maybe chmod 0755 './config-archive/etc/init.d/sysfs'
maybe chmod 0755 './config-archive/etc/init.d/sysfs.1'
maybe chmod 0755 './config-archive/etc/init.d/sysfs.dist'
+maybe chmod 0755 './config-archive/etc/init.d/sysstat'
+maybe chmod 0755 './config-archive/etc/init.d/sysstat.dist'
maybe chmod 0755 './config-archive/etc/init.d/termencoding'
maybe chmod 0755 './config-archive/etc/init.d/termencoding.dist'
maybe chmod 0755 './config-archive/etc/init.d/udev'
maybe chmod 0755 './config-archive/etc/init.d/udev.dist'
maybe chmod 0755 './config-archive/etc/init.d/urandom'
maybe chmod 0755 './config-archive/etc/init.d/urandom.dist'
+maybe chmod 0755 './config-archive/etc/layman'
+maybe chmod 0644 './config-archive/etc/layman/layman.cfg'
+maybe chmod 0644 './config-archive/etc/layman/layman.cfg.dist'
maybe chmod 0440 './config-archive/etc/ldap.conf.sudo'
maybe chmod 0440 './config-archive/etc/ldap.conf.sudo.dist'
maybe chmod 0755 './config-archive/etc/lvm'
maybe chmod 0755 './config-archive/etc/portage/savedconfig'
maybe chmod 0755 './config-archive/etc/portage/savedconfig/sys-apps'
maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1'
+maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.1'
maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist'
maybe chmod 0755 './config-archive/etc/postfix'
maybe chmod 0644 './config-archive/etc/postfix/main.cf'
maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.dist.new'
maybe chmod 0644 './config-archive/etc/sysstat'
maybe chmod 0644 './config-archive/etc/sysstat.dist'
+maybe chmod 0755 './config-archive/usr'
+maybe chmod 0755 './config-archive/usr/share'
+maybe chmod 0755 './config-archive/usr/share/openvpn'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa'
+maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README'
+maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req.dist'
+maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars'
+maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars.dist'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf'
+maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist'
+maybe chmod 0755 './config-archive/var'
+maybe chmod 0755 './config-archive/var/bind'
+maybe chmod 0640 './config-archive/var/bind/named.cache'
+maybe chmod 0640 './config-archive/var/bind/named.cache.dist'
maybe chown mail './courier'
maybe chgrp mail './courier'
maybe chmod 0755 './courier'
maybe chmod 0644 './idnalias.conf'
maybe chmod 0644 './idnalias.conf.sample'
maybe chmod 0755 './init.d'
-maybe chmod 0755 './init.d/._cfg0000_sysstat'
maybe chmod 0755 './init.d/acpid'
maybe chmod 0755 './init.d/amavisd'
maybe chmod 0755 './init.d/apache2'
maybe chmod 0644 './kernel/postinst.d/.keep_sys-apps_debianutils-0'
maybe chmod 0644 './krb5.conf.example'
maybe chmod 0755 './layman'
-maybe chmod 0644 './layman/._cfg0000_layman.cfg'
maybe chmod 0644 './layman/layman.cfg'
maybe chmod 0644 './ld.so.cache'
maybe chmod 0644 './ld.so.conf'
maybe chmod 0644 './portage/postsync.d/q-reinitialize'
maybe chmod 0755 './portage/savedconfig'
maybe chmod 0755 './portage/savedconfig/sys-apps'
-maybe chmod 0644 './portage/savedconfig/sys-apps/._cfg0000_busybox-1.19.3-r1'
maybe chmod 0644 './portage/savedconfig/sys-apps/busybox-1.19.3-r1'
maybe chmod 0755 './postfix'
maybe chmod 0644 './postfix/.gitignore'
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $
+
+depend() {
+ use hostname
+}
+
+start() {
+ ebegin "Writing a dummy startup record using sadc (see sadc(8))..."
+ /usr/lib/sa/sadc -F -L -
+ eend $?
+}
+
+stop() {
+ ebegin "Cannot stop writing a dummy startup record (see sadc(8))..."
+ eend $?
+}
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $
+
+depend() {
+ use hostname
+}
+
+start() {
+ ebegin "Writing a dummy startup record using sadc (see sadc(8))..."
+ /usr/lib/sa/sa1 --boot
+ eend $?
+}
+
+stop() {
+ ebegin "Cannot stop writing a dummy startup record (see sadc(8))..."
+ eend $?
+}
--- /dev/null
+[MAIN]
+
+#-----------------------------------------------------------
+# Defines the directory where overlays should be installed
+
+storage : /var/lib/layman
+
+#-----------------------------------------------------------
+# Remote overlay lists will be stored here
+# layman will append _md5(url).xml to each filename
+
+cache : %(storage)s/cache
+
+#-----------------------------------------------------------
+# The list of locally installed overlays
+
+local_list: %(storage)s/overlays.xml
+
+#-----------------------------------------------------------
+# Path to the make.conf file that should be modified by
+# layman
+
+make_conf : %(storage)s/make.conf
+
+#-----------------------------------------------------------
+# URLs of the remote lists of overlays (one per line) or
+# local overlay definitions
+#
+#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
+# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml
+# http://mydomain.org/my-layman-list.xml
+# file:///var/lib/layman/my-list.xml
+
+overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
+
+#-----------------------------------------------------------
+# Proxy support
+# If unset, layman will use the http_proxy environment variable.
+#
+#proxy : http://[user:pass@]www.my-proxy.org:3128
+
+#-----------------------------------------------------------
+# Strict checking of overlay definitions
+#
+# Set either to "yes" or "no". If "no" layman will issue
+# warnings if an overlay definition is missing either
+# description or contact information.
+#
+nocheck : yes
+
+#-----------------------------------------------------------
+# Umask settings
+#
+# layman should usually work with a umask of 0022. You should
+# only change this setting if you are absolutely certain that
+# you know what you are doing.
+#
+#umask : 0022
+
+#-----------------------------------------------------------
+# Command overrides
+#
+# You can have commands point to either a binary at a different
+# location, e.g.
+#
+# /home/you/local/bin/git
+#
+# or just the command, e.g.
+#
+# git
+#
+# to use PATH-based resolution of the binary to call.
+#
+#bzr_command : /usr/bin/bzr
+#cvs_command : /usr/bin/cvs
+#darcs_command : /usr/bin/darcs
+#git_command : /usr/bin/git
+#mercurial_command : /usr/bin/hg
+#rsync_command : /usr/bin/rsync
+#svn_command : /usr/bin/svn
+#tar_command : /bin/tar
--- /dev/null
+[MAIN]
+
+#-----------------------------------------------------------
+# Defines the directory where overlays should be installed
+
+storage : /var/lib/layman
+
+#-----------------------------------------------------------
+# Remote overlay lists will be stored here
+# layman will append _md5(url).xml to each filename
+
+cache : %(storage)s/cache
+
+#-----------------------------------------------------------
+# The list of locally installed overlays
+
+local_list: %(storage)s/overlays.xml
+
+#-----------------------------------------------------------
+# Path to the make.conf file that should be modified by
+# layman
+
+make_conf : %(storage)s/make.conf
+
+#-----------------------------------------------------------
+# URLs of the remote lists of overlays (one per line) or
+# local overlay definitions
+#
+#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
+# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml
+# http://mydomain.org/my-layman-list.xml
+# file:///var/lib/layman/my-list.xml
+
+overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
+
+#-----------------------------------------------------------
+# Proxy support
+# If unset, layman will use the http_proxy environment variable.
+#
+#proxy : http://[user:pass@]www.my-proxy.org:3128
+
+#-----------------------------------------------------------
+# Strict checking of overlay definitions
+#
+# The nocheck option is a bit confusing, for historical reasons.
+# Hopefully this description eases the double negation trouble:
+#
+# nocheck : yes
+# - Accepts completene overlay entries without warnings
+# - Lists overlays of type foo (say Git) even with no foo installed
+#
+# nocheck : no
+# - Checks overlay entries for missing description or contact
+# information and issue warnings as needed
+# - Hides overlays of type foo (say Git) if foo not not installed
+#
+nocheck : yes
+
+#-----------------------------------------------------------
+# Umask settings
+#
+# layman should usually work with a umask of 0022. You should
+# only change this setting if you are absolutely certain that
+# you know what you are doing.
+#
+#umask : 0022
+
+#-----------------------------------------------------------
+# Command overrides
+#
+# You can have commands point to either a binary at a different
+# location, e.g.
+#
+# /home/you/local/bin/git
+#
+# or just the command, e.g.
+#
+# git
+#
+# to use PATH-based resolution of the binary to call.
+#
+#bzr_command : /usr/bin/bzr
+#cvs_command : /usr/bin/cvs
+#darcs_command : /usr/bin/darcs
+#git_command : /usr/bin/git
+#mercurial_command : /usr/bin/hg
+#rsync_command : /usr/bin/rsync
+#svn_command : /usr/bin/svn
+#tar_command : /bin/tar
#
# Automatically generated make config: don't edit
# Busybox version: 1.19.3
-# Thu Jan 19 11:25:42 2012
+# Mon Jan 23 18:45:14 2012
#
CONFIG_HAVE_DOT_CONFIG=y
--- /dev/null
+#
+# Automatically generated make config: don't edit
+# Busybox version: 1.19.3
+# Thu Jan 19 11:25:42 2012
+#
+CONFIG_HAVE_DOT_CONFIG=y
+
+#
+# Busybox Settings
+#
+
+#
+# General Configuration
+#
+CONFIG_DESKTOP=y
+CONFIG_EXTRA_COMPAT=y
+CONFIG_INCLUDE_SUSv2=y
+CONFIG_USE_PORTABLE_CODE=y
+CONFIG_PLATFORM_LINUX=y
+CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
+# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set
+# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
+CONFIG_SHOW_USAGE=y
+CONFIG_FEATURE_VERBOSE_USAGE=y
+CONFIG_FEATURE_COMPRESS_USAGE=y
+CONFIG_FEATURE_INSTALLER=y
+CONFIG_INSTALL_NO_USR=y
+# CONFIG_LOCALE_SUPPORT is not set
+CONFIG_UNICODE_SUPPORT=y
+# CONFIG_UNICODE_USING_LOCALE is not set
+# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set
+CONFIG_SUBST_WCHAR=63
+CONFIG_LAST_SUPPORTED_WCHAR=767
+CONFIG_UNICODE_COMBINING_WCHARS=y
+CONFIG_UNICODE_WIDE_WCHARS=y
+# CONFIG_UNICODE_BIDI_SUPPORT is not set
+# CONFIG_UNICODE_NEUTRAL_TABLE is not set
+CONFIG_UNICODE_PRESERVE_BROKEN=y
+CONFIG_LONG_OPTS=y
+CONFIG_FEATURE_DEVPTS=y
+CONFIG_FEATURE_CLEAN_UP=y
+CONFIG_FEATURE_UTMP=y
+CONFIG_FEATURE_WTMP=y
+CONFIG_FEATURE_PIDFILE=y
+CONFIG_FEATURE_SUID=y
+# CONFIG_FEATURE_SUID_CONFIG is not set
+# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
+# CONFIG_SELINUX is not set
+CONFIG_FEATURE_PREFER_APPLETS=y
+CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
+CONFIG_FEATURE_SYSLOG=y
+# CONFIG_FEATURE_HAVE_RPC is not set
+
+#
+# Build Options
+#
+# CONFIG_STATIC is not set
+# CONFIG_PIE is not set
+# CONFIG_NOMMU is not set
+# CONFIG_BUILD_LIBBUSYBOX is not set
+# CONFIG_FEATURE_INDIVIDUAL is not set
+# CONFIG_FEATURE_SHARED_BUSYBOX is not set
+CONFIG_LFS=y
+CONFIG_CROSS_COMPILER_PREFIX=""
+CONFIG_EXTRA_CFLAGS=""
+
+#
+# Debugging Options
+#
+# CONFIG_DEBUG is not set
+# CONFIG_DEBUG_PESSIMIZE is not set
+CONFIG_WERROR=y
+CONFIG_NO_DEBUG_LIB=y
+# CONFIG_DMALLOC is not set
+# CONFIG_EFENCE is not set
+
+#
+# Installation Options ("make install" behavior)
+#
+CONFIG_INSTALL_APPLET_SYMLINKS=y
+# CONFIG_INSTALL_APPLET_HARDLINKS is not set
+# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set
+# CONFIG_INSTALL_APPLET_DONT is not set
+# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set
+# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set
+# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set
+CONFIG_PREFIX="./_install"
+
+#
+# Busybox Library Tuning
+#
+CONFIG_FEATURE_SYSTEMD=y
+CONFIG_FEATURE_RTMINMAX=y
+CONFIG_PASSWORD_MINLEN=6
+CONFIG_MD5_SIZE_VS_SPEED=2
+CONFIG_FEATURE_FAST_TOP=y
+CONFIG_FEATURE_ETC_NETWORKS=y
+CONFIG_FEATURE_USE_TERMIOS=y
+CONFIG_FEATURE_EDITING=y
+CONFIG_FEATURE_EDITING_MAX_LEN=1024
+CONFIG_FEATURE_EDITING_VI=y
+CONFIG_FEATURE_EDITING_HISTORY=255
+CONFIG_FEATURE_EDITING_SAVEHISTORY=y
+CONFIG_FEATURE_REVERSE_SEARCH=y
+CONFIG_FEATURE_TAB_COMPLETION=y
+CONFIG_FEATURE_USERNAME_COMPLETION=y
+CONFIG_FEATURE_EDITING_FANCY_PROMPT=y
+CONFIG_FEATURE_EDITING_ASK_TERMINAL=y
+CONFIG_FEATURE_NON_POSIX_CP=y
+CONFIG_FEATURE_VERBOSE_CP_MESSAGE=y
+CONFIG_FEATURE_COPYBUF_KB=4
+CONFIG_FEATURE_SKIP_ROOTFS=y
+# CONFIG_MONOTONIC_SYSCALL is not set
+CONFIG_IOCTL_HEX2STR_ERROR=y
+CONFIG_FEATURE_HWIB=y
+
+#
+# Applets
+#
+
+#
+# Archival Utilities
+#
+CONFIG_FEATURE_SEAMLESS_XZ=y
+CONFIG_FEATURE_SEAMLESS_LZMA=y
+CONFIG_FEATURE_SEAMLESS_BZ2=y
+CONFIG_FEATURE_SEAMLESS_GZ=y
+CONFIG_FEATURE_SEAMLESS_Z=y
+CONFIG_AR=y
+CONFIG_FEATURE_AR_LONG_FILENAMES=y
+CONFIG_FEATURE_AR_CREATE=y
+CONFIG_BUNZIP2=y
+CONFIG_BZIP2=y
+CONFIG_CPIO=y
+CONFIG_FEATURE_CPIO_O=y
+CONFIG_FEATURE_CPIO_P=y
+# CONFIG_DPKG is not set
+# CONFIG_DPKG_DEB is not set
+# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set
+CONFIG_GUNZIP=y
+CONFIG_GZIP=y
+CONFIG_FEATURE_GZIP_LONG_OPTIONS=y
+CONFIG_LZOP=y
+CONFIG_LZOP_COMPR_HIGH=y
+# CONFIG_RPM2CPIO is not set
+# CONFIG_RPM is not set
+CONFIG_TAR=y
+CONFIG_FEATURE_TAR_CREATE=y
+CONFIG_FEATURE_TAR_AUTODETECT=y
+CONFIG_FEATURE_TAR_FROM=y
+CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y
+CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y
+CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
+CONFIG_FEATURE_TAR_LONG_OPTIONS=y
+CONFIG_FEATURE_TAR_TO_COMMAND=y
+CONFIG_FEATURE_TAR_UNAME_GNAME=y
+CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
+# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_UNCOMPRESS=y
+CONFIG_UNLZMA=y
+CONFIG_FEATURE_LZMA_FAST=y
+CONFIG_LZMA=y
+CONFIG_UNXZ=y
+CONFIG_XZ=y
+CONFIG_UNZIP=y
+
+#
+# Coreutils
+#
+CONFIG_BASENAME=y
+CONFIG_CAT=y
+CONFIG_DATE=y
+CONFIG_FEATURE_DATE_ISOFMT=y
+CONFIG_FEATURE_DATE_NANO=y
+CONFIG_FEATURE_DATE_COMPAT=y
+CONFIG_ID=y
+CONFIG_GROUPS=y
+CONFIG_TEST=y
+CONFIG_FEATURE_TEST_64=y
+CONFIG_TOUCH=y
+CONFIG_TR=y
+CONFIG_FEATURE_TR_CLASSES=y
+CONFIG_FEATURE_TR_EQUIV=y
+CONFIG_BASE64=y
+CONFIG_WHO=y
+CONFIG_USERS=y
+CONFIG_CAL=y
+CONFIG_CATV=y
+CONFIG_CHGRP=y
+CONFIG_CHMOD=y
+CONFIG_CHOWN=y
+CONFIG_FEATURE_CHOWN_LONG_OPTIONS=y
+CONFIG_CHROOT=y
+CONFIG_CKSUM=y
+CONFIG_COMM=y
+CONFIG_CP=y
+CONFIG_FEATURE_CP_LONG_OPTIONS=y
+CONFIG_CUT=y
+CONFIG_DD=y
+CONFIG_FEATURE_DD_SIGNAL_HANDLING=y
+CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y
+CONFIG_FEATURE_DD_IBS_OBS=y
+CONFIG_DF=y
+CONFIG_FEATURE_DF_FANCY=y
+CONFIG_DIRNAME=y
+CONFIG_DOS2UNIX=y
+CONFIG_UNIX2DOS=y
+CONFIG_DU=y
+CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y
+CONFIG_ECHO=y
+CONFIG_FEATURE_FANCY_ECHO=y
+CONFIG_ENV=y
+CONFIG_FEATURE_ENV_LONG_OPTIONS=y
+CONFIG_EXPAND=y
+CONFIG_FEATURE_EXPAND_LONG_OPTIONS=y
+CONFIG_EXPR=y
+CONFIG_EXPR_MATH_SUPPORT_64=y
+CONFIG_FALSE=y
+# CONFIG_FOLD is not set
+CONFIG_FSYNC=y
+CONFIG_HEAD=y
+CONFIG_FEATURE_FANCY_HEAD=y
+# CONFIG_HOSTID is not set
+CONFIG_INSTALL=y
+CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
+CONFIG_LN=y
+# CONFIG_LOGNAME is not set
+CONFIG_LS=y
+CONFIG_FEATURE_LS_FILETYPES=y
+CONFIG_FEATURE_LS_FOLLOWLINKS=y
+CONFIG_FEATURE_LS_RECURSIVE=y
+CONFIG_FEATURE_LS_SORTFILES=y
+CONFIG_FEATURE_LS_TIMESTAMPS=y
+CONFIG_FEATURE_LS_USERNAME=y
+CONFIG_FEATURE_LS_COLOR=y
+CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y
+CONFIG_MD5SUM=y
+CONFIG_MKDIR=y
+CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
+CONFIG_MKFIFO=y
+CONFIG_MKNOD=y
+CONFIG_MV=y
+CONFIG_FEATURE_MV_LONG_OPTIONS=y
+CONFIG_NICE=y
+CONFIG_NOHUP=y
+# CONFIG_OD is not set
+CONFIG_PRINTENV=y
+CONFIG_PRINTF=y
+CONFIG_PWD=y
+CONFIG_READLINK=y
+CONFIG_FEATURE_READLINK_FOLLOW=y
+CONFIG_REALPATH=y
+CONFIG_RM=y
+CONFIG_RMDIR=y
+CONFIG_FEATURE_RMDIR_LONG_OPTIONS=y
+CONFIG_SEQ=y
+CONFIG_SHA1SUM=y
+CONFIG_SHA256SUM=y
+CONFIG_SHA512SUM=y
+CONFIG_SLEEP=y
+CONFIG_FEATURE_FANCY_SLEEP=y
+CONFIG_FEATURE_FLOAT_SLEEP=y
+CONFIG_SORT=y
+CONFIG_FEATURE_SORT_BIG=y
+CONFIG_SPLIT=y
+CONFIG_FEATURE_SPLIT_FANCY=y
+CONFIG_STAT=y
+CONFIG_FEATURE_STAT_FORMAT=y
+CONFIG_STTY=y
+CONFIG_SUM=y
+CONFIG_SYNC=y
+CONFIG_TAC=y
+CONFIG_TAIL=y
+CONFIG_FEATURE_FANCY_TAIL=y
+CONFIG_TEE=y
+CONFIG_FEATURE_TEE_USE_BLOCK_IO=y
+CONFIG_TRUE=y
+CONFIG_TTY=y
+CONFIG_UNAME=y
+CONFIG_UNEXPAND=y
+CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS=y
+CONFIG_UNIQ=y
+CONFIG_USLEEP=y
+# CONFIG_UUDECODE is not set
+# CONFIG_UUENCODE is not set
+CONFIG_WC=y
+CONFIG_FEATURE_WC_LARGE=y
+CONFIG_WHOAMI=y
+CONFIG_YES=y
+
+#
+# Common options for cp and mv
+#
+CONFIG_FEATURE_PRESERVE_HARDLINKS=y
+
+#
+# Common options for ls, more and telnet
+#
+CONFIG_FEATURE_AUTOWIDTH=y
+
+#
+# Common options for df, du, ls
+#
+CONFIG_FEATURE_HUMAN_READABLE=y
+
+#
+# Common options for md5sum, sha1sum, sha256sum, sha512sum
+#
+CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
+
+#
+# Console Utilities
+#
+CONFIG_CHVT=y
+CONFIG_FGCONSOLE=y
+CONFIG_CLEAR=y
+CONFIG_DEALLOCVT=y
+CONFIG_DUMPKMAP=y
+CONFIG_KBD_MODE=y
+CONFIG_LOADFONT=y
+CONFIG_LOADKMAP=y
+CONFIG_OPENVT=y
+CONFIG_RESET=y
+CONFIG_RESIZE=y
+CONFIG_FEATURE_RESIZE_PRINT=y
+CONFIG_SETCONSOLE=y
+CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y
+CONFIG_SETFONT=y
+CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y
+CONFIG_DEFAULT_SETFONT_DIR=""
+CONFIG_SETKEYCODES=y
+CONFIG_SETLOGCONS=y
+CONFIG_SHOWKEY=y
+
+#
+# Common options for loadfont and setfont
+#
+CONFIG_FEATURE_LOADFONT_PSF2=y
+CONFIG_FEATURE_LOADFONT_RAW=y
+
+#
+# Debian Utilities
+#
+CONFIG_MKTEMP=y
+CONFIG_PIPE_PROGRESS=y
+# CONFIG_RUN_PARTS is not set
+# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set
+# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
+CONFIG_START_STOP_DAEMON=y
+CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
+CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
+CONFIG_WHICH=y
+
+#
+# Editors
+#
+CONFIG_PATCH=y
+CONFIG_VI=y
+CONFIG_FEATURE_VI_MAX_LEN=4096
+CONFIG_FEATURE_VI_8BIT=y
+CONFIG_FEATURE_VI_COLON=y
+CONFIG_FEATURE_VI_YANKMARK=y
+CONFIG_FEATURE_VI_SEARCH=y
+CONFIG_FEATURE_VI_REGEX_SEARCH=y
+CONFIG_FEATURE_VI_USE_SIGNALS=y
+CONFIG_FEATURE_VI_DOT_CMD=y
+CONFIG_FEATURE_VI_READONLY=y
+CONFIG_FEATURE_VI_SETOPTS=y
+CONFIG_FEATURE_VI_SET=y
+CONFIG_FEATURE_VI_WIN_RESIZE=y
+CONFIG_FEATURE_VI_ASK_TERMINAL=y
+CONFIG_FEATURE_VI_OPTIMIZE_CURSOR=y
+CONFIG_AWK=y
+CONFIG_FEATURE_AWK_LIBM=y
+CONFIG_CMP=y
+CONFIG_DIFF=y
+CONFIG_FEATURE_DIFF_LONG_OPTIONS=y
+CONFIG_FEATURE_DIFF_DIR=y
+CONFIG_ED=y
+CONFIG_SED=y
+CONFIG_FEATURE_ALLOW_EXEC=y
+
+#
+# Finding Utilities
+#
+CONFIG_FIND=y
+CONFIG_FEATURE_FIND_PRINT0=y
+CONFIG_FEATURE_FIND_MTIME=y
+CONFIG_FEATURE_FIND_MMIN=y
+CONFIG_FEATURE_FIND_PERM=y
+CONFIG_FEATURE_FIND_TYPE=y
+CONFIG_FEATURE_FIND_XDEV=y
+CONFIG_FEATURE_FIND_MAXDEPTH=y
+CONFIG_FEATURE_FIND_NEWER=y
+CONFIG_FEATURE_FIND_INUM=y
+CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_USER=y
+CONFIG_FEATURE_FIND_GROUP=y
+CONFIG_FEATURE_FIND_NOT=y
+CONFIG_FEATURE_FIND_DEPTH=y
+CONFIG_FEATURE_FIND_PAREN=y
+CONFIG_FEATURE_FIND_SIZE=y
+CONFIG_FEATURE_FIND_PRUNE=y
+CONFIG_FEATURE_FIND_DELETE=y
+CONFIG_FEATURE_FIND_PATH=y
+CONFIG_FEATURE_FIND_REGEX=y
+# CONFIG_FEATURE_FIND_CONTEXT is not set
+CONFIG_FEATURE_FIND_LINKS=y
+CONFIG_GREP=y
+CONFIG_FEATURE_GREP_EGREP_ALIAS=y
+CONFIG_FEATURE_GREP_FGREP_ALIAS=y
+CONFIG_FEATURE_GREP_CONTEXT=y
+CONFIG_XARGS=y
+CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y
+CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y
+CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y
+CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y
+
+#
+# Init Utilities
+#
+# CONFIG_BOOTCHARTD is not set
+# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set
+# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set
+CONFIG_HALT=y
+# CONFIG_FEATURE_CALL_TELINIT is not set
+CONFIG_TELINIT_PATH=""
+CONFIG_INIT=y
+CONFIG_FEATURE_USE_INITTAB=y
+CONFIG_FEATURE_KILL_REMOVED=y
+CONFIG_FEATURE_KILL_DELAY=0
+CONFIG_FEATURE_INIT_SCTTY=y
+CONFIG_FEATURE_INIT_SYSLOG=y
+CONFIG_FEATURE_EXTRA_QUIET=y
+CONFIG_FEATURE_INIT_COREDUMPS=y
+CONFIG_FEATURE_INITRD=y
+CONFIG_INIT_TERMINAL_TYPE="linux"
+CONFIG_MESG=y
+CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
+
+#
+# Login/Password Management Utilities
+#
+# CONFIG_ADD_SHELL is not set
+# CONFIG_REMOVE_SHELL is not set
+CONFIG_FEATURE_SHADOWPASSWDS=y
+CONFIG_USE_BB_PWD_GRP=y
+CONFIG_USE_BB_SHADOW=y
+CONFIG_USE_BB_CRYPT=y
+CONFIG_USE_BB_CRYPT_SHA=y
+CONFIG_ADDUSER=y
+CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y
+CONFIG_FEATURE_CHECK_NAMES=y
+CONFIG_FIRST_SYSTEM_ID=100
+CONFIG_LAST_SYSTEM_ID=999
+CONFIG_ADDGROUP=y
+CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y
+CONFIG_FEATURE_ADDUSER_TO_GROUP=y
+CONFIG_DELUSER=y
+CONFIG_DELGROUP=y
+CONFIG_FEATURE_DEL_USER_FROM_GROUP=y
+CONFIG_GETTY=y
+CONFIG_LOGIN=y
+CONFIG_PAM=y
+CONFIG_LOGIN_SCRIPTS=y
+CONFIG_FEATURE_NOLOGIN=y
+CONFIG_FEATURE_SECURETTY=y
+CONFIG_PASSWD=y
+CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
+CONFIG_CRYPTPW=y
+CONFIG_CHPASSWD=y
+CONFIG_SU=y
+CONFIG_FEATURE_SU_SYSLOG=y
+CONFIG_FEATURE_SU_CHECKS_SHELLS=y
+# CONFIG_SULOGIN is not set
+CONFIG_VLOCK=y
+
+#
+# Linux Ext2 FS Progs
+#
+CONFIG_CHATTR=y
+CONFIG_FSCK=y
+CONFIG_LSATTR=y
+CONFIG_TUNE2FS=y
+
+#
+# Linux Module Utilities
+#
+CONFIG_MODINFO=y
+CONFIG_MODPROBE_SMALL=y
+CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE=y
+CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED=y
+# CONFIG_INSMOD is not set
+# CONFIG_RMMOD is not set
+# CONFIG_LSMOD is not set
+# CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT is not set
+# CONFIG_MODPROBE is not set
+# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
+# CONFIG_DEPMOD is not set
+
+#
+# Options common to multiple modutils
+#
+# CONFIG_FEATURE_2_4_MODULES is not set
+CONFIG_FEATURE_INSMOD_TRY_MMAP=y
+# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
+# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
+# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
+# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
+# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
+# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set
+# CONFIG_FEATURE_MODUTILS_ALIAS is not set
+# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set
+CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
+CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
+
+#
+# Linux System Utilities
+#
+CONFIG_BLOCKDEV=y
+CONFIG_REV=y
+CONFIG_ACPID=y
+CONFIG_FEATURE_ACPID_COMPAT=y
+CONFIG_BLKID=y
+CONFIG_FEATURE_BLKID_TYPE=y
+CONFIG_DMESG=y
+CONFIG_FEATURE_DMESG_PRETTY=y
+CONFIG_FBSET=y
+CONFIG_FEATURE_FBSET_FANCY=y
+CONFIG_FEATURE_FBSET_READMODE=y
+CONFIG_FDFLUSH=y
+CONFIG_FDFORMAT=y
+CONFIG_FDISK=y
+# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set
+CONFIG_FEATURE_FDISK_WRITABLE=y
+CONFIG_FEATURE_AIX_LABEL=y
+CONFIG_FEATURE_SGI_LABEL=y
+CONFIG_FEATURE_SUN_LABEL=y
+CONFIG_FEATURE_OSF_LABEL=y
+CONFIG_FEATURE_GPT_LABEL=y
+CONFIG_FEATURE_FDISK_ADVANCED=y
+CONFIG_FINDFS=y
+CONFIG_FLOCK=y
+CONFIG_FREERAMDISK=y
+# CONFIG_FSCK_MINIX is not set
+CONFIG_MKFS_EXT2=y
+# CONFIG_MKFS_MINIX is not set
+# CONFIG_FEATURE_MINIX2 is not set
+CONFIG_MKFS_REISER=y
+CONFIG_MKFS_VFAT=y
+CONFIG_GETOPT=y
+CONFIG_FEATURE_GETOPT_LONG=y
+CONFIG_HEXDUMP=y
+CONFIG_FEATURE_HEXDUMP_REVERSE=y
+CONFIG_HD=y
+CONFIG_HWCLOCK=y
+CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
+CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
+CONFIG_IPCRM=y
+CONFIG_IPCS=y
+CONFIG_LOSETUP=y
+CONFIG_LSPCI=y
+CONFIG_LSUSB=y
+CONFIG_MDEV=y
+CONFIG_FEATURE_MDEV_CONF=y
+CONFIG_FEATURE_MDEV_RENAME=y
+CONFIG_FEATURE_MDEV_RENAME_REGEXP=y
+CONFIG_FEATURE_MDEV_EXEC=y
+CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y
+CONFIG_MKSWAP=y
+CONFIG_FEATURE_MKSWAP_UUID=y
+CONFIG_MORE=y
+CONFIG_MOUNT=y
+CONFIG_FEATURE_MOUNT_FAKE=y
+CONFIG_FEATURE_MOUNT_VERBOSE=y
+CONFIG_FEATURE_MOUNT_HELPERS=y
+CONFIG_FEATURE_MOUNT_LABEL=y
+# CONFIG_FEATURE_MOUNT_NFS is not set
+CONFIG_FEATURE_MOUNT_CIFS=y
+CONFIG_FEATURE_MOUNT_FLAGS=y
+CONFIG_FEATURE_MOUNT_FSTAB=y
+CONFIG_PIVOT_ROOT=y
+CONFIG_RDATE=y
+# CONFIG_RDEV is not set
+# CONFIG_READPROFILE is not set
+CONFIG_RTCWAKE=y
+CONFIG_SCRIPT=y
+CONFIG_SCRIPTREPLAY=y
+CONFIG_SETARCH=y
+CONFIG_SWAPONOFF=y
+CONFIG_FEATURE_SWAPON_PRI=y
+CONFIG_SWITCH_ROOT=y
+CONFIG_UMOUNT=y
+CONFIG_FEATURE_UMOUNT_ALL=y
+
+#
+# Common options for mount/umount
+#
+CONFIG_FEATURE_MOUNT_LOOP=y
+CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
+CONFIG_FEATURE_MTAB_SUPPORT=y
+CONFIG_VOLUMEID=y
+
+#
+# Filesystem/Volume identification
+#
+CONFIG_FEATURE_VOLUMEID_EXT=y
+CONFIG_FEATURE_VOLUMEID_BTRFS=y
+CONFIG_FEATURE_VOLUMEID_REISERFS=y
+CONFIG_FEATURE_VOLUMEID_FAT=y
+CONFIG_FEATURE_VOLUMEID_HFS=y
+CONFIG_FEATURE_VOLUMEID_JFS=y
+CONFIG_FEATURE_VOLUMEID_XFS=y
+CONFIG_FEATURE_VOLUMEID_NTFS=y
+CONFIG_FEATURE_VOLUMEID_ISO9660=y
+CONFIG_FEATURE_VOLUMEID_UDF=y
+CONFIG_FEATURE_VOLUMEID_LUKS=y
+CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y
+CONFIG_FEATURE_VOLUMEID_CRAMFS=y
+CONFIG_FEATURE_VOLUMEID_ROMFS=y
+CONFIG_FEATURE_VOLUMEID_SYSV=y
+CONFIG_FEATURE_VOLUMEID_OCFS2=y
+CONFIG_FEATURE_VOLUMEID_LINUXRAID=y
+
+#
+# Miscellaneous Utilities
+#
+CONFIG_CONSPY=y
+CONFIG_LESS=y
+CONFIG_FEATURE_LESS_MAXLINES=9999999
+CONFIG_FEATURE_LESS_BRACKETS=y
+CONFIG_FEATURE_LESS_FLAGS=y
+CONFIG_FEATURE_LESS_MARKS=y
+CONFIG_FEATURE_LESS_REGEXP=y
+CONFIG_FEATURE_LESS_WINCH=y
+CONFIG_FEATURE_LESS_ASK_TERMINAL=y
+CONFIG_FEATURE_LESS_DASHCMD=y
+CONFIG_FEATURE_LESS_LINENUMS=y
+CONFIG_NANDWRITE=y
+CONFIG_NANDDUMP=y
+CONFIG_SETSERIAL=y
+CONFIG_UBIATTACH=y
+CONFIG_UBIDETACH=y
+CONFIG_UBIMKVOL=y
+CONFIG_UBIRMVOL=y
+CONFIG_UBIRSVOL=y
+CONFIG_UBIUPDATEVOL=y
+CONFIG_ADJTIMEX=y
+CONFIG_BBCONFIG=y
+CONFIG_FEATURE_COMPRESS_BBCONFIG=y
+# CONFIG_BEEP is not set
+CONFIG_FEATURE_BEEP_FREQ=0
+CONFIG_FEATURE_BEEP_LENGTH_MS=0
+CONFIG_CHAT=y
+CONFIG_FEATURE_CHAT_NOFAIL=y
+CONFIG_FEATURE_CHAT_TTY_HIFI=y
+CONFIG_FEATURE_CHAT_IMPLICIT_CR=y
+CONFIG_FEATURE_CHAT_SWALLOW_OPTS=y
+CONFIG_FEATURE_CHAT_SEND_ESCAPES=y
+CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y
+CONFIG_FEATURE_CHAT_CLR_ABORT=y
+CONFIG_CHRT=y
+CONFIG_CROND=y
+CONFIG_FEATURE_CROND_D=y
+CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
+CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
+# CONFIG_CRONTAB is not set
+# CONFIG_DC is not set
+# CONFIG_FEATURE_DC_LIBM is not set
+# CONFIG_DEVFSD is not set
+# CONFIG_DEVFSD_MODLOAD is not set
+# CONFIG_DEVFSD_FG_NP is not set
+# CONFIG_DEVFSD_VERBOSE is not set
+# CONFIG_FEATURE_DEVFS is not set
+CONFIG_DEVMEM=y
+CONFIG_EJECT=y
+CONFIG_FEATURE_EJECT_SCSI=y
+# CONFIG_FBSPLASH is not set
+CONFIG_FLASHCP=y
+CONFIG_FLASH_LOCK=y
+CONFIG_FLASH_UNLOCK=y
+CONFIG_FLASH_ERASEALL=y
+CONFIG_IONICE=y
+# CONFIG_INOTIFYD is not set
+CONFIG_LAST=y
+# CONFIG_FEATURE_LAST_SMALL is not set
+CONFIG_FEATURE_LAST_FANCY=y
+CONFIG_HDPARM=y
+CONFIG_FEATURE_HDPARM_GET_IDENTITY=y
+CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y
+CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y
+CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y
+CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y
+CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y
+CONFIG_MAKEDEVS=y
+# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
+CONFIG_FEATURE_MAKEDEVS_TABLE=y
+CONFIG_MAN=y
+CONFIG_MICROCOM=y
+CONFIG_MOUNTPOINT=y
+CONFIG_MT=y
+CONFIG_RAIDAUTORUN=y
+CONFIG_READAHEAD=y
+# CONFIG_RFKILL is not set
+CONFIG_RUNLEVEL=y
+CONFIG_RX=y
+CONFIG_SETSID=y
+CONFIG_STRINGS=y
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
+CONFIG_TIME=y
+CONFIG_TIMEOUT=y
+CONFIG_TTYSIZE=y
+CONFIG_VOLNAME=y
+CONFIG_WALL=y
+CONFIG_WATCHDOG=y
+
+#
+# Networking Utilities
+#
+CONFIG_NAMEIF=y
+CONFIG_FEATURE_NAMEIF_EXTENDED=y
+CONFIG_NBDCLIENT=y
+CONFIG_NC=y
+CONFIG_NC_SERVER=y
+CONFIG_NC_EXTRA=y
+CONFIG_NC_110_COMPAT=y
+CONFIG_PING=y
+CONFIG_PING6=y
+CONFIG_FEATURE_FANCY_PING=y
+CONFIG_WHOIS=y
+CONFIG_FEATURE_IPV6=y
+CONFIG_FEATURE_UNIX_LOCAL=y
+CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
+CONFIG_VERBOSE_RESOLUTION_ERRORS=y
+CONFIG_ARP=y
+CONFIG_ARPING=y
+CONFIG_BRCTL=y
+CONFIG_FEATURE_BRCTL_FANCY=y
+CONFIG_FEATURE_BRCTL_SHOW=y
+# CONFIG_DNSD is not set
+CONFIG_ETHER_WAKE=y
+# CONFIG_FAKEIDENTD is not set
+CONFIG_FTPD=y
+CONFIG_FEATURE_FTP_WRITE=y
+CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y
+# CONFIG_FTPGET is not set
+# CONFIG_FTPPUT is not set
+# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set
+CONFIG_HOSTNAME=y
+CONFIG_HTTPD=y
+CONFIG_FEATURE_HTTPD_RANGES=y
+CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
+CONFIG_FEATURE_HTTPD_SETUID=y
+CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
+CONFIG_FEATURE_HTTPD_AUTH_MD5=y
+CONFIG_FEATURE_HTTPD_CGI=y
+CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y
+CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y
+CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y
+CONFIG_FEATURE_HTTPD_ERROR_PAGES=y
+CONFIG_FEATURE_HTTPD_PROXY=y
+CONFIG_FEATURE_HTTPD_GZIP=y
+CONFIG_IFCONFIG=y
+CONFIG_FEATURE_IFCONFIG_STATUS=y
+CONFIG_FEATURE_IFCONFIG_SLIP=y
+CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y
+CONFIG_FEATURE_IFCONFIG_HW=y
+CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y
+CONFIG_IFENSLAVE=y
+CONFIG_IFPLUGD=y
+CONFIG_IFUPDOWN=y
+CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
+CONFIG_FEATURE_IFUPDOWN_IP=y
+CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
+# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
+CONFIG_FEATURE_IFUPDOWN_IPV4=y
+CONFIG_FEATURE_IFUPDOWN_IPV6=y
+CONFIG_FEATURE_IFUPDOWN_MAPPING=y
+CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
+# CONFIG_INETD is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
+# CONFIG_FEATURE_INETD_RPC is not set
+CONFIG_IP=y
+CONFIG_FEATURE_IP_ADDRESS=y
+CONFIG_FEATURE_IP_LINK=y
+CONFIG_FEATURE_IP_ROUTE=y
+CONFIG_FEATURE_IP_TUNNEL=y
+CONFIG_FEATURE_IP_RULE=y
+CONFIG_FEATURE_IP_SHORT_FORMS=y
+CONFIG_FEATURE_IP_RARE_PROTOCOLS=y
+CONFIG_IPADDR=y
+CONFIG_IPLINK=y
+CONFIG_IPROUTE=y
+CONFIG_IPTUNNEL=y
+CONFIG_IPRULE=y
+# CONFIG_IPCALC is not set
+# CONFIG_FEATURE_IPCALC_FANCY is not set
+# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
+CONFIG_NETSTAT=y
+CONFIG_FEATURE_NETSTAT_WIDE=y
+CONFIG_FEATURE_NETSTAT_PRG=y
+CONFIG_NSLOOKUP=y
+CONFIG_NTPD=y
+CONFIG_FEATURE_NTPD_SERVER=y
+CONFIG_PSCAN=y
+CONFIG_ROUTE=y
+# CONFIG_SLATTACH is not set
+# CONFIG_TCPSVD is not set
+CONFIG_TELNET=y
+CONFIG_FEATURE_TELNET_TTYPE=y
+CONFIG_FEATURE_TELNET_AUTOLOGIN=y
+CONFIG_TELNETD=y
+CONFIG_FEATURE_TELNETD_STANDALONE=y
+CONFIG_FEATURE_TELNETD_INETD_WAIT=y
+CONFIG_TFTP=y
+CONFIG_TFTPD=y
+
+#
+# Common options for tftp/tftpd
+#
+CONFIG_FEATURE_TFTP_GET=y
+CONFIG_FEATURE_TFTP_PUT=y
+CONFIG_FEATURE_TFTP_BLOCKSIZE=y
+CONFIG_FEATURE_TFTP_PROGRESS_BAR=y
+CONFIG_TFTP_DEBUG=y
+CONFIG_TRACEROUTE=y
+CONFIG_TRACEROUTE6=y
+CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
+CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y
+CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y
+CONFIG_TUNCTL=y
+CONFIG_FEATURE_TUNCTL_UG=y
+CONFIG_UDHCPD=y
+CONFIG_DHCPRELAY=y
+CONFIG_DUMPLEASES=y
+CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y
+CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC=y
+CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
+CONFIG_UDHCPC=y
+CONFIG_FEATURE_UDHCPC_ARPING=y
+CONFIG_FEATURE_UDHCP_PORT=y
+CONFIG_UDHCP_DEBUG=9
+CONFIG_FEATURE_UDHCP_RFC3397=y
+CONFIG_FEATURE_UDHCP_8021Q=y
+CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
+CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
+# CONFIG_UDPSVD is not set
+CONFIG_VCONFIG=y
+CONFIG_WGET=y
+CONFIG_FEATURE_WGET_STATUSBAR=y
+CONFIG_FEATURE_WGET_AUTHENTICATION=y
+CONFIG_FEATURE_WGET_LONG_OPTIONS=y
+CONFIG_FEATURE_WGET_TIMEOUT=y
+CONFIG_ZCIP=y
+
+#
+# Print Utilities
+#
+# CONFIG_LPD is not set
+CONFIG_LPR=y
+CONFIG_LPQ=y
+
+#
+# Mail Utilities
+#
+# CONFIG_MAKEMIME is not set
+CONFIG_FEATURE_MIME_CHARSET="us-ascii"
+CONFIG_POPMAILDIR=y
+CONFIG_FEATURE_POPMAILDIR_DELIVERY=y
+# CONFIG_REFORMIME is not set
+# CONFIG_FEATURE_REFORMIME_COMPAT is not set
+CONFIG_SENDMAIL=y
+
+#
+# Process Utilities
+#
+CONFIG_IOSTAT=y
+CONFIG_MPSTAT=y
+CONFIG_NMETER=y
+CONFIG_PMAP=y
+CONFIG_POWERTOP=y
+CONFIG_PSTREE=y
+CONFIG_PWDX=y
+# CONFIG_SMEMCAP is not set
+CONFIG_UPTIME=y
+CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y
+CONFIG_FREE=y
+CONFIG_FUSER=y
+CONFIG_KILL=y
+CONFIG_KILLALL=y
+CONFIG_KILLALL5=y
+CONFIG_PGREP=y
+CONFIG_PIDOF=y
+CONFIG_FEATURE_PIDOF_SINGLE=y
+CONFIG_FEATURE_PIDOF_OMIT=y
+CONFIG_PKILL=y
+CONFIG_PS=y
+CONFIG_FEATURE_PS_WIDE=y
+CONFIG_FEATURE_PS_TIME=y
+CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y
+CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS=y
+CONFIG_RENICE=y
+CONFIG_BB_SYSCTL=y
+CONFIG_TOP=y
+CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
+CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
+CONFIG_FEATURE_TOP_SMP_CPU=y
+CONFIG_FEATURE_TOP_DECIMALS=y
+CONFIG_FEATURE_TOP_SMP_PROCESS=y
+CONFIG_FEATURE_TOPMEM=y
+CONFIG_FEATURE_SHOW_THREADS=y
+CONFIG_WATCH=y
+
+#
+# Runit Utilities
+#
+# CONFIG_RUNSV is not set
+# CONFIG_RUNSVDIR is not set
+# CONFIG_FEATURE_RUNSVDIR_LOG is not set
+# CONFIG_SV is not set
+CONFIG_SV_DEFAULT_SERVICE_DIR=""
+# CONFIG_SVLOGD is not set
+CONFIG_CHPST=y
+CONFIG_SETUIDGID=y
+CONFIG_ENVUIDGID=y
+CONFIG_ENVDIR=y
+CONFIG_SOFTLIMIT=y
+# CONFIG_CHCON is not set
+# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
+# CONFIG_GETENFORCE is not set
+# CONFIG_GETSEBOOL is not set
+# CONFIG_LOAD_POLICY is not set
+# CONFIG_MATCHPATHCON is not set
+# CONFIG_RESTORECON is not set
+# CONFIG_RUNCON is not set
+# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
+# CONFIG_SELINUXENABLED is not set
+# CONFIG_SETENFORCE is not set
+# CONFIG_SETFILES is not set
+# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
+# CONFIG_SETSEBOOL is not set
+# CONFIG_SESTATUS is not set
+
+#
+# Shells
+#
+CONFIG_ASH=y
+CONFIG_ASH_BASH_COMPAT=y
+# CONFIG_ASH_IDLE_TIMEOUT is not set
+CONFIG_ASH_JOB_CONTROL=y
+CONFIG_ASH_ALIAS=y
+CONFIG_ASH_GETOPTS=y
+CONFIG_ASH_BUILTIN_ECHO=y
+CONFIG_ASH_BUILTIN_PRINTF=y
+CONFIG_ASH_BUILTIN_TEST=y
+CONFIG_ASH_CMDCMD=y
+# CONFIG_ASH_MAIL is not set
+CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
+CONFIG_ASH_RANDOM_SUPPORT=y
+CONFIG_ASH_EXPAND_PRMT=y
+CONFIG_CTTYHACK=y
+# CONFIG_HUSH is not set
+# CONFIG_HUSH_BASH_COMPAT is not set
+# CONFIG_HUSH_BRACE_EXPANSION is not set
+# CONFIG_HUSH_HELP is not set
+# CONFIG_HUSH_INTERACTIVE is not set
+# CONFIG_HUSH_SAVEHISTORY is not set
+# CONFIG_HUSH_JOB is not set
+# CONFIG_HUSH_TICK is not set
+# CONFIG_HUSH_IF is not set
+# CONFIG_HUSH_LOOPS is not set
+# CONFIG_HUSH_CASE is not set
+# CONFIG_HUSH_FUNCTIONS is not set
+# CONFIG_HUSH_LOCAL is not set
+# CONFIG_HUSH_RANDOM_SUPPORT is not set
+# CONFIG_HUSH_EXPORT_N is not set
+# CONFIG_HUSH_MODE_X is not set
+# CONFIG_MSH is not set
+CONFIG_FEATURE_SH_IS_ASH=y
+# CONFIG_FEATURE_SH_IS_HUSH is not set
+# CONFIG_FEATURE_SH_IS_NONE is not set
+# CONFIG_FEATURE_BASH_IS_ASH is not set
+# CONFIG_FEATURE_BASH_IS_HUSH is not set
+CONFIG_FEATURE_BASH_IS_NONE=y
+CONFIG_SH_MATH_SUPPORT=y
+CONFIG_SH_MATH_SUPPORT_64=y
+CONFIG_FEATURE_SH_EXTRA_QUIET=y
+CONFIG_FEATURE_SH_STANDALONE=y
+CONFIG_FEATURE_SH_NOFORK=y
+CONFIG_FEATURE_SH_HISTFILESIZE=y
+
+#
+# System Logging Utilities
+#
+CONFIG_SYSLOGD=y
+CONFIG_FEATURE_ROTATE_LOGFILE=y
+CONFIG_FEATURE_REMOTE_LOG=y
+CONFIG_FEATURE_SYSLOGD_DUP=y
+CONFIG_FEATURE_SYSLOGD_CFG=y
+CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256
+CONFIG_FEATURE_IPC_SYSLOG=y
+CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16
+CONFIG_LOGREAD=y
+CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y
+CONFIG_KLOGD=y
+CONFIG_FEATURE_KLOGD_KLOGCTL=y
+CONFIG_LOGGER=y
#
# Automatically generated make config: don't edit
# Busybox version: 1.19.3
-# Mon Jan 23 18:45:14 2012
+# Wed May 30 23:05:27 2012
#
CONFIG_HAVE_DOT_CONFIG=y
--- /dev/null
+EASY-RSA Version 2.0-rc1
+
+This is a small RSA key management package, based on the openssl
+command line tool, that can be found in the easy-rsa subdirectory
+of the OpenVPN distribution. While this tool is primary concerned
+with key management for the SSL VPN application space, it can also
+be used for building web certificates.
+
+These are reference notes. For step-by-step instructions, see the
+HOWTO:
+
+http://openvpn.net/howto.html
+
+This package is based on the ./pkitool script. Run ./pkitool
+without arguments for a detailed help message (which is also pasted
+below).
+
+Release Notes for easy-rsa-2.0
+
+* Most functionality has been consolidated into the pkitool
+ script. For compatibility, all previous scripts from 1.0 such
+ as build-key and build-key-server are provided as stubs
+ which call pkitool to do the real work.
+
+* pkitool has a --batch flag (enabled by default) which generates
+ keys/certs without needing any interactive input. pkitool
+ can still generate certs/keys using interactive prompting by
+ using the --interact flag.
+
+* The inherit-inter script has been provided for creating
+ a new PKI rooted on an intermediate certificate built within a
+ higher-level PKI. See comments in the inherit-inter script
+ for more info.
+
+* The openssl.cnf file has been modified. pkitool will not
+ work with the openssl.cnf file included with previous
+ easy-rsa releases.
+
+* The vars file has been modified -- the following extra
+ variables have been added: EASY_RSA, CA_EXPIRE,
+ KEY_EXPIRE.
+
+* The make-crl and revoke-crt scripts have been removed and
+ are replaced by the revoke-full script.
+
+* The "Organizational Unit" X509 field can be set using
+ the KEY_OU environmental variable before calling pkitool.
+
+* This release only affects the Linux/Unix version of easy-rsa.
+ The Windows version (written to use the Windows shell) is unchanged.
+
+* Use the revoke-full script to revoke a certificate, and generate
+ (or update) the crl.pem file in the keys directory (as set by the
+ vars script). Then use "crl-verify crl.pem" in your OpenVPN server
+ config file, so that OpenVPN can reject any connections coming from
+ clients which present a revoked certificate. Usage for the script is:
+
+ revoke-full <common-name>
+
+ Note this this procedure is primarily designed to revoke client
+ certificates. You could theoretically use this method to revoke
+ server certificates as well, but then you would need to propagate
+ the crl.pem file to all clients as well, and have them include
+ "crl-verify crl.pem" in their configuration files.
+
+* PKCS#11 support was added.
+
+* For those interested in using this tool to generate web certificates,
+ A variant of the easy-rsa package that allows the creation of multi-domain
+ certificates with subjectAltName can be obtained from here:
+
+ http://www.bisente.com/proyectos/easy-rsa-subjectaltname/
+
+INSTALL easy-rsa
+
+1. Edit vars.
+2. Set KEY_CONFIG to point to the openssl.cnf file
+ included in this distribution.
+3. Set KEY_DIR to point to a directory which will
+ contain all keys, certificates, etc. This
+ directory need not exist, and if it does,
+ it will be deleted with rm -rf, so BE
+ CAREFUL how you set KEY_DIR.
+4. (Optional) Edit other fields in vars
+ per your site data. You may want to
+ increase KEY_SIZE to 2048 if you are
+ paranoid and don't mind slower key
+ processing, but certainly 1024 is
+ fine for testing purposes. KEY_SIZE
+ must be compatible across both peers
+ participating in a secure SSL/TLS
+ connection.
+5. (Optional) If you intend to use PKCS#11,
+ install openssl >= 0.9.7, install the
+ following components from www.opensc.org:
+ - opensc >= 0.10.0
+ - engine_pkcs11 >= 0.1.3
+ Update the openssl.cnf to load the engine:
+ - Uncomment pkcs11 under engine_section.
+ - Validate path at dynamic_path under pkcs11_section.
+6. . vars
+7. ./clean-all
+8. As you create certificates, keys, and
+ certificate signing requests, understand that
+ only .key files should be kept confidential.
+ .crt and .csr files can be sent over insecure
+ channels such as plaintext email.
+
+IMPORTANT
+
+To avoid a possible Man-in-the-Middle attack where an authorized
+client tries to connect to another client by impersonating the
+server, make sure to enforce some kind of server certificate
+verification by clients. There are currently four different ways
+of accomplishing this, listed in the order of preference:
+
+(1) Build your server certificates with specific key usage and
+ extended key usage. The RFC3280 determine that the following
+ attributes should be provided for TLS connections:
+
+ Mode Key usage Extended key usage
+ ---------------------------------------------------------------------------
+ Client digitalSignature TLS Web Client Authentication
+ keyAgreement
+ digitalSignature, keyAgreement
+
+ Server digitalSignature, keyEncipherment TLS Web Server Authentication
+ digitalSignature, keyAgreement
+
+ Now add the following line to your client configuration:
+
+ remote-cert-tls server
+
+ This will block clients from connecting to any
+ server which lacks the required extension designation
+ in its certificate, even if the certificate has been
+ signed by the CA which is cited in the OpenVPN configuration
+ file (--ca directive).
+
+(3) Use the --tls-remote directive on the client to
+ accept/reject the server connection based on the common
+ name of the server certificate.
+
+(3) Use a --tls-verify script or plugin to accept/reject the
+ server connection based on a custom test of the server
+ certificate's embedded X509 subject details.
+
+(4) Sign server certificates with one CA and client certificates
+ with a different CA. The client config "ca" directive should
+ reference the server-signing CA while the server config "ca"
+ directive should reference the client-signing CA.
+
+NOTES
+
+Show certificate fields:
+ openssl x509 -in cert.crt -text
+
+PKITOOL documentation
+
+pkitool 2.0
+Usage: pkitool [options...] [common-name]
+Options:
+ --batch : batch mode (default)
+ --keysize : Set keysize
+ size : size (default=1024)
+ --interact : interactive mode
+ --server : build server cert
+ --initca : build root CA
+ --inter : build intermediate CA
+ --pass : encrypt private key with password
+ --csr : only generate a CSR, do not sign
+ --sign : sign an existing CSR
+ --pkcs12 : generate a combined PKCS#12 file
+ --pkcs11 : generate certificate on PKCS#11 token
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ id : PKCS#11 object id (hex string)
+ label : PKCS#11 object label
+Standalone options:
+ --pkcs11-slots : list PKCS#11 slots
+ lib : PKCS#11 library
+ --pkcs11-objects : list PKCS#11 token objects
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ label : PKCS#11 token label
+Notes:
+ Please edit the vars script to reflect your configuration,
+ then source it with "source ./vars".
+ Next, to start with a fresh PKI configuration and to delete any
+ previous certificates and keys, run "./clean-all".
+ Finally, you can run this tool (pkitool) to build certificates/keys.
+ In order to use PKCS#11 interface you must have opensc-0.10.0 or higher.
+Generated files and corresponding OpenVPN directives:
+(Files will be placed in the $KEY_DIR directory, defined in ./vars)
+ ca.crt -> root certificate (--ca)
+ ca.key -> root key, keep secure (not directly used by OpenVPN)
+ .crt files -> client/server certificates (--cert)
+ .key files -> private keys, keep secure (--key)
+ .csr files -> certificate signing request (not directly used by OpenVPN)
+ dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)
+Examples:
+ pkitool --initca -> Build root certificate
+ pkitool --initca --pass -> Build root certificate with password-protected key
+ pkitool --server server1 -> Build "server1" certificate/key
+ pkitool client1 -> Build "client1" certificate/key
+ pkitool --pass client2 -> Build password-protected "client2" certificate/key
+ pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format
+ pkitool --csr client4 -> Build "client4" CSR to be signed by another CA
+ pkitool --sign client4 -> Sign "client4" CSR
+ pkitool --inter interca -> Build an intermediate key-signing certificate/key
+ Also see ./inherit-inter script.
+ pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5
+ -> Build "client5" certificate/key in PKCS#11 token
+Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys.
+Protect client2 key with a password. Build DH parms. Generated files in ./keys :
+ [edit vars with your site-specific info]
+ source ./vars
+ ./clean-all
+ ./build-dh -> takes a long time, consider backgrounding
+ ./pkitool --initca
+ ./pkitool --server myserver
+ ./pkitool client1
+ ./pkitool --pass client2
+Typical usage for adding client cert to existing PKI:
+ source ./vars
+ ./pkitool client-new
--- /dev/null
+EASY-RSA Version 2.0-rc1
+
+This is a small RSA key management package, based on the openssl
+command line tool, that can be found in the easy-rsa subdirectory
+of the OpenVPN distribution. While this tool is primary concerned
+with key management for the SSL VPN application space, it can also
+be used for building web certificates.
+
+These are reference notes. For step-by-step instructions, see the
+HOWTO:
+
+http://openvpn.net/howto.html
+
+This package is based on the ./pkitool script. Run ./pkitool
+without arguments for a detailed help message (which is also pasted
+below).
+
+Release Notes for easy-rsa-2.0
+
+* Most functionality has been consolidated into the pkitool
+ script. For compatibility, all previous scripts from 1.0 such
+ as build-key and build-key-server are provided as stubs
+ which call pkitool to do the real work.
+
+* pkitool has a --batch flag (enabled by default) which generates
+ keys/certs without needing any interactive input. pkitool
+ can still generate certs/keys using interactive prompting by
+ using the --interact flag.
+
+* The inherit-inter script has been provided for creating
+ a new PKI rooted on an intermediate certificate built within a
+ higher-level PKI. See comments in the inherit-inter script
+ for more info.
+
+* The openssl.cnf file has been modified. pkitool will not
+ work with the openssl.cnf file included with previous
+ easy-rsa releases.
+
+* The vars file has been modified -- the following extra
+ variables have been added: EASY_RSA, CA_EXPIRE,
+ KEY_EXPIRE.
+
+* The make-crl and revoke-crt scripts have been removed and
+ are replaced by the revoke-full script.
+
+* The "Organizational Unit" X509 field can be set using
+ the KEY_OU environmental variable before calling pkitool.
+
+* This release only affects the Linux/Unix version of easy-rsa.
+ The Windows version (written to use the Windows shell) is unchanged.
+
+* Use the revoke-full script to revoke a certificate, and generate
+ (or update) the crl.pem file in the keys directory (as set by the
+ vars script). Then use "crl-verify crl.pem" in your OpenVPN server
+ config file, so that OpenVPN can reject any connections coming from
+ clients which present a revoked certificate. Usage for the script is:
+
+ revoke-full <common-name>
+
+ Note this this procedure is primarily designed to revoke client
+ certificates. You could theoretically use this method to revoke
+ server certificates as well, but then you would need to propagate
+ the crl.pem file to all clients as well, and have them include
+ "crl-verify crl.pem" in their configuration files.
+
+* PKCS#11 support was added.
+
+* For those interested in using this tool to generate web certificates,
+ A variant of the easy-rsa package that allows the creation of multi-domain
+ certificates with subjectAltName can be obtained from here:
+
+ http://www.bisente.com/proyectos/easy-rsa-subjectaltname/
+
+INSTALL easy-rsa
+
+1. Edit vars.
+2. Set KEY_CONFIG to point to the correct openssl-<version>.cnf
+ file included in this distribution.
+3. Set KEY_DIR to point to a directory which will
+ contain all keys, certificates, etc. This
+ directory need not exist, and if it does,
+ it will be deleted with rm -rf, so BE
+ CAREFUL how you set KEY_DIR.
+4. (Optional) Edit other fields in vars
+ per your site data. You may want to
+ increase KEY_SIZE to 2048 if you are
+ paranoid and don't mind slower key
+ processing, but certainly 1024 is
+ fine for testing purposes. KEY_SIZE
+ must be compatible across both peers
+ participating in a secure SSL/TLS
+ connection.
+5. (Optional) If you intend to use PKCS#11,
+ install openssl >= 0.9.7, install the
+ following components from www.opensc.org:
+ - opensc >= 0.10.0
+ - engine_pkcs11 >= 0.1.3
+ Update the openssl.cnf to load the engine:
+ - Uncomment pkcs11 under engine_section.
+ - Validate path at dynamic_path under pkcs11_section.
+6. . vars
+7. ./clean-all
+8. As you create certificates, keys, and
+ certificate signing requests, understand that
+ only .key files should be kept confidential.
+ .crt and .csr files can be sent over insecure
+ channels such as plaintext email.
+
+IMPORTANT
+
+To avoid a possible Man-in-the-Middle attack where an authorized
+client tries to connect to another client by impersonating the
+server, make sure to enforce some kind of server certificate
+verification by clients. There are currently four different ways
+of accomplishing this, listed in the order of preference:
+
+(1) Build your server certificates with specific key usage and
+ extended key usage. The RFC3280 determine that the following
+ attributes should be provided for TLS connections:
+
+ Mode Key usage Extended key usage
+ ---------------------------------------------------------------------------
+ Client digitalSignature TLS Web Client Authentication
+ keyAgreement
+ digitalSignature, keyAgreement
+
+ Server digitalSignature, keyEncipherment TLS Web Server Authentication
+ digitalSignature, keyAgreement
+
+ Now add the following line to your client configuration:
+
+ remote-cert-tls server
+
+ This will block clients from connecting to any
+ server which lacks the required extension designation
+ in its certificate, even if the certificate has been
+ signed by the CA which is cited in the OpenVPN configuration
+ file (--ca directive).
+
+(3) Use the --tls-remote directive on the client to
+ accept/reject the server connection based on the common
+ name of the server certificate.
+
+(3) Use a --tls-verify script or plugin to accept/reject the
+ server connection based on a custom test of the server
+ certificate's embedded X509 subject details.
+
+(4) Sign server certificates with one CA and client certificates
+ with a different CA. The client config "ca" directive should
+ reference the server-signing CA while the server config "ca"
+ directive should reference the client-signing CA.
+
+NOTES
+
+Show certificate fields:
+ openssl x509 -in cert.crt -text
+
+PKITOOL documentation
+
+pkitool 2.0
+Usage: pkitool [options...] [common-name]
+Options:
+ --batch : batch mode (default)
+ --keysize : Set keysize
+ size : size (default=1024)
+ --interact : interactive mode
+ --server : build server cert
+ --initca : build root CA
+ --inter : build intermediate CA
+ --pass : encrypt private key with password
+ --csr : only generate a CSR, do not sign
+ --sign : sign an existing CSR
+ --pkcs12 : generate a combined PKCS#12 file
+ --pkcs11 : generate certificate on PKCS#11 token
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ id : PKCS#11 object id (hex string)
+ label : PKCS#11 object label
+Standalone options:
+ --pkcs11-slots : list PKCS#11 slots
+ lib : PKCS#11 library
+ --pkcs11-objects : list PKCS#11 token objects
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!
+ lib : PKCS#11 library
+ slot : PKCS#11 slot
+ label : PKCS#11 token label
+Notes:
+ Please edit the vars script to reflect your configuration,
+ then source it with "source ./vars".
+ Next, to start with a fresh PKI configuration and to delete any
+ previous certificates and keys, run "./clean-all".
+ Finally, you can run this tool (pkitool) to build certificates/keys.
+ In order to use PKCS#11 interface you must have opensc-0.10.0 or higher.
+Generated files and corresponding OpenVPN directives:
+(Files will be placed in the $KEY_DIR directory, defined in ./vars)
+ ca.crt -> root certificate (--ca)
+ ca.key -> root key, keep secure (not directly used by OpenVPN)
+ .crt files -> client/server certificates (--cert)
+ .key files -> private keys, keep secure (--key)
+ .csr files -> certificate signing request (not directly used by OpenVPN)
+ dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)
+Examples:
+ pkitool --initca -> Build root certificate
+ pkitool --initca --pass -> Build root certificate with password-protected key
+ pkitool --server server1 -> Build "server1" certificate/key
+ pkitool client1 -> Build "client1" certificate/key
+ pkitool --pass client2 -> Build password-protected "client2" certificate/key
+ pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format
+ pkitool --csr client4 -> Build "client4" CSR to be signed by another CA
+ pkitool --sign client4 -> Sign "client4" CSR
+ pkitool --inter interca -> Build an intermediate key-signing certificate/key
+ Also see ./inherit-inter script.
+ pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5
+ -> Build "client5" certificate/key in PKCS#11 token
+Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys.
+Protect client2 key with a password. Build DH parms. Generated files in ./keys :
+ [edit vars with your site-specific info]
+ source ./vars
+ ./clean-all
+ ./build-dh -> takes a long time, consider backgrounding
+ ./pkitool --initca
+ ./pkitool --server myserver
+ ./pkitool client1
+ ./pkitool --pass client2
+Typical usage for adding client cert to existing PKI:
+ source ./vars
+ ./pkitool client-new
--- /dev/null
+#!/bin/bash
+
+#
+# Build a root certificate
+#
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --initca $*
--- /dev/null
+#!/bin/sh
+
+#
+# Build a root certificate
+#
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --initca $*
--- /dev/null
+#!/bin/bash
+
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+
+if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
+ $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+
+if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
+ $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/bash
+
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --inter $*
--- /dev/null
+#!/bin/sh
+
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --inter $*
--- /dev/null
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact $*
--- /dev/null
+#!/bin/bash
+
+# Similar to build-key, but protect the private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pass $*
--- /dev/null
+#!/bin/sh
+
+# Similar to build-key, but protect the private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pass $*
--- /dev/null
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pkcs12 $*
--- /dev/null
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pkcs12 $*
--- /dev/null
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --server $*
--- /dev/null
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --server $*
--- /dev/null
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact $*
--- /dev/null
+#!/bin/bash
+
+# Build a certificate signing request and private key. Use this
+# when your root certificate and key is not available locally.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr $*
--- /dev/null
+#!/bin/bash
+
+# Like build-req, but protect your private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr --pass $*
--- /dev/null
+#!/bin/sh
+
+# Like build-req, but protect your private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr --pass $*
--- /dev/null
+#!/bin/sh
+
+# Build a certificate signing request and private key. Use this
+# when your root certificate and key is not available locally.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr $*
--- /dev/null
+#!/bin/bash
+
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+
+if [ "$KEY_DIR" ]; then
+ rm -rf "$KEY_DIR"
+ mkdir "$KEY_DIR" && \
+ chmod go-rwx "$KEY_DIR" && \
+ touch "$KEY_DIR/index.txt" && \
+ echo 01 >"$KEY_DIR/serial"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+
+if [ "$KEY_DIR" ]; then
+ rm -rf "$KEY_DIR"
+ mkdir "$KEY_DIR" && \
+ chmod go-rwx "$KEY_DIR" && \
+ touch "$KEY_DIR/index.txt" && \
+ echo 01 >"$KEY_DIR/serial"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/bash
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent. This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+ echo "usage: $0 <parent-key-dir> <common-name>"
+ echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+ echo "common-name: the common name of the intermediate certificate in the parent PKI"
+ exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+ cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+ cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+ if [ -e "$1/$EXPORT_CA" ]; then
+ PARENT_CA="$1/$EXPORT_CA"
+ else
+ PARENT_CA="$1/ca.crt"
+ fi
+ cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+ cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent. This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+ echo "usage: $0 <parent-key-dir> <common-name>"
+ echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+ echo "common-name: the common name of the intermediate certificate in the parent PKI"
+ exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+ cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+ cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+ if [ -e "$1/$EXPORT_CA" ]; then
+ PARENT_CA="$1/$EXPORT_CA"
+ else
+ PARENT_CA="$1/ca.crt"
+ fi
+ cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+ cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/bash
+
+# list revoked certificates
+
+CRL="${1:-crl.pem}"
+
+if [ "$KEY_DIR" ]; then
+ cd "$KEY_DIR" && \
+ $OPENSSL crl -text -noout -in "$CRL"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# list revoked certificates
+
+CRL="${1:-crl.pem}"
+
+if [ "$KEY_DIR" ]; then
+ cd "$KEY_DIR" && \
+ $OPENSSL crl -text -noout -in "$CRL"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# OpenVPN -- An application to securely tunnel IP networks
+# over a single TCP/UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program (see the file COPYING included with this
+# distribution); if not, write to the Free Software Foundation, Inc.,
+# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# pkitool is a front-end for the openssl tool.
+
+# Calling scripts can set the certificate organizational
+# unit with the KEY_OU environmental variable.
+
+# Calling scripts can also set the KEY_NAME environmental
+# variable to set the "name" X509 subject field.
+
+PROGNAME=pkitool
+VERSION=2.0
+DEBUG=0
+
+die()
+{
+ local m="$1"
+
+ echo "$m" >&2
+ exit 1
+}
+
+need_vars()
+{
+ echo ' Please edit the vars script to reflect your configuration,'
+ echo ' then source it with "source ./vars".'
+ echo ' Next, to start with a fresh PKI configuration and to delete any'
+ echo ' previous certificates and keys, run "./clean-all".'
+ echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+}
+
+usage()
+{
+ echo "$PROGNAME $VERSION"
+ echo "Usage: $PROGNAME [options...] [common-name]"
+ echo "Options:"
+ echo " --batch : batch mode (default)"
+ echo " --keysize : Set keysize"
+ echo " size : size (default=1024)"
+ echo " --interact : interactive mode"
+ echo " --server : build server cert"
+ echo " --initca : build root CA"
+ echo " --inter : build intermediate CA"
+ echo " --pass : encrypt private key with password"
+ echo " --csr : only generate a CSR, do not sign"
+ echo " --sign : sign an existing CSR"
+ echo " --pkcs12 : generate a combined PKCS#12 file"
+ echo " --pkcs11 : generate certificate on PKCS#11 token"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " id : PKCS#11 object id (hex string)"
+ echo " label : PKCS#11 object label"
+ echo "Standalone options:"
+ echo " --pkcs11-slots : list PKCS#11 slots"
+ echo " lib : PKCS#11 library"
+ echo " --pkcs11-objects : list PKCS#11 token objects"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " label : PKCS#11 token label"
+ echo "Notes:"
+ need_vars
+ echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+ echo "Generated files and corresponding OpenVPN directives:"
+ echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+ echo " ca.crt -> root certificate (--ca)"
+ echo " ca.key -> root key, keep secure (not directly used by OpenVPN)"
+ echo " .crt files -> client/server certificates (--cert)"
+ echo " .key files -> private keys, keep secure (--key)"
+ echo " .csr files -> certificate signing request (not directly used by OpenVPN)"
+ echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+ echo "Examples:"
+ echo " $PROGNAME --initca -> Build root certificate"
+ echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key"
+ echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key"
+ echo " $PROGNAME client1 -> Build \"client1\" certificate/key"
+ echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key"
+ echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format"
+ echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA"
+ echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR"
+ echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key"
+ echo " Also see ./inherit-inter script."
+ echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+ echo " -> Build \"client5\" certificate/key in PKCS#11 token"
+ echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys."
+ echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :"
+ echo " [edit vars with your site-specific info]"
+ echo " source ./vars"
+ echo " ./clean-all"
+ echo " ./build-dh -> takes a long time, consider backgrounding"
+ echo " ./$PROGNAME --initca"
+ echo " ./$PROGNAME --server myserver"
+ echo " ./$PROGNAME client1"
+ echo " ./$PROGNAME --pass client2"
+ echo "Typical usage for adding client cert to existing PKI:"
+ echo " source ./vars"
+ echo " ./$PROGNAME client-new"
+}
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
+[ -n "$GREP" ] || export GREP="grep"
+
+# Set defaults
+DO_REQ="1"
+REQ_EXT=""
+DO_CA="1"
+CA_EXT=""
+DO_P12="0"
+DO_P11="0"
+DO_ROOT="0"
+NODES_REQ="-nodes"
+NODES_P12=""
+BATCH="-batch"
+CA="ca"
+# must be set or errors of openssl.cnf
+PKCS11_MODULE_PATH="dummy"
+PKCS11_PIN="dummy"
+
+# Process options
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --keysize ) KEY_SIZE=$2
+ shift;;
+ --server ) REQ_EXT="$REQ_EXT -extensions server"
+ CA_EXT="$CA_EXT -extensions server" ;;
+ --batch ) BATCH="-batch" ;;
+ --interact ) BATCH="" ;;
+ --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
+ --initca ) DO_ROOT="1" ;;
+ --pass ) NODES_REQ="" ;;
+ --csr ) DO_CA="0" ;;
+ --sign ) DO_REQ="0" ;;
+ --pkcs12 ) DO_P12="1" ;;
+ --pkcs11 ) DO_P11="1"
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ PKCS11_ID="$4"
+ PKCS11_LABEL="$5"
+ shift 4;;
+
+ # standalone
+ --pkcs11-init)
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ PKCS11_LABEL="$4"
+ if [ -z "$PKCS11_LABEL" ]; then
+ die "Please specify library name, slot and label"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+ --label "$PKCS11_LABEL" &&
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+ exit $?;;
+ --pkcs11-slots)
+ PKCS11_MODULE_PATH="$2"
+ if [ -z "$PKCS11_MODULE_PATH" ]; then
+ die "Please specify library name"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
+ exit 0;;
+ --pkcs11-objects)
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ if [ -z "$PKCS11_SLOT" ]; then
+ die "Please specify library name and slot"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+ exit 0;;
+
+ # errors
+ --* ) die "$PROGNAME: unknown option: $1" ;;
+ * ) break ;;
+ esac
+ shift
+done
+
+if ! [ -z "$BATCH" ]; then
+ if $OPENSSL version | grep 0.9.6 > /dev/null; then
+ die "Batch mode is unsupported in openssl<0.9.7"
+ fi
+fi
+
+if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
+ die "PKCS#11 and PKCS#12 cannot be specified together"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+ if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
+ die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
+ fi
+fi
+
+# If we are generating pkcs12, only encrypt the final step
+if [ $DO_P12 -eq 1 ]; then
+ NODES_P12="$NODES_REQ"
+ NODES_REQ="-nodes"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+ if [ -z "$PKCS11_LABEL" ]; then
+ die "PKCS#11 arguments incomplete"
+ fi
+fi
+
+# If undefined, set default key expiration intervals
+if [ -z "$KEY_EXPIRE" ]; then
+ KEY_EXPIRE=3650
+fi
+if [ -z "$CA_EXPIRE" ]; then
+ CA_EXPIRE=3650
+fi
+
+# Set organizational unit to empty string if undefined
+if [ -z "$KEY_OU" ]; then
+ KEY_OU=""
+fi
+
+# Set X509 Name string to empty string if undefined
+if [ -z "$KEY_NAME" ]; then
+ KEY_NAME=""
+fi
+
+# Set KEY_CN, FN
+if [ $DO_ROOT -eq 1 ]; then
+ if [ -z "$KEY_CN" ]; then
+ if [ "$1" ]; then
+ KEY_CN="$1"
+ elif [ "$KEY_ORG" ]; then
+ KEY_CN="$KEY_ORG CA"
+ fi
+ fi
+ if [ $BATCH ] && [ "$KEY_CN" ]; then
+ echo "Using CA Common Name:" "$KEY_CN"
+ fi
+ FN="$KEY_CN"
+elif [ $BATCH ] && [ "$KEY_CN" ]; then
+ echo "Using Common Name:" "$KEY_CN"
+ FN="$KEY_CN"
+ if [ "$1" ]; then
+ FN="$1"
+ fi
+else
+ if [ $# -ne 1 ]; then
+ usage
+ exit 1
+ else
+ KEY_CN="$1"
+ fi
+ FN="$KEY_CN"
+fi
+
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+
+# Show parameters (debugging)
+if [ $DEBUG -eq 1 ]; then
+ echo DO_REQ $DO_REQ
+ echo REQ_EXT $REQ_EXT
+ echo DO_CA $DO_CA
+ echo CA_EXT $CA_EXT
+ echo NODES_REQ $NODES_REQ
+ echo NODES_P12 $NODES_P12
+ echo DO_P12 $DO_P12
+ echo KEY_CN $KEY_CN
+ echo BATCH $BATCH
+ echo DO_ROOT $DO_ROOT
+ echo KEY_EXPIRE $KEY_EXPIRE
+ echo CA_EXPIRE $CA_EXPIRE
+ echo KEY_OU $KEY_OU
+ echo KEY_NAME $KEY_NAME
+ echo DO_P11 $DO_P11
+ echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
+ echo PKCS11_SLOT $PKCS11_SLOT
+ echo PKCS11_ID $PKCS11_ID
+ echo PKCS11_LABEL $PKCS11_LABEL
+fi
+
+# Make sure ./vars was sourced beforehand
+if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
+ cd "$KEY_DIR"
+
+ # Make sure $KEY_CONFIG points to the correct version
+ # of openssl.cnf
+ if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+ :
+ else
+ echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+ echo "version of openssl.cnf: $KEY_CONFIG"
+ echo "The correct version should have a comment that says: easy-rsa version 2.x";
+ exit 1;
+ fi
+
+ # Build root CA
+ if [ $DO_ROOT -eq 1 ]; then
+ $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+ -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+ chmod 0600 "$CA.key"
+ else
+ # Make sure CA key/cert is available
+ if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
+ if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
+ echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
+ echo "Try $PROGNAME --initca to build a root certificate/key."
+ exit 1
+ fi
+ fi
+
+ # Generate key for PKCS#11 token
+ PKCS11_ARGS=
+ if [ $DO_P11 -eq 1 ]; then
+ stty -echo
+ echo -n "User PIN: "
+ read -r PKCS11_PIN
+ stty echo
+ export PKCS11_PIN
+
+ echo "Generating key pair on PKCS#11 token..."
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
+ --login --pin "$PKCS11_PIN" \
+ --key-type rsa:1024 \
+ --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+ PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
+ fi
+
+ # Build cert/key
+ ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+ -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+ ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
+ -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+ ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
+ -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
+ ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \
+ ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
+
+ # Load certificate into PKCS#11 token
+ if [ $DO_P11 -eq 1 ]; then
+ $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
+ --login --pin "$PKCS11_PIN" \
+ --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
+ [ -e "$FN.crt.der" ]; rm "$FN.crt.der"
+ fi
+
+ fi
+
+# Need definitions
+else
+ need_vars
+fi
--- /dev/null
+#!/bin/sh
+
+# OpenVPN -- An application to securely tunnel IP networks
+# over a single TCP/UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program (see the file COPYING included with this
+# distribution); if not, write to the Free Software Foundation, Inc.,
+# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# pkitool is a front-end for the openssl tool.
+
+# Calling scripts can set the certificate organizational
+# unit with the KEY_OU environmental variable.
+
+# Calling scripts can also set the KEY_NAME environmental
+# variable to set the "name" X509 subject field.
+
+PROGNAME=pkitool
+VERSION=2.0
+DEBUG=0
+
+die()
+{
+ local m="$1"
+
+ echo "$m" >&2
+ exit 1
+}
+
+need_vars()
+{
+ echo ' Please edit the vars script to reflect your configuration,'
+ echo ' then source it with "source ./vars".'
+ echo ' Next, to start with a fresh PKI configuration and to delete any'
+ echo ' previous certificates and keys, run "./clean-all".'
+ echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+}
+
+usage()
+{
+ echo "$PROGNAME $VERSION"
+ echo "Usage: $PROGNAME [options...] [common-name]"
+ echo "Options:"
+ echo " --batch : batch mode (default)"
+ echo " --keysize : Set keysize"
+ echo " size : size (default=1024)"
+ echo " --interact : interactive mode"
+ echo " --server : build server cert"
+ echo " --initca : build root CA"
+ echo " --inter : build intermediate CA"
+ echo " --pass : encrypt private key with password"
+ echo " --csr : only generate a CSR, do not sign"
+ echo " --sign : sign an existing CSR"
+ echo " --pkcs12 : generate a combined PKCS#12 file"
+ echo " --pkcs11 : generate certificate on PKCS#11 token"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " id : PKCS#11 object id (hex string)"
+ echo " label : PKCS#11 object label"
+ echo "Standalone options:"
+ echo " --pkcs11-slots : list PKCS#11 slots"
+ echo " lib : PKCS#11 library"
+ echo " --pkcs11-objects : list PKCS#11 token objects"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!"
+ echo " lib : PKCS#11 library"
+ echo " slot : PKCS#11 slot"
+ echo " label : PKCS#11 token label"
+ echo "Notes:"
+ need_vars
+ echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+ echo "Generated files and corresponding OpenVPN directives:"
+ echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+ echo " ca.crt -> root certificate (--ca)"
+ echo " ca.key -> root key, keep secure (not directly used by OpenVPN)"
+ echo " .crt files -> client/server certificates (--cert)"
+ echo " .key files -> private keys, keep secure (--key)"
+ echo " .csr files -> certificate signing request (not directly used by OpenVPN)"
+ echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+ echo "Examples:"
+ echo " $PROGNAME --initca -> Build root certificate"
+ echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key"
+ echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key"
+ echo " $PROGNAME client1 -> Build \"client1\" certificate/key"
+ echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key"
+ echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format"
+ echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA"
+ echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR"
+ echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key"
+ echo " Also see ./inherit-inter script."
+ echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+ echo " -> Build \"client5\" certificate/key in PKCS#11 token"
+ echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys."
+ echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :"
+ echo " [edit vars with your site-specific info]"
+ echo " source ./vars"
+ echo " ./clean-all"
+ echo " ./build-dh -> takes a long time, consider backgrounding"
+ echo " ./$PROGNAME --initca"
+ echo " ./$PROGNAME --server myserver"
+ echo " ./$PROGNAME client1"
+ echo " ./$PROGNAME --pass client2"
+ echo "Typical usage for adding client cert to existing PKI:"
+ echo " source ./vars"
+ echo " ./$PROGNAME client-new"
+}
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
+[ -n "$GREP" ] || export GREP="grep"
+
+# Set defaults
+DO_REQ="1"
+REQ_EXT=""
+DO_CA="1"
+CA_EXT=""
+DO_P12="0"
+DO_P11="0"
+DO_ROOT="0"
+NODES_REQ="-nodes"
+NODES_P12=""
+BATCH="-batch"
+CA="ca"
+# must be set or errors of openssl.cnf
+PKCS11_MODULE_PATH="dummy"
+PKCS11_PIN="dummy"
+
+# Process options
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --keysize ) KEY_SIZE=$2
+ shift;;
+ --server ) REQ_EXT="$REQ_EXT -extensions server"
+ CA_EXT="$CA_EXT -extensions server" ;;
+ --batch ) BATCH="-batch" ;;
+ --interact ) BATCH="" ;;
+ --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
+ --initca ) DO_ROOT="1" ;;
+ --pass ) NODES_REQ="" ;;
+ --csr ) DO_CA="0" ;;
+ --sign ) DO_REQ="0" ;;
+ --pkcs12 ) DO_P12="1" ;;
+ --pkcs11 ) DO_P11="1"
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ PKCS11_ID="$4"
+ PKCS11_LABEL="$5"
+ shift 4;;
+
+ # standalone
+ --pkcs11-init)
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ PKCS11_LABEL="$4"
+ if [ -z "$PKCS11_LABEL" ]; then
+ die "Please specify library name, slot and label"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+ --label "$PKCS11_LABEL" &&
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+ exit $?;;
+ --pkcs11-slots)
+ PKCS11_MODULE_PATH="$2"
+ if [ -z "$PKCS11_MODULE_PATH" ]; then
+ die "Please specify library name"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
+ exit 0;;
+ --pkcs11-objects)
+ PKCS11_MODULE_PATH="$2"
+ PKCS11_SLOT="$3"
+ if [ -z "$PKCS11_SLOT" ]; then
+ die "Please specify library name and slot"
+ fi
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+ exit 0;;
+
+ --help|--usage)
+ usage
+ exit ;;
+ --version)
+ echo "$PROGNAME $VERSION"
+ exit ;;
+ # errors
+ --* ) die "$PROGNAME: unknown option: $1" ;;
+ * ) break ;;
+ esac
+ shift
+done
+
+if ! [ -z "$BATCH" ]; then
+ if $OPENSSL version | grep 0.9.6 > /dev/null; then
+ die "Batch mode is unsupported in openssl<0.9.7"
+ fi
+fi
+
+if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
+ die "PKCS#11 and PKCS#12 cannot be specified together"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+ if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
+ die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
+ fi
+fi
+
+# If we are generating pkcs12, only encrypt the final step
+if [ $DO_P12 -eq 1 ]; then
+ NODES_P12="$NODES_REQ"
+ NODES_REQ="-nodes"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+ if [ -z "$PKCS11_LABEL" ]; then
+ die "PKCS#11 arguments incomplete"
+ fi
+fi
+
+# If undefined, set default key expiration intervals
+if [ -z "$KEY_EXPIRE" ]; then
+ KEY_EXPIRE=3650
+fi
+if [ -z "$CA_EXPIRE" ]; then
+ CA_EXPIRE=3650
+fi
+
+# Set organizational unit to empty string if undefined
+if [ -z "$KEY_OU" ]; then
+ KEY_OU=""
+fi
+
+# Set X509 Name string to empty string if undefined
+if [ -z "$KEY_NAME" ]; then
+ KEY_NAME=""
+fi
+
+# Set KEY_CN, FN
+if [ $DO_ROOT -eq 1 ]; then
+ if [ -z "$KEY_CN" ]; then
+ if [ "$1" ]; then
+ KEY_CN="$1"
+ elif [ "$KEY_ORG" ]; then
+ KEY_CN="$KEY_ORG CA"
+ fi
+ fi
+ if [ $BATCH ] && [ "$KEY_CN" ]; then
+ echo "Using CA Common Name:" "$KEY_CN"
+ fi
+ FN="$KEY_CN"
+elif [ $BATCH ] && [ "$KEY_CN" ]; then
+ echo "Using Common Name:" "$KEY_CN"
+ FN="$KEY_CN"
+ if [ "$1" ]; then
+ FN="$1"
+ fi
+else
+ if [ $# -ne 1 ]; then
+ usage
+ exit 1
+ else
+ KEY_CN="$1"
+ fi
+ FN="$KEY_CN"
+fi
+
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+
+# Show parameters (debugging)
+if [ $DEBUG -eq 1 ]; then
+ echo DO_REQ $DO_REQ
+ echo REQ_EXT $REQ_EXT
+ echo DO_CA $DO_CA
+ echo CA_EXT $CA_EXT
+ echo NODES_REQ $NODES_REQ
+ echo NODES_P12 $NODES_P12
+ echo DO_P12 $DO_P12
+ echo KEY_CN $KEY_CN
+ echo BATCH $BATCH
+ echo DO_ROOT $DO_ROOT
+ echo KEY_EXPIRE $KEY_EXPIRE
+ echo CA_EXPIRE $CA_EXPIRE
+ echo KEY_OU $KEY_OU
+ echo KEY_NAME $KEY_NAME
+ echo DO_P11 $DO_P11
+ echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
+ echo PKCS11_SLOT $PKCS11_SLOT
+ echo PKCS11_ID $PKCS11_ID
+ echo PKCS11_LABEL $PKCS11_LABEL
+fi
+
+# Make sure ./vars was sourced beforehand
+if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
+ cd "$KEY_DIR"
+
+ # Make sure $KEY_CONFIG points to the correct version
+ # of openssl.cnf
+ if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+ :
+ else
+ echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+ echo "version of openssl.cnf: $KEY_CONFIG"
+ echo "The correct version should have a comment that says: easy-rsa version 2.x";
+ exit 1;
+ fi
+
+ # Build root CA
+ if [ $DO_ROOT -eq 1 ]; then
+ $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+ -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+ chmod 0600 "$CA.key"
+ else
+ # Make sure CA key/cert is available
+ if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
+ if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
+ echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
+ echo "Try $PROGNAME --initca to build a root certificate/key."
+ exit 1
+ fi
+ fi
+
+ # Generate key for PKCS#11 token
+ PKCS11_ARGS=
+ if [ $DO_P11 -eq 1 ]; then
+ stty -echo
+ echo -n "User PIN: "
+ read -r PKCS11_PIN
+ stty echo
+ export PKCS11_PIN
+
+ echo "Generating key pair on PKCS#11 token..."
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
+ --login --pin "$PKCS11_PIN" \
+ --key-type rsa:1024 \
+ --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+ PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
+ fi
+
+ # Build cert/key
+ ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+ -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+ ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
+ -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+ ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
+ -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
+ ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \
+ ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
+
+ # Load certificate into PKCS#11 token
+ if [ $DO_P11 -eq 1 ]; then
+ $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
+ $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
+ --login --pin "$PKCS11_PIN" \
+ --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
+ [ -e "$FN.crt.der" ]; rm "$FN.crt.der"
+ fi
+
+ fi
+
+# Need definitions
+else
+ need_vars
+fi
--- /dev/null
+#!/bin/bash
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+ echo "usage: revoke-full <cert-name-base>";
+ exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+ cd "$KEY_DIR"
+ rm -f "$RT"
+
+ # set defaults
+ export KEY_CN=""
+ export KEY_OU=""
+ export KEY_NAME=""
+
+ # revoke key and generate a new CRL
+ $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+ # generate a new CRL -- try to be compatible with
+ # intermediate PKIs
+ $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+ if [ -e export-ca.crt ]; then
+ cat export-ca.crt "$CRL" >"$RT"
+ else
+ cat ca.crt "$CRL" >"$RT"
+ fi
+
+ # verify the revocation
+ $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/sh
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+ echo "usage: revoke-full <cert-name-base>";
+ exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+ cd "$KEY_DIR"
+ rm -f "$RT"
+
+ # set defaults
+ export KEY_CN=""
+ export KEY_OU=""
+ export KEY_NAME=""
+
+ # revoke key and generate a new CRL
+ $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+ # generate a new CRL -- try to be compatible with
+ # intermediate PKIs
+ $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+ if [ -e export-ca.crt ]; then
+ cat export-ca.crt "$CRL" >"$RT"
+ else
+ cat ca.crt "$CRL" >"$RT"
+ fi
+
+ # verify the revocation
+ $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi
--- /dev/null
+#!/bin/bash
+
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --sign $*
--- /dev/null
+#!/bin/sh
+
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --sign $*
--- /dev/null
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
--- /dev/null
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL=mail@host.domain
+export KEY_CN=changeme
+export KEY_NAME=changeme
+export KEY_OU=changeme
+export PKCS11_MODULE_PATH=changeme
+export PKCS11_PIN=1234
--- /dev/null
+#!/bin/sh
+
+if [ "$OPENSSL" ]; then
+ if $OPENSSL version | grep 0.9.6 > /dev/null; then
+ echo "$1/openssl-0.9.6.cnf"
+ else
+ echo "$1/openssl.cnf"
+ fi
+else
+ echo "$1/openssl.cnf"
+fi
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+cnf="$1/openssl.cnf"
+
+if [ "$OPENSSL" ]; then
+ if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then
+ cnf="$1/openssl-0.9.6.cnf"
+ elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then
+ cnf="$1/openssl-0.9.8.cnf"
+ elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then
+ cnf="$1/openssl-1.0.0.cnf"
+ else
+ cnf="$1/openssl.cnf"
+ fi
+fi
+
+echo $cnf
+
+if [ ! -r $cnf ]; then
+ echo "**************************************************************" >&2
+ echo " No $cnf file could be found" >&2
+ echo " Further invocations will fail" >&2
+ echo "**************************************************************" >&2
+fi
+
+exit 0
--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Dec 12, 2008
+; related version of root zone: 2008121200
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
+; End of File
--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Jun 8, 2011
+; related version of root zone: 2011060800
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
+; End of File
+++ /dev/null
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $
-
-depend() {
- use hostname
-}
-
-start() {
- ebegin "Writing a dummy startup record using sadc (see sadc(8))..."
- /usr/lib/sa/sa1 --boot
- eend $?
-}
-
-stop() {
- ebegin "Cannot stop writing a dummy startup record (see sadc(8))..."
- eend $?
-}
#!/sbin/runscript
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $
depend() {
use hostname
start() {
ebegin "Writing a dummy startup record using sadc (see sadc(8))..."
- /usr/lib/sa/sadc -F -L -
+ /usr/lib/sa/sa1 --boot
eend $?
}
+++ /dev/null
-[MAIN]
-
-#-----------------------------------------------------------
-# Defines the directory where overlays should be installed
-
-storage : /var/lib/layman
-
-#-----------------------------------------------------------
-# Remote overlay lists will be stored here
-# layman will append _md5(url).xml to each filename
-
-cache : %(storage)s/cache
-
-#-----------------------------------------------------------
-# The list of locally installed overlays
-
-local_list: %(storage)s/overlays.xml
-
-#-----------------------------------------------------------
-# Path to the make.conf file that should be modified by
-# layman
-
-make_conf : %(storage)s/make.conf
-
-#-----------------------------------------------------------
-# URLs of the remote lists of overlays (one per line) or
-# local overlay definitions
-#
-#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
-# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml
-# http://mydomain.org/my-layman-list.xml
-# file:///var/lib/layman/my-list.xml
-
-overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml
-
-#-----------------------------------------------------------
-# Proxy support
-# If unset, layman will use the http_proxy environment variable.
-#
-#proxy : http://[user:pass@]www.my-proxy.org:3128
-
-#-----------------------------------------------------------
-# Strict checking of overlay definitions
-#
-# The nocheck option is a bit confusing, for historical reasons.
-# Hopefully this description eases the double negation trouble:
-#
-# nocheck : yes
-# - Accepts completene overlay entries without warnings
-# - Lists overlays of type foo (say Git) even with no foo installed
-#
-# nocheck : no
-# - Checks overlay entries for missing description or contact
-# information and issue warnings as needed
-# - Hides overlays of type foo (say Git) if foo not not installed
-#
-nocheck : yes
-
-#-----------------------------------------------------------
-# Umask settings
-#
-# layman should usually work with a umask of 0022. You should
-# only change this setting if you are absolutely certain that
-# you know what you are doing.
-#
-#umask : 0022
-
-#-----------------------------------------------------------
-# Command overrides
-#
-# You can have commands point to either a binary at a different
-# location, e.g.
-#
-# /home/you/local/bin/git
-#
-# or just the command, e.g.
-#
-# git
-#
-# to use PATH-based resolution of the binary to call.
-#
-#bzr_command : /usr/bin/bzr
-#cvs_command : /usr/bin/cvs
-#darcs_command : /usr/bin/darcs
-#git_command : /usr/bin/git
-#mercurial_command : /usr/bin/hg
-#rsync_command : /usr/bin/rsync
-#svn_command : /usr/bin/svn
-#tar_command : /bin/tar
#-----------------------------------------------------------
# Strict checking of overlay definitions
#
-# Set either to "yes" or "no". If "no" layman will issue
-# warnings if an overlay definition is missing either
-# description or contact information.
+# The nocheck option is a bit confusing, for historical reasons.
+# Hopefully this description eases the double negation trouble:
+#
+# nocheck : yes
+# - Accepts completene overlay entries without warnings
+# - Lists overlays of type foo (say Git) even with no foo installed
+#
+# nocheck : no
+# - Checks overlay entries for missing description or contact
+# information and issue warnings as needed
+# - Hides overlays of type foo (say Git) if foo not not installed
#
nocheck : yes
+++ /dev/null
-#
-# Automatically generated make config: don't edit
-# Busybox version: 1.19.3
-# Wed May 30 23:05:27 2012
-#
-CONFIG_HAVE_DOT_CONFIG=y
-
-#
-# Busybox Settings
-#
-
-#
-# General Configuration
-#
-CONFIG_DESKTOP=y
-CONFIG_EXTRA_COMPAT=y
-CONFIG_INCLUDE_SUSv2=y
-CONFIG_USE_PORTABLE_CODE=y
-CONFIG_PLATFORM_LINUX=y
-CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
-# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set
-# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
-CONFIG_SHOW_USAGE=y
-CONFIG_FEATURE_VERBOSE_USAGE=y
-CONFIG_FEATURE_COMPRESS_USAGE=y
-CONFIG_FEATURE_INSTALLER=y
-CONFIG_INSTALL_NO_USR=y
-# CONFIG_LOCALE_SUPPORT is not set
-CONFIG_UNICODE_SUPPORT=y
-# CONFIG_UNICODE_USING_LOCALE is not set
-# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set
-CONFIG_SUBST_WCHAR=63
-CONFIG_LAST_SUPPORTED_WCHAR=767
-CONFIG_UNICODE_COMBINING_WCHARS=y
-CONFIG_UNICODE_WIDE_WCHARS=y
-# CONFIG_UNICODE_BIDI_SUPPORT is not set
-# CONFIG_UNICODE_NEUTRAL_TABLE is not set
-CONFIG_UNICODE_PRESERVE_BROKEN=y
-CONFIG_LONG_OPTS=y
-CONFIG_FEATURE_DEVPTS=y
-CONFIG_FEATURE_CLEAN_UP=y
-CONFIG_FEATURE_UTMP=y
-CONFIG_FEATURE_WTMP=y
-CONFIG_FEATURE_PIDFILE=y
-CONFIG_FEATURE_SUID=y
-# CONFIG_FEATURE_SUID_CONFIG is not set
-# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
-# CONFIG_SELINUX is not set
-CONFIG_FEATURE_PREFER_APPLETS=y
-CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
-CONFIG_FEATURE_SYSLOG=y
-# CONFIG_FEATURE_HAVE_RPC is not set
-
-#
-# Build Options
-#
-# CONFIG_STATIC is not set
-# CONFIG_PIE is not set
-# CONFIG_NOMMU is not set
-# CONFIG_BUILD_LIBBUSYBOX is not set
-# CONFIG_FEATURE_INDIVIDUAL is not set
-# CONFIG_FEATURE_SHARED_BUSYBOX is not set
-CONFIG_LFS=y
-CONFIG_CROSS_COMPILER_PREFIX=""
-CONFIG_EXTRA_CFLAGS=""
-
-#
-# Debugging Options
-#
-# CONFIG_DEBUG is not set
-# CONFIG_DEBUG_PESSIMIZE is not set
-CONFIG_WERROR=y
-CONFIG_NO_DEBUG_LIB=y
-# CONFIG_DMALLOC is not set
-# CONFIG_EFENCE is not set
-
-#
-# Installation Options ("make install" behavior)
-#
-CONFIG_INSTALL_APPLET_SYMLINKS=y
-# CONFIG_INSTALL_APPLET_HARDLINKS is not set
-# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set
-# CONFIG_INSTALL_APPLET_DONT is not set
-# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set
-# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set
-# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set
-CONFIG_PREFIX="./_install"
-
-#
-# Busybox Library Tuning
-#
-CONFIG_FEATURE_SYSTEMD=y
-CONFIG_FEATURE_RTMINMAX=y
-CONFIG_PASSWORD_MINLEN=6
-CONFIG_MD5_SIZE_VS_SPEED=2
-CONFIG_FEATURE_FAST_TOP=y
-CONFIG_FEATURE_ETC_NETWORKS=y
-CONFIG_FEATURE_USE_TERMIOS=y
-CONFIG_FEATURE_EDITING=y
-CONFIG_FEATURE_EDITING_MAX_LEN=1024
-CONFIG_FEATURE_EDITING_VI=y
-CONFIG_FEATURE_EDITING_HISTORY=255
-CONFIG_FEATURE_EDITING_SAVEHISTORY=y
-CONFIG_FEATURE_REVERSE_SEARCH=y
-CONFIG_FEATURE_TAB_COMPLETION=y
-CONFIG_FEATURE_USERNAME_COMPLETION=y
-CONFIG_FEATURE_EDITING_FANCY_PROMPT=y
-CONFIG_FEATURE_EDITING_ASK_TERMINAL=y
-CONFIG_FEATURE_NON_POSIX_CP=y
-CONFIG_FEATURE_VERBOSE_CP_MESSAGE=y
-CONFIG_FEATURE_COPYBUF_KB=4
-CONFIG_FEATURE_SKIP_ROOTFS=y
-# CONFIG_MONOTONIC_SYSCALL is not set
-CONFIG_IOCTL_HEX2STR_ERROR=y
-CONFIG_FEATURE_HWIB=y
-
-#
-# Applets
-#
-
-#
-# Archival Utilities
-#
-CONFIG_FEATURE_SEAMLESS_XZ=y
-CONFIG_FEATURE_SEAMLESS_LZMA=y
-CONFIG_FEATURE_SEAMLESS_BZ2=y
-CONFIG_FEATURE_SEAMLESS_GZ=y
-CONFIG_FEATURE_SEAMLESS_Z=y
-CONFIG_AR=y
-CONFIG_FEATURE_AR_LONG_FILENAMES=y
-CONFIG_FEATURE_AR_CREATE=y
-CONFIG_BUNZIP2=y
-CONFIG_BZIP2=y
-CONFIG_CPIO=y
-CONFIG_FEATURE_CPIO_O=y
-CONFIG_FEATURE_CPIO_P=y
-# CONFIG_DPKG is not set
-# CONFIG_DPKG_DEB is not set
-# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set
-CONFIG_GUNZIP=y
-CONFIG_GZIP=y
-CONFIG_FEATURE_GZIP_LONG_OPTIONS=y
-CONFIG_LZOP=y
-CONFIG_LZOP_COMPR_HIGH=y
-# CONFIG_RPM2CPIO is not set
-# CONFIG_RPM is not set
-CONFIG_TAR=y
-CONFIG_FEATURE_TAR_CREATE=y
-CONFIG_FEATURE_TAR_AUTODETECT=y
-CONFIG_FEATURE_TAR_FROM=y
-CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y
-CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y
-CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
-CONFIG_FEATURE_TAR_LONG_OPTIONS=y
-CONFIG_FEATURE_TAR_TO_COMMAND=y
-CONFIG_FEATURE_TAR_UNAME_GNAME=y
-CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
-CONFIG_UNCOMPRESS=y
-CONFIG_UNLZMA=y
-CONFIG_FEATURE_LZMA_FAST=y
-CONFIG_LZMA=y
-CONFIG_UNXZ=y
-CONFIG_XZ=y
-CONFIG_UNZIP=y
-
-#
-# Coreutils
-#
-CONFIG_BASENAME=y
-CONFIG_CAT=y
-CONFIG_DATE=y
-CONFIG_FEATURE_DATE_ISOFMT=y
-CONFIG_FEATURE_DATE_NANO=y
-CONFIG_FEATURE_DATE_COMPAT=y
-CONFIG_ID=y
-CONFIG_GROUPS=y
-CONFIG_TEST=y
-CONFIG_FEATURE_TEST_64=y
-CONFIG_TOUCH=y
-CONFIG_TR=y
-CONFIG_FEATURE_TR_CLASSES=y
-CONFIG_FEATURE_TR_EQUIV=y
-CONFIG_BASE64=y
-CONFIG_WHO=y
-CONFIG_USERS=y
-CONFIG_CAL=y
-CONFIG_CATV=y
-CONFIG_CHGRP=y
-CONFIG_CHMOD=y
-CONFIG_CHOWN=y
-CONFIG_FEATURE_CHOWN_LONG_OPTIONS=y
-CONFIG_CHROOT=y
-CONFIG_CKSUM=y
-CONFIG_COMM=y
-CONFIG_CP=y
-CONFIG_FEATURE_CP_LONG_OPTIONS=y
-CONFIG_CUT=y
-CONFIG_DD=y
-CONFIG_FEATURE_DD_SIGNAL_HANDLING=y
-CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y
-CONFIG_FEATURE_DD_IBS_OBS=y
-CONFIG_DF=y
-CONFIG_FEATURE_DF_FANCY=y
-CONFIG_DIRNAME=y
-CONFIG_DOS2UNIX=y
-CONFIG_UNIX2DOS=y
-CONFIG_DU=y
-CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y
-CONFIG_ECHO=y
-CONFIG_FEATURE_FANCY_ECHO=y
-CONFIG_ENV=y
-CONFIG_FEATURE_ENV_LONG_OPTIONS=y
-CONFIG_EXPAND=y
-CONFIG_FEATURE_EXPAND_LONG_OPTIONS=y
-CONFIG_EXPR=y
-CONFIG_EXPR_MATH_SUPPORT_64=y
-CONFIG_FALSE=y
-# CONFIG_FOLD is not set
-CONFIG_FSYNC=y
-CONFIG_HEAD=y
-CONFIG_FEATURE_FANCY_HEAD=y
-# CONFIG_HOSTID is not set
-CONFIG_INSTALL=y
-CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
-CONFIG_LN=y
-# CONFIG_LOGNAME is not set
-CONFIG_LS=y
-CONFIG_FEATURE_LS_FILETYPES=y
-CONFIG_FEATURE_LS_FOLLOWLINKS=y
-CONFIG_FEATURE_LS_RECURSIVE=y
-CONFIG_FEATURE_LS_SORTFILES=y
-CONFIG_FEATURE_LS_TIMESTAMPS=y
-CONFIG_FEATURE_LS_USERNAME=y
-CONFIG_FEATURE_LS_COLOR=y
-CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y
-CONFIG_MD5SUM=y
-CONFIG_MKDIR=y
-CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
-CONFIG_MKFIFO=y
-CONFIG_MKNOD=y
-CONFIG_MV=y
-CONFIG_FEATURE_MV_LONG_OPTIONS=y
-CONFIG_NICE=y
-CONFIG_NOHUP=y
-# CONFIG_OD is not set
-CONFIG_PRINTENV=y
-CONFIG_PRINTF=y
-CONFIG_PWD=y
-CONFIG_READLINK=y
-CONFIG_FEATURE_READLINK_FOLLOW=y
-CONFIG_REALPATH=y
-CONFIG_RM=y
-CONFIG_RMDIR=y
-CONFIG_FEATURE_RMDIR_LONG_OPTIONS=y
-CONFIG_SEQ=y
-CONFIG_SHA1SUM=y
-CONFIG_SHA256SUM=y
-CONFIG_SHA512SUM=y
-CONFIG_SLEEP=y
-CONFIG_FEATURE_FANCY_SLEEP=y
-CONFIG_FEATURE_FLOAT_SLEEP=y
-CONFIG_SORT=y
-CONFIG_FEATURE_SORT_BIG=y
-CONFIG_SPLIT=y
-CONFIG_FEATURE_SPLIT_FANCY=y
-CONFIG_STAT=y
-CONFIG_FEATURE_STAT_FORMAT=y
-CONFIG_STTY=y
-CONFIG_SUM=y
-CONFIG_SYNC=y
-CONFIG_TAC=y
-CONFIG_TAIL=y
-CONFIG_FEATURE_FANCY_TAIL=y
-CONFIG_TEE=y
-CONFIG_FEATURE_TEE_USE_BLOCK_IO=y
-CONFIG_TRUE=y
-CONFIG_TTY=y
-CONFIG_UNAME=y
-CONFIG_UNEXPAND=y
-CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS=y
-CONFIG_UNIQ=y
-CONFIG_USLEEP=y
-# CONFIG_UUDECODE is not set
-# CONFIG_UUENCODE is not set
-CONFIG_WC=y
-CONFIG_FEATURE_WC_LARGE=y
-CONFIG_WHOAMI=y
-CONFIG_YES=y
-
-#
-# Common options for cp and mv
-#
-CONFIG_FEATURE_PRESERVE_HARDLINKS=y
-
-#
-# Common options for ls, more and telnet
-#
-CONFIG_FEATURE_AUTOWIDTH=y
-
-#
-# Common options for df, du, ls
-#
-CONFIG_FEATURE_HUMAN_READABLE=y
-
-#
-# Common options for md5sum, sha1sum, sha256sum, sha512sum
-#
-CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
-
-#
-# Console Utilities
-#
-CONFIG_CHVT=y
-CONFIG_FGCONSOLE=y
-CONFIG_CLEAR=y
-CONFIG_DEALLOCVT=y
-CONFIG_DUMPKMAP=y
-CONFIG_KBD_MODE=y
-CONFIG_LOADFONT=y
-CONFIG_LOADKMAP=y
-CONFIG_OPENVT=y
-CONFIG_RESET=y
-CONFIG_RESIZE=y
-CONFIG_FEATURE_RESIZE_PRINT=y
-CONFIG_SETCONSOLE=y
-CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y
-CONFIG_SETFONT=y
-CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y
-CONFIG_DEFAULT_SETFONT_DIR=""
-CONFIG_SETKEYCODES=y
-CONFIG_SETLOGCONS=y
-CONFIG_SHOWKEY=y
-
-#
-# Common options for loadfont and setfont
-#
-CONFIG_FEATURE_LOADFONT_PSF2=y
-CONFIG_FEATURE_LOADFONT_RAW=y
-
-#
-# Debian Utilities
-#
-CONFIG_MKTEMP=y
-CONFIG_PIPE_PROGRESS=y
-# CONFIG_RUN_PARTS is not set
-# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set
-# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
-CONFIG_START_STOP_DAEMON=y
-CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
-CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
-CONFIG_WHICH=y
-
-#
-# Editors
-#
-CONFIG_PATCH=y
-CONFIG_VI=y
-CONFIG_FEATURE_VI_MAX_LEN=4096
-CONFIG_FEATURE_VI_8BIT=y
-CONFIG_FEATURE_VI_COLON=y
-CONFIG_FEATURE_VI_YANKMARK=y
-CONFIG_FEATURE_VI_SEARCH=y
-CONFIG_FEATURE_VI_REGEX_SEARCH=y
-CONFIG_FEATURE_VI_USE_SIGNALS=y
-CONFIG_FEATURE_VI_DOT_CMD=y
-CONFIG_FEATURE_VI_READONLY=y
-CONFIG_FEATURE_VI_SETOPTS=y
-CONFIG_FEATURE_VI_SET=y
-CONFIG_FEATURE_VI_WIN_RESIZE=y
-CONFIG_FEATURE_VI_ASK_TERMINAL=y
-CONFIG_FEATURE_VI_OPTIMIZE_CURSOR=y
-CONFIG_AWK=y
-CONFIG_FEATURE_AWK_LIBM=y
-CONFIG_CMP=y
-CONFIG_DIFF=y
-CONFIG_FEATURE_DIFF_LONG_OPTIONS=y
-CONFIG_FEATURE_DIFF_DIR=y
-CONFIG_ED=y
-CONFIG_SED=y
-CONFIG_FEATURE_ALLOW_EXEC=y
-
-#
-# Finding Utilities
-#
-CONFIG_FIND=y
-CONFIG_FEATURE_FIND_PRINT0=y
-CONFIG_FEATURE_FIND_MTIME=y
-CONFIG_FEATURE_FIND_MMIN=y
-CONFIG_FEATURE_FIND_PERM=y
-CONFIG_FEATURE_FIND_TYPE=y
-CONFIG_FEATURE_FIND_XDEV=y
-CONFIG_FEATURE_FIND_MAXDEPTH=y
-CONFIG_FEATURE_FIND_NEWER=y
-CONFIG_FEATURE_FIND_INUM=y
-CONFIG_FEATURE_FIND_EXEC=y
-CONFIG_FEATURE_FIND_USER=y
-CONFIG_FEATURE_FIND_GROUP=y
-CONFIG_FEATURE_FIND_NOT=y
-CONFIG_FEATURE_FIND_DEPTH=y
-CONFIG_FEATURE_FIND_PAREN=y
-CONFIG_FEATURE_FIND_SIZE=y
-CONFIG_FEATURE_FIND_PRUNE=y
-CONFIG_FEATURE_FIND_DELETE=y
-CONFIG_FEATURE_FIND_PATH=y
-CONFIG_FEATURE_FIND_REGEX=y
-# CONFIG_FEATURE_FIND_CONTEXT is not set
-CONFIG_FEATURE_FIND_LINKS=y
-CONFIG_GREP=y
-CONFIG_FEATURE_GREP_EGREP_ALIAS=y
-CONFIG_FEATURE_GREP_FGREP_ALIAS=y
-CONFIG_FEATURE_GREP_CONTEXT=y
-CONFIG_XARGS=y
-CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y
-CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y
-CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y
-CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y
-
-#
-# Init Utilities
-#
-# CONFIG_BOOTCHARTD is not set
-# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set
-# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set
-CONFIG_HALT=y
-# CONFIG_FEATURE_CALL_TELINIT is not set
-CONFIG_TELINIT_PATH=""
-CONFIG_INIT=y
-CONFIG_FEATURE_USE_INITTAB=y
-CONFIG_FEATURE_KILL_REMOVED=y
-CONFIG_FEATURE_KILL_DELAY=0
-CONFIG_FEATURE_INIT_SCTTY=y
-CONFIG_FEATURE_INIT_SYSLOG=y
-CONFIG_FEATURE_EXTRA_QUIET=y
-CONFIG_FEATURE_INIT_COREDUMPS=y
-CONFIG_FEATURE_INITRD=y
-CONFIG_INIT_TERMINAL_TYPE="linux"
-CONFIG_MESG=y
-CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
-
-#
-# Login/Password Management Utilities
-#
-# CONFIG_ADD_SHELL is not set
-# CONFIG_REMOVE_SHELL is not set
-CONFIG_FEATURE_SHADOWPASSWDS=y
-CONFIG_USE_BB_PWD_GRP=y
-CONFIG_USE_BB_SHADOW=y
-CONFIG_USE_BB_CRYPT=y
-CONFIG_USE_BB_CRYPT_SHA=y
-CONFIG_ADDUSER=y
-CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y
-CONFIG_FEATURE_CHECK_NAMES=y
-CONFIG_FIRST_SYSTEM_ID=100
-CONFIG_LAST_SYSTEM_ID=999
-CONFIG_ADDGROUP=y
-CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y
-CONFIG_FEATURE_ADDUSER_TO_GROUP=y
-CONFIG_DELUSER=y
-CONFIG_DELGROUP=y
-CONFIG_FEATURE_DEL_USER_FROM_GROUP=y
-CONFIG_GETTY=y
-CONFIG_LOGIN=y
-CONFIG_PAM=y
-CONFIG_LOGIN_SCRIPTS=y
-CONFIG_FEATURE_NOLOGIN=y
-CONFIG_FEATURE_SECURETTY=y
-CONFIG_PASSWD=y
-CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
-CONFIG_CRYPTPW=y
-CONFIG_CHPASSWD=y
-CONFIG_SU=y
-CONFIG_FEATURE_SU_SYSLOG=y
-CONFIG_FEATURE_SU_CHECKS_SHELLS=y
-# CONFIG_SULOGIN is not set
-CONFIG_VLOCK=y
-
-#
-# Linux Ext2 FS Progs
-#
-CONFIG_CHATTR=y
-CONFIG_FSCK=y
-CONFIG_LSATTR=y
-CONFIG_TUNE2FS=y
-
-#
-# Linux Module Utilities
-#
-CONFIG_MODINFO=y
-CONFIG_MODPROBE_SMALL=y
-CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE=y
-CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED=y
-# CONFIG_INSMOD is not set
-# CONFIG_RMMOD is not set
-# CONFIG_LSMOD is not set
-# CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT is not set
-# CONFIG_MODPROBE is not set
-# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
-# CONFIG_DEPMOD is not set
-
-#
-# Options common to multiple modutils
-#
-# CONFIG_FEATURE_2_4_MODULES is not set
-CONFIG_FEATURE_INSMOD_TRY_MMAP=y
-# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
-# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
-# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
-# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
-# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
-# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set
-# CONFIG_FEATURE_MODUTILS_ALIAS is not set
-# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set
-CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
-CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
-
-#
-# Linux System Utilities
-#
-CONFIG_BLOCKDEV=y
-CONFIG_REV=y
-CONFIG_ACPID=y
-CONFIG_FEATURE_ACPID_COMPAT=y
-CONFIG_BLKID=y
-CONFIG_FEATURE_BLKID_TYPE=y
-CONFIG_DMESG=y
-CONFIG_FEATURE_DMESG_PRETTY=y
-CONFIG_FBSET=y
-CONFIG_FEATURE_FBSET_FANCY=y
-CONFIG_FEATURE_FBSET_READMODE=y
-CONFIG_FDFLUSH=y
-CONFIG_FDFORMAT=y
-CONFIG_FDISK=y
-# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set
-CONFIG_FEATURE_FDISK_WRITABLE=y
-CONFIG_FEATURE_AIX_LABEL=y
-CONFIG_FEATURE_SGI_LABEL=y
-CONFIG_FEATURE_SUN_LABEL=y
-CONFIG_FEATURE_OSF_LABEL=y
-CONFIG_FEATURE_GPT_LABEL=y
-CONFIG_FEATURE_FDISK_ADVANCED=y
-CONFIG_FINDFS=y
-CONFIG_FLOCK=y
-CONFIG_FREERAMDISK=y
-# CONFIG_FSCK_MINIX is not set
-CONFIG_MKFS_EXT2=y
-# CONFIG_MKFS_MINIX is not set
-# CONFIG_FEATURE_MINIX2 is not set
-CONFIG_MKFS_REISER=y
-CONFIG_MKFS_VFAT=y
-CONFIG_GETOPT=y
-CONFIG_FEATURE_GETOPT_LONG=y
-CONFIG_HEXDUMP=y
-CONFIG_FEATURE_HEXDUMP_REVERSE=y
-CONFIG_HD=y
-CONFIG_HWCLOCK=y
-CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
-CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
-CONFIG_IPCRM=y
-CONFIG_IPCS=y
-CONFIG_LOSETUP=y
-CONFIG_LSPCI=y
-CONFIG_LSUSB=y
-CONFIG_MDEV=y
-CONFIG_FEATURE_MDEV_CONF=y
-CONFIG_FEATURE_MDEV_RENAME=y
-CONFIG_FEATURE_MDEV_RENAME_REGEXP=y
-CONFIG_FEATURE_MDEV_EXEC=y
-CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y
-CONFIG_MKSWAP=y
-CONFIG_FEATURE_MKSWAP_UUID=y
-CONFIG_MORE=y
-CONFIG_MOUNT=y
-CONFIG_FEATURE_MOUNT_FAKE=y
-CONFIG_FEATURE_MOUNT_VERBOSE=y
-CONFIG_FEATURE_MOUNT_HELPERS=y
-CONFIG_FEATURE_MOUNT_LABEL=y
-# CONFIG_FEATURE_MOUNT_NFS is not set
-CONFIG_FEATURE_MOUNT_CIFS=y
-CONFIG_FEATURE_MOUNT_FLAGS=y
-CONFIG_FEATURE_MOUNT_FSTAB=y
-CONFIG_PIVOT_ROOT=y
-CONFIG_RDATE=y
-# CONFIG_RDEV is not set
-# CONFIG_READPROFILE is not set
-CONFIG_RTCWAKE=y
-CONFIG_SCRIPT=y
-CONFIG_SCRIPTREPLAY=y
-CONFIG_SETARCH=y
-CONFIG_SWAPONOFF=y
-CONFIG_FEATURE_SWAPON_PRI=y
-CONFIG_SWITCH_ROOT=y
-CONFIG_UMOUNT=y
-CONFIG_FEATURE_UMOUNT_ALL=y
-
-#
-# Common options for mount/umount
-#
-CONFIG_FEATURE_MOUNT_LOOP=y
-CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
-CONFIG_FEATURE_MTAB_SUPPORT=y
-CONFIG_VOLUMEID=y
-
-#
-# Filesystem/Volume identification
-#
-CONFIG_FEATURE_VOLUMEID_EXT=y
-CONFIG_FEATURE_VOLUMEID_BTRFS=y
-CONFIG_FEATURE_VOLUMEID_REISERFS=y
-CONFIG_FEATURE_VOLUMEID_FAT=y
-CONFIG_FEATURE_VOLUMEID_HFS=y
-CONFIG_FEATURE_VOLUMEID_JFS=y
-CONFIG_FEATURE_VOLUMEID_XFS=y
-CONFIG_FEATURE_VOLUMEID_NTFS=y
-CONFIG_FEATURE_VOLUMEID_ISO9660=y
-CONFIG_FEATURE_VOLUMEID_UDF=y
-CONFIG_FEATURE_VOLUMEID_LUKS=y
-CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y
-CONFIG_FEATURE_VOLUMEID_CRAMFS=y
-CONFIG_FEATURE_VOLUMEID_ROMFS=y
-CONFIG_FEATURE_VOLUMEID_SYSV=y
-CONFIG_FEATURE_VOLUMEID_OCFS2=y
-CONFIG_FEATURE_VOLUMEID_LINUXRAID=y
-
-#
-# Miscellaneous Utilities
-#
-CONFIG_CONSPY=y
-CONFIG_LESS=y
-CONFIG_FEATURE_LESS_MAXLINES=9999999
-CONFIG_FEATURE_LESS_BRACKETS=y
-CONFIG_FEATURE_LESS_FLAGS=y
-CONFIG_FEATURE_LESS_MARKS=y
-CONFIG_FEATURE_LESS_REGEXP=y
-CONFIG_FEATURE_LESS_WINCH=y
-CONFIG_FEATURE_LESS_ASK_TERMINAL=y
-CONFIG_FEATURE_LESS_DASHCMD=y
-CONFIG_FEATURE_LESS_LINENUMS=y
-CONFIG_NANDWRITE=y
-CONFIG_NANDDUMP=y
-CONFIG_SETSERIAL=y
-CONFIG_UBIATTACH=y
-CONFIG_UBIDETACH=y
-CONFIG_UBIMKVOL=y
-CONFIG_UBIRMVOL=y
-CONFIG_UBIRSVOL=y
-CONFIG_UBIUPDATEVOL=y
-CONFIG_ADJTIMEX=y
-CONFIG_BBCONFIG=y
-CONFIG_FEATURE_COMPRESS_BBCONFIG=y
-# CONFIG_BEEP is not set
-CONFIG_FEATURE_BEEP_FREQ=0
-CONFIG_FEATURE_BEEP_LENGTH_MS=0
-CONFIG_CHAT=y
-CONFIG_FEATURE_CHAT_NOFAIL=y
-CONFIG_FEATURE_CHAT_TTY_HIFI=y
-CONFIG_FEATURE_CHAT_IMPLICIT_CR=y
-CONFIG_FEATURE_CHAT_SWALLOW_OPTS=y
-CONFIG_FEATURE_CHAT_SEND_ESCAPES=y
-CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y
-CONFIG_FEATURE_CHAT_CLR_ABORT=y
-CONFIG_CHRT=y
-CONFIG_CROND=y
-CONFIG_FEATURE_CROND_D=y
-CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
-CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
-# CONFIG_CRONTAB is not set
-# CONFIG_DC is not set
-# CONFIG_FEATURE_DC_LIBM is not set
-# CONFIG_DEVFSD is not set
-# CONFIG_DEVFSD_MODLOAD is not set
-# CONFIG_DEVFSD_FG_NP is not set
-# CONFIG_DEVFSD_VERBOSE is not set
-# CONFIG_FEATURE_DEVFS is not set
-CONFIG_DEVMEM=y
-CONFIG_EJECT=y
-CONFIG_FEATURE_EJECT_SCSI=y
-# CONFIG_FBSPLASH is not set
-CONFIG_FLASHCP=y
-CONFIG_FLASH_LOCK=y
-CONFIG_FLASH_UNLOCK=y
-CONFIG_FLASH_ERASEALL=y
-CONFIG_IONICE=y
-# CONFIG_INOTIFYD is not set
-CONFIG_LAST=y
-# CONFIG_FEATURE_LAST_SMALL is not set
-CONFIG_FEATURE_LAST_FANCY=y
-CONFIG_HDPARM=y
-CONFIG_FEATURE_HDPARM_GET_IDENTITY=y
-CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y
-CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y
-CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y
-CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y
-CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y
-CONFIG_MAKEDEVS=y
-# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
-CONFIG_FEATURE_MAKEDEVS_TABLE=y
-CONFIG_MAN=y
-CONFIG_MICROCOM=y
-CONFIG_MOUNTPOINT=y
-CONFIG_MT=y
-CONFIG_RAIDAUTORUN=y
-CONFIG_READAHEAD=y
-# CONFIG_RFKILL is not set
-CONFIG_RUNLEVEL=y
-CONFIG_RX=y
-CONFIG_SETSID=y
-CONFIG_STRINGS=y
-# CONFIG_TASKSET is not set
-# CONFIG_FEATURE_TASKSET_FANCY is not set
-CONFIG_TIME=y
-CONFIG_TIMEOUT=y
-CONFIG_TTYSIZE=y
-CONFIG_VOLNAME=y
-CONFIG_WALL=y
-CONFIG_WATCHDOG=y
-
-#
-# Networking Utilities
-#
-CONFIG_NAMEIF=y
-CONFIG_FEATURE_NAMEIF_EXTENDED=y
-CONFIG_NBDCLIENT=y
-CONFIG_NC=y
-CONFIG_NC_SERVER=y
-CONFIG_NC_EXTRA=y
-CONFIG_NC_110_COMPAT=y
-CONFIG_PING=y
-CONFIG_PING6=y
-CONFIG_FEATURE_FANCY_PING=y
-CONFIG_WHOIS=y
-CONFIG_FEATURE_IPV6=y
-CONFIG_FEATURE_UNIX_LOCAL=y
-CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
-CONFIG_VERBOSE_RESOLUTION_ERRORS=y
-CONFIG_ARP=y
-CONFIG_ARPING=y
-CONFIG_BRCTL=y
-CONFIG_FEATURE_BRCTL_FANCY=y
-CONFIG_FEATURE_BRCTL_SHOW=y
-# CONFIG_DNSD is not set
-CONFIG_ETHER_WAKE=y
-# CONFIG_FAKEIDENTD is not set
-CONFIG_FTPD=y
-CONFIG_FEATURE_FTP_WRITE=y
-CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y
-# CONFIG_FTPGET is not set
-# CONFIG_FTPPUT is not set
-# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set
-CONFIG_HOSTNAME=y
-CONFIG_HTTPD=y
-CONFIG_FEATURE_HTTPD_RANGES=y
-CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
-CONFIG_FEATURE_HTTPD_SETUID=y
-CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
-CONFIG_FEATURE_HTTPD_AUTH_MD5=y
-CONFIG_FEATURE_HTTPD_CGI=y
-CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y
-CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y
-CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y
-CONFIG_FEATURE_HTTPD_ERROR_PAGES=y
-CONFIG_FEATURE_HTTPD_PROXY=y
-CONFIG_FEATURE_HTTPD_GZIP=y
-CONFIG_IFCONFIG=y
-CONFIG_FEATURE_IFCONFIG_STATUS=y
-CONFIG_FEATURE_IFCONFIG_SLIP=y
-CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y
-CONFIG_FEATURE_IFCONFIG_HW=y
-CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y
-CONFIG_IFENSLAVE=y
-CONFIG_IFPLUGD=y
-CONFIG_IFUPDOWN=y
-CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
-CONFIG_FEATURE_IFUPDOWN_IP=y
-CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
-# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
-CONFIG_FEATURE_IFUPDOWN_IPV4=y
-CONFIG_FEATURE_IFUPDOWN_IPV6=y
-CONFIG_FEATURE_IFUPDOWN_MAPPING=y
-CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
-# CONFIG_INETD is not set
-# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set
-# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set
-# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set
-# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set
-# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
-# CONFIG_FEATURE_INETD_RPC is not set
-CONFIG_IP=y
-CONFIG_FEATURE_IP_ADDRESS=y
-CONFIG_FEATURE_IP_LINK=y
-CONFIG_FEATURE_IP_ROUTE=y
-CONFIG_FEATURE_IP_TUNNEL=y
-CONFIG_FEATURE_IP_RULE=y
-CONFIG_FEATURE_IP_SHORT_FORMS=y
-CONFIG_FEATURE_IP_RARE_PROTOCOLS=y
-CONFIG_IPADDR=y
-CONFIG_IPLINK=y
-CONFIG_IPROUTE=y
-CONFIG_IPTUNNEL=y
-CONFIG_IPRULE=y
-# CONFIG_IPCALC is not set
-# CONFIG_FEATURE_IPCALC_FANCY is not set
-# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
-CONFIG_NETSTAT=y
-CONFIG_FEATURE_NETSTAT_WIDE=y
-CONFIG_FEATURE_NETSTAT_PRG=y
-CONFIG_NSLOOKUP=y
-CONFIG_NTPD=y
-CONFIG_FEATURE_NTPD_SERVER=y
-CONFIG_PSCAN=y
-CONFIG_ROUTE=y
-# CONFIG_SLATTACH is not set
-# CONFIG_TCPSVD is not set
-CONFIG_TELNET=y
-CONFIG_FEATURE_TELNET_TTYPE=y
-CONFIG_FEATURE_TELNET_AUTOLOGIN=y
-CONFIG_TELNETD=y
-CONFIG_FEATURE_TELNETD_STANDALONE=y
-CONFIG_FEATURE_TELNETD_INETD_WAIT=y
-CONFIG_TFTP=y
-CONFIG_TFTPD=y
-
-#
-# Common options for tftp/tftpd
-#
-CONFIG_FEATURE_TFTP_GET=y
-CONFIG_FEATURE_TFTP_PUT=y
-CONFIG_FEATURE_TFTP_BLOCKSIZE=y
-CONFIG_FEATURE_TFTP_PROGRESS_BAR=y
-CONFIG_TFTP_DEBUG=y
-CONFIG_TRACEROUTE=y
-CONFIG_TRACEROUTE6=y
-CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
-CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y
-CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y
-CONFIG_TUNCTL=y
-CONFIG_FEATURE_TUNCTL_UG=y
-CONFIG_UDHCPD=y
-CONFIG_DHCPRELAY=y
-CONFIG_DUMPLEASES=y
-CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y
-CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC=y
-CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
-CONFIG_UDHCPC=y
-CONFIG_FEATURE_UDHCPC_ARPING=y
-CONFIG_FEATURE_UDHCP_PORT=y
-CONFIG_UDHCP_DEBUG=9
-CONFIG_FEATURE_UDHCP_RFC3397=y
-CONFIG_FEATURE_UDHCP_8021Q=y
-CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
-CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
-CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
-# CONFIG_UDPSVD is not set
-CONFIG_VCONFIG=y
-CONFIG_WGET=y
-CONFIG_FEATURE_WGET_STATUSBAR=y
-CONFIG_FEATURE_WGET_AUTHENTICATION=y
-CONFIG_FEATURE_WGET_LONG_OPTIONS=y
-CONFIG_FEATURE_WGET_TIMEOUT=y
-CONFIG_ZCIP=y
-
-#
-# Print Utilities
-#
-# CONFIG_LPD is not set
-CONFIG_LPR=y
-CONFIG_LPQ=y
-
-#
-# Mail Utilities
-#
-# CONFIG_MAKEMIME is not set
-CONFIG_FEATURE_MIME_CHARSET="us-ascii"
-CONFIG_POPMAILDIR=y
-CONFIG_FEATURE_POPMAILDIR_DELIVERY=y
-# CONFIG_REFORMIME is not set
-# CONFIG_FEATURE_REFORMIME_COMPAT is not set
-CONFIG_SENDMAIL=y
-
-#
-# Process Utilities
-#
-CONFIG_IOSTAT=y
-CONFIG_MPSTAT=y
-CONFIG_NMETER=y
-CONFIG_PMAP=y
-CONFIG_POWERTOP=y
-CONFIG_PSTREE=y
-CONFIG_PWDX=y
-# CONFIG_SMEMCAP is not set
-CONFIG_UPTIME=y
-CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y
-CONFIG_FREE=y
-CONFIG_FUSER=y
-CONFIG_KILL=y
-CONFIG_KILLALL=y
-CONFIG_KILLALL5=y
-CONFIG_PGREP=y
-CONFIG_PIDOF=y
-CONFIG_FEATURE_PIDOF_SINGLE=y
-CONFIG_FEATURE_PIDOF_OMIT=y
-CONFIG_PKILL=y
-CONFIG_PS=y
-CONFIG_FEATURE_PS_WIDE=y
-CONFIG_FEATURE_PS_TIME=y
-CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y
-CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS=y
-CONFIG_RENICE=y
-CONFIG_BB_SYSCTL=y
-CONFIG_TOP=y
-CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
-CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
-CONFIG_FEATURE_TOP_SMP_CPU=y
-CONFIG_FEATURE_TOP_DECIMALS=y
-CONFIG_FEATURE_TOP_SMP_PROCESS=y
-CONFIG_FEATURE_TOPMEM=y
-CONFIG_FEATURE_SHOW_THREADS=y
-CONFIG_WATCH=y
-
-#
-# Runit Utilities
-#
-# CONFIG_RUNSV is not set
-# CONFIG_RUNSVDIR is not set
-# CONFIG_FEATURE_RUNSVDIR_LOG is not set
-# CONFIG_SV is not set
-CONFIG_SV_DEFAULT_SERVICE_DIR=""
-# CONFIG_SVLOGD is not set
-CONFIG_CHPST=y
-CONFIG_SETUIDGID=y
-CONFIG_ENVUIDGID=y
-CONFIG_ENVDIR=y
-CONFIG_SOFTLIMIT=y
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
-# CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
-# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
-
-#
-# Shells
-#
-CONFIG_ASH=y
-CONFIG_ASH_BASH_COMPAT=y
-# CONFIG_ASH_IDLE_TIMEOUT is not set
-CONFIG_ASH_JOB_CONTROL=y
-CONFIG_ASH_ALIAS=y
-CONFIG_ASH_GETOPTS=y
-CONFIG_ASH_BUILTIN_ECHO=y
-CONFIG_ASH_BUILTIN_PRINTF=y
-CONFIG_ASH_BUILTIN_TEST=y
-CONFIG_ASH_CMDCMD=y
-# CONFIG_ASH_MAIL is not set
-CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
-CONFIG_ASH_RANDOM_SUPPORT=y
-CONFIG_ASH_EXPAND_PRMT=y
-CONFIG_CTTYHACK=y
-# CONFIG_HUSH is not set
-# CONFIG_HUSH_BASH_COMPAT is not set
-# CONFIG_HUSH_BRACE_EXPANSION is not set
-# CONFIG_HUSH_HELP is not set
-# CONFIG_HUSH_INTERACTIVE is not set
-# CONFIG_HUSH_SAVEHISTORY is not set
-# CONFIG_HUSH_JOB is not set
-# CONFIG_HUSH_TICK is not set
-# CONFIG_HUSH_IF is not set
-# CONFIG_HUSH_LOOPS is not set
-# CONFIG_HUSH_CASE is not set
-# CONFIG_HUSH_FUNCTIONS is not set
-# CONFIG_HUSH_LOCAL is not set
-# CONFIG_HUSH_RANDOM_SUPPORT is not set
-# CONFIG_HUSH_EXPORT_N is not set
-# CONFIG_HUSH_MODE_X is not set
-# CONFIG_MSH is not set
-CONFIG_FEATURE_SH_IS_ASH=y
-# CONFIG_FEATURE_SH_IS_HUSH is not set
-# CONFIG_FEATURE_SH_IS_NONE is not set
-# CONFIG_FEATURE_BASH_IS_ASH is not set
-# CONFIG_FEATURE_BASH_IS_HUSH is not set
-CONFIG_FEATURE_BASH_IS_NONE=y
-CONFIG_SH_MATH_SUPPORT=y
-CONFIG_SH_MATH_SUPPORT_64=y
-CONFIG_FEATURE_SH_EXTRA_QUIET=y
-CONFIG_FEATURE_SH_STANDALONE=y
-CONFIG_FEATURE_SH_NOFORK=y
-CONFIG_FEATURE_SH_HISTFILESIZE=y
-
-#
-# System Logging Utilities
-#
-CONFIG_SYSLOGD=y
-CONFIG_FEATURE_ROTATE_LOGFILE=y
-CONFIG_FEATURE_REMOTE_LOG=y
-CONFIG_FEATURE_SYSLOGD_DUP=y
-CONFIG_FEATURE_SYSLOGD_CFG=y
-CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256
-CONFIG_FEATURE_IPC_SYSLOG=y
-CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16
-CONFIG_LOGREAD=y
-CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y
-CONFIG_KLOGD=y
-CONFIG_FEATURE_KLOGD_KLOGCTL=y
-CONFIG_LOGGER=y
#
# Automatically generated make config: don't edit
# Busybox version: 1.19.3
-# Mon Jan 23 18:45:14 2012
+# Wed May 30 23:05:27 2012
#
CONFIG_HAVE_DOT_CONFIG=y
projects / config / uhu1 / etc.git / commitdiff