From: frank Date: Thu, 31 May 2012 08:36:30 +0000 (+0200) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=58d5f8e015b674561227ebe1fe2cc25ed7617b48;p=config%2Fuhu1%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index cdd2316..6745599 100755 --- a/.etckeeper +++ b/.etckeeper @@ -297,6 +297,8 @@ maybe chmod 0755 './config-archive/etc/init.d/staticroute.dist' maybe chmod 0755 './config-archive/etc/init.d/sysfs' maybe chmod 0755 './config-archive/etc/init.d/sysfs.1' maybe chmod 0755 './config-archive/etc/init.d/sysfs.dist' +maybe chmod 0755 './config-archive/etc/init.d/sysstat' +maybe chmod 0755 './config-archive/etc/init.d/sysstat.dist' maybe chmod 0755 './config-archive/etc/init.d/termencoding' maybe chmod 0755 './config-archive/etc/init.d/termencoding.dist' maybe chmod 0755 './config-archive/etc/init.d/udev' @@ -307,6 +309,9 @@ maybe chmod 0755 './config-archive/etc/init.d/udev-postmount.dist' maybe chmod 0755 './config-archive/etc/init.d/udev.dist' maybe chmod 0755 './config-archive/etc/init.d/urandom' maybe chmod 0755 './config-archive/etc/init.d/urandom.dist' +maybe chmod 0755 './config-archive/etc/layman' +maybe chmod 0644 './config-archive/etc/layman/layman.cfg' +maybe chmod 0644 './config-archive/etc/layman/layman.cfg.dist' maybe chmod 0440 './config-archive/etc/ldap.conf.sudo' maybe chmod 0440 './config-archive/etc/ldap.conf.sudo.dist' maybe chmod 0755 './config-archive/etc/lvm' @@ -445,6 +450,7 @@ maybe chmod 0755 './config-archive/etc/portage' maybe chmod 0755 './config-archive/etc/portage/savedconfig' maybe chmod 0755 './config-archive/etc/portage/savedconfig/sys-apps' maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1' +maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.1' maybe chmod 0644 './config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist' maybe chmod 0755 './config-archive/etc/postfix' maybe chmod 0644 './config-archive/etc/postfix/main.cf' @@ -473,6 +479,50 @@ maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf' maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.dist.new' maybe chmod 0644 './config-archive/etc/sysstat' maybe chmod 0644 './config-archive/etc/sysstat.dist' +maybe chmod 0755 './config-archive/usr' +maybe chmod 0755 './config-archive/usr/share' +maybe chmod 0755 './config-archive/usr/share/openvpn' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req.dist' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist' +maybe chmod 0755 './config-archive/var' +maybe chmod 0755 './config-archive/var/bind' +maybe chmod 0640 './config-archive/var/bind/named.cache' +maybe chmod 0640 './config-archive/var/bind/named.cache.dist' maybe chown mail './courier' maybe chgrp mail './courier' maybe chmod 0755 './courier' @@ -756,7 +806,6 @@ maybe chmod 0644 './idn.conf.sample' maybe chmod 0644 './idnalias.conf' maybe chmod 0644 './idnalias.conf.sample' maybe chmod 0755 './init.d' -maybe chmod 0755 './init.d/._cfg0000_sysstat' maybe chmod 0755 './init.d/acpid' maybe chmod 0755 './init.d/amavisd' maybe chmod 0755 './init.d/apache2' @@ -888,7 +937,6 @@ maybe chmod 0755 './kernel/postinst.d' maybe chmod 0644 './kernel/postinst.d/.keep_sys-apps_debianutils-0' maybe chmod 0644 './krb5.conf.example' maybe chmod 0755 './layman' -maybe chmod 0644 './layman/._cfg0000_layman.cfg' maybe chmod 0644 './layman/layman.cfg' maybe chmod 0644 './ld.so.cache' maybe chmod 0644 './ld.so.conf' @@ -1195,7 +1243,6 @@ maybe chmod 0755 './portage/postsync.d' maybe chmod 0644 './portage/postsync.d/q-reinitialize' maybe chmod 0755 './portage/savedconfig' maybe chmod 0755 './portage/savedconfig/sys-apps' -maybe chmod 0644 './portage/savedconfig/sys-apps/._cfg0000_busybox-1.19.3-r1' maybe chmod 0644 './portage/savedconfig/sys-apps/busybox-1.19.3-r1' maybe chmod 0755 './postfix' maybe chmod 0644 './postfix/.gitignore' diff --git a/config-archive/etc/init.d/sysstat b/config-archive/etc/init.d/sysstat new file mode 100755 index 0000000..885782a --- /dev/null +++ b/config-archive/etc/init.d/sysstat @@ -0,0 +1,19 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ + +depend() { + use hostname +} + +start() { + ebegin "Writing a dummy startup record using sadc (see sadc(8))..." + /usr/lib/sa/sadc -F -L - + eend $? +} + +stop() { + ebegin "Cannot stop writing a dummy startup record (see sadc(8))..." + eend $? +} diff --git a/config-archive/etc/init.d/sysstat.dist b/config-archive/etc/init.d/sysstat.dist new file mode 100755 index 0000000..7875fcd --- /dev/null +++ b/config-archive/etc/init.d/sysstat.dist @@ -0,0 +1,19 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $ + +depend() { + use hostname +} + +start() { + ebegin "Writing a dummy startup record using sadc (see sadc(8))..." + /usr/lib/sa/sa1 --boot + eend $? +} + +stop() { + ebegin "Cannot stop writing a dummy startup record (see sadc(8))..." + eend $? +} diff --git a/config-archive/etc/layman/layman.cfg b/config-archive/etc/layman/layman.cfg new file mode 100644 index 0000000..b45c6f0 --- /dev/null +++ b/config-archive/etc/layman/layman.cfg @@ -0,0 +1,81 @@ +[MAIN] + +#----------------------------------------------------------- +# Defines the directory where overlays should be installed + +storage : /var/lib/layman + +#----------------------------------------------------------- +# Remote overlay lists will be stored here +# layman will append _md5(url).xml to each filename + +cache : %(storage)s/cache + +#----------------------------------------------------------- +# The list of locally installed overlays + +local_list: %(storage)s/overlays.xml + +#----------------------------------------------------------- +# Path to the make.conf file that should be modified by +# layman + +make_conf : %(storage)s/make.conf + +#----------------------------------------------------------- +# URLs of the remote lists of overlays (one per line) or +# local overlay definitions +# +#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml +# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml +# http://mydomain.org/my-layman-list.xml +# file:///var/lib/layman/my-list.xml + +overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml + +#----------------------------------------------------------- +# Proxy support +# If unset, layman will use the http_proxy environment variable. +# +#proxy : http://[user:pass@]www.my-proxy.org:3128 + +#----------------------------------------------------------- +# Strict checking of overlay definitions +# +# Set either to "yes" or "no". If "no" layman will issue +# warnings if an overlay definition is missing either +# description or contact information. +# +nocheck : yes + +#----------------------------------------------------------- +# Umask settings +# +# layman should usually work with a umask of 0022. You should +# only change this setting if you are absolutely certain that +# you know what you are doing. +# +#umask : 0022 + +#----------------------------------------------------------- +# Command overrides +# +# You can have commands point to either a binary at a different +# location, e.g. +# +# /home/you/local/bin/git +# +# or just the command, e.g. +# +# git +# +# to use PATH-based resolution of the binary to call. +# +#bzr_command : /usr/bin/bzr +#cvs_command : /usr/bin/cvs +#darcs_command : /usr/bin/darcs +#git_command : /usr/bin/git +#mercurial_command : /usr/bin/hg +#rsync_command : /usr/bin/rsync +#svn_command : /usr/bin/svn +#tar_command : /bin/tar diff --git a/config-archive/etc/layman/layman.cfg.dist b/config-archive/etc/layman/layman.cfg.dist new file mode 100644 index 0000000..ea68e66 --- /dev/null +++ b/config-archive/etc/layman/layman.cfg.dist @@ -0,0 +1,89 @@ +[MAIN] + +#----------------------------------------------------------- +# Defines the directory where overlays should be installed + +storage : /var/lib/layman + +#----------------------------------------------------------- +# Remote overlay lists will be stored here +# layman will append _md5(url).xml to each filename + +cache : %(storage)s/cache + +#----------------------------------------------------------- +# The list of locally installed overlays + +local_list: %(storage)s/overlays.xml + +#----------------------------------------------------------- +# Path to the make.conf file that should be modified by +# layman + +make_conf : %(storage)s/make.conf + +#----------------------------------------------------------- +# URLs of the remote lists of overlays (one per line) or +# local overlay definitions +# +#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml +# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml +# http://mydomain.org/my-layman-list.xml +# file:///var/lib/layman/my-list.xml + +overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml + +#----------------------------------------------------------- +# Proxy support +# If unset, layman will use the http_proxy environment variable. +# +#proxy : http://[user:pass@]www.my-proxy.org:3128 + +#----------------------------------------------------------- +# Strict checking of overlay definitions +# +# The nocheck option is a bit confusing, for historical reasons. +# Hopefully this description eases the double negation trouble: +# +# nocheck : yes +# - Accepts completene overlay entries without warnings +# - Lists overlays of type foo (say Git) even with no foo installed +# +# nocheck : no +# - Checks overlay entries for missing description or contact +# information and issue warnings as needed +# - Hides overlays of type foo (say Git) if foo not not installed +# +nocheck : yes + +#----------------------------------------------------------- +# Umask settings +# +# layman should usually work with a umask of 0022. You should +# only change this setting if you are absolutely certain that +# you know what you are doing. +# +#umask : 0022 + +#----------------------------------------------------------- +# Command overrides +# +# You can have commands point to either a binary at a different +# location, e.g. +# +# /home/you/local/bin/git +# +# or just the command, e.g. +# +# git +# +# to use PATH-based resolution of the binary to call. +# +#bzr_command : /usr/bin/bzr +#cvs_command : /usr/bin/cvs +#darcs_command : /usr/bin/darcs +#git_command : /usr/bin/git +#mercurial_command : /usr/bin/hg +#rsync_command : /usr/bin/rsync +#svn_command : /usr/bin/svn +#tar_command : /bin/tar diff --git a/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1 b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1 index b27979a..bd3a7fb 100644 --- a/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1 +++ b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.19.3 -# Thu Jan 19 11:25:42 2012 +# Mon Jan 23 18:45:14 2012 # CONFIG_HAVE_DOT_CONFIG=y diff --git a/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.1 b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.1 new file mode 100644 index 0000000..b27979a --- /dev/null +++ b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.1 @@ -0,0 +1,1013 @@ +# +# Automatically generated make config: don't edit +# Busybox version: 1.19.3 +# Thu Jan 19 11:25:42 2012 +# +CONFIG_HAVE_DOT_CONFIG=y + +# +# Busybox Settings +# + +# +# General Configuration +# +CONFIG_DESKTOP=y +CONFIG_EXTRA_COMPAT=y +CONFIG_INCLUDE_SUSv2=y +CONFIG_USE_PORTABLE_CODE=y +CONFIG_PLATFORM_LINUX=y +CONFIG_FEATURE_BUFFERS_USE_MALLOC=y +# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set +# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set +CONFIG_SHOW_USAGE=y +CONFIG_FEATURE_VERBOSE_USAGE=y +CONFIG_FEATURE_COMPRESS_USAGE=y +CONFIG_FEATURE_INSTALLER=y +CONFIG_INSTALL_NO_USR=y +# CONFIG_LOCALE_SUPPORT is not set +CONFIG_UNICODE_SUPPORT=y +# CONFIG_UNICODE_USING_LOCALE is not set +# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set +CONFIG_SUBST_WCHAR=63 +CONFIG_LAST_SUPPORTED_WCHAR=767 +CONFIG_UNICODE_COMBINING_WCHARS=y +CONFIG_UNICODE_WIDE_WCHARS=y +# CONFIG_UNICODE_BIDI_SUPPORT is not set +# CONFIG_UNICODE_NEUTRAL_TABLE is not set +CONFIG_UNICODE_PRESERVE_BROKEN=y +CONFIG_LONG_OPTS=y +CONFIG_FEATURE_DEVPTS=y +CONFIG_FEATURE_CLEAN_UP=y +CONFIG_FEATURE_UTMP=y +CONFIG_FEATURE_WTMP=y +CONFIG_FEATURE_PIDFILE=y +CONFIG_FEATURE_SUID=y +# CONFIG_FEATURE_SUID_CONFIG is not set +# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set +# CONFIG_SELINUX is not set +CONFIG_FEATURE_PREFER_APPLETS=y +CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" +CONFIG_FEATURE_SYSLOG=y +# CONFIG_FEATURE_HAVE_RPC is not set + +# +# Build Options +# +# CONFIG_STATIC is not set +# CONFIG_PIE is not set +# CONFIG_NOMMU is not set +# CONFIG_BUILD_LIBBUSYBOX is not set +# CONFIG_FEATURE_INDIVIDUAL is not set +# CONFIG_FEATURE_SHARED_BUSYBOX is not set +CONFIG_LFS=y +CONFIG_CROSS_COMPILER_PREFIX="" +CONFIG_EXTRA_CFLAGS="" + +# +# Debugging Options +# +# CONFIG_DEBUG is not set +# CONFIG_DEBUG_PESSIMIZE is not set +CONFIG_WERROR=y +CONFIG_NO_DEBUG_LIB=y +# CONFIG_DMALLOC is not set +# CONFIG_EFENCE is not set + +# +# Installation Options ("make install" behavior) +# +CONFIG_INSTALL_APPLET_SYMLINKS=y +# CONFIG_INSTALL_APPLET_HARDLINKS is not set +# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set +# CONFIG_INSTALL_APPLET_DONT is not set +# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set +# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set +# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set +CONFIG_PREFIX="./_install" + +# +# Busybox Library Tuning +# +CONFIG_FEATURE_SYSTEMD=y +CONFIG_FEATURE_RTMINMAX=y +CONFIG_PASSWORD_MINLEN=6 +CONFIG_MD5_SIZE_VS_SPEED=2 +CONFIG_FEATURE_FAST_TOP=y +CONFIG_FEATURE_ETC_NETWORKS=y +CONFIG_FEATURE_USE_TERMIOS=y +CONFIG_FEATURE_EDITING=y +CONFIG_FEATURE_EDITING_MAX_LEN=1024 +CONFIG_FEATURE_EDITING_VI=y +CONFIG_FEATURE_EDITING_HISTORY=255 +CONFIG_FEATURE_EDITING_SAVEHISTORY=y +CONFIG_FEATURE_REVERSE_SEARCH=y +CONFIG_FEATURE_TAB_COMPLETION=y +CONFIG_FEATURE_USERNAME_COMPLETION=y +CONFIG_FEATURE_EDITING_FANCY_PROMPT=y +CONFIG_FEATURE_EDITING_ASK_TERMINAL=y +CONFIG_FEATURE_NON_POSIX_CP=y +CONFIG_FEATURE_VERBOSE_CP_MESSAGE=y +CONFIG_FEATURE_COPYBUF_KB=4 +CONFIG_FEATURE_SKIP_ROOTFS=y +# CONFIG_MONOTONIC_SYSCALL is not set +CONFIG_IOCTL_HEX2STR_ERROR=y +CONFIG_FEATURE_HWIB=y + +# +# Applets +# + +# +# Archival Utilities +# +CONFIG_FEATURE_SEAMLESS_XZ=y +CONFIG_FEATURE_SEAMLESS_LZMA=y +CONFIG_FEATURE_SEAMLESS_BZ2=y +CONFIG_FEATURE_SEAMLESS_GZ=y +CONFIG_FEATURE_SEAMLESS_Z=y +CONFIG_AR=y +CONFIG_FEATURE_AR_LONG_FILENAMES=y +CONFIG_FEATURE_AR_CREATE=y +CONFIG_BUNZIP2=y +CONFIG_BZIP2=y +CONFIG_CPIO=y +CONFIG_FEATURE_CPIO_O=y +CONFIG_FEATURE_CPIO_P=y +# CONFIG_DPKG is not set +# CONFIG_DPKG_DEB is not set +# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set +CONFIG_GUNZIP=y +CONFIG_GZIP=y +CONFIG_FEATURE_GZIP_LONG_OPTIONS=y +CONFIG_LZOP=y +CONFIG_LZOP_COMPR_HIGH=y +# CONFIG_RPM2CPIO is not set +# CONFIG_RPM is not set +CONFIG_TAR=y +CONFIG_FEATURE_TAR_CREATE=y +CONFIG_FEATURE_TAR_AUTODETECT=y +CONFIG_FEATURE_TAR_FROM=y +CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y +CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y +CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y +CONFIG_FEATURE_TAR_LONG_OPTIONS=y +CONFIG_FEATURE_TAR_TO_COMMAND=y +CONFIG_FEATURE_TAR_UNAME_GNAME=y +CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y +# CONFIG_FEATURE_TAR_SELINUX is not set +CONFIG_UNCOMPRESS=y +CONFIG_UNLZMA=y +CONFIG_FEATURE_LZMA_FAST=y +CONFIG_LZMA=y +CONFIG_UNXZ=y +CONFIG_XZ=y +CONFIG_UNZIP=y + +# +# Coreutils +# +CONFIG_BASENAME=y +CONFIG_CAT=y +CONFIG_DATE=y +CONFIG_FEATURE_DATE_ISOFMT=y +CONFIG_FEATURE_DATE_NANO=y +CONFIG_FEATURE_DATE_COMPAT=y +CONFIG_ID=y +CONFIG_GROUPS=y +CONFIG_TEST=y +CONFIG_FEATURE_TEST_64=y +CONFIG_TOUCH=y +CONFIG_TR=y +CONFIG_FEATURE_TR_CLASSES=y +CONFIG_FEATURE_TR_EQUIV=y +CONFIG_BASE64=y +CONFIG_WHO=y +CONFIG_USERS=y +CONFIG_CAL=y +CONFIG_CATV=y +CONFIG_CHGRP=y +CONFIG_CHMOD=y +CONFIG_CHOWN=y +CONFIG_FEATURE_CHOWN_LONG_OPTIONS=y +CONFIG_CHROOT=y +CONFIG_CKSUM=y +CONFIG_COMM=y +CONFIG_CP=y +CONFIG_FEATURE_CP_LONG_OPTIONS=y +CONFIG_CUT=y +CONFIG_DD=y +CONFIG_FEATURE_DD_SIGNAL_HANDLING=y +CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y +CONFIG_FEATURE_DD_IBS_OBS=y +CONFIG_DF=y +CONFIG_FEATURE_DF_FANCY=y +CONFIG_DIRNAME=y +CONFIG_DOS2UNIX=y +CONFIG_UNIX2DOS=y +CONFIG_DU=y +CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y +CONFIG_ECHO=y +CONFIG_FEATURE_FANCY_ECHO=y +CONFIG_ENV=y +CONFIG_FEATURE_ENV_LONG_OPTIONS=y +CONFIG_EXPAND=y +CONFIG_FEATURE_EXPAND_LONG_OPTIONS=y +CONFIG_EXPR=y +CONFIG_EXPR_MATH_SUPPORT_64=y +CONFIG_FALSE=y +# CONFIG_FOLD is not set +CONFIG_FSYNC=y +CONFIG_HEAD=y +CONFIG_FEATURE_FANCY_HEAD=y +# CONFIG_HOSTID is not set +CONFIG_INSTALL=y +CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y +CONFIG_LN=y +# CONFIG_LOGNAME is not set +CONFIG_LS=y +CONFIG_FEATURE_LS_FILETYPES=y +CONFIG_FEATURE_LS_FOLLOWLINKS=y +CONFIG_FEATURE_LS_RECURSIVE=y +CONFIG_FEATURE_LS_SORTFILES=y +CONFIG_FEATURE_LS_TIMESTAMPS=y +CONFIG_FEATURE_LS_USERNAME=y +CONFIG_FEATURE_LS_COLOR=y +CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y +CONFIG_MD5SUM=y +CONFIG_MKDIR=y +CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y +CONFIG_MKFIFO=y +CONFIG_MKNOD=y +CONFIG_MV=y +CONFIG_FEATURE_MV_LONG_OPTIONS=y +CONFIG_NICE=y +CONFIG_NOHUP=y +# CONFIG_OD is not set +CONFIG_PRINTENV=y +CONFIG_PRINTF=y +CONFIG_PWD=y +CONFIG_READLINK=y +CONFIG_FEATURE_READLINK_FOLLOW=y +CONFIG_REALPATH=y +CONFIG_RM=y +CONFIG_RMDIR=y +CONFIG_FEATURE_RMDIR_LONG_OPTIONS=y +CONFIG_SEQ=y +CONFIG_SHA1SUM=y +CONFIG_SHA256SUM=y +CONFIG_SHA512SUM=y +CONFIG_SLEEP=y +CONFIG_FEATURE_FANCY_SLEEP=y +CONFIG_FEATURE_FLOAT_SLEEP=y +CONFIG_SORT=y +CONFIG_FEATURE_SORT_BIG=y +CONFIG_SPLIT=y +CONFIG_FEATURE_SPLIT_FANCY=y +CONFIG_STAT=y +CONFIG_FEATURE_STAT_FORMAT=y +CONFIG_STTY=y +CONFIG_SUM=y +CONFIG_SYNC=y +CONFIG_TAC=y +CONFIG_TAIL=y +CONFIG_FEATURE_FANCY_TAIL=y +CONFIG_TEE=y +CONFIG_FEATURE_TEE_USE_BLOCK_IO=y +CONFIG_TRUE=y +CONFIG_TTY=y +CONFIG_UNAME=y +CONFIG_UNEXPAND=y +CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS=y +CONFIG_UNIQ=y +CONFIG_USLEEP=y +# CONFIG_UUDECODE is not set +# CONFIG_UUENCODE is not set +CONFIG_WC=y +CONFIG_FEATURE_WC_LARGE=y +CONFIG_WHOAMI=y +CONFIG_YES=y + +# +# Common options for cp and mv +# +CONFIG_FEATURE_PRESERVE_HARDLINKS=y + +# +# Common options for ls, more and telnet +# +CONFIG_FEATURE_AUTOWIDTH=y + +# +# Common options for df, du, ls +# +CONFIG_FEATURE_HUMAN_READABLE=y + +# +# Common options for md5sum, sha1sum, sha256sum, sha512sum +# +CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y + +# +# Console Utilities +# +CONFIG_CHVT=y +CONFIG_FGCONSOLE=y +CONFIG_CLEAR=y +CONFIG_DEALLOCVT=y +CONFIG_DUMPKMAP=y +CONFIG_KBD_MODE=y +CONFIG_LOADFONT=y +CONFIG_LOADKMAP=y +CONFIG_OPENVT=y +CONFIG_RESET=y +CONFIG_RESIZE=y +CONFIG_FEATURE_RESIZE_PRINT=y +CONFIG_SETCONSOLE=y +CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y +CONFIG_SETFONT=y +CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y +CONFIG_DEFAULT_SETFONT_DIR="" +CONFIG_SETKEYCODES=y +CONFIG_SETLOGCONS=y +CONFIG_SHOWKEY=y + +# +# Common options for loadfont and setfont +# +CONFIG_FEATURE_LOADFONT_PSF2=y +CONFIG_FEATURE_LOADFONT_RAW=y + +# +# Debian Utilities +# +CONFIG_MKTEMP=y +CONFIG_PIPE_PROGRESS=y +# CONFIG_RUN_PARTS is not set +# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set +# CONFIG_FEATURE_RUN_PARTS_FANCY is not set +CONFIG_START_STOP_DAEMON=y +CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y +CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y +CONFIG_WHICH=y + +# +# Editors +# +CONFIG_PATCH=y +CONFIG_VI=y +CONFIG_FEATURE_VI_MAX_LEN=4096 +CONFIG_FEATURE_VI_8BIT=y +CONFIG_FEATURE_VI_COLON=y +CONFIG_FEATURE_VI_YANKMARK=y +CONFIG_FEATURE_VI_SEARCH=y +CONFIG_FEATURE_VI_REGEX_SEARCH=y +CONFIG_FEATURE_VI_USE_SIGNALS=y +CONFIG_FEATURE_VI_DOT_CMD=y +CONFIG_FEATURE_VI_READONLY=y +CONFIG_FEATURE_VI_SETOPTS=y +CONFIG_FEATURE_VI_SET=y +CONFIG_FEATURE_VI_WIN_RESIZE=y +CONFIG_FEATURE_VI_ASK_TERMINAL=y +CONFIG_FEATURE_VI_OPTIMIZE_CURSOR=y +CONFIG_AWK=y +CONFIG_FEATURE_AWK_LIBM=y +CONFIG_CMP=y +CONFIG_DIFF=y +CONFIG_FEATURE_DIFF_LONG_OPTIONS=y +CONFIG_FEATURE_DIFF_DIR=y +CONFIG_ED=y +CONFIG_SED=y +CONFIG_FEATURE_ALLOW_EXEC=y + +# +# Finding Utilities +# +CONFIG_FIND=y +CONFIG_FEATURE_FIND_PRINT0=y +CONFIG_FEATURE_FIND_MTIME=y +CONFIG_FEATURE_FIND_MMIN=y +CONFIG_FEATURE_FIND_PERM=y +CONFIG_FEATURE_FIND_TYPE=y +CONFIG_FEATURE_FIND_XDEV=y +CONFIG_FEATURE_FIND_MAXDEPTH=y +CONFIG_FEATURE_FIND_NEWER=y +CONFIG_FEATURE_FIND_INUM=y +CONFIG_FEATURE_FIND_EXEC=y +CONFIG_FEATURE_FIND_USER=y +CONFIG_FEATURE_FIND_GROUP=y +CONFIG_FEATURE_FIND_NOT=y +CONFIG_FEATURE_FIND_DEPTH=y +CONFIG_FEATURE_FIND_PAREN=y +CONFIG_FEATURE_FIND_SIZE=y +CONFIG_FEATURE_FIND_PRUNE=y +CONFIG_FEATURE_FIND_DELETE=y +CONFIG_FEATURE_FIND_PATH=y +CONFIG_FEATURE_FIND_REGEX=y +# CONFIG_FEATURE_FIND_CONTEXT is not set +CONFIG_FEATURE_FIND_LINKS=y +CONFIG_GREP=y +CONFIG_FEATURE_GREP_EGREP_ALIAS=y +CONFIG_FEATURE_GREP_FGREP_ALIAS=y +CONFIG_FEATURE_GREP_CONTEXT=y +CONFIG_XARGS=y +CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y +CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y +CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y +CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y + +# +# Init Utilities +# +# CONFIG_BOOTCHARTD is not set +# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set +# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set +CONFIG_HALT=y +# CONFIG_FEATURE_CALL_TELINIT is not set +CONFIG_TELINIT_PATH="" +CONFIG_INIT=y +CONFIG_FEATURE_USE_INITTAB=y +CONFIG_FEATURE_KILL_REMOVED=y +CONFIG_FEATURE_KILL_DELAY=0 +CONFIG_FEATURE_INIT_SCTTY=y +CONFIG_FEATURE_INIT_SYSLOG=y +CONFIG_FEATURE_EXTRA_QUIET=y +CONFIG_FEATURE_INIT_COREDUMPS=y +CONFIG_FEATURE_INITRD=y +CONFIG_INIT_TERMINAL_TYPE="linux" +CONFIG_MESG=y +CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y + +# +# Login/Password Management Utilities +# +# CONFIG_ADD_SHELL is not set +# CONFIG_REMOVE_SHELL is not set +CONFIG_FEATURE_SHADOWPASSWDS=y +CONFIG_USE_BB_PWD_GRP=y +CONFIG_USE_BB_SHADOW=y +CONFIG_USE_BB_CRYPT=y +CONFIG_USE_BB_CRYPT_SHA=y +CONFIG_ADDUSER=y +CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y +CONFIG_FEATURE_CHECK_NAMES=y +CONFIG_FIRST_SYSTEM_ID=100 +CONFIG_LAST_SYSTEM_ID=999 +CONFIG_ADDGROUP=y +CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y +CONFIG_FEATURE_ADDUSER_TO_GROUP=y +CONFIG_DELUSER=y +CONFIG_DELGROUP=y +CONFIG_FEATURE_DEL_USER_FROM_GROUP=y +CONFIG_GETTY=y +CONFIG_LOGIN=y +CONFIG_PAM=y +CONFIG_LOGIN_SCRIPTS=y +CONFIG_FEATURE_NOLOGIN=y +CONFIG_FEATURE_SECURETTY=y +CONFIG_PASSWD=y +CONFIG_FEATURE_PASSWD_WEAK_CHECK=y +CONFIG_CRYPTPW=y +CONFIG_CHPASSWD=y +CONFIG_SU=y +CONFIG_FEATURE_SU_SYSLOG=y +CONFIG_FEATURE_SU_CHECKS_SHELLS=y +# CONFIG_SULOGIN is not set +CONFIG_VLOCK=y + +# +# Linux Ext2 FS Progs +# +CONFIG_CHATTR=y +CONFIG_FSCK=y +CONFIG_LSATTR=y +CONFIG_TUNE2FS=y + +# +# Linux Module Utilities +# +CONFIG_MODINFO=y +CONFIG_MODPROBE_SMALL=y +CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE=y +CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED=y +# CONFIG_INSMOD is not set +# CONFIG_RMMOD is not set +# CONFIG_LSMOD is not set +# CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT is not set +# CONFIG_MODPROBE is not set +# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set +# CONFIG_DEPMOD is not set + +# +# Options common to multiple modutils +# +# CONFIG_FEATURE_2_4_MODULES is not set +CONFIG_FEATURE_INSMOD_TRY_MMAP=y +# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set +# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set +# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set +# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set +# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set +# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set +# CONFIG_FEATURE_MODUTILS_ALIAS is not set +# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set +CONFIG_DEFAULT_MODULES_DIR="/lib/modules" +CONFIG_DEFAULT_DEPMOD_FILE="modules.dep" + +# +# Linux System Utilities +# +CONFIG_BLOCKDEV=y +CONFIG_REV=y +CONFIG_ACPID=y +CONFIG_FEATURE_ACPID_COMPAT=y +CONFIG_BLKID=y +CONFIG_FEATURE_BLKID_TYPE=y +CONFIG_DMESG=y +CONFIG_FEATURE_DMESG_PRETTY=y +CONFIG_FBSET=y +CONFIG_FEATURE_FBSET_FANCY=y +CONFIG_FEATURE_FBSET_READMODE=y +CONFIG_FDFLUSH=y +CONFIG_FDFORMAT=y +CONFIG_FDISK=y +# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set +CONFIG_FEATURE_FDISK_WRITABLE=y +CONFIG_FEATURE_AIX_LABEL=y +CONFIG_FEATURE_SGI_LABEL=y +CONFIG_FEATURE_SUN_LABEL=y +CONFIG_FEATURE_OSF_LABEL=y +CONFIG_FEATURE_GPT_LABEL=y +CONFIG_FEATURE_FDISK_ADVANCED=y +CONFIG_FINDFS=y +CONFIG_FLOCK=y +CONFIG_FREERAMDISK=y +# CONFIG_FSCK_MINIX is not set +CONFIG_MKFS_EXT2=y +# CONFIG_MKFS_MINIX is not set +# CONFIG_FEATURE_MINIX2 is not set +CONFIG_MKFS_REISER=y +CONFIG_MKFS_VFAT=y +CONFIG_GETOPT=y +CONFIG_FEATURE_GETOPT_LONG=y +CONFIG_HEXDUMP=y +CONFIG_FEATURE_HEXDUMP_REVERSE=y +CONFIG_HD=y +CONFIG_HWCLOCK=y +CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y +CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y +CONFIG_IPCRM=y +CONFIG_IPCS=y +CONFIG_LOSETUP=y +CONFIG_LSPCI=y +CONFIG_LSUSB=y +CONFIG_MDEV=y +CONFIG_FEATURE_MDEV_CONF=y +CONFIG_FEATURE_MDEV_RENAME=y +CONFIG_FEATURE_MDEV_RENAME_REGEXP=y +CONFIG_FEATURE_MDEV_EXEC=y +CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y +CONFIG_MKSWAP=y +CONFIG_FEATURE_MKSWAP_UUID=y +CONFIG_MORE=y +CONFIG_MOUNT=y +CONFIG_FEATURE_MOUNT_FAKE=y +CONFIG_FEATURE_MOUNT_VERBOSE=y +CONFIG_FEATURE_MOUNT_HELPERS=y +CONFIG_FEATURE_MOUNT_LABEL=y +# CONFIG_FEATURE_MOUNT_NFS is not set +CONFIG_FEATURE_MOUNT_CIFS=y +CONFIG_FEATURE_MOUNT_FLAGS=y +CONFIG_FEATURE_MOUNT_FSTAB=y +CONFIG_PIVOT_ROOT=y +CONFIG_RDATE=y +# CONFIG_RDEV is not set +# CONFIG_READPROFILE is not set +CONFIG_RTCWAKE=y +CONFIG_SCRIPT=y +CONFIG_SCRIPTREPLAY=y +CONFIG_SETARCH=y +CONFIG_SWAPONOFF=y +CONFIG_FEATURE_SWAPON_PRI=y +CONFIG_SWITCH_ROOT=y +CONFIG_UMOUNT=y +CONFIG_FEATURE_UMOUNT_ALL=y + +# +# Common options for mount/umount +# +CONFIG_FEATURE_MOUNT_LOOP=y +CONFIG_FEATURE_MOUNT_LOOP_CREATE=y +CONFIG_FEATURE_MTAB_SUPPORT=y +CONFIG_VOLUMEID=y + +# +# Filesystem/Volume identification +# +CONFIG_FEATURE_VOLUMEID_EXT=y +CONFIG_FEATURE_VOLUMEID_BTRFS=y +CONFIG_FEATURE_VOLUMEID_REISERFS=y +CONFIG_FEATURE_VOLUMEID_FAT=y +CONFIG_FEATURE_VOLUMEID_HFS=y +CONFIG_FEATURE_VOLUMEID_JFS=y +CONFIG_FEATURE_VOLUMEID_XFS=y +CONFIG_FEATURE_VOLUMEID_NTFS=y +CONFIG_FEATURE_VOLUMEID_ISO9660=y +CONFIG_FEATURE_VOLUMEID_UDF=y +CONFIG_FEATURE_VOLUMEID_LUKS=y +CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y +CONFIG_FEATURE_VOLUMEID_CRAMFS=y +CONFIG_FEATURE_VOLUMEID_ROMFS=y +CONFIG_FEATURE_VOLUMEID_SYSV=y +CONFIG_FEATURE_VOLUMEID_OCFS2=y +CONFIG_FEATURE_VOLUMEID_LINUXRAID=y + +# +# Miscellaneous Utilities +# +CONFIG_CONSPY=y +CONFIG_LESS=y +CONFIG_FEATURE_LESS_MAXLINES=9999999 +CONFIG_FEATURE_LESS_BRACKETS=y +CONFIG_FEATURE_LESS_FLAGS=y +CONFIG_FEATURE_LESS_MARKS=y +CONFIG_FEATURE_LESS_REGEXP=y +CONFIG_FEATURE_LESS_WINCH=y +CONFIG_FEATURE_LESS_ASK_TERMINAL=y +CONFIG_FEATURE_LESS_DASHCMD=y +CONFIG_FEATURE_LESS_LINENUMS=y +CONFIG_NANDWRITE=y +CONFIG_NANDDUMP=y +CONFIG_SETSERIAL=y +CONFIG_UBIATTACH=y +CONFIG_UBIDETACH=y +CONFIG_UBIMKVOL=y +CONFIG_UBIRMVOL=y +CONFIG_UBIRSVOL=y +CONFIG_UBIUPDATEVOL=y +CONFIG_ADJTIMEX=y +CONFIG_BBCONFIG=y +CONFIG_FEATURE_COMPRESS_BBCONFIG=y +# CONFIG_BEEP is not set +CONFIG_FEATURE_BEEP_FREQ=0 +CONFIG_FEATURE_BEEP_LENGTH_MS=0 +CONFIG_CHAT=y +CONFIG_FEATURE_CHAT_NOFAIL=y +CONFIG_FEATURE_CHAT_TTY_HIFI=y +CONFIG_FEATURE_CHAT_IMPLICIT_CR=y +CONFIG_FEATURE_CHAT_SWALLOW_OPTS=y +CONFIG_FEATURE_CHAT_SEND_ESCAPES=y +CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y +CONFIG_FEATURE_CHAT_CLR_ABORT=y +CONFIG_CHRT=y +CONFIG_CROND=y +CONFIG_FEATURE_CROND_D=y +CONFIG_FEATURE_CROND_CALL_SENDMAIL=y +CONFIG_FEATURE_CROND_DIR="/var/spool/cron" +# CONFIG_CRONTAB is not set +# CONFIG_DC is not set +# CONFIG_FEATURE_DC_LIBM is not set +# CONFIG_DEVFSD is not set +# CONFIG_DEVFSD_MODLOAD is not set +# CONFIG_DEVFSD_FG_NP is not set +# CONFIG_DEVFSD_VERBOSE is not set +# CONFIG_FEATURE_DEVFS is not set +CONFIG_DEVMEM=y +CONFIG_EJECT=y +CONFIG_FEATURE_EJECT_SCSI=y +# CONFIG_FBSPLASH is not set +CONFIG_FLASHCP=y +CONFIG_FLASH_LOCK=y +CONFIG_FLASH_UNLOCK=y +CONFIG_FLASH_ERASEALL=y +CONFIG_IONICE=y +# CONFIG_INOTIFYD is not set +CONFIG_LAST=y +# CONFIG_FEATURE_LAST_SMALL is not set +CONFIG_FEATURE_LAST_FANCY=y +CONFIG_HDPARM=y +CONFIG_FEATURE_HDPARM_GET_IDENTITY=y +CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y +CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y +CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y +CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y +CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y +CONFIG_MAKEDEVS=y +# CONFIG_FEATURE_MAKEDEVS_LEAF is not set +CONFIG_FEATURE_MAKEDEVS_TABLE=y +CONFIG_MAN=y +CONFIG_MICROCOM=y +CONFIG_MOUNTPOINT=y +CONFIG_MT=y +CONFIG_RAIDAUTORUN=y +CONFIG_READAHEAD=y +# CONFIG_RFKILL is not set +CONFIG_RUNLEVEL=y +CONFIG_RX=y +CONFIG_SETSID=y +CONFIG_STRINGS=y +# CONFIG_TASKSET is not set +# CONFIG_FEATURE_TASKSET_FANCY is not set +CONFIG_TIME=y +CONFIG_TIMEOUT=y +CONFIG_TTYSIZE=y +CONFIG_VOLNAME=y +CONFIG_WALL=y +CONFIG_WATCHDOG=y + +# +# Networking Utilities +# +CONFIG_NAMEIF=y +CONFIG_FEATURE_NAMEIF_EXTENDED=y +CONFIG_NBDCLIENT=y +CONFIG_NC=y +CONFIG_NC_SERVER=y +CONFIG_NC_EXTRA=y +CONFIG_NC_110_COMPAT=y +CONFIG_PING=y +CONFIG_PING6=y +CONFIG_FEATURE_FANCY_PING=y +CONFIG_WHOIS=y +CONFIG_FEATURE_IPV6=y +CONFIG_FEATURE_UNIX_LOCAL=y +CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y +CONFIG_VERBOSE_RESOLUTION_ERRORS=y +CONFIG_ARP=y +CONFIG_ARPING=y +CONFIG_BRCTL=y +CONFIG_FEATURE_BRCTL_FANCY=y +CONFIG_FEATURE_BRCTL_SHOW=y +# CONFIG_DNSD is not set +CONFIG_ETHER_WAKE=y +# CONFIG_FAKEIDENTD is not set +CONFIG_FTPD=y +CONFIG_FEATURE_FTP_WRITE=y +CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y +# CONFIG_FTPGET is not set +# CONFIG_FTPPUT is not set +# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set +CONFIG_HOSTNAME=y +CONFIG_HTTPD=y +CONFIG_FEATURE_HTTPD_RANGES=y +CONFIG_FEATURE_HTTPD_USE_SENDFILE=y +CONFIG_FEATURE_HTTPD_SETUID=y +CONFIG_FEATURE_HTTPD_BASIC_AUTH=y +CONFIG_FEATURE_HTTPD_AUTH_MD5=y +CONFIG_FEATURE_HTTPD_CGI=y +CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y +CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y +CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y +CONFIG_FEATURE_HTTPD_ERROR_PAGES=y +CONFIG_FEATURE_HTTPD_PROXY=y +CONFIG_FEATURE_HTTPD_GZIP=y +CONFIG_IFCONFIG=y +CONFIG_FEATURE_IFCONFIG_STATUS=y +CONFIG_FEATURE_IFCONFIG_SLIP=y +CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y +CONFIG_FEATURE_IFCONFIG_HW=y +CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y +CONFIG_IFENSLAVE=y +CONFIG_IFPLUGD=y +CONFIG_IFUPDOWN=y +CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate" +CONFIG_FEATURE_IFUPDOWN_IP=y +CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y +# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set +CONFIG_FEATURE_IFUPDOWN_IPV4=y +CONFIG_FEATURE_IFUPDOWN_IPV6=y +CONFIG_FEATURE_IFUPDOWN_MAPPING=y +CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y +# CONFIG_INETD is not set +# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set +# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set +# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set +# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set +# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set +# CONFIG_FEATURE_INETD_RPC is not set +CONFIG_IP=y +CONFIG_FEATURE_IP_ADDRESS=y +CONFIG_FEATURE_IP_LINK=y +CONFIG_FEATURE_IP_ROUTE=y +CONFIG_FEATURE_IP_TUNNEL=y +CONFIG_FEATURE_IP_RULE=y +CONFIG_FEATURE_IP_SHORT_FORMS=y +CONFIG_FEATURE_IP_RARE_PROTOCOLS=y +CONFIG_IPADDR=y +CONFIG_IPLINK=y +CONFIG_IPROUTE=y +CONFIG_IPTUNNEL=y +CONFIG_IPRULE=y +# CONFIG_IPCALC is not set +# CONFIG_FEATURE_IPCALC_FANCY is not set +# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set +CONFIG_NETSTAT=y +CONFIG_FEATURE_NETSTAT_WIDE=y +CONFIG_FEATURE_NETSTAT_PRG=y +CONFIG_NSLOOKUP=y +CONFIG_NTPD=y +CONFIG_FEATURE_NTPD_SERVER=y +CONFIG_PSCAN=y +CONFIG_ROUTE=y +# CONFIG_SLATTACH is not set +# CONFIG_TCPSVD is not set +CONFIG_TELNET=y +CONFIG_FEATURE_TELNET_TTYPE=y +CONFIG_FEATURE_TELNET_AUTOLOGIN=y +CONFIG_TELNETD=y +CONFIG_FEATURE_TELNETD_STANDALONE=y +CONFIG_FEATURE_TELNETD_INETD_WAIT=y +CONFIG_TFTP=y +CONFIG_TFTPD=y + +# +# Common options for tftp/tftpd +# +CONFIG_FEATURE_TFTP_GET=y +CONFIG_FEATURE_TFTP_PUT=y +CONFIG_FEATURE_TFTP_BLOCKSIZE=y +CONFIG_FEATURE_TFTP_PROGRESS_BAR=y +CONFIG_TFTP_DEBUG=y +CONFIG_TRACEROUTE=y +CONFIG_TRACEROUTE6=y +CONFIG_FEATURE_TRACEROUTE_VERBOSE=y +CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y +CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y +CONFIG_TUNCTL=y +CONFIG_FEATURE_TUNCTL_UG=y +CONFIG_UDHCPD=y +CONFIG_DHCPRELAY=y +CONFIG_DUMPLEASES=y +CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y +CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC=y +CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" +CONFIG_UDHCPC=y +CONFIG_FEATURE_UDHCPC_ARPING=y +CONFIG_FEATURE_UDHCP_PORT=y +CONFIG_UDHCP_DEBUG=9 +CONFIG_FEATURE_UDHCP_RFC3397=y +CONFIG_FEATURE_UDHCP_8021Q=y +CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" +CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80 +CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n" +# CONFIG_UDPSVD is not set +CONFIG_VCONFIG=y +CONFIG_WGET=y +CONFIG_FEATURE_WGET_STATUSBAR=y +CONFIG_FEATURE_WGET_AUTHENTICATION=y +CONFIG_FEATURE_WGET_LONG_OPTIONS=y +CONFIG_FEATURE_WGET_TIMEOUT=y +CONFIG_ZCIP=y + +# +# Print Utilities +# +# CONFIG_LPD is not set +CONFIG_LPR=y +CONFIG_LPQ=y + +# +# Mail Utilities +# +# CONFIG_MAKEMIME is not set +CONFIG_FEATURE_MIME_CHARSET="us-ascii" +CONFIG_POPMAILDIR=y +CONFIG_FEATURE_POPMAILDIR_DELIVERY=y +# CONFIG_REFORMIME is not set +# CONFIG_FEATURE_REFORMIME_COMPAT is not set +CONFIG_SENDMAIL=y + +# +# Process Utilities +# +CONFIG_IOSTAT=y +CONFIG_MPSTAT=y +CONFIG_NMETER=y +CONFIG_PMAP=y +CONFIG_POWERTOP=y +CONFIG_PSTREE=y +CONFIG_PWDX=y +# CONFIG_SMEMCAP is not set +CONFIG_UPTIME=y +CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y +CONFIG_FREE=y +CONFIG_FUSER=y +CONFIG_KILL=y +CONFIG_KILLALL=y +CONFIG_KILLALL5=y +CONFIG_PGREP=y +CONFIG_PIDOF=y +CONFIG_FEATURE_PIDOF_SINGLE=y +CONFIG_FEATURE_PIDOF_OMIT=y +CONFIG_PKILL=y +CONFIG_PS=y +CONFIG_FEATURE_PS_WIDE=y +CONFIG_FEATURE_PS_TIME=y +CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y +CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS=y +CONFIG_RENICE=y +CONFIG_BB_SYSCTL=y +CONFIG_TOP=y +CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y +CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y +CONFIG_FEATURE_TOP_SMP_CPU=y +CONFIG_FEATURE_TOP_DECIMALS=y +CONFIG_FEATURE_TOP_SMP_PROCESS=y +CONFIG_FEATURE_TOPMEM=y +CONFIG_FEATURE_SHOW_THREADS=y +CONFIG_WATCH=y + +# +# Runit Utilities +# +# CONFIG_RUNSV is not set +# CONFIG_RUNSVDIR is not set +# CONFIG_FEATURE_RUNSVDIR_LOG is not set +# CONFIG_SV is not set +CONFIG_SV_DEFAULT_SERVICE_DIR="" +# CONFIG_SVLOGD is not set +CONFIG_CHPST=y +CONFIG_SETUIDGID=y +CONFIG_ENVUIDGID=y +CONFIG_ENVDIR=y +CONFIG_SOFTLIMIT=y +# CONFIG_CHCON is not set +# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set +# CONFIG_GETENFORCE is not set +# CONFIG_GETSEBOOL is not set +# CONFIG_LOAD_POLICY is not set +# CONFIG_MATCHPATHCON is not set +# CONFIG_RESTORECON is not set +# CONFIG_RUNCON is not set +# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set +# CONFIG_SELINUXENABLED is not set +# CONFIG_SETENFORCE is not set +# CONFIG_SETFILES is not set +# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set +# CONFIG_SETSEBOOL is not set +# CONFIG_SESTATUS is not set + +# +# Shells +# +CONFIG_ASH=y +CONFIG_ASH_BASH_COMPAT=y +# CONFIG_ASH_IDLE_TIMEOUT is not set +CONFIG_ASH_JOB_CONTROL=y +CONFIG_ASH_ALIAS=y +CONFIG_ASH_GETOPTS=y +CONFIG_ASH_BUILTIN_ECHO=y +CONFIG_ASH_BUILTIN_PRINTF=y +CONFIG_ASH_BUILTIN_TEST=y +CONFIG_ASH_CMDCMD=y +# CONFIG_ASH_MAIL is not set +CONFIG_ASH_OPTIMIZE_FOR_SIZE=y +CONFIG_ASH_RANDOM_SUPPORT=y +CONFIG_ASH_EXPAND_PRMT=y +CONFIG_CTTYHACK=y +# CONFIG_HUSH is not set +# CONFIG_HUSH_BASH_COMPAT is not set +# CONFIG_HUSH_BRACE_EXPANSION is not set +# CONFIG_HUSH_HELP is not set +# CONFIG_HUSH_INTERACTIVE is not set +# CONFIG_HUSH_SAVEHISTORY is not set +# CONFIG_HUSH_JOB is not set +# CONFIG_HUSH_TICK is not set +# CONFIG_HUSH_IF is not set +# CONFIG_HUSH_LOOPS is not set +# CONFIG_HUSH_CASE is not set +# CONFIG_HUSH_FUNCTIONS is not set +# CONFIG_HUSH_LOCAL is not set +# CONFIG_HUSH_RANDOM_SUPPORT is not set +# CONFIG_HUSH_EXPORT_N is not set +# CONFIG_HUSH_MODE_X is not set +# CONFIG_MSH is not set +CONFIG_FEATURE_SH_IS_ASH=y +# CONFIG_FEATURE_SH_IS_HUSH is not set +# CONFIG_FEATURE_SH_IS_NONE is not set +# CONFIG_FEATURE_BASH_IS_ASH is not set +# CONFIG_FEATURE_BASH_IS_HUSH is not set +CONFIG_FEATURE_BASH_IS_NONE=y +CONFIG_SH_MATH_SUPPORT=y +CONFIG_SH_MATH_SUPPORT_64=y +CONFIG_FEATURE_SH_EXTRA_QUIET=y +CONFIG_FEATURE_SH_STANDALONE=y +CONFIG_FEATURE_SH_NOFORK=y +CONFIG_FEATURE_SH_HISTFILESIZE=y + +# +# System Logging Utilities +# +CONFIG_SYSLOGD=y +CONFIG_FEATURE_ROTATE_LOGFILE=y +CONFIG_FEATURE_REMOTE_LOG=y +CONFIG_FEATURE_SYSLOGD_DUP=y +CONFIG_FEATURE_SYSLOGD_CFG=y +CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256 +CONFIG_FEATURE_IPC_SYSLOG=y +CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16 +CONFIG_LOGREAD=y +CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y +CONFIG_KLOGD=y +CONFIG_FEATURE_KLOGD_KLOGCTL=y +CONFIG_LOGGER=y diff --git a/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist index bd3a7fb..8555f4e 100644 --- a/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist +++ b/config-archive/etc/portage/savedconfig/sys-apps/busybox-1.19.3-r1.dist @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.19.3 -# Mon Jan 23 18:45:14 2012 +# Wed May 30 23:05:27 2012 # CONFIG_HAVE_DOT_CONFIG=y diff --git a/config-archive/usr/share/openvpn/easy-rsa/README b/config-archive/usr/share/openvpn/easy-rsa/README new file mode 100644 index 0000000..bde0d8c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/README @@ -0,0 +1,229 @@ +EASY-RSA Version 2.0-rc1 + +This is a small RSA key management package, based on the openssl +command line tool, that can be found in the easy-rsa subdirectory +of the OpenVPN distribution. While this tool is primary concerned +with key management for the SSL VPN application space, it can also +be used for building web certificates. + +These are reference notes. For step-by-step instructions, see the +HOWTO: + +http://openvpn.net/howto.html + +This package is based on the ./pkitool script. Run ./pkitool +without arguments for a detailed help message (which is also pasted +below). + +Release Notes for easy-rsa-2.0 + +* Most functionality has been consolidated into the pkitool + script. For compatibility, all previous scripts from 1.0 such + as build-key and build-key-server are provided as stubs + which call pkitool to do the real work. + +* pkitool has a --batch flag (enabled by default) which generates + keys/certs without needing any interactive input. pkitool + can still generate certs/keys using interactive prompting by + using the --interact flag. + +* The inherit-inter script has been provided for creating + a new PKI rooted on an intermediate certificate built within a + higher-level PKI. See comments in the inherit-inter script + for more info. + +* The openssl.cnf file has been modified. pkitool will not + work with the openssl.cnf file included with previous + easy-rsa releases. + +* The vars file has been modified -- the following extra + variables have been added: EASY_RSA, CA_EXPIRE, + KEY_EXPIRE. + +* The make-crl and revoke-crt scripts have been removed and + are replaced by the revoke-full script. + +* The "Organizational Unit" X509 field can be set using + the KEY_OU environmental variable before calling pkitool. + +* This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. + +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the openssl.cnf file + included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/README.dist b/config-archive/usr/share/openvpn/easy-rsa/README.dist new file mode 100644 index 0000000..6f5395c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/README.dist @@ -0,0 +1,229 @@ +EASY-RSA Version 2.0-rc1 + +This is a small RSA key management package, based on the openssl +command line tool, that can be found in the easy-rsa subdirectory +of the OpenVPN distribution. While this tool is primary concerned +with key management for the SSL VPN application space, it can also +be used for building web certificates. + +These are reference notes. For step-by-step instructions, see the +HOWTO: + +http://openvpn.net/howto.html + +This package is based on the ./pkitool script. Run ./pkitool +without arguments for a detailed help message (which is also pasted +below). + +Release Notes for easy-rsa-2.0 + +* Most functionality has been consolidated into the pkitool + script. For compatibility, all previous scripts from 1.0 such + as build-key and build-key-server are provided as stubs + which call pkitool to do the real work. + +* pkitool has a --batch flag (enabled by default) which generates + keys/certs without needing any interactive input. pkitool + can still generate certs/keys using interactive prompting by + using the --interact flag. + +* The inherit-inter script has been provided for creating + a new PKI rooted on an intermediate certificate built within a + higher-level PKI. See comments in the inherit-inter script + for more info. + +* The openssl.cnf file has been modified. pkitool will not + work with the openssl.cnf file included with previous + easy-rsa releases. + +* The vars file has been modified -- the following extra + variables have been added: EASY_RSA, CA_EXPIRE, + KEY_EXPIRE. + +* The make-crl and revoke-crt scripts have been removed and + are replaced by the revoke-full script. + +* The "Organizational Unit" X509 field can be set using + the KEY_OU environmental variable before calling pkitool. + +* This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. + +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the correct openssl-.cnf + file included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca b/config-archive/usr/share/openvpn/easy-rsa/build-ca new file mode 100755 index 0000000..fb1e2ca --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca @@ -0,0 +1,8 @@ +#!/bin/bash + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist new file mode 100755 index 0000000..bce29a6 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh b/config-archive/usr/share/openvpn/easy-rsa/build-dh new file mode 100755 index 0000000..f019222 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist new file mode 100755 index 0000000..4beb127 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist @@ -0,0 +1,11 @@ +#!/bin/sh + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter b/config-archive/usr/share/openvpn/easy-rsa/build-inter new file mode 100755 index 0000000..f831d6f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist new file mode 100755 index 0000000..87bf98d --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key b/config-archive/usr/share/openvpn/easy-rsa/build-key new file mode 100755 index 0000000..6196308 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass new file mode 100755 index 0000000..35543e0 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist new file mode 100755 index 0000000..8ef8307 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 new file mode 100755 index 0000000..5ef064f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 @@ -0,0 +1,8 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist new file mode 100755 index 0000000..ba90e6a --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server b/config-archive/usr/share/openvpn/easy-rsa/build-key-server new file mode 100755 index 0000000..5502675 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server @@ -0,0 +1,10 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist new file mode 100755 index 0000000..fee0194 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist @@ -0,0 +1,10 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist new file mode 100755 index 0000000..6c0fed8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req b/config-archive/usr/share/openvpn/easy-rsa/build-req new file mode 100755 index 0000000..26587d1 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass new file mode 100755 index 0000000..6e6c863 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist new file mode 100755 index 0000000..b73ee1b --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist new file mode 100755 index 0000000..559d512 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all b/config-archive/usr/share/openvpn/easy-rsa/clean-all new file mode 100755 index 0000000..0576db5 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all @@ -0,0 +1,16 @@ +#!/bin/bash + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist new file mode 100755 index 0000000..cc6e3b2 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist @@ -0,0 +1,16 @@ +#!/bin/sh + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter new file mode 100755 index 0000000..2101951 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter @@ -0,0 +1,39 @@ +#!/bin/bash + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist new file mode 100755 index 0000000..aaa5168 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist @@ -0,0 +1,39 @@ +#!/bin/sh + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl b/config-archive/usr/share/openvpn/easy-rsa/list-crl new file mode 100755 index 0000000..afc0cd6 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl @@ -0,0 +1,13 @@ +#!/bin/bash + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist new file mode 100755 index 0000000..d1d8a69 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist @@ -0,0 +1,13 @@ +#!/bin/sh + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool b/config-archive/usr/share/openvpn/easy-rsa/pkitool new file mode 100755 index 0000000..7266988 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool @@ -0,0 +1,373 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist new file mode 100755 index 0000000..49588f5 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist @@ -0,0 +1,379 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + --help|--usage) + usage + exit ;; + --version) + echo "$PROGNAME $VERSION" + exit ;; + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full b/config-archive/usr/share/openvpn/easy-rsa/revoke-full new file mode 100755 index 0000000..efc94e8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full @@ -0,0 +1,40 @@ +#!/bin/bash + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist new file mode 100755 index 0000000..4169c4c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist @@ -0,0 +1,40 @@ +#!/bin/sh + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req b/config-archive/usr/share/openvpn/easy-rsa/sign-req new file mode 100755 index 0000000..38655d3 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist new file mode 100755 index 0000000..6cae7b4 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars b/config-archive/usr/share/openvpn/easy-rsa/vars new file mode 100644 index 0000000..cded885 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars @@ -0,0 +1,68 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars.dist b/config-archive/usr/share/openvpn/easy-rsa/vars.dist new file mode 100644 index 0000000..2ea1ced --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars.dist @@ -0,0 +1,74 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" +export KEY_EMAIL=mail@host.domain +export KEY_CN=changeme +export KEY_NAME=changeme +export KEY_OU=changeme +export PKCS11_MODULE_PATH=changeme +export PKCS11_PIN=1234 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf new file mode 100755 index 0000000..2260aa8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf @@ -0,0 +1,13 @@ +#!/bin/sh + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + echo "$1/openssl-0.9.6.cnf" + else + echo "$1/openssl.cnf" + fi +else + echo "$1/openssl.cnf" +fi + +exit 0 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist new file mode 100755 index 0000000..2226a8e --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist @@ -0,0 +1,26 @@ +#!/bin/sh + +cnf="$1/openssl.cnf" + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.6.cnf" + elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.8.cnf" + elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then + cnf="$1/openssl-1.0.0.cnf" + else + cnf="$1/openssl.cnf" + fi +fi + +echo $cnf + +if [ ! -r $cnf ]; then + echo "**************************************************************" >&2 + echo " No $cnf file could be found" >&2 + echo " Further invocations will fail" >&2 + echo "**************************************************************" >&2 +fi + +exit 0 diff --git a/config-archive/var/bind/named.cache b/config-archive/var/bind/named.cache new file mode 100644 index 0000000..ab99f2f --- /dev/null +++ b/config-archive/var/bind/named.cache @@ -0,0 +1,86 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Dec 12, 2008 +; related version of root zone: 2008121200 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/config-archive/var/bind/named.cache.dist b/config-archive/var/bind/named.cache.dist new file mode 100644 index 0000000..8fbbb65 --- /dev/null +++ b/config-archive/var/bind/named.cache.dist @@ -0,0 +1,88 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jun 8, 2011 +; related version of root zone: 2011060800 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/init.d/._cfg0000_sysstat b/init.d/._cfg0000_sysstat deleted file mode 100755 index 7875fcd..0000000 --- a/init.d/._cfg0000_sysstat +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $ - -depend() { - use hostname -} - -start() { - ebegin "Writing a dummy startup record using sadc (see sadc(8))..." - /usr/lib/sa/sa1 --boot - eend $? -} - -stop() { - ebegin "Cannot stop writing a dummy startup record (see sadc(8))..." - eend $? -} diff --git a/init.d/sysstat b/init.d/sysstat index 885782a..7875fcd 100755 --- a/init.d/sysstat +++ b/init.d/sysstat @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $ depend() { use hostname @@ -9,7 +9,7 @@ depend() { start() { ebegin "Writing a dummy startup record using sadc (see sadc(8))..." - /usr/lib/sa/sadc -F -L - + /usr/lib/sa/sa1 --boot eend $? } diff --git a/layman/._cfg0000_layman.cfg b/layman/._cfg0000_layman.cfg deleted file mode 100644 index ea68e66..0000000 --- a/layman/._cfg0000_layman.cfg +++ /dev/null @@ -1,89 +0,0 @@ -[MAIN] - -#----------------------------------------------------------- -# Defines the directory where overlays should be installed - -storage : /var/lib/layman - -#----------------------------------------------------------- -# Remote overlay lists will be stored here -# layman will append _md5(url).xml to each filename - -cache : %(storage)s/cache - -#----------------------------------------------------------- -# The list of locally installed overlays - -local_list: %(storage)s/overlays.xml - -#----------------------------------------------------------- -# Path to the make.conf file that should be modified by -# layman - -make_conf : %(storage)s/make.conf - -#----------------------------------------------------------- -# URLs of the remote lists of overlays (one per line) or -# local overlay definitions -# -#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml -# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml -# http://mydomain.org/my-layman-list.xml -# file:///var/lib/layman/my-list.xml - -overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml - -#----------------------------------------------------------- -# Proxy support -# If unset, layman will use the http_proxy environment variable. -# -#proxy : http://[user:pass@]www.my-proxy.org:3128 - -#----------------------------------------------------------- -# Strict checking of overlay definitions -# -# The nocheck option is a bit confusing, for historical reasons. -# Hopefully this description eases the double negation trouble: -# -# nocheck : yes -# - Accepts completene overlay entries without warnings -# - Lists overlays of type foo (say Git) even with no foo installed -# -# nocheck : no -# - Checks overlay entries for missing description or contact -# information and issue warnings as needed -# - Hides overlays of type foo (say Git) if foo not not installed -# -nocheck : yes - -#----------------------------------------------------------- -# Umask settings -# -# layman should usually work with a umask of 0022. You should -# only change this setting if you are absolutely certain that -# you know what you are doing. -# -#umask : 0022 - -#----------------------------------------------------------- -# Command overrides -# -# You can have commands point to either a binary at a different -# location, e.g. -# -# /home/you/local/bin/git -# -# or just the command, e.g. -# -# git -# -# to use PATH-based resolution of the binary to call. -# -#bzr_command : /usr/bin/bzr -#cvs_command : /usr/bin/cvs -#darcs_command : /usr/bin/darcs -#git_command : /usr/bin/git -#mercurial_command : /usr/bin/hg -#rsync_command : /usr/bin/rsync -#svn_command : /usr/bin/svn -#tar_command : /bin/tar diff --git a/layman/layman.cfg b/layman/layman.cfg index b45c6f0..ea68e66 100644 --- a/layman/layman.cfg +++ b/layman/layman.cfg @@ -42,9 +42,17 @@ overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml #----------------------------------------------------------- # Strict checking of overlay definitions # -# Set either to "yes" or "no". If "no" layman will issue -# warnings if an overlay definition is missing either -# description or contact information. +# The nocheck option is a bit confusing, for historical reasons. +# Hopefully this description eases the double negation trouble: +# +# nocheck : yes +# - Accepts completene overlay entries without warnings +# - Lists overlays of type foo (say Git) even with no foo installed +# +# nocheck : no +# - Checks overlay entries for missing description or contact +# information and issue warnings as needed +# - Hides overlays of type foo (say Git) if foo not not installed # nocheck : yes diff --git a/portage/savedconfig/sys-apps/._cfg0000_busybox-1.19.3-r1 b/portage/savedconfig/sys-apps/._cfg0000_busybox-1.19.3-r1 deleted file mode 100644 index 8555f4e..0000000 --- a/portage/savedconfig/sys-apps/._cfg0000_busybox-1.19.3-r1 +++ /dev/null @@ -1,1013 +0,0 @@ -# -# Automatically generated make config: don't edit -# Busybox version: 1.19.3 -# Wed May 30 23:05:27 2012 -# -CONFIG_HAVE_DOT_CONFIG=y - -# -# Busybox Settings -# - -# -# General Configuration -# -CONFIG_DESKTOP=y -CONFIG_EXTRA_COMPAT=y -CONFIG_INCLUDE_SUSv2=y -CONFIG_USE_PORTABLE_CODE=y -CONFIG_PLATFORM_LINUX=y -CONFIG_FEATURE_BUFFERS_USE_MALLOC=y -# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set -# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set -CONFIG_SHOW_USAGE=y -CONFIG_FEATURE_VERBOSE_USAGE=y -CONFIG_FEATURE_COMPRESS_USAGE=y -CONFIG_FEATURE_INSTALLER=y -CONFIG_INSTALL_NO_USR=y -# CONFIG_LOCALE_SUPPORT is not set -CONFIG_UNICODE_SUPPORT=y -# CONFIG_UNICODE_USING_LOCALE is not set -# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set -CONFIG_SUBST_WCHAR=63 -CONFIG_LAST_SUPPORTED_WCHAR=767 -CONFIG_UNICODE_COMBINING_WCHARS=y -CONFIG_UNICODE_WIDE_WCHARS=y -# CONFIG_UNICODE_BIDI_SUPPORT is not set -# CONFIG_UNICODE_NEUTRAL_TABLE is not set -CONFIG_UNICODE_PRESERVE_BROKEN=y -CONFIG_LONG_OPTS=y -CONFIG_FEATURE_DEVPTS=y -CONFIG_FEATURE_CLEAN_UP=y -CONFIG_FEATURE_UTMP=y -CONFIG_FEATURE_WTMP=y -CONFIG_FEATURE_PIDFILE=y -CONFIG_FEATURE_SUID=y -# CONFIG_FEATURE_SUID_CONFIG is not set -# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set -# CONFIG_SELINUX is not set -CONFIG_FEATURE_PREFER_APPLETS=y -CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" -CONFIG_FEATURE_SYSLOG=y -# CONFIG_FEATURE_HAVE_RPC is not set - -# -# Build Options -# -# CONFIG_STATIC is not set -# CONFIG_PIE is not set -# CONFIG_NOMMU is not set -# CONFIG_BUILD_LIBBUSYBOX is not set -# CONFIG_FEATURE_INDIVIDUAL is not set -# CONFIG_FEATURE_SHARED_BUSYBOX is not set -CONFIG_LFS=y -CONFIG_CROSS_COMPILER_PREFIX="" -CONFIG_EXTRA_CFLAGS="" - -# -# Debugging Options -# -# CONFIG_DEBUG is not set -# CONFIG_DEBUG_PESSIMIZE is not set -CONFIG_WERROR=y -CONFIG_NO_DEBUG_LIB=y -# CONFIG_DMALLOC is not set -# CONFIG_EFENCE is not set - -# -# Installation Options ("make install" behavior) -# -CONFIG_INSTALL_APPLET_SYMLINKS=y -# CONFIG_INSTALL_APPLET_HARDLINKS is not set -# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set -# CONFIG_INSTALL_APPLET_DONT is not set -# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set -# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set -# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set -CONFIG_PREFIX="./_install" - -# -# Busybox Library Tuning -# -CONFIG_FEATURE_SYSTEMD=y -CONFIG_FEATURE_RTMINMAX=y -CONFIG_PASSWORD_MINLEN=6 -CONFIG_MD5_SIZE_VS_SPEED=2 -CONFIG_FEATURE_FAST_TOP=y -CONFIG_FEATURE_ETC_NETWORKS=y -CONFIG_FEATURE_USE_TERMIOS=y -CONFIG_FEATURE_EDITING=y -CONFIG_FEATURE_EDITING_MAX_LEN=1024 -CONFIG_FEATURE_EDITING_VI=y -CONFIG_FEATURE_EDITING_HISTORY=255 -CONFIG_FEATURE_EDITING_SAVEHISTORY=y -CONFIG_FEATURE_REVERSE_SEARCH=y -CONFIG_FEATURE_TAB_COMPLETION=y -CONFIG_FEATURE_USERNAME_COMPLETION=y -CONFIG_FEATURE_EDITING_FANCY_PROMPT=y -CONFIG_FEATURE_EDITING_ASK_TERMINAL=y -CONFIG_FEATURE_NON_POSIX_CP=y -CONFIG_FEATURE_VERBOSE_CP_MESSAGE=y -CONFIG_FEATURE_COPYBUF_KB=4 -CONFIG_FEATURE_SKIP_ROOTFS=y -# CONFIG_MONOTONIC_SYSCALL is not set -CONFIG_IOCTL_HEX2STR_ERROR=y -CONFIG_FEATURE_HWIB=y - -# -# Applets -# - -# -# Archival Utilities -# -CONFIG_FEATURE_SEAMLESS_XZ=y -CONFIG_FEATURE_SEAMLESS_LZMA=y -CONFIG_FEATURE_SEAMLESS_BZ2=y -CONFIG_FEATURE_SEAMLESS_GZ=y -CONFIG_FEATURE_SEAMLESS_Z=y -CONFIG_AR=y -CONFIG_FEATURE_AR_LONG_FILENAMES=y -CONFIG_FEATURE_AR_CREATE=y -CONFIG_BUNZIP2=y -CONFIG_BZIP2=y -CONFIG_CPIO=y -CONFIG_FEATURE_CPIO_O=y -CONFIG_FEATURE_CPIO_P=y -# CONFIG_DPKG is not set -# CONFIG_DPKG_DEB is not set -# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set -CONFIG_GUNZIP=y -CONFIG_GZIP=y -CONFIG_FEATURE_GZIP_LONG_OPTIONS=y -CONFIG_LZOP=y -CONFIG_LZOP_COMPR_HIGH=y -# CONFIG_RPM2CPIO is not set -# CONFIG_RPM is not set -CONFIG_TAR=y -CONFIG_FEATURE_TAR_CREATE=y -CONFIG_FEATURE_TAR_AUTODETECT=y -CONFIG_FEATURE_TAR_FROM=y -CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y -CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y -CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y -CONFIG_FEATURE_TAR_LONG_OPTIONS=y -CONFIG_FEATURE_TAR_TO_COMMAND=y -CONFIG_FEATURE_TAR_UNAME_GNAME=y -CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y -# CONFIG_FEATURE_TAR_SELINUX is not set -CONFIG_UNCOMPRESS=y -CONFIG_UNLZMA=y -CONFIG_FEATURE_LZMA_FAST=y -CONFIG_LZMA=y -CONFIG_UNXZ=y -CONFIG_XZ=y -CONFIG_UNZIP=y - -# -# Coreutils -# -CONFIG_BASENAME=y -CONFIG_CAT=y -CONFIG_DATE=y -CONFIG_FEATURE_DATE_ISOFMT=y -CONFIG_FEATURE_DATE_NANO=y -CONFIG_FEATURE_DATE_COMPAT=y -CONFIG_ID=y -CONFIG_GROUPS=y -CONFIG_TEST=y -CONFIG_FEATURE_TEST_64=y -CONFIG_TOUCH=y -CONFIG_TR=y -CONFIG_FEATURE_TR_CLASSES=y -CONFIG_FEATURE_TR_EQUIV=y -CONFIG_BASE64=y -CONFIG_WHO=y -CONFIG_USERS=y -CONFIG_CAL=y -CONFIG_CATV=y -CONFIG_CHGRP=y -CONFIG_CHMOD=y -CONFIG_CHOWN=y -CONFIG_FEATURE_CHOWN_LONG_OPTIONS=y -CONFIG_CHROOT=y -CONFIG_CKSUM=y -CONFIG_COMM=y -CONFIG_CP=y -CONFIG_FEATURE_CP_LONG_OPTIONS=y -CONFIG_CUT=y -CONFIG_DD=y -CONFIG_FEATURE_DD_SIGNAL_HANDLING=y -CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y -CONFIG_FEATURE_DD_IBS_OBS=y -CONFIG_DF=y -CONFIG_FEATURE_DF_FANCY=y -CONFIG_DIRNAME=y -CONFIG_DOS2UNIX=y -CONFIG_UNIX2DOS=y -CONFIG_DU=y -CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y -CONFIG_ECHO=y -CONFIG_FEATURE_FANCY_ECHO=y -CONFIG_ENV=y -CONFIG_FEATURE_ENV_LONG_OPTIONS=y -CONFIG_EXPAND=y -CONFIG_FEATURE_EXPAND_LONG_OPTIONS=y -CONFIG_EXPR=y -CONFIG_EXPR_MATH_SUPPORT_64=y -CONFIG_FALSE=y -# CONFIG_FOLD is not set -CONFIG_FSYNC=y -CONFIG_HEAD=y -CONFIG_FEATURE_FANCY_HEAD=y -# CONFIG_HOSTID is not set -CONFIG_INSTALL=y -CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y -CONFIG_LN=y -# CONFIG_LOGNAME is not set -CONFIG_LS=y -CONFIG_FEATURE_LS_FILETYPES=y -CONFIG_FEATURE_LS_FOLLOWLINKS=y -CONFIG_FEATURE_LS_RECURSIVE=y -CONFIG_FEATURE_LS_SORTFILES=y -CONFIG_FEATURE_LS_TIMESTAMPS=y -CONFIG_FEATURE_LS_USERNAME=y -CONFIG_FEATURE_LS_COLOR=y -CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y -CONFIG_MD5SUM=y -CONFIG_MKDIR=y -CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y -CONFIG_MKFIFO=y -CONFIG_MKNOD=y -CONFIG_MV=y -CONFIG_FEATURE_MV_LONG_OPTIONS=y -CONFIG_NICE=y -CONFIG_NOHUP=y -# CONFIG_OD is not set -CONFIG_PRINTENV=y -CONFIG_PRINTF=y -CONFIG_PWD=y -CONFIG_READLINK=y -CONFIG_FEATURE_READLINK_FOLLOW=y -CONFIG_REALPATH=y -CONFIG_RM=y -CONFIG_RMDIR=y -CONFIG_FEATURE_RMDIR_LONG_OPTIONS=y -CONFIG_SEQ=y -CONFIG_SHA1SUM=y -CONFIG_SHA256SUM=y -CONFIG_SHA512SUM=y -CONFIG_SLEEP=y -CONFIG_FEATURE_FANCY_SLEEP=y -CONFIG_FEATURE_FLOAT_SLEEP=y -CONFIG_SORT=y -CONFIG_FEATURE_SORT_BIG=y -CONFIG_SPLIT=y -CONFIG_FEATURE_SPLIT_FANCY=y -CONFIG_STAT=y -CONFIG_FEATURE_STAT_FORMAT=y -CONFIG_STTY=y -CONFIG_SUM=y -CONFIG_SYNC=y -CONFIG_TAC=y -CONFIG_TAIL=y -CONFIG_FEATURE_FANCY_TAIL=y -CONFIG_TEE=y -CONFIG_FEATURE_TEE_USE_BLOCK_IO=y -CONFIG_TRUE=y -CONFIG_TTY=y -CONFIG_UNAME=y -CONFIG_UNEXPAND=y -CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS=y -CONFIG_UNIQ=y -CONFIG_USLEEP=y -# CONFIG_UUDECODE is not set -# CONFIG_UUENCODE is not set -CONFIG_WC=y -CONFIG_FEATURE_WC_LARGE=y -CONFIG_WHOAMI=y -CONFIG_YES=y - -# -# Common options for cp and mv -# -CONFIG_FEATURE_PRESERVE_HARDLINKS=y - -# -# Common options for ls, more and telnet -# -CONFIG_FEATURE_AUTOWIDTH=y - -# -# Common options for df, du, ls -# -CONFIG_FEATURE_HUMAN_READABLE=y - -# -# Common options for md5sum, sha1sum, sha256sum, sha512sum -# -CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y - -# -# Console Utilities -# -CONFIG_CHVT=y -CONFIG_FGCONSOLE=y -CONFIG_CLEAR=y -CONFIG_DEALLOCVT=y -CONFIG_DUMPKMAP=y -CONFIG_KBD_MODE=y -CONFIG_LOADFONT=y -CONFIG_LOADKMAP=y -CONFIG_OPENVT=y -CONFIG_RESET=y -CONFIG_RESIZE=y -CONFIG_FEATURE_RESIZE_PRINT=y -CONFIG_SETCONSOLE=y -CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS=y -CONFIG_SETFONT=y -CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y -CONFIG_DEFAULT_SETFONT_DIR="" -CONFIG_SETKEYCODES=y -CONFIG_SETLOGCONS=y -CONFIG_SHOWKEY=y - -# -# Common options for loadfont and setfont -# -CONFIG_FEATURE_LOADFONT_PSF2=y -CONFIG_FEATURE_LOADFONT_RAW=y - -# -# Debian Utilities -# -CONFIG_MKTEMP=y -CONFIG_PIPE_PROGRESS=y -# CONFIG_RUN_PARTS is not set -# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set -# CONFIG_FEATURE_RUN_PARTS_FANCY is not set -CONFIG_START_STOP_DAEMON=y -CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y -CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y -CONFIG_WHICH=y - -# -# Editors -# -CONFIG_PATCH=y -CONFIG_VI=y -CONFIG_FEATURE_VI_MAX_LEN=4096 -CONFIG_FEATURE_VI_8BIT=y -CONFIG_FEATURE_VI_COLON=y -CONFIG_FEATURE_VI_YANKMARK=y -CONFIG_FEATURE_VI_SEARCH=y -CONFIG_FEATURE_VI_REGEX_SEARCH=y -CONFIG_FEATURE_VI_USE_SIGNALS=y -CONFIG_FEATURE_VI_DOT_CMD=y -CONFIG_FEATURE_VI_READONLY=y -CONFIG_FEATURE_VI_SETOPTS=y -CONFIG_FEATURE_VI_SET=y -CONFIG_FEATURE_VI_WIN_RESIZE=y -CONFIG_FEATURE_VI_ASK_TERMINAL=y -CONFIG_FEATURE_VI_OPTIMIZE_CURSOR=y -CONFIG_AWK=y -CONFIG_FEATURE_AWK_LIBM=y -CONFIG_CMP=y -CONFIG_DIFF=y -CONFIG_FEATURE_DIFF_LONG_OPTIONS=y -CONFIG_FEATURE_DIFF_DIR=y -CONFIG_ED=y -CONFIG_SED=y -CONFIG_FEATURE_ALLOW_EXEC=y - -# -# Finding Utilities -# -CONFIG_FIND=y -CONFIG_FEATURE_FIND_PRINT0=y -CONFIG_FEATURE_FIND_MTIME=y -CONFIG_FEATURE_FIND_MMIN=y -CONFIG_FEATURE_FIND_PERM=y -CONFIG_FEATURE_FIND_TYPE=y -CONFIG_FEATURE_FIND_XDEV=y -CONFIG_FEATURE_FIND_MAXDEPTH=y -CONFIG_FEATURE_FIND_NEWER=y -CONFIG_FEATURE_FIND_INUM=y -CONFIG_FEATURE_FIND_EXEC=y -CONFIG_FEATURE_FIND_USER=y -CONFIG_FEATURE_FIND_GROUP=y -CONFIG_FEATURE_FIND_NOT=y -CONFIG_FEATURE_FIND_DEPTH=y -CONFIG_FEATURE_FIND_PAREN=y -CONFIG_FEATURE_FIND_SIZE=y -CONFIG_FEATURE_FIND_PRUNE=y -CONFIG_FEATURE_FIND_DELETE=y -CONFIG_FEATURE_FIND_PATH=y -CONFIG_FEATURE_FIND_REGEX=y -# CONFIG_FEATURE_FIND_CONTEXT is not set -CONFIG_FEATURE_FIND_LINKS=y -CONFIG_GREP=y -CONFIG_FEATURE_GREP_EGREP_ALIAS=y -CONFIG_FEATURE_GREP_FGREP_ALIAS=y -CONFIG_FEATURE_GREP_CONTEXT=y -CONFIG_XARGS=y -CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y -CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y -CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y -CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y - -# -# Init Utilities -# -# CONFIG_BOOTCHARTD is not set -# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set -# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set -CONFIG_HALT=y -# CONFIG_FEATURE_CALL_TELINIT is not set -CONFIG_TELINIT_PATH="" -CONFIG_INIT=y -CONFIG_FEATURE_USE_INITTAB=y -CONFIG_FEATURE_KILL_REMOVED=y -CONFIG_FEATURE_KILL_DELAY=0 -CONFIG_FEATURE_INIT_SCTTY=y -CONFIG_FEATURE_INIT_SYSLOG=y -CONFIG_FEATURE_EXTRA_QUIET=y -CONFIG_FEATURE_INIT_COREDUMPS=y -CONFIG_FEATURE_INITRD=y -CONFIG_INIT_TERMINAL_TYPE="linux" -CONFIG_MESG=y -CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y - -# -# Login/Password Management Utilities -# -# CONFIG_ADD_SHELL is not set -# CONFIG_REMOVE_SHELL is not set -CONFIG_FEATURE_SHADOWPASSWDS=y -CONFIG_USE_BB_PWD_GRP=y -CONFIG_USE_BB_SHADOW=y -CONFIG_USE_BB_CRYPT=y -CONFIG_USE_BB_CRYPT_SHA=y -CONFIG_ADDUSER=y -CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y -CONFIG_FEATURE_CHECK_NAMES=y -CONFIG_FIRST_SYSTEM_ID=100 -CONFIG_LAST_SYSTEM_ID=999 -CONFIG_ADDGROUP=y -CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y -CONFIG_FEATURE_ADDUSER_TO_GROUP=y -CONFIG_DELUSER=y -CONFIG_DELGROUP=y -CONFIG_FEATURE_DEL_USER_FROM_GROUP=y -CONFIG_GETTY=y -CONFIG_LOGIN=y -CONFIG_PAM=y -CONFIG_LOGIN_SCRIPTS=y -CONFIG_FEATURE_NOLOGIN=y -CONFIG_FEATURE_SECURETTY=y -CONFIG_PASSWD=y -CONFIG_FEATURE_PASSWD_WEAK_CHECK=y -CONFIG_CRYPTPW=y -CONFIG_CHPASSWD=y -CONFIG_SU=y -CONFIG_FEATURE_SU_SYSLOG=y -CONFIG_FEATURE_SU_CHECKS_SHELLS=y -# CONFIG_SULOGIN is not set -CONFIG_VLOCK=y - -# -# Linux Ext2 FS Progs -# -CONFIG_CHATTR=y -CONFIG_FSCK=y -CONFIG_LSATTR=y -CONFIG_TUNE2FS=y - -# -# Linux Module Utilities -# -CONFIG_MODINFO=y -CONFIG_MODPROBE_SMALL=y -CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE=y -CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED=y -# CONFIG_INSMOD is not set -# CONFIG_RMMOD is not set -# CONFIG_LSMOD is not set -# CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT is not set -# CONFIG_MODPROBE is not set -# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set -# CONFIG_DEPMOD is not set - -# -# Options common to multiple modutils -# -# CONFIG_FEATURE_2_4_MODULES is not set -CONFIG_FEATURE_INSMOD_TRY_MMAP=y -# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set -# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set -# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set -# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set -# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set -# CONFIG_FEATURE_MODUTILS_ALIAS is not set -# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set -CONFIG_DEFAULT_MODULES_DIR="/lib/modules" -CONFIG_DEFAULT_DEPMOD_FILE="modules.dep" - -# -# Linux System Utilities -# -CONFIG_BLOCKDEV=y -CONFIG_REV=y -CONFIG_ACPID=y -CONFIG_FEATURE_ACPID_COMPAT=y -CONFIG_BLKID=y -CONFIG_FEATURE_BLKID_TYPE=y -CONFIG_DMESG=y -CONFIG_FEATURE_DMESG_PRETTY=y -CONFIG_FBSET=y -CONFIG_FEATURE_FBSET_FANCY=y -CONFIG_FEATURE_FBSET_READMODE=y -CONFIG_FDFLUSH=y -CONFIG_FDFORMAT=y -CONFIG_FDISK=y -# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set -CONFIG_FEATURE_FDISK_WRITABLE=y -CONFIG_FEATURE_AIX_LABEL=y -CONFIG_FEATURE_SGI_LABEL=y -CONFIG_FEATURE_SUN_LABEL=y -CONFIG_FEATURE_OSF_LABEL=y -CONFIG_FEATURE_GPT_LABEL=y -CONFIG_FEATURE_FDISK_ADVANCED=y -CONFIG_FINDFS=y -CONFIG_FLOCK=y -CONFIG_FREERAMDISK=y -# CONFIG_FSCK_MINIX is not set -CONFIG_MKFS_EXT2=y -# CONFIG_MKFS_MINIX is not set -# CONFIG_FEATURE_MINIX2 is not set -CONFIG_MKFS_REISER=y -CONFIG_MKFS_VFAT=y -CONFIG_GETOPT=y -CONFIG_FEATURE_GETOPT_LONG=y -CONFIG_HEXDUMP=y -CONFIG_FEATURE_HEXDUMP_REVERSE=y -CONFIG_HD=y -CONFIG_HWCLOCK=y -CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y -CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y -CONFIG_IPCRM=y -CONFIG_IPCS=y -CONFIG_LOSETUP=y -CONFIG_LSPCI=y -CONFIG_LSUSB=y -CONFIG_MDEV=y -CONFIG_FEATURE_MDEV_CONF=y -CONFIG_FEATURE_MDEV_RENAME=y -CONFIG_FEATURE_MDEV_RENAME_REGEXP=y -CONFIG_FEATURE_MDEV_EXEC=y -CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y -CONFIG_MKSWAP=y -CONFIG_FEATURE_MKSWAP_UUID=y -CONFIG_MORE=y -CONFIG_MOUNT=y -CONFIG_FEATURE_MOUNT_FAKE=y -CONFIG_FEATURE_MOUNT_VERBOSE=y -CONFIG_FEATURE_MOUNT_HELPERS=y -CONFIG_FEATURE_MOUNT_LABEL=y -# CONFIG_FEATURE_MOUNT_NFS is not set -CONFIG_FEATURE_MOUNT_CIFS=y -CONFIG_FEATURE_MOUNT_FLAGS=y -CONFIG_FEATURE_MOUNT_FSTAB=y -CONFIG_PIVOT_ROOT=y -CONFIG_RDATE=y -# CONFIG_RDEV is not set -# CONFIG_READPROFILE is not set -CONFIG_RTCWAKE=y -CONFIG_SCRIPT=y -CONFIG_SCRIPTREPLAY=y -CONFIG_SETARCH=y -CONFIG_SWAPONOFF=y -CONFIG_FEATURE_SWAPON_PRI=y -CONFIG_SWITCH_ROOT=y -CONFIG_UMOUNT=y -CONFIG_FEATURE_UMOUNT_ALL=y - -# -# Common options for mount/umount -# -CONFIG_FEATURE_MOUNT_LOOP=y -CONFIG_FEATURE_MOUNT_LOOP_CREATE=y -CONFIG_FEATURE_MTAB_SUPPORT=y -CONFIG_VOLUMEID=y - -# -# Filesystem/Volume identification -# -CONFIG_FEATURE_VOLUMEID_EXT=y -CONFIG_FEATURE_VOLUMEID_BTRFS=y -CONFIG_FEATURE_VOLUMEID_REISERFS=y -CONFIG_FEATURE_VOLUMEID_FAT=y -CONFIG_FEATURE_VOLUMEID_HFS=y -CONFIG_FEATURE_VOLUMEID_JFS=y -CONFIG_FEATURE_VOLUMEID_XFS=y -CONFIG_FEATURE_VOLUMEID_NTFS=y -CONFIG_FEATURE_VOLUMEID_ISO9660=y -CONFIG_FEATURE_VOLUMEID_UDF=y -CONFIG_FEATURE_VOLUMEID_LUKS=y -CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y -CONFIG_FEATURE_VOLUMEID_CRAMFS=y -CONFIG_FEATURE_VOLUMEID_ROMFS=y -CONFIG_FEATURE_VOLUMEID_SYSV=y -CONFIG_FEATURE_VOLUMEID_OCFS2=y -CONFIG_FEATURE_VOLUMEID_LINUXRAID=y - -# -# Miscellaneous Utilities -# -CONFIG_CONSPY=y -CONFIG_LESS=y -CONFIG_FEATURE_LESS_MAXLINES=9999999 -CONFIG_FEATURE_LESS_BRACKETS=y -CONFIG_FEATURE_LESS_FLAGS=y -CONFIG_FEATURE_LESS_MARKS=y -CONFIG_FEATURE_LESS_REGEXP=y -CONFIG_FEATURE_LESS_WINCH=y -CONFIG_FEATURE_LESS_ASK_TERMINAL=y -CONFIG_FEATURE_LESS_DASHCMD=y -CONFIG_FEATURE_LESS_LINENUMS=y -CONFIG_NANDWRITE=y -CONFIG_NANDDUMP=y -CONFIG_SETSERIAL=y -CONFIG_UBIATTACH=y -CONFIG_UBIDETACH=y -CONFIG_UBIMKVOL=y -CONFIG_UBIRMVOL=y -CONFIG_UBIRSVOL=y -CONFIG_UBIUPDATEVOL=y -CONFIG_ADJTIMEX=y -CONFIG_BBCONFIG=y -CONFIG_FEATURE_COMPRESS_BBCONFIG=y -# CONFIG_BEEP is not set -CONFIG_FEATURE_BEEP_FREQ=0 -CONFIG_FEATURE_BEEP_LENGTH_MS=0 -CONFIG_CHAT=y -CONFIG_FEATURE_CHAT_NOFAIL=y -CONFIG_FEATURE_CHAT_TTY_HIFI=y -CONFIG_FEATURE_CHAT_IMPLICIT_CR=y -CONFIG_FEATURE_CHAT_SWALLOW_OPTS=y -CONFIG_FEATURE_CHAT_SEND_ESCAPES=y -CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y -CONFIG_FEATURE_CHAT_CLR_ABORT=y -CONFIG_CHRT=y -CONFIG_CROND=y -CONFIG_FEATURE_CROND_D=y -CONFIG_FEATURE_CROND_CALL_SENDMAIL=y -CONFIG_FEATURE_CROND_DIR="/var/spool/cron" -# CONFIG_CRONTAB is not set -# CONFIG_DC is not set -# CONFIG_FEATURE_DC_LIBM is not set -# CONFIG_DEVFSD is not set -# CONFIG_DEVFSD_MODLOAD is not set -# CONFIG_DEVFSD_FG_NP is not set -# CONFIG_DEVFSD_VERBOSE is not set -# CONFIG_FEATURE_DEVFS is not set -CONFIG_DEVMEM=y -CONFIG_EJECT=y -CONFIG_FEATURE_EJECT_SCSI=y -# CONFIG_FBSPLASH is not set -CONFIG_FLASHCP=y -CONFIG_FLASH_LOCK=y -CONFIG_FLASH_UNLOCK=y -CONFIG_FLASH_ERASEALL=y -CONFIG_IONICE=y -# CONFIG_INOTIFYD is not set -CONFIG_LAST=y -# CONFIG_FEATURE_LAST_SMALL is not set -CONFIG_FEATURE_LAST_FANCY=y -CONFIG_HDPARM=y -CONFIG_FEATURE_HDPARM_GET_IDENTITY=y -CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y -CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y -CONFIG_MAKEDEVS=y -# CONFIG_FEATURE_MAKEDEVS_LEAF is not set -CONFIG_FEATURE_MAKEDEVS_TABLE=y -CONFIG_MAN=y -CONFIG_MICROCOM=y -CONFIG_MOUNTPOINT=y -CONFIG_MT=y -CONFIG_RAIDAUTORUN=y -CONFIG_READAHEAD=y -# CONFIG_RFKILL is not set -CONFIG_RUNLEVEL=y -CONFIG_RX=y -CONFIG_SETSID=y -CONFIG_STRINGS=y -# CONFIG_TASKSET is not set -# CONFIG_FEATURE_TASKSET_FANCY is not set -CONFIG_TIME=y -CONFIG_TIMEOUT=y -CONFIG_TTYSIZE=y -CONFIG_VOLNAME=y -CONFIG_WALL=y -CONFIG_WATCHDOG=y - -# -# Networking Utilities -# -CONFIG_NAMEIF=y -CONFIG_FEATURE_NAMEIF_EXTENDED=y -CONFIG_NBDCLIENT=y -CONFIG_NC=y -CONFIG_NC_SERVER=y -CONFIG_NC_EXTRA=y -CONFIG_NC_110_COMPAT=y -CONFIG_PING=y -CONFIG_PING6=y -CONFIG_FEATURE_FANCY_PING=y -CONFIG_WHOIS=y -CONFIG_FEATURE_IPV6=y -CONFIG_FEATURE_UNIX_LOCAL=y -CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y -CONFIG_VERBOSE_RESOLUTION_ERRORS=y -CONFIG_ARP=y -CONFIG_ARPING=y -CONFIG_BRCTL=y -CONFIG_FEATURE_BRCTL_FANCY=y -CONFIG_FEATURE_BRCTL_SHOW=y -# CONFIG_DNSD is not set -CONFIG_ETHER_WAKE=y -# CONFIG_FAKEIDENTD is not set -CONFIG_FTPD=y -CONFIG_FEATURE_FTP_WRITE=y -CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y -# CONFIG_FTPGET is not set -# CONFIG_FTPPUT is not set -# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set -CONFIG_HOSTNAME=y -CONFIG_HTTPD=y -CONFIG_FEATURE_HTTPD_RANGES=y -CONFIG_FEATURE_HTTPD_USE_SENDFILE=y -CONFIG_FEATURE_HTTPD_SETUID=y -CONFIG_FEATURE_HTTPD_BASIC_AUTH=y -CONFIG_FEATURE_HTTPD_AUTH_MD5=y -CONFIG_FEATURE_HTTPD_CGI=y -CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y -CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y -CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y -CONFIG_FEATURE_HTTPD_ERROR_PAGES=y -CONFIG_FEATURE_HTTPD_PROXY=y -CONFIG_FEATURE_HTTPD_GZIP=y -CONFIG_IFCONFIG=y -CONFIG_FEATURE_IFCONFIG_STATUS=y -CONFIG_FEATURE_IFCONFIG_SLIP=y -CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y -CONFIG_FEATURE_IFCONFIG_HW=y -CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y -CONFIG_IFENSLAVE=y -CONFIG_IFPLUGD=y -CONFIG_IFUPDOWN=y -CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate" -CONFIG_FEATURE_IFUPDOWN_IP=y -CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y -# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set -CONFIG_FEATURE_IFUPDOWN_IPV4=y -CONFIG_FEATURE_IFUPDOWN_IPV6=y -CONFIG_FEATURE_IFUPDOWN_MAPPING=y -CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y -# CONFIG_INETD is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set -# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set -# CONFIG_FEATURE_INETD_RPC is not set -CONFIG_IP=y -CONFIG_FEATURE_IP_ADDRESS=y -CONFIG_FEATURE_IP_LINK=y -CONFIG_FEATURE_IP_ROUTE=y -CONFIG_FEATURE_IP_TUNNEL=y -CONFIG_FEATURE_IP_RULE=y -CONFIG_FEATURE_IP_SHORT_FORMS=y -CONFIG_FEATURE_IP_RARE_PROTOCOLS=y -CONFIG_IPADDR=y -CONFIG_IPLINK=y -CONFIG_IPROUTE=y -CONFIG_IPTUNNEL=y -CONFIG_IPRULE=y -# CONFIG_IPCALC is not set -# CONFIG_FEATURE_IPCALC_FANCY is not set -# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set -CONFIG_NETSTAT=y -CONFIG_FEATURE_NETSTAT_WIDE=y -CONFIG_FEATURE_NETSTAT_PRG=y -CONFIG_NSLOOKUP=y -CONFIG_NTPD=y -CONFIG_FEATURE_NTPD_SERVER=y -CONFIG_PSCAN=y -CONFIG_ROUTE=y -# CONFIG_SLATTACH is not set -# CONFIG_TCPSVD is not set -CONFIG_TELNET=y -CONFIG_FEATURE_TELNET_TTYPE=y -CONFIG_FEATURE_TELNET_AUTOLOGIN=y -CONFIG_TELNETD=y -CONFIG_FEATURE_TELNETD_STANDALONE=y -CONFIG_FEATURE_TELNETD_INETD_WAIT=y -CONFIG_TFTP=y -CONFIG_TFTPD=y - -# -# Common options for tftp/tftpd -# -CONFIG_FEATURE_TFTP_GET=y -CONFIG_FEATURE_TFTP_PUT=y -CONFIG_FEATURE_TFTP_BLOCKSIZE=y -CONFIG_FEATURE_TFTP_PROGRESS_BAR=y -CONFIG_TFTP_DEBUG=y -CONFIG_TRACEROUTE=y -CONFIG_TRACEROUTE6=y -CONFIG_FEATURE_TRACEROUTE_VERBOSE=y -CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y -CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y -CONFIG_TUNCTL=y -CONFIG_FEATURE_TUNCTL_UG=y -CONFIG_UDHCPD=y -CONFIG_DHCPRELAY=y -CONFIG_DUMPLEASES=y -CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y -CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC=y -CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" -CONFIG_UDHCPC=y -CONFIG_FEATURE_UDHCPC_ARPING=y -CONFIG_FEATURE_UDHCP_PORT=y -CONFIG_UDHCP_DEBUG=9 -CONFIG_FEATURE_UDHCP_RFC3397=y -CONFIG_FEATURE_UDHCP_8021Q=y -CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" -CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80 -CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n" -# CONFIG_UDPSVD is not set -CONFIG_VCONFIG=y -CONFIG_WGET=y -CONFIG_FEATURE_WGET_STATUSBAR=y -CONFIG_FEATURE_WGET_AUTHENTICATION=y -CONFIG_FEATURE_WGET_LONG_OPTIONS=y -CONFIG_FEATURE_WGET_TIMEOUT=y -CONFIG_ZCIP=y - -# -# Print Utilities -# -# CONFIG_LPD is not set -CONFIG_LPR=y -CONFIG_LPQ=y - -# -# Mail Utilities -# -# CONFIG_MAKEMIME is not set -CONFIG_FEATURE_MIME_CHARSET="us-ascii" -CONFIG_POPMAILDIR=y -CONFIG_FEATURE_POPMAILDIR_DELIVERY=y -# CONFIG_REFORMIME is not set -# CONFIG_FEATURE_REFORMIME_COMPAT is not set -CONFIG_SENDMAIL=y - -# -# Process Utilities -# -CONFIG_IOSTAT=y -CONFIG_MPSTAT=y -CONFIG_NMETER=y -CONFIG_PMAP=y -CONFIG_POWERTOP=y -CONFIG_PSTREE=y -CONFIG_PWDX=y -# CONFIG_SMEMCAP is not set -CONFIG_UPTIME=y -CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y -CONFIG_FREE=y -CONFIG_FUSER=y -CONFIG_KILL=y -CONFIG_KILLALL=y -CONFIG_KILLALL5=y -CONFIG_PGREP=y -CONFIG_PIDOF=y -CONFIG_FEATURE_PIDOF_SINGLE=y -CONFIG_FEATURE_PIDOF_OMIT=y -CONFIG_PKILL=y -CONFIG_PS=y -CONFIG_FEATURE_PS_WIDE=y -CONFIG_FEATURE_PS_TIME=y -CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=y -CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS=y -CONFIG_RENICE=y -CONFIG_BB_SYSCTL=y -CONFIG_TOP=y -CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y -CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y -CONFIG_FEATURE_TOP_SMP_CPU=y -CONFIG_FEATURE_TOP_DECIMALS=y -CONFIG_FEATURE_TOP_SMP_PROCESS=y -CONFIG_FEATURE_TOPMEM=y -CONFIG_FEATURE_SHOW_THREADS=y -CONFIG_WATCH=y - -# -# Runit Utilities -# -# CONFIG_RUNSV is not set -# CONFIG_RUNSVDIR is not set -# CONFIG_FEATURE_RUNSVDIR_LOG is not set -# CONFIG_SV is not set -CONFIG_SV_DEFAULT_SERVICE_DIR="" -# CONFIG_SVLOGD is not set -CONFIG_CHPST=y -CONFIG_SETUIDGID=y -CONFIG_ENVUIDGID=y -CONFIG_ENVDIR=y -CONFIG_SOFTLIMIT=y -# CONFIG_CHCON is not set -# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set -# CONFIG_GETENFORCE is not set -# CONFIG_GETSEBOOL is not set -# CONFIG_LOAD_POLICY is not set -# CONFIG_MATCHPATHCON is not set -# CONFIG_RESTORECON is not set -# CONFIG_RUNCON is not set -# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set -# CONFIG_SELINUXENABLED is not set -# CONFIG_SETENFORCE is not set -# CONFIG_SETFILES is not set -# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set -# CONFIG_SETSEBOOL is not set -# CONFIG_SESTATUS is not set - -# -# Shells -# -CONFIG_ASH=y -CONFIG_ASH_BASH_COMPAT=y -# CONFIG_ASH_IDLE_TIMEOUT is not set -CONFIG_ASH_JOB_CONTROL=y -CONFIG_ASH_ALIAS=y -CONFIG_ASH_GETOPTS=y -CONFIG_ASH_BUILTIN_ECHO=y -CONFIG_ASH_BUILTIN_PRINTF=y -CONFIG_ASH_BUILTIN_TEST=y -CONFIG_ASH_CMDCMD=y -# CONFIG_ASH_MAIL is not set -CONFIG_ASH_OPTIMIZE_FOR_SIZE=y -CONFIG_ASH_RANDOM_SUPPORT=y -CONFIG_ASH_EXPAND_PRMT=y -CONFIG_CTTYHACK=y -# CONFIG_HUSH is not set -# CONFIG_HUSH_BASH_COMPAT is not set -# CONFIG_HUSH_BRACE_EXPANSION is not set -# CONFIG_HUSH_HELP is not set -# CONFIG_HUSH_INTERACTIVE is not set -# CONFIG_HUSH_SAVEHISTORY is not set -# CONFIG_HUSH_JOB is not set -# CONFIG_HUSH_TICK is not set -# CONFIG_HUSH_IF is not set -# CONFIG_HUSH_LOOPS is not set -# CONFIG_HUSH_CASE is not set -# CONFIG_HUSH_FUNCTIONS is not set -# CONFIG_HUSH_LOCAL is not set -# CONFIG_HUSH_RANDOM_SUPPORT is not set -# CONFIG_HUSH_EXPORT_N is not set -# CONFIG_HUSH_MODE_X is not set -# CONFIG_MSH is not set -CONFIG_FEATURE_SH_IS_ASH=y -# CONFIG_FEATURE_SH_IS_HUSH is not set -# CONFIG_FEATURE_SH_IS_NONE is not set -# CONFIG_FEATURE_BASH_IS_ASH is not set -# CONFIG_FEATURE_BASH_IS_HUSH is not set -CONFIG_FEATURE_BASH_IS_NONE=y -CONFIG_SH_MATH_SUPPORT=y -CONFIG_SH_MATH_SUPPORT_64=y -CONFIG_FEATURE_SH_EXTRA_QUIET=y -CONFIG_FEATURE_SH_STANDALONE=y -CONFIG_FEATURE_SH_NOFORK=y -CONFIG_FEATURE_SH_HISTFILESIZE=y - -# -# System Logging Utilities -# -CONFIG_SYSLOGD=y -CONFIG_FEATURE_ROTATE_LOGFILE=y -CONFIG_FEATURE_REMOTE_LOG=y -CONFIG_FEATURE_SYSLOGD_DUP=y -CONFIG_FEATURE_SYSLOGD_CFG=y -CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256 -CONFIG_FEATURE_IPC_SYSLOG=y -CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16 -CONFIG_LOGREAD=y -CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y -CONFIG_KLOGD=y -CONFIG_FEATURE_KLOGD_KLOGCTL=y -CONFIG_LOGGER=y diff --git a/portage/savedconfig/sys-apps/busybox-1.19.3-r1 b/portage/savedconfig/sys-apps/busybox-1.19.3-r1 index bd3a7fb..8555f4e 100644 --- a/portage/savedconfig/sys-apps/busybox-1.19.3-r1 +++ b/portage/savedconfig/sys-apps/busybox-1.19.3-r1 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.19.3 -# Mon Jan 23 18:45:14 2012 +# Wed May 30 23:05:27 2012 # CONFIG_HAVE_DOT_CONFIG=y