/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.4:/usr/lib64/subversion/bin' setenv PYTHONDOCS_2_7 '/usr/share/doc/python-docs-2.7.2/html/library' diff --git a/drirc b/drirc new file mode 100644 index 0000000..cf13cdb --- /dev/null +++ b/drirc @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + diff --git a/env.d/03opengl b/env.d/03opengl new file mode 100644 index 0000000..d1b801b --- /dev/null +++ b/env.d/03opengl @@ -0,0 +1,4 @@ +# Configuration file for eselect +# This file has been automatically generated. +LDPATH="/usr/lib32/opengl/xorg-x11/lib:/usr/lib64/opengl/xorg-x11/lib" +OPENGL_PROFILE="xorg-x11" diff --git a/env.d/04gcc-x86_64-pc-linux-gnu b/env.d/04gcc-x86_64-pc-linux-gnu index 7148a1f..476e7c4 100644 --- a/env.d/04gcc-x86_64-pc-linux-gnu +++ b/env.d/04gcc-x86_64-pc-linux-gnu @@ -3,3 +3,4 @@ ROOTPATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.4" GCC_SPECS="" MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man" INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/info" +MULTIOSDIRS="../lib64:../lib32" diff --git a/env.d/50postgresql b/env.d/50postgresql index 259200c..e71633d 100644 --- a/env.d/50postgresql +++ b/env.d/50postgresql @@ -1,4 +1,4 @@ # Configuration file for eselect # This file has been automatically generated. -LDPATH="/usr/lib/postgresql:/usr/lib64/postgresql:/usr/lib64/postgresql-9.1/lib64/" -MANPATH="/usr/share/postgresql/man/:/usr/share/postgresql-9.1/man/" +LDPATH="/usr/lib/postgresql:/usr/lib64/postgresql:/usr/lib64/postgresql-9.2/lib64/" +MANPATH="/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/" diff --git a/env.d/gcc/x86_64-pc-linux-gnu-4.5.4 b/env.d/gcc/x86_64-pc-linux-gnu-4.5.4 index db1beee..d6e7ec1 100644 --- a/env.d/gcc/x86_64-pc-linux-gnu-4.5.4 +++ b/env.d/gcc/x86_64-pc-linux-gnu-4.5.4 @@ -2,4 +2,7 @@ LDPATH="/usr/lib/gcc/x86_64-pc-linux-gnu/4.5.4:/usr/lib/gcc/x86_64-pc-linux-gnu/ MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man" INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/info" STDCXX_INCDIR="g++-v4" +CTARGET="x86_64-pc-linux-gnu" +GCC_SPECS="" +MULTIOSDIRS="../lib64:../lib32" GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.4" diff --git a/eselect/postgresql/active b/eselect/postgresql/active index 28a2186..1a2c355 100644 --- a/eselect/postgresql/active +++ b/eselect/postgresql/active @@ -1 +1 @@ -9.1 +9.2 diff --git a/eselect/postgresql/active.links b/eselect/postgresql/active.links index 69b254b..9e2f715 100644 --- a/eselect/postgresql/active.links +++ b/eselect/postgresql/active.links @@ -4,22 +4,22 @@ /usr/include/libpq /usr/include/postgres_ext.h /usr/lib64/postgresql +/usr/lib64/libecpg.so.6.4 /usr/lib64/libpq.a /usr/lib64/libpq.so.5 /usr/lib64/libpgtypes.so.3 /usr/lib64/libecpg.a +/usr/lib64/libecpg_compat.so.3.4 /usr/lib64/libpgport.a -/usr/lib64/libecpg_compat.so.3.3 /usr/lib64/libpgtypes.so /usr/lib64/libecpg.so +/usr/lib64/libpq.so.5.5 /usr/lib64/libecpg_compat.so -/usr/lib64/libecpg.so.6.3 +/usr/lib64/libpgtypes.so.3.3 /usr/lib64/libpgtypes.a /usr/lib64/libpq.so /usr/lib64/libecpg_compat.a -/usr/lib64/libpgtypes.so.3.2 /usr/lib64/libecpg.so.6 -/usr/lib64/libpq.so.5.4 /usr/lib64/libecpg_compat.so.3 /usr/bin/dropdb /usr/bin/pg_restore diff --git a/eselect/postgresql/active.links91 b/eselect/postgresql/active.links91 deleted file mode 100644 index 5428d3f..0000000 --- a/eselect/postgresql/active.links91 +++ /dev/null @@ -1,18 +0,0 @@ -/usr/bin/dropdb91 -/usr/bin/pg_restore91 -/usr/bin/pg_config91 -/usr/bin/pg_dump91 -/usr/bin/psql91 -/usr/bin/dropuser91 -/usr/bin/pg_dumpall91 -/usr/bin/ecpg91 -/usr/bin/droplang91 -/usr/bin/oid2name91 -/usr/bin/vacuumlo91 -/usr/bin/reindexdb91 -/usr/bin/createuser91 -/usr/bin/createlang91 -/usr/bin/clusterdb91 -/usr/bin/vacuumdb91 -/usr/bin/createdb91 -/usr/bin/pgbench91 diff --git a/eselect/postgresql/active.links92 b/eselect/postgresql/active.links92 new file mode 100644 index 0000000..d6dd3ce --- /dev/null +++ b/eselect/postgresql/active.links92 @@ -0,0 +1,18 @@ +/usr/bin/dropdb92 +/usr/bin/pg_restore92 +/usr/bin/pg_config92 +/usr/bin/pg_dump92 +/usr/bin/psql92 +/usr/bin/dropuser92 +/usr/bin/pg_dumpall92 +/usr/bin/ecpg92 +/usr/bin/droplang92 +/usr/bin/oid2name92 +/usr/bin/vacuumlo92 +/usr/bin/reindexdb92 +/usr/bin/createuser92 +/usr/bin/createlang92 +/usr/bin/clusterdb92 +/usr/bin/vacuumdb92 +/usr/bin/createdb92 +/usr/bin/pgbench92 diff --git a/eselect/postgresql/slots/9.1/base b/eselect/postgresql/slots/9.1/base deleted file mode 100644 index 6906b08..0000000 --- a/eselect/postgresql/slots/9.1/base +++ /dev/null @@ -1 +0,0 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.1.5" diff --git a/eselect/postgresql/slots/9.1/docs b/eselect/postgresql/slots/9.1/docs deleted file mode 100644 index 1d8eb18..0000000 --- a/eselect/postgresql/slots/9.1/docs +++ /dev/null @@ -1 +0,0 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-docs-9.1.5" diff --git a/eselect/postgresql/slots/9.2/base b/eselect/postgresql/slots/9.2/base new file mode 100644 index 0000000..3adf466 --- /dev/null +++ b/eselect/postgresql/slots/9.2/base @@ -0,0 +1 @@ +postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.2.1" diff --git a/eselect/postgresql/slots/9.2/docs b/eselect/postgresql/slots/9.2/docs new file mode 100644 index 0000000..087d50a --- /dev/null +++ b/eselect/postgresql/slots/9.2/docs @@ -0,0 +1 @@ +postgres_ebuilds="${postgres_ebuilds} postgresql-docs-9.2.1" diff --git a/gtk-2.0/i686-pc-linux-gnu/gtk.immodules b/gtk-2.0/i686-pc-linux-gnu/gtk.immodules new file mode 100644 index 0000000..cde37f7 --- /dev/null +++ b/gtk-2.0/i686-pc-linux-gnu/gtk.immodules @@ -0,0 +1,39 @@ +# GTK+ Input Method Modules file +# Automatically generated file, do not edit +# Created by gtk-query-immodules-2.0-32 from gtk+-2.24.12 +# +# ModulesPath = /root/.gtk-2.0/2.10.0/i686-pc-linux-gnu/immodules:/root/.gtk-2.0/2.10.0/immodules:/root/.gtk-2.0/i686-pc-linux-gnu/immodules:/root/.gtk-2.0/immodules:/usr/lib32/gtk-2.0/2.10.0/i686-pc-linux-gnu/immodules:/usr/lib32/gtk-2.0/2.10.0/immodules:/usr/lib32/gtk-2.0/i686-pc-linux-gnu/immodules:/usr/lib32/gtk-2.0/immodules +# +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-ipa.so" +"ipa" "IPA" "gtk20" "/usr/share/locale" "" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-inuktitut.so" +"inuktitut" "Inuktitut (Transliterated)" "gtk20" "/usr/share/locale" "iu" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-thai.so" +"thai" "Thai-Lao" "gtk20" "/usr/share/locale" "lo:th" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-cedilla.so" +"cedilla" "Cedilla" "gtk20" "/usr/share/locale" "az:ca:co:fr:gv:oc:pt:sq:tr:wa" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-ti-er.so" +"ti_er" "Tigrigna-Eritrean (EZ+)" "gtk20" "/usr/share/locale" "ti" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-ti-et.so" +"ti_et" "Tigrigna-Ethiopian (EZ+)" "gtk20" "/usr/share/locale" "ti" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-viqr.so" +"viqr" "Vietnamese (VIQR)" "gtk20" "/usr/share/locale" "vi" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-multipress.so" +"multipress" "Multipress" "gtk20" "" "" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-cyrillic-translit.so" +"cyrillic_translit" "Cyrillic (Transliterated)" "gtk20" "/usr/share/locale" "" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-xim.so" +"xim" "X Input Method" "gtk20" "/usr/share/locale" "ko:ja:th:zh" + +"/usr/lib32/gtk-2.0/2.10.0/immodules/im-am-et.so" +"am_et" "Amharic (EZ+)" "gtk20" "/usr/share/locale" "am" + diff --git a/init.d/bootmisc b/init.d/bootmisc index 0e03938..2b5248e 100755 --- a/init.d/bootmisc +++ b/init.d/bootmisc @@ -10,11 +10,6 @@ depend() keyword -prefix -timeout } -dir_writable() -{ - mkdir "$1"/.test.$$ 2>/dev/null && rmdir "$1"/.test.$$ -} - : ${wipe_tmp:=${WIPE_TMP:-yes}} : ${log_dmesg:=${LOG_DMESG:-yes}} @@ -25,7 +20,7 @@ cleanup_tmp_dir() if ! [ -d "$dir" ]; then mkdir -p "$dir" || return $? fi - dir_writable "$dir" || return 1 + checkpath -W "$dir" || return 1 chmod a+rwt "$dir" 2> /dev/null cd "$dir" || return 1 if yesno $wipe_tmp; then @@ -117,12 +112,12 @@ start() fi done - if [ "$RC_UNAME" = Linux -a -d /run ] && false; then + if [ "$RC_UNAME" = Linux -a -d /run ]; then migrate_to_run /var/lock /run/lock migrate_to_run /var/run /run fi - if dir_writable /var/run; then + if checkpath -W /var/run; then ebegin "Creating user login records" local xtra= [ "$RC_UNAME" = NetBSD ] && xtra=x @@ -164,7 +159,7 @@ start() cleanup_tmp_dir "$tmp" done - if dir_writable /tmp; then + if checkpath -W /tmp; then # Make sure our X11 stuff have the correct permissions # Omit the chown as bootmisc is run before network is up # and users may be using lame LDAP auth #139411 @@ -177,7 +172,7 @@ start() fi if yesno $log_dmesg; then - if $logw || dir_writable /var/log; then + if $logw || checkpath -W /var/log; then # Create an 'after-boot' dmesg log if [ "$RC_SYS" != VSERVER -a "$RC_SYS" != OPENVZ ]; then dmesg > /var/log/dmesg @@ -186,7 +181,6 @@ start() fi fi - [ -w /etc/nologin ] && rm -f /etc/nologin return 0 } @@ -202,3 +196,5 @@ stop() return 0 } + +# vim: ft=sh diff --git a/init.d/consolefont b/init.d/consolefont index f989d2d..9d212a0 100755 --- a/init.d/consolefont +++ b/init.d/consolefont @@ -54,7 +54,7 @@ start() eend $retval # Store the last font so we can use it ASAP on boot - if [ $retval -eq 0 -a -w "$RC_LIBEXECDIR" ]; then + if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then mkdir -p "$RC_LIBEXECDIR"/console for font in /usr/share/consolefonts/"$consolefont".*; do : diff --git a/init.d/devfs b/init.d/devfs index 5f5fb31..db80c04 100755 --- a/init.d/devfs +++ b/init.d/devfs @@ -5,7 +5,8 @@ description="Mount system critical filesystems in /dev." depend() { - use dev + use dev-mount + before dev keyword -prefix -vserver } diff --git a/init.d/dmesg b/init.d/dmesg index d120383..a4083d0 100755 --- a/init.d/dmesg +++ b/init.d/dmesg @@ -7,7 +7,7 @@ description="Set the dmesg level for a cleaner boot" depend() { before dev modules - keyword -vserver + keyword -lxc -prefix -vserver } start() diff --git a/init.d/fsck b/init.d/fsck index 9cf35b8..5869c06 100755 --- a/init.d/fsck +++ b/init.d/fsck @@ -71,7 +71,12 @@ start() done if [ "$RC_UNAME" = Linux ]; then - fsck_opts="$fsck_opts -C0 -T" + local skiptypes x + for x in $net_fs_list $extra_net_fs_list; do + skiptypes="${skiptypes}no${x}," + done + skiptypes="${skiptypes}noopts=_netdev" + fsck_opts="$fsck_opts -C0 -T -t $skiptypes" if [ -z "$fsck_passno" -a -z "$fsck_mnt" ]; then fsck_args=${fsck_args--A -p} if echo 2>/dev/null >/.test.$$; then diff --git a/init.d/hwclock b/init.d/hwclock index 28d675a..651590d 100755 --- a/init.d/hwclock +++ b/init.d/hwclock @@ -94,7 +94,7 @@ start() "$utc_cmd" != --utc -o \ -n "$clock_args" ]; then - if yesno $clock_hctosys; then + if yesno ${clock_hctosys:-YES}; then _hwclock --hctosys $utc_cmd $clock_args else _hwclock --systz $utc_cmd $clock_args @@ -111,7 +111,7 @@ stop() { # Don't tweak the hardware clock on LiveCD halt. [ -n "$CDBOOT" ] && return 0 - yesno $clock_systohc || return 0 + yesno ${clock_systohc:-YES} || return 0 local retval=0 errstr="" setupopts diff --git a/init.d/ip6tables b/init.d/ip6tables index 5c9cbb7..6806bc9 100755 --- a/init.d/ip6tables +++ b/init.d/ip6tables @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.11.init,v 1.2 2011/12/04 10:15:59 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.1 2012/09/14 17:58:26 axs Exp $ extra_commands="save panic" extra_started_commands="reload" @@ -21,7 +21,6 @@ esac depend() { before net - use logger } set_table_policy() { @@ -93,8 +92,8 @@ reload() { save() { ebegin "Saving ${iptables_name} state" - touch "${iptables_save}" - chmod 0600 "${iptables_save}" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" eend $? } diff --git a/init.d/iptables b/init.d/iptables index 5c9cbb7..6806bc9 100755 --- a/init.d/iptables +++ b/init.d/iptables @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.11.init,v 1.2 2011/12/04 10:15:59 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.1 2012/09/14 17:58:26 axs Exp $ extra_commands="save panic" extra_started_commands="reload" @@ -21,7 +21,6 @@ esac depend() { before net - use logger } set_table_policy() { @@ -93,8 +92,8 @@ reload() { save() { ebegin "Saving ${iptables_name} state" - touch "${iptables_save}" - chmod 0600 "${iptables_save}" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" eend $? } diff --git a/init.d/keymaps b/init.d/keymaps index 211fdd3..ea8be34 100755 --- a/init.d/keymaps +++ b/init.d/keymaps @@ -63,7 +63,7 @@ start() fi # Save the keymapping for use immediately at boot - if [ -w "$RC_LIBEXECDIR" ]; then + if checkpath -W "$RC_LIBEXECDIR"; then mkdir -p "$RC_LIBEXECDIR"/console dumpkeys >"$RC_LIBEXECDIR"/console/keymap fi diff --git a/init.d/localmount b/init.d/localmount index 459a376..b5d7df2 100755 --- a/init.d/localmount +++ b/init.d/localmount @@ -22,6 +22,9 @@ start() if [ "$RC_UNAME" = Linux ]; then no_netdev="-O no_netdev" + if mountinfo -q /usr; then + touch $RC_SVCDIR/usr_premounted + fi fi ebegin "Mounting local filesystems" mount -at "$types" $no_netdev @@ -33,6 +36,7 @@ start() stop() { + yesno $RC_GOINGDOWN || return 0 # We never unmount / or /dev or $RC_SVCDIR # Bug 381783 @@ -48,6 +52,9 @@ stop() if [ "$RC_UNAME" = Linux ]; then no_umounts_r="$no_umounts_r|/proc|/proc/.*|/run|/sys|/sys/.*" + if [ -e $rc_svcdir/usr_premounted ]; then + no_umounts_r="$no_umounts_r|/usr" + fi fi no_umounts_r="^($no_umounts_r)$" diff --git a/init.d/mount-ro b/init.d/mount-ro index 3ee45c8..69e6483 100755 --- a/init.d/mount-ro +++ b/init.d/mount-ro @@ -7,11 +7,13 @@ description="Re-mount filesytems read-only for a clean reboot." depend() { need killprocs savecache - keyword -prefix -openvz -vserver -lxc + keyword -openvz -prefix -vserver -lxc } start() { + local ret=0 + # Flush all pending disk writes now sync; sync @@ -23,7 +25,7 @@ start() # Bug 381783 local rc_svcdir=$(echo $RC_SVCDIR | sed 's:/lib\(32\|64\)\?/:/lib(32|64)?/:g') - local m="/dev|/dev/.*|/proc|/proc.*|/sys|/sys/.*|${rc_svcdir}" x= fs= + local m="/dev|/dev/.*|/proc|/proc.*|/sys|/sys/.*|/run|${rc_svcdir}" x= fs= m="$m|/bin|/sbin|/lib(32|64)?|/libexec" # RC_NO_UMOUNTS is an env var that can be set by plugins local IFS="$IFS:" @@ -39,6 +41,9 @@ start() do_unmount "umount -r" \ --skip-point-regex "$m" \ "${fs:+--skip-fstype-regex}" $fs --nonetdev + ret=$? + eoutdent - eend $? + + eend $ret } diff --git a/init.d/net.lo b/init.d/net.lo index a9040a3..da7b3f4 100755 --- a/init.d/net.lo +++ b/init.d/net.lo @@ -19,13 +19,18 @@ depend() local IFVAR=$(shell_var "${IFACE}") need localmount + if [ "$RC_UNAME" = Linux -a "$IFACE" != lo ]; then + need sysfs + fi after bootmisc - provide net keyword -jail -prefix -vserver case "${IFACE}" in - lo|lo0);; - *) after net.lo net.lo0 dbus;; + lo|lo0) ;; + *) + after net.lo net.lo0 dbus + provide net + ;; esac if [ "$(command -v "depend_${IFVAR}")" = "depend_${IFVAR}" ]; then @@ -37,6 +42,8 @@ depend() eval prov=\$rc_${dep}_${IFVAR} if [ -n "${prov}" ]; then ${dep} ${prov} + ewarn "rc_${dep}_${IFVAR} is deprecated." + ewarn "Please use rc_net_${IFVAR}_${dep} instead." fi done } @@ -101,7 +108,7 @@ _wait_for_carrier() _has_carrier && return 0 eval timeout=\$carrier_timeout_${IFVAR} - timeout=${timeout:-${carrier_timeout:-5}} + timeout=${timeout:-${carrier_timeout:-0}} # Incase users don't want this nice feature ... [ ${timeout} -le 0 ] && return 0 diff --git a/init.d/netmount b/init.d/netmount index 6a36d35..9795960 100755 --- a/init.d/netmount +++ b/init.d/netmount @@ -2,62 +2,26 @@ # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. -description="Mounts network shares according to /etc/fstab." - -need_portmap() -{ - local opts= - local IFS=" -" - set -- $(fstabinfo --options --fstype nfs,nfs4) - for opts; do - case ,$opts, in - *,noauto,*|*,nolock,*);; - *) return 0;; - esac - done - return 1 -} +description="Mounts network shares, other than NFS, according to /etc/fstab." +# We skip all NFS shares in this script because they require extra +# daemons to be running on the client in order to work correctly. +# It is best to allow nfs-utils to handle all nfs shares. depend() { - # Only have portmap as a dependency if there is a nfs mount in fstab - # that is set to mount at boot - local pmap= - if need_portmap; then - pmap="rpc.statd" - [ -x /etc/init.d/rpcbind ] \ - && pmap="$pmap rpcbind" \ - || pmap="$pmap portmap" - fi - config /etc/fstab - need net $pmap use afc-client amd autofs openvpn - use dns nfs nfsmount portmap rpcbind rpc.statd rpc.lockd + use dns keyword -jail -prefix -vserver } start() { - local myneed= myuse= pmap="portmap" nfsmounts= - [ -x /etc/init.d/rpcbind ] && pmap="rpcbind" - local x= fs= rc= for x in $net_fs_list $extra_net_fs_list; do case "$x" in nfs|nfs4) - # If the nfsmount script took care of the nfs - # filesystems, then there's no point in trying - # them twice - service_started nfsmount && continue - - # Only try to mount NFS filesystems if portmap was - # started. This is to fix "hang" problems for new - # users who do not add portmap to the default runlevel. - if need_portmap && ! service_started "$pmap"; then - continue - fi + continue ;; esac fs="$fs${fs:+,}$x" @@ -82,7 +46,14 @@ stop() . "$RC_LIBEXECDIR"/sh/rc-mount.sh for x in $net_fs_list $extra_net_fs_list; do - fs="$fs${fs:+,}$x" + case "$x" in + nfs|nfs4) + continue + ;; + *) + fs="$fs${fs:+,}$x" + ;; + esac done if [ -n "$fs" ]; then umount -at $fs || eerror "Failed to simply unmount filesystems" @@ -91,7 +62,14 @@ stop() eindent fs= for x in $net_fs_list $extra_net_fs_list; do - fs="$fs${fs:+|}$x" + case "$x" in + nfs|nfs4) + continue + ;; + *) + fs="$fs${fs:+|}$x" + ;; + esac done [ -n "$fs" ] && fs="^($fs)$" do_unmount umount ${fs:+--fstype-regex} $fs --netdev diff --git a/init.d/network b/init.d/network deleted file mode 100755 index 7ba4f48..0000000 --- a/init.d/network +++ /dev/null @@ -1,358 +0,0 @@ -#!/sbin/runscript -# Copyright (c) 2009 Roy Marples -# Released under the 2-clause BSD license. - -# This script was inspired by the equivalent rc.d network from NetBSD. - -description="Configures network interfaces." -__nl=" -" - -depend() -{ - need localmount - after bootmisc - provide net - keyword -jail -prefix -vserver -} - -uniqify() -{ - local result= i= - for i; do - case " $result " in - *" $i "*);; - *) result="$result $i";; - esac - done - echo "${result# *}" -} - -reverse() -{ - local result= i= - for i; do - result="$i $result" - done - echo "${result# *}" -} - -sys_interfaces() -{ - case "$RC_UNAME" in - Linux) - local w= rest= i= cmd=$1 - while read w rest; do - i=${w%%:*} - [ "$i" != "$w" ] || continue - if [ "$cmd" = u ]; then - ifconfig "$i" | grep -q "[ ]*UP" || continue - fi - printf "%s " "$i" - done /dev/null); do - for f in /etc/ifconfig.${c}[0-9]*; do - [ -f "$f" ] && printf "%s" "$f{##*.} " - done - done - ;; - *) - for f in /etc/ifconfig.*; do - [ -f "$f" ] && printf "%s" "${f##*.} " - done - for f in /etc/ip.*; do - [ -f "$f" ] && printf "%s" "${f##*.} " - done - ;; - esac - echo -} - -interfaces() -{ - uniqify $(sys_interfaces "$@") $interfaces $(auto_interfaces) -} - -dumpargs() -{ - local f="$1" - - shift - case "$@" in - '') [ -f "$f" ] && cat "$f";; - *"$__nl"*) echo "$@";; - *) - ( - set -o noglob - IFS=';'; set -- $@ - IFS="$__nl"; echo "$*" - );; - esac -} - -intup=false -runip() -{ - local int="$1" err= - shift - - # Ensure we have a valid broadcast address - case "$@" in - *" broadcast "*|*" brd "*) ;; - *:*) ;; # Ignore IPv6 - *) set -- "$@" brd +;; - esac - - err=$(LC_ALL=C ip address add "$@" dev "$int" 2>&1) - if [ -z "$err" ]; then - # ip does not bring up the interface when adding addresses - if ! $intup; then - ip link set "$int" up - intup=true - fi - return 0 - fi - if [ "$err" = "RTNETLINK answers: File exists" ]; then - ip address del "$@" dev "$int" 2>/dev/null - fi - # Localise the error - ip address add "$@" dev "$int" -} - -routeflush() -{ - if [ "$RC_UNAME" = Linux ]; then - if [ -x /sbin/ip ] || [ -x /bin/ip ]; then - ip route flush scope global - ip route delete default 2>/dev/null - else - # Sadly we also delete some link routes, but - # this cannot be helped - local dest= gate= net= flags= rest= - route -n | while read dest gate net flags rest; do - [ -z "$net" ] && continue - case "$dest" in - [0-9]*) ;; - *) continue;; - esac - local xtra= netmask="netmask $net" - case "$flags" in - U) continue;; - *H*) flags=-host; netmask=;; - *!*) flags=-net; xtra=reject;; - *) flags=-net;; - esac - route del $flags $dest $netmask $xtra - done - # Erase any default dev eth0 routes - route del default 2>/dev/null - fi - else - route -qn flush - fi -} - -runargs() -{ - dumpargs "$@" | while read -r args; do - case "$args" in - ''|"#"*) ;; - *) - ( - eval vebegin "${args#*!}" - eval "${args#*!}" - veend $? - );; - esac - done -} - -start() -{ - local cr=0 r= int= intv= cmd= args= upcmd= - - if [ -z "$domainname" -a -s /etc/defaultdomain ]; then - domainname=$(cat /etc/defaultdomain) - fi - if [ -n "$domainname" ]; then - ebegin "Setting NIS domainname: $domainname" - domainname "$domainname" - eend $? - fi - - ewarn - ewarn "The $RC_SVCNAME script is deprecated and will be" - ewarn "removed in the future." - ewarn "Please use the net.* scripts to manage your network interfaces." - ewarn - - einfo "Starting network" - routeflush - if [ "$RC_UNAME" = "Linux" ]; then - ifconfig lo 127.0.0.1 netmask 255.0.0.0 || cr=1 - route add -net 127.0.0.0 netmask 255.0.0.0 \ - gw 127.0.0.1 reject 2>/dev/null - else - ifconfig lo0 127.0.0.1 netmask 255.0.0.0 || cr=1 - route -q add -inet 127.0.0.0 -netmask 255.0.0.0 \ - 127.0.0.1 -reject || cr=1 - fi - eindent - for int in $(interfaces); do - local func= cf= - intv=$(shell_var "$int") - eval upcmd=\$ifup_$intv - for func in ip ifconfig; do - eval cmd=\$${func}_$intv - if [ -n "$cmd" -o -f /etc/"$func.$int" ]; then - cf=/etc/"$func.$int" - break - fi - done - [ -n "$cf" -o -n "$upcmd" -o \ - -f /etc/ifup."$int" -o -f "$cf" ] || continue - veinfo "$int" - case "$func" in - ip) func=runip; intup=false;; - esac - eindent - runargs /etc/ifup."$int" "$upcmd" - r=0 - dumpargs "$cf" "$cmd" | while read -r args; do - case "$args" in - ''|"#"*) ;; - "!"*) - ( - eval vebegin "${args#*!}" - eval "${args#*!}" - veend $? - );; - *) - ( - set -o noglob - eval set -- "$args" - vebegin "$@" - $func "$int" "$@" - veend $? - );; - esac - done - eoutdent - done - eoutdent - eend $cr - - # Wait for any inet6 tentative addresses - r=5 - while [ $r -gt 0 ]; do - tentative || break - [ $r = 5 ] && vebegin "Waiting for tentative addresses" - sleep 1 - : $(( r -= 1 )) - done - if [ $r != 5 ]; then - [ $r != 0 ] - veend $? - fi - - if [ -n "$defaultroute" ]; then - ebegin "Setting default route $defaultroute" - route add default $defaultroute - eend $? - elif [ -n "$defaultiproute" ]; then - ebegin "Setting default route $defaultiproute" - ip route add default $defaultiproute - eend $? - fi - - if [ -n "$defaultroute6" ]; then - ebegin "Setting default route $defaultroute6" - if [ "$RC_UNAME" = Linux ]; then - routecmd="route -A inet6 add" - else - routecmd="route -inet6 add" - fi - $routecmd default $defaultroute6 - eend $? - elif [ -n "$defaultiproute6" ]; then - ebegin "Setting default route $defaultiproute6" - ip -f inet6 route add default $defaultiproute6 - eend $? - fi - - return 0 -} - -stop() -{ - # Don't stop the network at shutdown. - # We don't use the noshutdown keyword so that we are started again - # correctly if we go back to multiuser. - yesno ${shutdown_network:-YES} && yesno $RC_GOINGDOWN && return 0 - - local int= intv= cmd= downcmd= r= - einfo "Stopping network" - routeflush - eindent - for int in $(reverse $(interfaces u)); do - intv=$(shell_var "$int") - eval downcmd=\$ifdown_$intv - eval cmd=\$ip_$intv - [ -z "$cmd" ] && eval cmd=\$ifconfig_$intv - if [ -n "$cmd" -o -f /etc/ip."$int" -o \ - -f /etc/ifconfig."$int" -o \ - -n "$downcmd" -o -f /etc/ifdown."$int" ]; - then - veinfo "$int" - runargs /etc/ifdown."$int" "$downcmd" - if [ -x /sbin/ip ] || [ -x /bin/ip ]; then - # We need to do this, otherwise we may - # fail to add things correctly on restart - ip address flush dev "$int" 2>/dev/null - fi - ifconfig "$int" down 2>/dev/null - ifconfig "$int" destroy 2>/dev/null - fi - done - eoutdent - eend 0 -} diff --git a/init.d/procfs b/init.d/procfs index 5254f4d..6efa34f 100755 --- a/init.d/procfs +++ b/init.d/procfs @@ -20,23 +20,6 @@ start() [ -e /proc/filesystems ] || return 0 - # Check what USB fs the kernel support. Currently - # 2.5+ kernels, and later 2.4 kernels have 'usbfs', - # while older kernels have 'usbdevfs'. - if [ -d /proc/bus/usb -a ! -e /proc/bus/usb/devices ]; then - local usbfs=$(grep -Fow usbfs /proc/filesystems || - grep -Fow usbdevfs /proc/filesystems) - if [ -n "$usbfs" ]; then - ebegin "Mounting USB device filesystem [$usbfs]" - local usbgid="$(getent group usb | \ - sed -e 's/.*:.*:\(.*\):.*/\1/')" - mount -t $usbfs \ - -o ${usbgid:+devmode=0664,devgid=$usbgid,}noexec,nosuid \ - usbfs /proc/bus/usb - eend $? - fi - fi - # Setup Kernel Support for miscellaneous Binary Formats if [ -d /proc/sys/fs/binfmt_misc -a ! -e /proc/sys/fs/binfmt_misc/register ]; then if grep -qs binfmt_misc /proc/filesystems; then @@ -48,7 +31,7 @@ start() ebegin "Loading custom binary format handlers" fmts=$(grep -hsv -e '^[#;]' -e '^[[:space:]]*$' \ /run/binfmt.d/*.conf \ - "/etc"/binfmt.d/*.conf \ + /etc/binfmt.d/*.conf \ ""/usr/lib/binfmt.d/*.conf) if [ -n "${fmts}" ]; then echo "${fmts}" > /proc/sys/fs/binfmt_misc/register @@ -58,6 +41,25 @@ start() fi fi + [ "$RC_SYS" = "OPENVZ" ] && return 0 + + # Check what USB fs the kernel support. Currently + # 2.5+ kernels, and later 2.4 kernels have 'usbfs', + # while older kernels have 'usbdevfs'. + if [ -d /proc/bus/usb -a ! -e /proc/bus/usb/devices ]; then + local usbfs=$(grep -Fow usbfs /proc/filesystems || + grep -Fow usbdevfs /proc/filesystems) + if [ -n "$usbfs" ]; then + ebegin "Mounting USB device filesystem [$usbfs]" + local usbgid="$(getent group usb | \ + sed -e 's/.*:.*:\(.*\):.*/\1/')" + mount -t $usbfs \ + -o ${usbgid:+devmode=0664,devgid=$usbgid,}noexec,nosuid \ + usbfs /proc/bus/usb + eend $? + fi + fi + # Setup Kernel Support for SELinux if [ -d /selinux ] && ! mountinfo -q /selinux; then if grep -qs selinuxfs /proc/filesystems; then diff --git a/init.d/root b/init.d/root index 9a719b0..04687c6 100755 --- a/init.d/root +++ b/init.d/root @@ -13,20 +13,41 @@ depend() start() { case ",$(fstabinfo -o /)," in - *,ro,*) return 0;; + *,ro,*) + ;; + *) + # Check if the rootfs isn't already writable. + if checkpath -W /; then + rm -f /fastboot /forcefsck + else + ebegin "Remounting root filesystem read/write" + case "$RC_UNAME" in + Linux) + mount -n -o remount,rw / + ;; + *) + mount -u -o rw / + ;; + esac + eend $? "Root filesystem could not be mounted read/write" + if [ $? -eq 0 ]; then + rm -f /fastboot /forcefsck + fi + fi + ;; esac - if echo 2>/dev/null >/.test.$$; then - rm -f /.test.$$ /fastboot /forcefsck - return 0 - fi - - ebegin "Remounting root filesystem read/write" - case "$RC_UNAME" in - Linux) mount -n -o remount,rw /;; - *) mount -u -o rw /;; - esac - if eend $? "Root filesystem could not be mounted read/write"; then - rm -f /fastboot /forcefsck - fi + ebegin "Remounting filesystems" + local mountpoint + for mountpoint in $(fstabinfo); do + case "${mountpoint}" in + /) + ;; + /*) + mountinfo -q "${mountpoint}" && \ + fstabinfo --remount "${mountpoint}" + ;; + esac + done + eend 0 } diff --git a/init.d/samba b/init.d/samba index 7e6d2a8..779ec09 100755 --- a/init.d/samba +++ b/init.d/samba @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/samba.initd,v 1.4 2011/09/14 22:52:33 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.3 2011/09/14 22:52:33 polynomial-c Exp $ extra_started_commands="reload" diff --git a/init.d/savecache b/init.d/savecache index 355ebce..5e59b25 100755 --- a/init.d/savecache +++ b/init.d/savecache @@ -13,6 +13,14 @@ start() return 1 fi fi + if ! checkpath -W "$RC_LIBEXECDIR"; then + ewarn "WARNING: ${RC_LIBEXECDIR} is not writable!" + if ! yesno "${RC_GOINGDOWN}"; then + ewarn "Unable to save deptree cache" + return 1 + fi + return 0 + fi ebegin "Saving dependency cache" local rc= if [ ! -d "$RC_LIBEXECDIR"/cache ]; then diff --git a/init.d/staticroute b/init.d/staticroute deleted file mode 100755 index 3a5d326..0000000 --- a/init.d/staticroute +++ /dev/null @@ -1,109 +0,0 @@ -#!/sbin/runscript -# Copyright (c) 2009 Roy Marples -# Released under the 2-clause BSD license. - -# This script was inspired by the equivalent rc.d staticroute from NetBSD. - -description="Configures static routes." -__nl=" -" - -depend() -{ - provide net - use network - keyword -jail -prefix -vserver -} - -pre_flight_checks() -{ - route=route - [ -s /etc/route.conf ] && return 0 - - if [ -n "$staticiproute" ]; then - route="ip route" - staticroute="$staticiproute" - fi -} - -dump_args() -{ - # Route configuration file, as used by the NetBSD RC system - if [ -s /etc/route.conf ]; then - cat /etc/route.conf - return $? - fi - - case "$staticroute" in - *"$__nl"*) - echo "$staticroute" - ;; - *) - ( - set -o noglob - IFS=';'; set -- $staticroute - IFS="$__nl"; echo "$*" - ) - ;; - esac -} - -do_routes() -{ - local xtra= family= - [ "$RC_UNAME" != Linux ] && xtra=-q - - ebegin "$1 static routes" - eindent - pre_flight_checks - dump_args | while read args; do - [ -z "$args" ] && continue - case "$args" in - "#"*) - ;; - "+"*) - [ $2 = "add" ] && eval ${args#*+} - ;; - "-"*) - [ $2 = "del" -o $2 = "delete" ] && eval ${args#*-} - ;; - *) - veinfo "$args" - case "$route" in - "ip route") - ip route $2 $args - ;; - *) - # Linux route does cannot work it out ... - if [ "$RC_UNAME" = Linux ]; then - case "$args" in - *:*) family="-A inet6";; - *) family=;; - esac - fi - route $family $xtra $2 -$args - ;; - esac - veend $? - esac - done - eoutdent - eend 0 -} - -start() -{ - ewarn - ewarn "The $RC_SVCNAME script is deprecated and will be" - ewarn "removed in the future." - ewarn "Please use the net.* scripts to manage your network interfaces." - ewarn - do_routes "Adding" "add" -} - -stop() -{ - local cmd="delete" - [ "$RC_UNAME" = Linux ] && cmd="del" - do_routes "Deleting" "$cmd" -} diff --git a/init.d/swap b/init.d/swap index 9fcc101..309d37b 100755 --- a/init.d/swap +++ b/init.d/swap @@ -4,7 +4,7 @@ depend() { - need localmount + before localmount keyword -jail -openvz -prefix -vserver -lxc } @@ -12,6 +12,7 @@ start() { ebegin "Activating swap devices" case "$RC_UNAME" in + Linux) swapon -a -e >/dev/null;; NetBSD|OpenBSD) swapctl -A -t noblk >/dev/null;; *) swapon -a >/dev/null;; esac @@ -23,7 +24,7 @@ stop() ebegin "Deactivating swap devices" # Try to unmount all tmpfs filesystems not in use, else a deadlock may - # occure. As $RC_SVCDIR may also be tmpfs we cd to it to lock it + # occur. As $RC_SVCDIR may also be tmpfs we cd to it to lock it cd "$RC_SVCDIR" umount -a -t tmpfs 2>/dev/null diff --git a/init.d/swapfiles b/init.d/swapfiles new file mode 100755 index 0000000..086f25e --- /dev/null +++ b/init.d/swapfiles @@ -0,0 +1,47 @@ +#!/sbin/runscript +# Copyright (c) 2007-2009 Roy Marples +# Released under the 2-clause BSD license. + +depend() +{ + need localmount + keyword -jail -openvz -prefix -vserver -lxc +} + +start() +{ + ebegin "Activating additional swap space" + case "$RC_UNAME" in + NetBSD|OpenBSD) swapctl -A -t noblk >/dev/null;; + *) swapon -a >/dev/null;; + esac + eend 0 # If swapon has nothing todo it errors, so always return 0 +} + +stop() +{ + ebegin "Deactivating additional swap space" + + # Try to unmount all tmpfs filesystems not in use, else a deadlock may + # occur. As $RC_SVCDIR may also be tmpfs we cd to it to lock it + # fixme: Do we need this here since we are only unmounting swap files + # and loopback swap? + cd "$RC_SVCDIR" + umount -a -t tmpfs 2>/dev/null + + case "$RC_UNAME" in + Linux) + if [ -e /proc/swaps ]; then + while read filename type rest; do + case "$type" in + file) swapoff $filename >/dev/null;; + esac + case "$filename" in + /dev/loop*) swapoff $filename >/dev/null;; + esac + done < /proc/swaps + fi + ;; + esac + eend 0 +} diff --git a/init.d/sysctl b/init.d/sysctl index cb5d92e..b94dcc4 100755 --- a/init.d/sysctl +++ b/init.d/sysctl @@ -5,7 +5,7 @@ depend() { before bootmisc logger - keyword -prefix -vserver + keyword -lxc -prefix -vserver } start() @@ -15,12 +15,12 @@ start() ebegin "Configuring kernel parameters" eindent - for conf in /etc/sysctl.d/*.conf /etc/sysctl.conf; do + for conf in /etc/sysctl.conf /etc/sysctl.d/*.conf; do if [ -r "$conf" ]; then vebegin "applying $conf" - if ! err=$(sysctl -q -p "$conf" 2>&1) ; then + if ! err=$(sysctl -p "$conf" 2>&1 >/dev/null) ; then errs="${errs} ${err}" - sysctl -q -e -p "${conf}" + sysctl -e -p "${conf}" >/dev/null fi veend $? || retval=1 fi diff --git a/init.d/sysfs b/init.d/sysfs index 50c98a9..d129fde 100755 --- a/init.d/sysfs +++ b/init.d/sysfs @@ -6,7 +6,7 @@ description="Mount the sys filesystem." depend() { - keyword -prefix -vserver + keyword -lxc -prefix -vserver } mount_sys() @@ -74,9 +74,16 @@ mount_misc() mount_cgroups() { - yesno ${rc_cgroups:-YES} && [ -e /proc/cgroups ] && \ mountinfo -q /sys/fs/cgroup || return 0 + local agent="/lib64/rc/sh/cgroup-release-agent.sh" + mkdir /sys/fs/cgroup/openrc + mount -n -t cgroup \ + -o none,nodev,noexec,nosuid,name=openrc,release_agent="$agent" \ + openrc /sys/fs/cgroup/openrc + echo 1 > /sys/fs/cgroup/openrc/notify_on_release + + yesno ${rc_controller_cgroups:-YES} && [ -e /proc/cgroups ] || return 0 while read name hier groups enabled rest; do case "${enabled}" in 1) mkdir /sys/fs/cgroup/${name} diff --git a/init.d/termencoding b/init.d/termencoding index d7951d1..b949b76 100755 --- a/init.d/termencoding +++ b/init.d/termencoding @@ -9,8 +9,8 @@ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}} depend() { - keyword -openvz -prefix -uml -vserver -xenu - need root + keyword -lxc -openvz -prefix -uml -vserver -xenu + use root after bootmisc } @@ -35,7 +35,7 @@ start() done # Save the encoding for use immediately at boot - if [ -w "$RC_LIBEXECDIR" ]; then + if checkpath -W "$RC_LIBEXECDIR"; then mkdir -p "$RC_LIBEXECDIR"/console if yesno ${unicode:-${UNICODE}}; then echo "" > "$RC_LIBEXECDIR"/console/unicode diff --git a/init.d/tmpfiles.setup b/init.d/tmpfiles.setup new file mode 100755 index 0000000..fc74426 --- /dev/null +++ b/init.d/tmpfiles.setup @@ -0,0 +1,18 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Released under the 2-clause BSD license. + +description="set up tmpfiles.d entries" + +depend() +{ + need localmount +} + +start() +{ + ebegin "setting up tmpfiles.d entries" + /lib64/rc/sh/tmpfiles.sh --create --remove ${tmpfiles_opts} + eend $? + return 0 +} diff --git a/init.d/urandom b/init.d/urandom index 20e4325..4bfecab 100755 --- a/init.d/urandom +++ b/init.d/urandom @@ -8,7 +8,7 @@ description="Initializes the random number generator." depend() { need localmount - keyword -jail -openvz -prefix + keyword -jail -lxc -openvz -prefix } save_seed() diff --git a/ld.so.conf b/ld.so.conf index 1577bce..9b2e996 100644 --- a/ld.so.conf +++ b/ld.so.conf @@ -10,6 +10,8 @@ /usr/lib /usr/local/lib include ld.so.conf.d/*.conf +/usr/lib32/opengl/xorg-x11/lib +/usr/lib64/opengl/xorg-x11/lib /usr/lib/postgresql /usr/lib64/postgresql -/usr/lib64/postgresql-9.1/lib64/ +/usr/lib64/postgresql-9.2/lib64/ diff --git a/make.conf b/make.conf index fb5dea1..036157e 100644 --- a/make.conf +++ b/make.conf @@ -73,7 +73,7 @@ PORTDIR_OVERLAY="/usr/local/portage" FEATURES="parallel-fetch" #MAKEOPTS="-j3" -EMERGE_DEFAULT_OPTS="--with-bdeps y --quiet-build=y --jobs=4 --load-average=6" +EMERGE_DEFAULT_OPTS="--with-bdeps y --complete-graph=y --quiet-build=y --jobs=4 --load-average=6" LINGUAS="de de_AT de_BE de_CH de_DE de_LU en en_AG en_AU en_BW en_CA en_DK en_GB en_HK en_IE en_IN en_NG en_NZ en_PH en_SG en_ZA en_ZW en_US ru_RU ru_UA" diff --git a/modprobe.d/usb-load-ehci-first.conf b/modprobe.d/usb-load-ehci-first.conf index 3b5db0e..9b62fb4 100644 --- a/modprobe.d/usb-load-ehci-first.conf +++ b/modprobe.d/usb-load-ehci-first.conf @@ -1,2 +1,2 @@ -install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install ohci_hcd $CMDLINE_OPTS -install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install uhci_hcd $CMDLINE_OPTS +softdep uhci_hcd pre: ehci_hcd +softdep ohci_hcd pre: ehci_hcd diff --git a/mtab b/mtab index f340fb4..c804a8a 100644 --- a/mtab +++ b/mtab @@ -5,7 +5,6 @@ udev /dev tmpfs rw,nosuid,relatime,size=10240k,mode=755 0 0 devpts /dev/pts devpts rw,relatime,gid=5,mode=620 0 0 /dev/md2 / ext3 rw,noatime,errors=continue,user_xattr,acl,barrier=1,data=writeback 0 0 tmpfs /run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0 -rc-svcdir /lib64/rc/init.d tmpfs rw,nosuid,nodev,noexec,relatime,size=1024k,mode=755 0 0 securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0 cgroup_root /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755 0 0 diff --git a/openldap/schema/authldap.schema b/openldap/schema/authldap.schema index 4df51a0..72a7494 100644 --- a/openldap/schema/authldap.schema +++ b/openldap/schema/authldap.schema @@ -1,4 +1,3 @@ -#$Id: authldap.schema,v 1.2 2010/05/10 15:34:23 root Exp $ # # OID prefix: 1.3.6.1.4.1.10018 # @@ -18,8 +17,8 @@ attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota' attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword' DESC 'A separate text that stores the mail account password in clear text' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}) + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' DESC 'RFC822 Mailbox - mail alias' @@ -79,22 +78,25 @@ attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared' # DESC 'Host to which incoming POP/IMAP connections should be proxied' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - +# # # Objects: 1.3.6.1.4.1.10018.1.2 # -objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY - DESC 'Mail account object as used by the Courier mail server' - MUST ( mail $ homeDirectory ) - MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailHost) ) - -objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' SUP top AUXILIARY - DESC 'Mail aliasing/forwarding entry' - MUST ( mail $ maildrop ) - MAY ( mailsource $ description ) ) - -objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' SUP top AUXILIARY - DESC 'Domain mail aliasing/forwarding entry' - MUST ( virtualdomain $ virtualdomainuser ) - MAY ( mailsource $ description ) ) +objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' + DESC 'Mail account object as used by the Courier mail server' + SUP top AUXILIARY + MUST ( mail $ homeDirectory ) + MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailhost ) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' + DESC 'Mail aliasing/forwarding entry' + SUP top AUXILIARY + MUST ( mail $ maildrop ) + MAY ( mailsource $ description ) ) + +objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' + DESC 'Domain mail aliasing/forwarding entry' + SUP top AUXILIARY + MUST ( virtualdomain $ virtualdomainuser ) + MAY ( mailsource $ description ) ) diff --git a/openldap/schema/samba.schema b/openldap/schema/samba.schema index 8f82ddd..716c191 100644 --- a/openldap/schema/samba.schema +++ b/openldap/schema/samba.schema @@ -469,6 +469,50 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributetype ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' + DESC 'Type of trust' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' + DESC 'Trust attributes for a trusted domain' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' + DESC 'Direction of a trust' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' + DESC 'Fully qualified name of the domain with which a trust exists' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' + DESC 'NetBIOS name of a domain' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' + DESC 'Authentication information for the outgoing portion of a trust' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' + DESC 'Authentication information for the incoming portion of a trust' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' + DESC 'SID of a trusted domain' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' + DESC 'Forest trust information for a trusted domain object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) ####################################################################### @@ -573,3 +617,14 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURA ## DESC 'Samba Privilege' ## MUST ( sambaSID ) ## MAY ( sambaPrivilegeList ) ) + +## +## used for IPA_ldapsam +## +objectclass ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL + DESC 'Samba Trusted Domain Object' + MUST ( cn ) + MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ + sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ + sambaTrustAuthIncoming $ sambaSecurityIdentifier $ + sambaTrustForestTrustInfo) ) diff --git a/pango/i686-pc-linux-gnu/pango.modules b/pango/i686-pc-linux-gnu/pango.modules new file mode 100644 index 0000000..8bb6f47 --- /dev/null +++ b/pango/i686-pc-linux-gnu/pango.modules @@ -0,0 +1,35 @@ +# Pango Modules file +# Automatically generated file, do not edit +# +# ModulesPath = /usr/lib32/pango/1.6.0/modules +# +/usr/lib32/pango/1.6.0/modules/pango-khmer-fc.so KhmerScriptEngineFc PangoEngineShape PangoRenderFc khmer:* +/usr/lib32/pango/1.6.0/modules/pango-hangul-fc.so HangulScriptEngineFc PangoEngineShape PangoRenderFc hangul:* +/usr/lib32/pango/1.6.0/modules/pango-thai-fc.so ThaiScriptEngineFc PangoEngineShape PangoRenderFc thai:* lao:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so devaScriptEngineFc PangoEngineShape PangoRenderFc devanagari:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so bengScriptEngineFc PangoEngineShape PangoRenderFc bengali:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so guruScriptEngineFc PangoEngineShape PangoRenderFc gurmukhi:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so gujrScriptEngineFc PangoEngineShape PangoRenderFc gujarati:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so oryaScriptEngineFc PangoEngineShape PangoRenderFc oriya:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so tamlScriptEngineFc PangoEngineShape PangoRenderFc tamil:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so teluScriptEngineFc PangoEngineShape PangoRenderFc telugu:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so kndaScriptEngineFc PangoEngineShape PangoRenderFc kannada:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so mlymScriptEngineFc PangoEngineShape PangoRenderFc malayalam:* +/usr/lib32/pango/1.6.0/modules/pango-indic-fc.so sinhScriptEngineFc PangoEngineShape PangoRenderFc sinhala:* +/usr/lib32/pango/1.6.0/modules/pango-syriac-fc.so SyriacScriptEngineFc PangoEngineShape PangoRenderFc syriac:* +/usr/lib32/pango/1.6.0/modules/pango-basic-fc.so BasicScriptEngineFc PangoEngineShape PangoRenderFc latin:* cyrillic:* greek:* armenian:* georgian:* runic:* ogham:* bopomofo:* cherokee:* coptic:* deseret:* ethiopic:* gothic:* han:* hiragana:* katakana:* old-italic:* canadian-aboriginal:* yi:* braille:* cypriot:* limbu:* osmanya:* shavian:* linear-b:* ugaritic:* glagolitic:* cuneiform:* phoenician:* common: +/usr/lib32/pango/1.6.0/modules/pango-arabic-lang.so ArabicScriptEngineLang PangoEngineLang PangoRenderNone arabic:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so devaIndicScriptEngineLang PangoEngineLang PangoRenderNone devanagari:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so bengIndicScriptEngineLang PangoEngineLang PangoRenderNone bengali:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so guruIndicScriptEngineLang PangoEngineLang PangoRenderNone gurmukhi:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so gujrIndicScriptEngineLang PangoEngineLang PangoRenderNone gujarati:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so oryaIndicScriptEngineLang PangoEngineLang PangoRenderNone oriya:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so tamlIndicScriptEngineLang PangoEngineLang PangoRenderNone tamil:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so teluIndicScriptEngineLang PangoEngineLang PangoRenderNone telugu:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so kndaIndicScriptEngineLang PangoEngineLang PangoRenderNone kannada:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so mlymIndicScriptEngineLang PangoEngineLang PangoRenderNone malayalam:* +/usr/lib32/pango/1.6.0/modules/pango-indic-lang.so sinhIndicScriptEngineLang PangoEngineLang PangoRenderNone sinhala:* +/usr/lib32/pango/1.6.0/modules/pango-arabic-fc.so ArabicScriptEngineFc PangoEngineShape PangoRenderFc arabic:* nko:* +/usr/lib32/pango/1.6.0/modules/pango-hebrew-fc.so HebrewScriptEngineFc PangoEngineShape PangoRenderFc hebrew:* +/usr/lib32/pango/1.6.0/modules/pango-basic-x.so BasicScriptEngineX PangoEngineShape PangoRenderX common: +/usr/lib32/pango/1.6.0/modules/pango-tibetan-fc.so TibetanScriptEngineFc PangoEngineShape PangoRenderFc tibetan:* diff --git a/postfix/header_checks b/postfix/header_checks index 37a7502..16d2d55 100644 --- a/postfix/header_checks +++ b/postfix/header_checks @@ -75,6 +75,7 @@ # [Immer mit aufsteiger Nummer sauber eintragen!] # +/^Received:.*envelope-from / REJECT Header-Spamschutzregel 1021 +/^Subject: =?iso-8859-1?Q?Leider_st=F6?= =?iso-8859-1?Q?ren_Sie.?=/ REJECT Header-Spamschutzregel 1020 +/^From:.*Elena.*@eposta.ru/ REJECT Header-Spamschutzregel 1019 +/^Subject:.*Results 2008 !/ REJECT Header-Spamschutzregel 1018 +/^From: Sponsor Lotto/ REJECT Header-Spamschutzregel 1017 +/^From:.*nodiet@web.de/ REJECT Header-Spamschutzregel 1016 +/^From:.*edirects.com/ REJECT Header-Spamschutzregel 1015 +/^Subject:.*WINNING NOTIFICATION!!!/ REJECT Header-Spamschutzregel 1014 +/^Subject:.*Wir wissen was Frauen wollern/ REJECT Header-Spamschutzregel 1013 +/^From:.*newscd\.org/ REJECT Header-Spamschutzregel 1012 +/^From:.*mms-und-sms-gutschein.com/ REJECT Header-Spamschutzregel 1011 +/^Subject:.*CONFIRM YOUR WINNING/ REJECT Header-Spamschutzregel 1010 +/^Subject:.*Gratisaktion - Du wurdest ausgewaehlt unseren neuen SMS/ REJECT Header-Spamschutzregel 1009 +/^From:.*Seitensprung/ REJECT Header-Spamschutzregel 1008 +/^Received:.*germans-mailc.com/ REJECT Header-Spamschutzregel 1007: Lisa-Schindler-Spam +/^Received:.*stienitzsee.info/ REJECT Header-Spamschutzregel 1006 +/^Subject: Bonus 555eu/ REJECT Header-Spamschutzregel 1005 +/^Subject: *(ATTN|TO) *:.*SALES? *MANAGER/i REJECT Header-Spamschutzregel 1004 +/^Subject:.*Take this postcard now!/ REJECT Header-Spamschutzregel 1003 +/^Subject:.*FUXIN/ REJECT Header-Spamschutzregel 1002 +/^From:.*marion.backera/ REJECT Header-Spamschutzregel 1001 +/^Subject:.*kein spam. aber eine Antwort auf ihre Fragen/ REJECT Header-Spamschutzregel 1000 + + + + +# Nazi-Spam-Welle mit Hetze + +######################################## +if /^Subject:/i + +/^Subject: 4,8 Mill\. Osteuropaeer durch Fischer-Volmer Erlass/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Auf Streife durch den Berliner Wedding/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Auslaender bevorzugt/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Auslaenderpolitik/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Deutsche werden kuenftig beim Arzt abgezockt/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Du wirst zum Sklaven gemacht\!\!\!/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Graeberschaendung auf bundesdeutsche Anordnung/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Hier sind wir Lehrer die einzigen Auslaender/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Paranoider Deutschenmoerder kommt in Psychiatrie/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Tuerkei in die EU/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject: Verbrechen der deutschen Frau/ REJECT Header-Spamschutzregel Nazi Spam +/^Subject:.*Skandal in Berlin/ REJECT Header-Spamschutzregel JPBERLIN-14 +/^Subject:.*Auslaendergewalt: Herr Rau, wo waren Sie?/ REJECT Header-Spamschutzregel JPBERLIN-15 +/^Subject:.*Bankrott des Gesundheitswesens durch Auslaender!/ REJECT Header-Spamschutzregel JPBERLIN-16 +/^Subject:.*Wer an ein Tabu ruehrt, muss und darf vernichtet werden/ REJECT Header-Spamschutzregel JPBERLIN-17 +/^Subject:.*EU Beitritt der Tuerkei/ REJECT Header-Spamschutzregel JPBERLIN-18 +/^Subject:.*Bin ich zu weltfremd.*Ich glaube wohl kaum/ REJECT Header-Spamschutzregel JPBERLIN-19 +/^Subject:.*Die Deform der sozialen Ordnung/ REJECT Header-Spamschutzregel JPBERLIN-20 +/^Subject:.*Moschee-Bau in Deutschland/ REJECT Header-Spamschutzregel JPBERLIN-21 +/^Subject:.*Augen auf.*So sieht es aus/ REJECT Header-Spamschutzregel JPBERLIN-22 +/^Subject:.*Paradies Bundesrepublik - Rente fuer die Welt/ REJECT Header-Spamschutzregel JPBERLIN-23 +/^Subject:.*Libanesen in Berlin/ REJECT Header-Spamschutzregel JPBERLIN-24 +/^Subject:.*Garather klagen ueber eskalierende Gewalt im Stadtteil!/ REJECT Header-Spamschutzregel JPBERLIN-24 +/^Subject:.*Auslaender erschleichen sich zunehmend Sozialleistungen/ REJECT Header-Spamschutzregel JPBERLIN-25 +/^Subject:.*Auslaenderkriminalitaet steigt weiter!/ REJECT Header-Spamschutzregel JPBERLIN-26 +/^Subject:.*Das kann unmoeglich sein -Leserbrief/ REJECT Header-Spamschutzregel JPBERLIN-27 +/^Subject:.*Nein zum Zuwanderungsgesetz !/ REJECT Header-Spamschutzregel JPBERLIN-28 +/^Subject:.*Skandalurteil in Darmstadt/ REJECT Header-Spamschutzregel JPBERLIN-29 +/^Subject:.*Auf Kosten der deutschen Beitragszahler und Rentner!/ REJECT Header-Spamschutzregel JPBERLIN-30 +/^Subject:.*Wir haben die Auslaender doch geholt/ REJECT Header-Spamschutzregel JPBERLIN-31 +/^Subject:.*TUERKEN-TERROR AM HIMMELFAHRTSTAG/ REJECT Header-Spamschutzregel JPBERLIN-32 +/^Subject:.*MULTI-KULTI-BANDE TYRANNISIERTE MITSCHUELER/ REJECT Header-Spamschutzregel JPBERLIN-33 +/^Subject:.*ASYLANTEN BEGRABSCHTEN DEUTSCHES MAEDCHEN/ REJECT Header-Spamschutzregel JPBERLIN-34 +/^Subject:.*Was Deutschland braucht, sind deutsche Kinder!/ REJECT Header-Spamschutzregel JPBERLIN-35 +/^Subject:.*Diplomatische Zensur/ REJECT Header-Spamschutzregel JPBERLIN-36 +/^Subject:.*EU gibt Erwerbslosen volle Freizuegigkeit/ REJECT Header-Spamschutzregel JPBERLIN-37 +/^Subject:.*Richter unterstuetzt kriminelle Auslaenderin/ REJECT Header-Spamschutzregel JPBERLIN-38 +/^Subject:.*Auslaenderanteile in Schweizer Gefaengnissen/ REJECT Header-Spamschutzregel JPBERLIN-39 +/^Subject:.*Augen auf! (So sieht es aus!)/ REJECT Header-Spamschutzregel JPBERLIN-40 +/^Subject:.*Neue Voelkerwanderung droht!/ REJECT Header-Spamschutzregel JPBERLIN-41 +/^Subject:.*Client TOS Notification/ REJECT Header-Spamschutzregel JPBERLIN-50 +/^Subject:.* CIALIS / REJECT Header-Spamschutzregel JPBERLIN-51: Cialis-Keyword +/^Subject:.*Postbank Sicherheitsaktualisierung/ REJECT Header-Spamschutzregel JPBERLIN-52 +/^Subject:.*Sicherheitsaktualisierung/ REJECT Header-Spamschutzregel JPBERLIN-53 +/^Subject:.*Deutsche-bank Sicherheitsaktualisierung/ REJECT Header-Spamschutzregel JPBERLIN-54 +/^Subject:.*internet.*pharmacy/ REJECT Header-Spamschutzregel JPBERLIN-55 +/^Subject:.*Affordable Premade Logos/ REJECT Header-Spamschutzregel JPBERLIN-56 +/^Subject:.*Best prices.*on the net/ REJECT Header-Spamschutzregel JPBERLIN-57 +/^Subject:.*V.?i.?a.?g.?r.?a/ REJECT Header-Spamschutzregel JPBERLIN-58: Viagra-Keyword +/^Subject:.*X.?a.?n.?a.?x/ REJECT Header-Spamschutzregel JPBERLIN-59: Xanax-Keyword +/^Subject:.*Phentermine/ REJECT Header-Spamschutzregel JPBERLIN-60 +/^Subject:.*Die Sahne tropft heraus/ REJECT Header-Spamschutzregel JPBERLIN-61 +/^Subject:.* Rolex / REJECT Header-Spamschutzregel JPBERLIN-62 +/^Subject:.*Rechnung Online Monat November 2004/ REJECT Header-Spamschutzregel JPBERLIN-63 Trojaner-Alarm +/^Subject:.*Replica Watch Models/ REJECT Header-Spamschutzregel JPBERLIN-64 +/^Subject:.*Sehr geehrter Postbankkunde/ REJECT Header-Spamschutzregel JPBERLIN-65 +/^Subject:.*AIR ANTALYA/ REJECT Header-Spamschutzregel JPBERLIN-66 +/^Subject:.*Search engines - submit/ REJECT Header-Spamschutzregel JPBERLIN-12 +/^Subject:.*Search engine traffic/ REJECT Header-Spamschutzregel JPBERLIN-13 +/^Subject: More efficient than via-gra/ REJECT Header-Spamschutzregel 22 +/^Subject: Mailadresse unbekannt/ REJECT Header-Spamschutzregel 27 +/^Subject:.*SARS: Viet Nam removed from list of affected countries.*/ REJECT Header-Spamschutzregel 29 +/^Subject:.*Wichtig !!! Die Telefonnummer die du haben wolltest/ REJECT Header-Spamschutzregel 31 +/^Subject:.*Weihnachtsbaeume ab EURO.*/ REJECT Header-Spamschutzregel 32 +/^Subject:.*Neue Version zum downloaden.*/ REJECT Header-Spamschutzregel 33 +/^Subject:.*Frants for.*/ REJECT Header-Spamschutzregel 34 +/^Subject:.*FREEE.*/ REJECT Header-Spamschutzregel 35 +/^Subject:.*Webdesign leicht gemacht.*/ REJECT Header-Spamschutzregel 36 +/^Subject:.*Check this Message Board Out.*/ REJECT Header-Spamschutzregel 37 +/^Subject: SAVE GERMANY VOTE STOIBER.*/ REJECT Header-Spamschutzregel 38 + +Endif +#################################### + + + +#/^Return-Path: / REJECT Header-Spamschutzregel 20 +/^Received:.*luftmensch.com/ REJECT Header-Spamschutzregel 28 +/^Delivered-To:.*jo@pcj.mlbc.test/ REJECT Header-Spamschutzregel +/From:.*Mandy Tweed/ REJECT Header-Spamschutzregel 39 +/Received: from privat .*.aol.com/ REJECT Header-Spamschutzregel 40 +/Received:.*tpg_exsrvr.thepowellgroup.com/ REJECT Header-Spamschutzregel 41 +/Received: from mx?.eudoramail.com/ REJECT Header-Spamschutzregel 42 +/Flashmail\.com/ REJECT Header-Spamschutzregel 44 + + + +# +# Checks gesammelt aus dem Netz von +# http://www.hispalinux.es/~data/postfix/ +# + +###################################### +If /^Subject:/i + +/^Subject: FW: Warm this world by truely Love$/ REJECT Header-Spamschutzregel 51 +/^Subject:.*Fwd:Peace BeTweeN AmeriCa and IsLaM!/ REJECT Header-Spamschutzregel 58 +/^Subject: ILOVEYOU/ REJECT Header-Spamschutzregel 60 +# Regel 61 rausgenommen -- zu allgemein. 20080128 / phei +#/^Subject: (Re: )*Important Message From/ REJECT Header-Spamschutzregel 61 +/^Subject: (Re: )*BubbleBoy is back!/ REJECT Header-Spamschutzregel 62 +/^Subject: Accept Credit Cards/ REJECT Header-Spamschutzregel 63 +/^Subject: How Soon Are You Going To Retire\?/ REJECT Header-Spamschutzregel 64 +/^Subject: \[ADV:/ REJECT Header-Spamschutzregel 65 +/^Subject: ADV:/ REJECT Header-Spamschutzregel 66 +/^Subject: Snowhite and the Seven Dwarfs - The REAL story!/ REJECT Header-Spamschutzregel 67 +/^Subject: Are you losing sleep over debt\?/ REJECT Header-Spamschutzregel 68 +/^Subject: a stock that makes money/ REJECT Header-Spamschutzregel 69 +/^Subject: high earnings may soar/ REJECT Header-Spamschutzregel 70 +/^Subject: See the VIDEO Britney/ REJECT Header-Spamschutzregel 71 +/^Subject: FW: VIDEOS OF BRITNEY/ REJECT Header-Spamschutzregel 72 +/^Subject: STOLEN HARDCORE VIDEO/ REJECT Header-Spamschutzregel 73 +/^Subject: NEW CASH PROGRAM/ REJECT Header-Spamschutzregel 74 +/^Subject: Hot Celebs 100% Exposed!/ REJECT Header-Spamschutzregel 75 +/^Subject: Make It Happen/ REJECT Header-Spamschutzregel 76 +/^Subject: If you need extra money...read this!/ REJECT Header-Spamschutzregel 77 +/^Subject: Recieve A Free Quote/ REJECT Header-Spamschutzregel 78 +/^Subject: We Have Low Mortgage Rates!!!/ REJECT Header-Spamschutzregel 79 +/^Subject: Re: travel confirmation/ REJECT Header-Spamschutzregel 80 +/^Subject: Receive a FREE SAMPLE of Viagra for Women/ REJECT Header-Spamschutzregel 81 +/^Subject: DOUBLE YOUR BREAST SIZE! GUARANTEED/ REJECT Header-Spamschutzregel 82 +/^Subject: Ground Breaking Business "Starts Today"/ REJECT Header-Spamschutzregel 83 +/^Subject: AS SEEN ON T\.V/ REJECT Header-Spamschutzregel 84 +/^Subject: 99 Million Email Addresses - \$99/ REJECT Header-Spamschutzregel 85 +/^Subject: 50 Million Fresh Email Addresses/ REJECT Header-Spamschutzregel 87 +/^Subject: 200 Million Email Addresses - \$149/ REJECT Header-Spamschutzregel 88 +/^Subject: Get Viagra Online Now !!!/ REJECT Header-Spamschutzregel 89 +/^Subject: Boost Your Windows Reliability/ REJECT Header-Spamschutzregel 90 +/^Subject: I know what you've been doing/ REJECT Header-Spamschutzregel 91 +/^Subject: Hot Penny Stock Pick/ REJECT Header-Spamschutzregel 92 +/^Subject: Need a great deal on a home loan\?/ REJECT Header-Spamschutzregel 93 +/^Subject: I used to be in debt too!/ REJECT Header-Spamschutzregel 94 +/^Subject: Work less, make more/ REJECT Header-Spamschutzregel 95 +/^Subject: Drive Your Web Counter Ballistic/ REJECT Header-Spamschutzregel 96 +/^Subject: Re: have you considered doing this\?/ REJECT Header-Spamschutzregel 97 +/^Subject: Work from home and get paid!/ REJECT Header-Spamschutzregel 98 +/^Subject: Enter To Win One of 25 Dream Vacations!!/ REJECT Header-Spamschutzregel 99 +/^Subject: Do You Accept Credit Cards/ REJECT Header-Spamschutzregel 100 +/^Subject: Home Owners ONLY/ REJECT Header-Spamschutzregel 101 +/^Subject: Your Credit Info/ REJECT Header-Spamschutzregel 102 +/^Subject: Do you owe money\?/ REJECT Header-Spamschutzregel 103 +/^Subject: Need a Home Loan? We Can Help!!/ REJECT Header-Spamschutzregel 104 +/^Subject: stock alert/ REJECT Header-Spamschutzregel 105 +/^Subject: contact lenses/ REJECT Header-Spamschutzregel 106 +/^Subject: ENLARGE YOUR PACAKGE GUARANTEED/ REJECT Header-Spamschutzregel 107 +/^Subject: ENLARGE YOUR PACKAGE GUARANTEED/ REJECT Header-Spamschutzregel 108 +/^Subject: We purchase uncollected Judicial Judgments/ REJECT Header-Spamschutzregel 109 +/^Subject: Increase Your Gas Mileage by up to 27%!/ REJECT Header-Spamschutzregel 112 +/^Subject: Willow Flower Herb For Prostate Problems\./ REJECT Header-Spamschutzregel 113 +/^Subject: NEW Increase Your Gas Mileage by 27%/ REJECT Header-Spamschutzregel 114 +/^Subject: The easiest way to make money on the internet!/ REJECT Header-Spamschutzregel 115 +/^Subject: Re: think about this\.\.\./ REJECT Header-Spamschutzregel 116 +/^Subject: think about this\.\.\./ REJECT Header-Spamschutzregel 117 +/^Subject: At Last, Herbal V, the All Natural Alternative!/ REJECT Header-Spamschutzregel 119 +/^Subject: Make Money In Your Sleep! / REJECT Header-Spamschutzregel 120 +/^Subject: FREE Satellite TV System/ REJECT Header-Spamschutzregel 122 +/^Subject: About your site/ REJECT Header-Spamschutzregel 124 +/^Subject: No Deposit VISA or Master Card!/ REJECT Header-Spamschutzregel 126 +/^Subject: FREE Auto Insurance Quote!/ REJECT Header-Spamschutzregel 127 +/^Subject: Need money for college\?/ REJECT Header-Spamschutzregel 131 +/^Subject:(\s+\[[^]]*\])?\s+[-\.{<]*ADV(ertisement)?[-:\.>}\s]/ REJECT Header-Spamschutzregel 153 +#/^Subject:.*\s+ADV$/ REJECT Header-Spamschutzregel 154 +/^Subject: I viewed your site-/ REJECT Header-Spamschutzregel 155 +/^Subject:.*Millions?\s*(E?-?MAIL\s*)?ADDRESS/ REJECT Header-Spamschutzregel 156 +/^Subject:.*(are you (being investigated|in need of a lifestyle)|Free 1 Ounce Silver Coin|All foreign residents. Check out this offer|CAN YOU ADVERTISE TO OVER 20 MILLION E-MAIL ADDRESSES\??|DSL - FREE DSL Modem! FREE Install! NO Contract!|We want to give you a Brand New FREE Motorola Pager|FREE Motorola Pager|Cellphone Signal Booster|You('| ha)?ve qualified for)/ REJECT Header-Spamschutzregel 157 +# /^Subject:.*[ ._]{5,}[^0 ._]\d+$/ REJECT Header-Spamschutzregel 160 +# /^Subject:.*[ ._]{5,}\[[^ ]+\]$/ REJECT Header-Spamschutzregel 161 +/^Subject:.*\sTime[: ]+\d+:\d+:\d+ [AP]M\s*$/i REJECT Header-Spamschutzregel 162 +/^Subject: Snowhite and the Seven Dwarfs - The REAL story!/ REJECT Header-Spamschutzregel 177 +/^Subject: new photos from my party!/ REJECT Header-Spamschutzregel 180 +#/^Subject:.*=\?(euc-kr|ks_c_5601-1987)\?/ REJECT Header-Spamschutzregel 200 +/^Subject: Liebe freunde, es tropft wieder/ REJECT Header-Spamschutzregel 201 +/^Subject: The best gift a wife or girlfriend could ever ask for/ REJECT Header-Spamschutzregel 202 +/^Subject: Increase your drive, stamina, size and performance.. reach your potential!/ REJECT Header-Spamschutzregel 203 +/^Subject: Discover your true sexual potential/ REJECT Header-Spamschutzregel 204 +/^Subject: .*you could need it Pharamaceu tical/ REJECT Header-Spamschutzregel 205 +/^Subject: Nearly 65% of women claim they wish their lover was more adept.. let us help/ REJECT Header-Spamschutzregel 206 +/^Subject: Increased spending on homeland security has created incredible opportunity/ REJECT Header-Spamschutzregel 207 +/^Subject: The security explosion/ REJECT Header-Spamschutzregel 208 +/^Subject: Ermittlungsverfahren gegen Sie.*/ REJECT Header-Spamschutzregel 210 +/^Subject: Bekommen Sie Uhren.*/ REJECT Header-Spamschutzregel 211 +Endif +################################################# + + +/^To: / REJECT Header-Spamschutzregel 53 +/^To: ACERCAS@europarl.eu.int/ REJECT Header-Spamschutzregel 54 +/^To: infomail@recurrent.com/ REJECT Header-Spamschutzregel 57 +/^X-Spanska:/ REJECT Header-Spamschutzregel 59 +/^From steve-larson1@execs.com/ REJECT Header-Spamschutzregel 110 +/^From @execs.com*/ REJECT Header-Spamschutzregel 111 +/^From: enews@uscav.com/ REJECT Header-Spamschutzregel 118 +/weatherbug\.com/ REJECT Header-Spamschutzregel 123 +/virtumundo\.com/ REJECT Header-Spamschutzregel 125 +/thesexymessage\.com/ REJECT Header-Spamschutzregel 128 +/insideporn\.net/ REJECT Header-Spamschutzregel 129 +/shoplet\.com/ REJECT Header-Spamschutzregel 132 +/real-net\.net/ REJECT Header-Spamschutzregel 133 +/bizinfo/ REJECT Header-Spamschutzregel 134 +/servicenetbest\.com/ REJECT Header-Spamschutzregel 135 +/petter_zhang/ REJECT Header-Spamschutzregel 137 +/^(To|From|Cc|Reply-To):.*Investor Alert/ REJECT Header-Spamschutzregel 142 +/^(To|From|Cc|Reply-To):.*friend@(public.com|localhost.net)/ REJECT Header-Spamschutzregel 143 +/^(To|From|Cc|Reply-To):.*[ <]\d+@(onramp|prodigy|uu)\.net/ REJECT Header-Spamschutzregel 145 +/^(To|From|Cc|Reply-To):.*@funstuff2000.net/ REJECT Header-Spamschutzregel 146 +/^(To|From|Cc|Reply-To):.*(infowatch\.net|nakedmail\d?\.com)/ REJECT Header-Spamschutzregel 147 +/^(To|From|Cc|Reply-To):.*customer@aol/ REJECT Header-Spamschutzregel 148 +/^To: ListMembers@theneteffect/ REJECT Header-Spamschutzregel 149 +/^Reply-To:.*@(china\.com|rever-dreaming\.com|btamail\.net\.cn|amdpress\.com|nakedmail\d?\.com|big-salesfor\.you-now\.net)/ REJECT Header-Spamschutzregel 150 + +# X-Bulkmail rausgenommen, da dies von UCI-Kinowelt benutzt wird :-( +#/^X-(Advertisement|\d|UltraMail|Bulkmail): / REJECT Header-Spamschutzregel 166 +/^X-(Advertisement|\d|UltraMail): / REJECT Header-Spamschutzregel 166 + +/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora)\b/ REJECT Header-Spamschutzregel 167 +/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry)\b/ REJECT Header-Spamschutzregel 168 +/^X-EM-(Version|Registration):/ WARN TEST DER X-EM-Header +/^X-AD2000-(Serial|Register):/ REJECT Header-Spamschutzregel 170 +/^X-Server: Advanced Direct Remailer/ REJECT Header-Spamschutzregel 171 +# spamware mistake. real header is "Comments:" +/^Comment: Authenticated sender is/ REJECT Header-Spamschutzregel 174 +# viruses +/^(To|From|Cc|Reply-To):.*@sexyfun.net/ REJECT Header-Spamschutzregel 178 +/^Content-Disposition: Multipart message/i REJECT Header-Spamschutzregel 179 +# sendmail Received: header overflow +/^Received:.*\.{50,}/ REJECT Header-Spamschutzregel 183 +# Date headers do not end in AM or PM. +/^Date:.* [AP]M/i REJECT Header-Spamschutzregel 193 +# invalid timezone in Date header +/^Date:.*[+-](1[4-9]|2\d)\d\d$/ REJECT Header-Spamschutzregel 195 +/^From:.*icyhot.bakas24.de/ REJECT Header-Spamschutzregel 209 diff --git a/profile.env b/profile.env index 142a268..3ff32fe 100644 --- a/profile.env +++ b/profile.env @@ -13,7 +13,9 @@ export HG='/usr/bin/hg' export INFOPATH='/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/info' export LESS='-R -M --shift 5' export LESSOPEN='|lesspipe %s' -export MANPATH='/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.1/man/' +export MANPATH='/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' +export MULTIOSDIRS='../lib64:../lib32' +export OPENGL_PROFILE='xorg-x11' export PAGER='/usr/bin/less' export PATH='/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.4:/usr/lib64/subversion/bin' export PYTHONDOCS_2_7='/usr/share/doc/python-docs-2.7.2/html/library' diff --git a/rc.conf b/rc.conf index e0be8cb..ae9e0cf 100644 --- a/rc.conf +++ b/rc.conf @@ -1,8 +1,18 @@ # Global OpenRC configuration settings +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + # Set rc_interactive to "YES" and you'll be able to press the I key during # boot so you can choose to start specific services. Set to "NO" to disable -# this feature. +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. #rc_interactive="YES" # If we need to drop to a shell, you can specify it here. @@ -84,6 +94,10 @@ unicode="YES" # These variables are documented here, but should be configured in # /etc/conf.d/foo for service foo and NOT enabled here unless you # really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. @@ -106,6 +120,13 @@ unicode="YES" #rc_foo_need="openvpn" #rc_foo_after="clock" +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + # You can also remove dependencies. # This is mainly used for saying which servies do NOT provide net. #rc_net_tap0_provide="!net" @@ -122,9 +143,7 @@ unicode="YES" # "vserver" - Linux vserver # "xen0" - Xen0 Domain # "xenU" - XenU Domain -# If this is commented out, automatic detection will be attempted. -# Note that autodetection will not work in a prefix environment or in a -# linux container. +# If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is # PRESENTLY in, not the virtualization the environment is capable of. @@ -133,3 +152,11 @@ rc_sys="" # This is the number of tty's used in most of the rc-scripts (like # consolefont, numlock, etc ...) rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/revdep-rebuild/55-nagios-plugins-snmp-revdep b/revdep-rebuild/55-nagios-plugins-snmp-revdep deleted file mode 100644 index 50409a3..0000000 --- a/revdep-rebuild/55-nagios-plugins-snmp-revdep +++ /dev/null @@ -1 +0,0 @@ -SEARCH_DIRS="/usr/nagios/libexec" diff --git a/runlevels/boot/swapfiles b/runlevels/boot/swapfiles new file mode 120000 index 0000000..acbd6b6 --- /dev/null +++ b/runlevels/boot/swapfiles @@ -0,0 +1 @@ +/etc/init.d/swapfiles \ No newline at end of file diff --git a/runlevels/boot/tmpfiles.setup b/runlevels/boot/tmpfiles.setup new file mode 120000 index 0000000..4c1823f --- /dev/null +++ b/runlevels/boot/tmpfiles.setup @@ -0,0 +1 @@ +/etc/init.d/tmpfiles.setup \ No newline at end of file diff --git a/runlevels/sysinit/sysfs b/runlevels/sysinit/sysfs new file mode 120000 index 0000000..887522b --- /dev/null +++ b/runlevels/sysinit/sysfs @@ -0,0 +1 @@ +/etc/init.d/sysfs \ No newline at end of file diff --git a/runlevels/sysinit/udev-mount b/runlevels/sysinit/udev-mount new file mode 120000 index 0000000..276036e --- /dev/null +++ b/runlevels/sysinit/udev-mount @@ -0,0 +1 @@ +/etc/init.d/udev-mount \ No newline at end of file diff --git a/samba/lmhosts b/samba/lmhosts index 80e7175..3e3428e 100644 --- a/samba/lmhosts +++ b/samba/lmhosts @@ -1,2 +1,2 @@ -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/lmhosts,v 1.1 2010/03/01 16:19:54 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/lmhosts,v 1.1 2011/06/30 15:50:28 dagger Exp $ 127.0.0.1 localhost diff --git a/samba/smbusers b/samba/smbusers index 51b8dda..b3c59f2 100644 --- a/samba/smbusers +++ b/samba/smbusers @@ -1,4 +1,4 @@ -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/smbusers,v 1.1 2010/03/01 16:19:54 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/smbusers,v 1.1 2011/06/30 15:50:28 dagger Exp $ # Syntax: # Unix_name = SMB_name1 SMB_name2 ... diff --git a/sudoers.d/50nagios-plugins b/sudoers.d/50nagios-plugins new file mode 100644 index 0000000..4d1050f --- /dev/null +++ b/sudoers.d/50nagios-plugins @@ -0,0 +1,6 @@ +# we add /bin/false so that we don't risk causing syntax errors if all USE flags +# are off as we'd end up with an empty set +Cmnd_Alias NAGIOS_PLUGINS_CMDS = /bin/false , /usr/sbin/smartctl +User_Alias NAGIOS_PLUGINS_USERS = nagios, icinga + +NAGIOS_PLUGINS_USERS ALL=(root) NOPASSWD: NAGIOS_PLUGINS_CMDS diff --git a/sysctl.d/README b/sysctl.d/README new file mode 100644 index 0000000..ca3e030 --- /dev/null +++ b/sysctl.d/README @@ -0,0 +1,13 @@ +Kernel system variables configuration files + +Files found under the /etc/sysctl.d directory that end with .conf are +parsed within sysctl(8) at boot time. If you want to set kernel variables +you can either edit /etc/sysctl.conf or make a new file. + +The filename isn't important, but don't make it a package name as it may clash +with something the package builder needs later. The file name must end +with .conf, or it will not be read. + +The recommended location for local system settings is /etc/sysctl.d/local.conf +but as long as you follow the rules for the name of the file, anything will +work. see the sysctl.conf(5) man page for details of the format.