From: Frank Brehm Date: Tue, 8 Aug 2017 19:28:57 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=93955729b0d7a2161a16e3cb1c0452d61c2e5b05;p=config%2Fns3%2Fetc.git Current state --- diff --git a/NetworkManager/dispatcher.d/20-chrony b/NetworkManager/dispatcher.d/20-chrony new file mode 100755 index 0000000..084aed6 --- /dev/null +++ b/NetworkManager/dispatcher.d/20-chrony @@ -0,0 +1,17 @@ +#!/bin/sh +# This is a NetworkManager dispatcher script for chronyd to set its NTP sources +# online/offline when a default route is configured/removed on the system. + +export LC_ALL=C + +if [ "$2" = "up" ]; then + /sbin/ip route list dev "$1" | grep -q '^default' && + /usr/bin/chronyc online > /dev/null 2>&1 +fi + +if [ "$2" = "down" ]; then + /sbin/ip route list | grep -q '^default' || + /usr/bin/chronyc offline > /dev/null 2>&1 +fi + +exit 0 diff --git a/X11/Xsession.d/90gpg-agent b/X11/Xsession.d/90gpg-agent new file mode 100644 index 0000000..8b45b05 --- /dev/null +++ b/X11/Xsession.d/90gpg-agent @@ -0,0 +1,22 @@ +# On systems with systemd running, we expect the agent to be launched +# via systemd's user mode (see +# /usr/lib/systemd/user/gpg-agent.{socket,service} and +# systemd.unit(5)). This allows systemd to clean up the agent +# automatically at logout. + +# If systemd is absent from your system, or you do not permit it to +# run in user mode, then you may need to manually launch gpg-agent +# from your session initialization with something like "gpgconf +# --launch gpg-agent" + +# Nonetheless, ssh and older versions of gpg require environment +# variables to be set in order to find the agent, so we will set those +# here. + +agent_sock=$(gpgconf --list-dirs agent-socket) +export GPG_AGENT_INFO=${agent_sock}:0:1 +if [ -n "$(gpgconf --list-options gpg-agent | \ + awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +fi + diff --git a/aliases.db b/aliases.db index 049d727..9c50ba2 100644 Binary files a/aliases.db and b/aliases.db differ diff --git a/alternatives/Mail b/alternatives/Mail deleted file mode 120000 index 3d47966..0000000 --- a/alternatives/Mail +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/heirloom-mailx \ No newline at end of file diff --git a/alternatives/Mail.1.gz b/alternatives/Mail.1.gz deleted file mode 120000 index 1917ecf..0000000 --- a/alternatives/Mail.1.gz +++ /dev/null @@ -1 +0,0 @@ -/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file diff --git a/alternatives/dotlock b/alternatives/dotlock new file mode 120000 index 0000000..423e888 --- /dev/null +++ b/alternatives/dotlock @@ -0,0 +1 @@ +/usr/bin/dotlock.mailutils \ No newline at end of file diff --git a/alternatives/dotlock.1.gz b/alternatives/dotlock.1.gz new file mode 120000 index 0000000..48fb595 --- /dev/null +++ b/alternatives/dotlock.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/dotlock.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/frm b/alternatives/frm new file mode 120000 index 0000000..def5353 --- /dev/null +++ b/alternatives/frm @@ -0,0 +1 @@ +/usr/bin/frm.mailutils \ No newline at end of file diff --git a/alternatives/frm.1.gz b/alternatives/frm.1.gz new file mode 120000 index 0000000..ec4c491 --- /dev/null +++ b/alternatives/frm.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/frm.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/from b/alternatives/from index 3ee6643..f4e6cdc 120000 --- a/alternatives/from +++ b/alternatives/from @@ -1 +1 @@ -/usr/bin/bsd-from \ No newline at end of file +/usr/bin/from.mailutils \ No newline at end of file diff --git a/alternatives/from.1.gz b/alternatives/from.1.gz index 9c0d8d3..d20001a 120000 --- a/alternatives/from.1.gz +++ b/alternatives/from.1.gz @@ -1 +1 @@ -/usr/share/man/man1/bsd-from.1.gz \ No newline at end of file +/usr/share/man/man1/from.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/libblas.so.3gf b/alternatives/libblas.so.3gf deleted file mode 120000 index 47d84db..0000000 --- a/alternatives/libblas.so.3gf +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/libblas/libblas.so.3 \ No newline at end of file diff --git a/alternatives/mail b/alternatives/mail index 3d47966..e4c7643 120000 --- a/alternatives/mail +++ b/alternatives/mail @@ -1 +1 @@ -/usr/bin/heirloom-mailx \ No newline at end of file +/usr/bin/mail.mailutils \ No newline at end of file diff --git a/alternatives/mail.1.gz b/alternatives/mail.1.gz index 1917ecf..b8055c8 120000 --- a/alternatives/mail.1.gz +++ b/alternatives/mail.1.gz @@ -1 +1 @@ -/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file +/usr/share/man/man1/mail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/mailx b/alternatives/mailx index 3d47966..e4c7643 120000 --- a/alternatives/mailx +++ b/alternatives/mailx @@ -1 +1 @@ -/usr/bin/heirloom-mailx \ No newline at end of file +/usr/bin/mail.mailutils \ No newline at end of file diff --git a/alternatives/mailx.1.gz b/alternatives/mailx.1.gz index 1917ecf..b8055c8 120000 --- a/alternatives/mailx.1.gz +++ b/alternatives/mailx.1.gz @@ -1 +1 @@ -/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file +/usr/share/man/man1/mail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/messages b/alternatives/messages new file mode 120000 index 0000000..e66edd3 --- /dev/null +++ b/alternatives/messages @@ -0,0 +1 @@ +/usr/bin/messages.mailutils \ No newline at end of file diff --git a/alternatives/messages.1.gz b/alternatives/messages.1.gz new file mode 120000 index 0000000..8884760 --- /dev/null +++ b/alternatives/messages.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/messages.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/movemail b/alternatives/movemail new file mode 120000 index 0000000..8d4efb3 --- /dev/null +++ b/alternatives/movemail @@ -0,0 +1 @@ +/usr/bin/movemail.mailutils \ No newline at end of file diff --git a/alternatives/movemail.1.gz b/alternatives/movemail.1.gz new file mode 120000 index 0000000..32b3520 --- /dev/null +++ b/alternatives/movemail.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/movemail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/my.cnf b/alternatives/my.cnf new file mode 120000 index 0000000..d16fc1d --- /dev/null +++ b/alternatives/my.cnf @@ -0,0 +1 @@ +/etc/mysql/my.cnf.fallback \ No newline at end of file diff --git a/alternatives/netrc.5.gz b/alternatives/netrc.5.gz new file mode 120000 index 0000000..5702a2c --- /dev/null +++ b/alternatives/netrc.5.gz @@ -0,0 +1 @@ +/usr/share/man/man5/netkit-netrc.5.gz \ No newline at end of file diff --git a/alternatives/pftp b/alternatives/pftp new file mode 120000 index 0000000..f0ae93f --- /dev/null +++ b/alternatives/pftp @@ -0,0 +1 @@ +/usr/bin/netkit-ftp \ No newline at end of file diff --git a/alternatives/pftp.1.gz b/alternatives/pftp.1.gz new file mode 120000 index 0000000..5b3a00b --- /dev/null +++ b/alternatives/pftp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/netkit-ftp.1.gz \ No newline at end of file diff --git a/alternatives/phar b/alternatives/phar index 238208c..b02bc5b 120000 --- a/alternatives/phar +++ b/alternatives/phar @@ -1 +1 @@ -/usr/bin/phar5 \ No newline at end of file +/usr/bin/phar7.0 \ No newline at end of file diff --git a/alternatives/phar.1.gz b/alternatives/phar.1.gz index 5cab2ce..b627d37 120000 --- a/alternatives/phar.1.gz +++ b/alternatives/phar.1.gz @@ -1 +1 @@ -/usr/share/man/man1/phar5.1.gz \ No newline at end of file +/usr/share/man/man1/phar7.0.1.gz \ No newline at end of file diff --git a/alternatives/phar.phar b/alternatives/phar.phar new file mode 120000 index 0000000..c6602a3 --- /dev/null +++ b/alternatives/phar.phar @@ -0,0 +1 @@ +/usr/bin/phar.phar7.0 \ No newline at end of file diff --git a/alternatives/phar.phar.1.gz b/alternatives/phar.phar.1.gz new file mode 120000 index 0000000..9163d0f --- /dev/null +++ b/alternatives/phar.phar.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/phar.phar7.0.1.gz \ No newline at end of file diff --git a/alternatives/php b/alternatives/php index 07db26c..d87548b 120000 --- a/alternatives/php +++ b/alternatives/php @@ -1 +1 @@ -/usr/bin/php5 \ No newline at end of file +/usr/bin/php7.0 \ No newline at end of file diff --git a/alternatives/php.1.gz b/alternatives/php.1.gz index 28ca7d1..8ef3a9a 120000 --- a/alternatives/php.1.gz +++ b/alternatives/php.1.gz @@ -1 +1 @@ -/usr/share/man/man1/php5.1.gz \ No newline at end of file +/usr/share/man/man1/php7.0.1.gz \ No newline at end of file diff --git a/alternatives/pinentry b/alternatives/pinentry new file mode 120000 index 0000000..01990a3 --- /dev/null +++ b/alternatives/pinentry @@ -0,0 +1 @@ +/usr/bin/pinentry-curses \ No newline at end of file diff --git a/alternatives/pinentry.1.gz b/alternatives/pinentry.1.gz new file mode 120000 index 0000000..8e9ab4f --- /dev/null +++ b/alternatives/pinentry.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/pinentry-curses.1.gz \ No newline at end of file diff --git a/alternatives/readmsg b/alternatives/readmsg new file mode 120000 index 0000000..99bcf73 --- /dev/null +++ b/alternatives/readmsg @@ -0,0 +1 @@ +/usr/bin/readmsg.mailutils \ No newline at end of file diff --git a/alternatives/readmsg.1.gz b/alternatives/readmsg.1.gz new file mode 120000 index 0000000..322d3a6 --- /dev/null +++ b/alternatives/readmsg.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/readmsg.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/rzsh b/alternatives/rzsh deleted file mode 120000 index 3b005e7..0000000 --- a/alternatives/rzsh +++ /dev/null @@ -1 +0,0 @@ -/bin/zsh5 \ No newline at end of file diff --git a/alternatives/rzsh.1.gz b/alternatives/rzsh.1.gz deleted file mode 120000 index 15dffb2..0000000 --- a/alternatives/rzsh.1.gz +++ /dev/null @@ -1 +0,0 @@ -/usr/share/man/man1/zsh.1.gz \ No newline at end of file diff --git a/alternatives/updatedb.8.gz b/alternatives/updatedb.8.gz new file mode 120000 index 0000000..d48060b --- /dev/null +++ b/alternatives/updatedb.8.gz @@ -0,0 +1 @@ +/usr/share/man/man8/updatedb.mlocate.8.gz \ No newline at end of file diff --git a/alternatives/zsh b/alternatives/zsh deleted file mode 120000 index 3b005e7..0000000 --- a/alternatives/zsh +++ /dev/null @@ -1 +0,0 @@ -/bin/zsh5 \ No newline at end of file diff --git a/alternatives/zsh-usrbin b/alternatives/zsh-usrbin deleted file mode 120000 index 3b005e7..0000000 --- a/alternatives/zsh-usrbin +++ /dev/null @@ -1 +0,0 @@ -/bin/zsh5 \ No newline at end of file diff --git a/apache2/apache2.conf.dpkg-dist b/apache2/apache2.conf.dpkg-dist new file mode 100644 index 0000000..ae4b2c3 --- /dev/null +++ b/apache2/apache2.conf.dpkg-dist @@ -0,0 +1,227 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/apache2/conf-available/custom-log.conf b/apache2/conf-available/custom-log.conf old mode 100755 new mode 100644 diff --git a/apache2/conf-available/gitweb.conf b/apache2/conf-available/gitweb.conf index abd288a..cb914bc 100644 --- a/apache2/conf-available/gitweb.conf +++ b/apache2/conf-available/gitweb.conf @@ -1,9 +1,11 @@ - - Define ENABLE_GITWEB - - - Define ENABLE_GITWEB + + + Define ENABLE_GITWEB + + + Define ENABLE_GITWEB + diff --git a/apache2/conf-available/phpldapadmin.conf b/apache2/conf-available/phpldapadmin.conf deleted file mode 120000 index 3742074..0000000 --- a/apache2/conf-available/phpldapadmin.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/phpldapadmin/apache.conf \ No newline at end of file diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf index 599333b..f9f69d4 100644 --- a/apache2/conf-available/security.conf +++ b/apache2/conf-available/security.conf @@ -7,8 +7,7 @@ # # # AllowOverride None -# Order Deny,Allow -# Deny from all +# Require all denied # diff --git a/apache2/conf-enabled/phpldapadmin.conf b/apache2/conf-enabled/phpldapadmin.conf deleted file mode 120000 index 6888fa5..0000000 --- a/apache2/conf-enabled/phpldapadmin.conf +++ /dev/null @@ -1 +0,0 @@ -../conf-available/phpldapadmin.conf \ No newline at end of file diff --git a/apache2/envvars b/apache2/envvars index 91328ac..708d170 100644 --- a/apache2/envvars +++ b/apache2/envvars @@ -16,7 +16,7 @@ fi export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data # temporary state file location. This might be changed to /run in Wheezy+1 -export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid +export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. diff --git a/apache2/info_users_passwd b/apache2/info_users_passwd new file mode 100644 index 0000000..a9cf5ab --- /dev/null +++ b/apache2/info_users_passwd @@ -0,0 +1,3 @@ +monitoring:$apr1$rq/i6DzS$Qk6YAABQSeIgXe5Z0cc7K0 +uhu:$apr1$cFagqyiq$T2azAWwszStOUz/mmfONd/ +frank:$apr1$q0RMdmRi$5egjyB4c32Ts/swS3hkuN0 diff --git a/apache2/mods-available/cern_meta.load b/apache2/mods-available/cern_meta.load new file mode 100644 index 0000000..bcc7546 --- /dev/null +++ b/apache2/mods-available/cern_meta.load @@ -0,0 +1 @@ +LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so diff --git a/apache2/mods-available/http2.load b/apache2/mods-available/http2.load new file mode 100644 index 0000000..e5c769f --- /dev/null +++ b/apache2/mods-available/http2.load @@ -0,0 +1 @@ +LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so diff --git a/apache2/mods-available/imagemap.load b/apache2/mods-available/imagemap.load new file mode 100644 index 0000000..0fd55f8 --- /dev/null +++ b/apache2/mods-available/imagemap.load @@ -0,0 +1 @@ +LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so diff --git a/apache2/mods-available/info.conf b/apache2/mods-available/info.conf index 78a0649..b3e5f59 100644 --- a/apache2/mods-available/info.conf +++ b/apache2/mods-available/info.conf @@ -2,12 +2,17 @@ # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). - # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. # SetHandler server-info - Require local - #Require ip 192.0.2.0/24 + AuthName "Server Status Access" + AuthType Basic + AuthBasicProvider file + AuthUserFile /etc/apache2/info_users_passwd + + Require local + Require valid-user + diff --git a/apache2/mods-available/php5.conf b/apache2/mods-available/php5.conf deleted file mode 100644 index 2b2b42b..0000000 --- a/apache2/mods-available/php5.conf +++ /dev/null @@ -1,25 +0,0 @@ - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - # Deny access to raw php sources by default - # To re-enable it's recommended to enable access to the files - # only in specific virtual host or directory - Require all denied - -# Deny access to files without filename (e.g. '.php') - - Require all denied - - -# Running PHP scripts in user directories is disabled by default -# -# To re-enable PHP in user directories comment the following lines -# (from to .) Do NOT set it to On as it -# prevents .htaccess files from disabling it. - - - php_admin_flag engine Off - - diff --git a/apache2/mods-available/php5.load b/apache2/mods-available/php5.load deleted file mode 100644 index 653695f..0000000 --- a/apache2/mods-available/php5.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule php5_module /usr/lib/apache2/modules/libphp5.so diff --git a/apache2/mods-available/php7.0.conf b/apache2/mods-available/php7.0.conf new file mode 100644 index 0000000..41b48f9 --- /dev/null +++ b/apache2/mods-available/php7.0.conf @@ -0,0 +1,25 @@ + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Require all denied + +# Deny access to files without filename (e.g. '.php') + + Require all denied + + +# Running PHP scripts in user directories is disabled by default +# +# To re-enable PHP in user directories comment the following lines +# (from to .) Do NOT set it to On as it +# prevents .htaccess files from disabling it. + + + php_admin_flag engine Off + + diff --git a/apache2/mods-available/php7.0.load b/apache2/mods-available/php7.0.load new file mode 100644 index 0000000..b539a0e --- /dev/null +++ b/apache2/mods-available/php7.0.load @@ -0,0 +1,3 @@ +# Conflicts: php5 +# Depends: mpm_prefork +LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so diff --git a/apache2/mods-available/proxy_hcheck.load b/apache2/mods-available/proxy_hcheck.load new file mode 100644 index 0000000..b70f421 --- /dev/null +++ b/apache2/mods-available/proxy_hcheck.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_hcheck_module /usr/lib/apache2/modules/mod_proxy_hcheck.so diff --git a/apache2/mods-available/proxy_html.load b/apache2/mods-available/proxy_html.load index d8b248e..50f1a2c 100644 --- a/apache2/mods-available/proxy_html.load +++ b/apache2/mods-available/proxy_html.load @@ -1,2 +1,2 @@ -# Depends: proxy +# Depends: proxy xml2enc LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so diff --git a/apache2/mods-available/proxy_http2.load b/apache2/mods-available/proxy_http2.load new file mode 100644 index 0000000..b251d0c --- /dev/null +++ b/apache2/mods-available/proxy_http2.load @@ -0,0 +1,2 @@ +# Depends: proxy http2 +LoadModule proxy_http2_module /usr/lib/apache2/modules/mod_proxy_http2.so diff --git a/apache2/mods-available/status.conf b/apache2/mods-available/status.conf index 5f53ba7..b61bb58 100644 --- a/apache2/mods-available/status.conf +++ b/apache2/mods-available/status.conf @@ -1,12 +1,18 @@ # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status - # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. SetHandler server-status - Require local - #Require ip 192.0.2.0/24 + AuthName "Server Status Access" + AuthType Basic + AuthBasicProvider file + AuthUserFile /etc/apache2/info_users_passwd + + Require local + Require valid-user + + # Keep track of extended status information for each request diff --git a/apache2/mods-available/userdir.conf b/apache2/mods-available/userdir.conf index a6c0da6..2c334ec 100644 --- a/apache2/mods-available/userdir.conf +++ b/apache2/mods-available/userdir.conf @@ -5,12 +5,7 @@ AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - - Require all granted - - - Require all denied - + Require method GET POST OPTIONS diff --git a/apache2/mods-enabled/info.conf b/apache2/mods-enabled/info.conf new file mode 120000 index 0000000..432cc88 --- /dev/null +++ b/apache2/mods-enabled/info.conf @@ -0,0 +1 @@ +../mods-available/info.conf \ No newline at end of file diff --git a/apache2/mods-enabled/info.load b/apache2/mods-enabled/info.load new file mode 120000 index 0000000..982891d --- /dev/null +++ b/apache2/mods-enabled/info.load @@ -0,0 +1 @@ +../mods-available/info.load \ No newline at end of file diff --git a/apache2/mods-enabled/php5.conf b/apache2/mods-enabled/php5.conf deleted file mode 120000 index ce1dd2e..0000000 --- a/apache2/mods-enabled/php5.conf +++ /dev/null @@ -1 +0,0 @@ -../mods-available/php5.conf \ No newline at end of file diff --git a/apache2/mods-enabled/php5.load b/apache2/mods-enabled/php5.load deleted file mode 120000 index dae39ce..0000000 --- a/apache2/mods-enabled/php5.load +++ /dev/null @@ -1 +0,0 @@ -../mods-available/php5.load \ No newline at end of file diff --git a/apache2/mods-enabled/php7.0.conf b/apache2/mods-enabled/php7.0.conf new file mode 120000 index 0000000..11c4a99 --- /dev/null +++ b/apache2/mods-enabled/php7.0.conf @@ -0,0 +1 @@ +../mods-available/php7.0.conf \ No newline at end of file diff --git a/apache2/mods-enabled/php7.0.load b/apache2/mods-enabled/php7.0.load new file mode 120000 index 0000000..58e0a2f --- /dev/null +++ b/apache2/mods-enabled/php7.0.load @@ -0,0 +1 @@ +../mods-available/php7.0.load \ No newline at end of file diff --git a/apache2/mods-enabled/reqtimeout.conf b/apache2/mods-enabled/reqtimeout.conf new file mode 120000 index 0000000..093b41d --- /dev/null +++ b/apache2/mods-enabled/reqtimeout.conf @@ -0,0 +1 @@ +../mods-available/reqtimeout.conf \ No newline at end of file diff --git a/apache2/mods-enabled/reqtimeout.load b/apache2/mods-enabled/reqtimeout.load new file mode 120000 index 0000000..979fab9 --- /dev/null +++ b/apache2/mods-enabled/reqtimeout.load @@ -0,0 +1 @@ +../mods-available/reqtimeout.load \ No newline at end of file diff --git a/apache2/sites-available/000-default-ssl.conf b/apache2/sites-available/000-default-ssl.conf new file mode 100644 index 0000000..69e985f --- /dev/null +++ b/apache2/sites-available/000-default-ssl.conf @@ -0,0 +1,48 @@ + + + + + + Include sites-available/default-include.conf + + SSLEngine on + + SSLCertificateFile /etc/letsencrypt/live/git.uhu-banane.net/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/git.uhu-banane.net/privkey.pem + + Include /etc/letsencrypt/options-ssl-apache.conf + + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + #SSLVerifyClient require + #SSLVerifyDepth 10 + + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + ServerName ns3.uhu-banane.de + ServerAlias ns3 + ServerAlias ns3.brehm-online.com + + + + +# vim: filetype=apache ts=8 sw=4 sts=4 sr noet diff --git a/apache2/sites-available/default-ssl.conf.dpkg-dist b/apache2/sites-available/default-ssl.conf.dpkg-dist new file mode 100644 index 0000000..7e37a9c --- /dev/null +++ b/apache2/sites-available/default-ssl.conf.dpkg-dist @@ -0,0 +1,134 @@ + + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/html + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + # BrowserMatch "MSIE [2-6]" \ + # nokeepalive ssl-unclean-shutdown \ + # downgrade-1.0 force-response-1.0 + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/apache2/sites-enabled/000-default-ssl.conf b/apache2/sites-enabled/000-default-ssl.conf new file mode 120000 index 0000000..596612a --- /dev/null +++ b/apache2/sites-enabled/000-default-ssl.conf @@ -0,0 +1 @@ +../sites-available/000-default-ssl.conf \ No newline at end of file diff --git a/apm/event.d/01chrony b/apm/event.d/01chrony deleted file mode 100755 index df52908..0000000 --- a/apm/event.d/01chrony +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -# Placed in /etc/apm/event.d by the chrony package at the instruction of -# the apmd maintainer. If you don't have apm and don't intend to install -# apmd you may remove it. It needs to run after 00hwclock but before any -# other scripts. - - -[ -x /usr/sbin/chronyd ] || exit 0 - -if [ "$1" = suspend ]; then - invoke-rc.d chrony stop -elif [ "$1" = standby ]; then - invoke-rc.d chrony stop -elif [ "$1" = resume ]; then - invoke-rc.d chrony start -fi diff --git a/apparmor.d/local/usr.sbin.haveged b/apparmor.d/local/usr.sbin.haveged new file mode 100644 index 0000000..07c2960 --- /dev/null +++ b/apparmor.d/local/usr.sbin.haveged @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.sbin.haveged. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/apparmor.d/usr.sbin.haveged b/apparmor.d/usr.sbin.haveged new file mode 100644 index 0000000..0e61138 --- /dev/null +++ b/apparmor.d/usr.sbin.haveged @@ -0,0 +1,23 @@ +# Last Modified: Fri Aug 21 15:23:17 2015 +#include + +/usr/sbin/haveged { + #include + + # Required for ioctl RNDADDENTROPY + capability sys_admin, + + owner @{PROC}/@{pid}/status r, + + @{PROC}/sys/kernel/osrelease r, + @{PROC}/sys/kernel/random/poolsize r, + @{PROC}/sys/kernel/random/write_wakeup_threshold w, + /dev/random w, + + /sys/devices/system/cpu/ r, + /sys/devices/system/cpu/cpu*/cache/ r, + /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r, + /usr/sbin/haveged mr, + + #include +} diff --git a/apparmor.d/usr.sbin.named b/apparmor.d/usr.sbin.named index 35df558..43e27c0 100644 --- a/apparmor.d/usr.sbin.named +++ b/apparmor.d/usr.sbin.named @@ -35,8 +35,9 @@ # dnscvsutil package /var/lib/dnscvsutil/compiled/** rw, - /proc/net/if_inet6 r, - /proc/*/net/if_inet6 r, + @{PROC}/net/if_inet6 r, + @{PROC}/*/net/if_inet6 r, + @{PROC}/sys/net/ipv4/ip_local_port_range r, /usr/sbin/named mr, /{,var/}run/named/named.pid w, /{,var/}run/named/session.key w, @@ -48,6 +49,19 @@ /var/log/named/** rw, /var/log/named/ rw, + # gssapi + /var/lib/sss/pubconf/krb5.include.d/** r, + /var/lib/sss/pubconf/krb5.include.d/ r, + /var/lib/sss/mc/initgroups r, + /etc/gss/mech.d/ r, + + # ldap + /etc/ldap/ldap.conf r, + /{,var/}run/slapd-*.socket rw, + + # dynamic updates + /var/tmp/DNS_* rw, + # Site-specific additions and overrides. See local/README for details. #include } diff --git a/apt/apt.conf.d/01autoremove b/apt/apt.conf.d/01autoremove index fc02350..3609ca4 100644 --- a/apt/apt.conf.d/01autoremove +++ b/apt/apt.conf.d/01autoremove @@ -29,10 +29,18 @@ APT Never-MarkAuto-Sections { "metapackages"; + "contrib/metapackages"; + "non-free/metapackages"; "restricted/metapackages"; "universe/metapackages"; "multiverse/metapackages"; + }; + + Move-Autobit-Sections + { "oldlibs"; + "contrib/oldlibs"; + "non-free/oldlibs"; "restricted/oldlibs"; "universe/oldlibs"; "multiverse/oldlibs"; diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 3555efb..776cfdd 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,26 +1,32 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-3\.16\.0-4-amd64$"; - "^linux-image-4\.1\.6-gridscale$"; - "^linux-headers-3\.16\.0-4-amd64$"; - "^linux-headers-4\.1\.6-gridscale$"; - "^linux-image-extra-3\.16\.0-4-amd64$"; - "^linux-image-extra-4\.1\.6-gridscale$"; - "^linux-signed-image-3\.16\.0-4-amd64$"; - "^linux-signed-image-4\.1\.6-gridscale$"; - "^kfreebsd-image-3\.16\.0-4-amd64$"; - "^kfreebsd-image-4\.1\.6-gridscale$"; - "^kfreebsd-headers-3\.16\.0-4-amd64$"; - "^kfreebsd-headers-4\.1\.6-gridscale$"; - "^gnumach-image-3\.16\.0-4-amd64$"; - "^gnumach-image-4\.1\.6-gridscale$"; - "^.*-modules-3\.16\.0-4-amd64$"; - "^.*-modules-4\.1\.6-gridscale$"; - "^.*-kernel-3\.16\.0-4-amd64$"; - "^.*-kernel-4\.1\.6-gridscale$"; - "^linux-backports-modules-.*-3\.16\.0-4-amd64$"; - "^linux-backports-modules-.*-4\.1\.6-gridscale$"; - "^linux-tools-3\.16\.0-4-amd64$"; - "^linux-tools-4\.1\.6-gridscale$"; + "^linux-image-4\.9\.0-3-amd64$"; + "^linux-headers-4\.9\.0-3-amd64$"; + "^linux-image-extra-4\.9\.0-3-amd64$"; + "^linux-signed-image-4\.9\.0-3-amd64$"; + "^kfreebsd-image-4\.9\.0-3-amd64$"; + "^kfreebsd-headers-4\.9\.0-3-amd64$"; + "^gnumach-image-4\.9\.0-3-amd64$"; + "^.*-modules-4\.9\.0-3-amd64$"; + "^.*-kernel-4\.9\.0-3-amd64$"; + "^linux-backports-modules-.*-4\.9\.0-3-amd64$"; + "^linux-tools-4\.9\.0-3-amd64$"; }; +/* Debug information: +# dpkg list: +iF linux-image-4.9.0-3-amd64 4.9.30-2+deb9u3 amd64 Linux 4.9 for 64-bit PCs +ii linux-image-amd64 4.9+80+deb9u1 amd64 Linux for 64-bit PCs (meta-package) +# list of installed kernel packages: +4.9.0-3-amd64 4.9.30-2+deb9u3 +# list of different kernel versions: +4.9.30-2+deb9u3 +# Installing kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64) +# Running kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64) +# Last kernel: 4.9.30-2+deb9u3 +# Previous kernel: +# Kernel versions list to keep: +4.9.30-2+deb9u3 +# Kernel packages (version part) to protect: +4\.9\.0-3-amd64 +*/ diff --git a/apt/apt.conf.d/20listchanges b/apt/apt.conf.d/20listchanges new file mode 100644 index 0000000..1768735 --- /dev/null +++ b/apt/apt.conf.d/20listchanges @@ -0,0 +1,3 @@ +DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -lt 10"; }; +DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; +DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20"; diff --git a/apt/listchanges.conf b/apt/listchanges.conf new file mode 100644 index 0000000..28cb19a --- /dev/null +++ b/apt/listchanges.conf @@ -0,0 +1,7 @@ +[apt] +frontend=pager +confirm=false +email_address=root +save_seen=/var/lib/apt/listchanges.db +which=news + diff --git a/apt/sources.list b/apt/sources.list index b4aab5b..9633872 100644 --- a/apt/sources.list +++ b/apt/sources.list @@ -1,19 +1,23 @@ -# deb http://ftp.plusline.de/debian jessie main +# -# main jessie repositories -deb http://ftp.plusline.de/debian jessie main contrib non-free -deb-src http://ftp.plusline.de/debian jessie main contrib non-free +# deb cdrom:[Debian GNU/Linux stretch-DI-alpha7 _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20160630-14:29]/ stretch main -# jessie security updates -deb http://security.debian.org/ jessie/updates main contrib non-free -deb-src http://security.debian.org/ jessie/updates main contrib non-free +# deb http://ftp.plusline.de/debian stretch main -# jessie-updates, previously known as 'volatile' -deb http://ftp.plusline.de/debian jessie-updates main contrib non-free -deb-src http://ftp.plusline.de/debian jessie-updates main contrib non-free +# main stretch repositories +deb http://ftp.plusline.de/debian stretch main contrib non-free +deb-src http://ftp.plusline.de/debian stretch main contrib non-free -# jessie-backports, previously on backports.debian.org -deb http://ftp.plusline.de/debian/ jessie-backports main contrib non-free -deb-src http://ftp.plusline.de/debian/ jessie-backports main contrib non-free +# stretch security updates +deb http://security.debian.org/ stretch/updates main contrib non-free +deb-src http://security.debian.org/ stretch/updates main contrib non-free + +# stretch-updates, previously known as 'volatile' +deb http://ftp.plusline.de/debian stretch-updates main contrib non-free +deb-src http://ftp.plusline.de/debian stretch-updates main contrib non-free + +# stretch-backports, previously on backports.debian.org +deb http://ftp.plusline.de/debian/ stretch-backports main contrib non-free +deb-src http://ftp.plusline.de/debian/ stretch-backports main contrib non-free # vim: noet ts=8 diff --git a/apt/sources.list.bak b/apt/sources.list.bak new file mode 100644 index 0000000..b4aab5b --- /dev/null +++ b/apt/sources.list.bak @@ -0,0 +1,19 @@ +# deb http://ftp.plusline.de/debian jessie main + +# main jessie repositories +deb http://ftp.plusline.de/debian jessie main contrib non-free +deb-src http://ftp.plusline.de/debian jessie main contrib non-free + +# jessie security updates +deb http://security.debian.org/ jessie/updates main contrib non-free +deb-src http://security.debian.org/ jessie/updates main contrib non-free + +# jessie-updates, previously known as 'volatile' +deb http://ftp.plusline.de/debian jessie-updates main contrib non-free +deb-src http://ftp.plusline.de/debian jessie-updates main contrib non-free + +# jessie-backports, previously on backports.debian.org +deb http://ftp.plusline.de/debian/ jessie-backports main contrib non-free +deb-src http://ftp.plusline.de/debian/ jessie-backports main contrib non-free + +# vim: noet ts=8 diff --git a/apt/sources.list.bak.1 b/apt/sources.list.bak.1 new file mode 100644 index 0000000..73cea58 --- /dev/null +++ b/apt/sources.list.bak.1 @@ -0,0 +1,25 @@ +# deb http://ftp.plusline.de/debian jessie main + +# main jessie repositories +deb http://ftp.plusline.de/debian jessie main contrib non-free +deb-src http://ftp.plusline.de/debian jessie main contrib non-free + +# jessie security updates +deb http://security.debian.org/ jessie/updates main contrib non-free +deb-src http://security.debian.org/ jessie/updates main contrib non-free + +# jessie-updates, previously known as 'volatile' +#deb http://ftp.plusline.de/debian jessie-updates main contrib non-free +#deb-src http://ftp.plusline.de/debian jessie-updates main contrib non-free +deb http://ftp-stud.hs-esslingen.de/debian jessie-updates main contrib non-free +deb-src http://ftp-stud.hs-esslingen.de/debian jessie-updates main contrib non-free + + +# jessie-backports, previously on backports.debian.org +#deb http://ftp.plusline.de/debian/ jessie-backports main contrib non-free +#deb-src http://ftp.plusline.de/debian/ jessie-backports main contrib non-free +deb http://ftp-stud.hs-esslingen.de/debian/ jessie-backports main contrib non-free +deb-src http://ftp-stud.hs-esslingen.de/debian/ jessie-backports main contrib non-free + + +# vim: noet ts=8 diff --git a/apt/sources.list.d/fbrehm.list b/apt/sources.list.d/fbrehm.list index d773712..7e43b75 100644 --- a/apt/sources.list.d/fbrehm.list +++ b/apt/sources.list.d/fbrehm.list @@ -1,6 +1,6 @@ # Packages Frank Brehm # --------------------- -#deb http://www.brehm-online.com/debian/jessie ./ -deb http://repo.uhu-banane.de/Debian/jessie ./ +#deb http://www.brehm-online.com/debian/stretch ./ +deb http://repo.uhu-banane.de/Debian/stretch ./ deb-src http://repo.uhu-banane.de/Sources ./ diff --git a/apt/sources.list.d/fbrehm.list.bak b/apt/sources.list.d/fbrehm.list.bak new file mode 100644 index 0000000..d773712 --- /dev/null +++ b/apt/sources.list.d/fbrehm.list.bak @@ -0,0 +1,6 @@ +# Packages Frank Brehm +# --------------------- + +#deb http://www.brehm-online.com/debian/jessie ./ +deb http://repo.uhu-banane.de/Debian/jessie ./ +deb-src http://repo.uhu-banane.de/Sources ./ diff --git a/apt/sources.list.d/salt.list b/apt/sources.list.d/salt.list index 846108d..9383dc2 100644 --- a/apt/sources.list.d/salt.list +++ b/apt/sources.list.d/salt.list @@ -1 +1 @@ -deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main +deb http://repo.saltstack.com/apt/debian/9/amd64/latest stretch main diff --git a/apt/sources.list.d/salt.list.bak b/apt/sources.list.d/salt.list.bak new file mode 100644 index 0000000..846108d --- /dev/null +++ b/apt/sources.list.d/salt.list.bak @@ -0,0 +1 @@ +deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main diff --git a/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg b/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg deleted file mode 100644 index 02fbddc..0000000 Binary files a/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg and /dev/null differ diff --git a/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg b/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg deleted file mode 100644 index ca93dba..0000000 Binary files a/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg and /dev/null differ diff --git a/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg b/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg new file mode 100644 index 0000000..7dc19c5 Binary files /dev/null and b/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg differ diff --git a/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg b/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg new file mode 100644 index 0000000..79542e0 Binary files /dev/null and b/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg differ diff --git a/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg b/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg new file mode 100644 index 0000000..2c3f78f Binary files /dev/null and b/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg differ diff --git a/at.deny b/at.deny new file mode 100644 index 0000000..0d5a382 --- /dev/null +++ b/at.deny @@ -0,0 +1,24 @@ +alias +backup +bin +daemon +ftp +games +gnats +guest +irc +lp +mail +man +nobody +operator +proxy +qmaild +qmaill +qmailp +qmailq +qmailr +qmails +sync +sys +www-data diff --git a/bash_completion.d/apache2 b/bash_completion.d/apache2 deleted file mode 100644 index e57c100..0000000 --- a/bash_completion.d/apache2 +++ /dev/null @@ -1,89 +0,0 @@ -# bash completion for Debian apache2 configuration tools - -_apache2_allcomp() -{ - command ls /etc/apache2/$1 2>/dev/null -} - -_apache2_mods() -{ - COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \ - | sed -e 's/[.]load$//' -e 's/[.]conf$//' )' -- $cur ) ) -} - -_apache2_sites() -{ - COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 )' -- $cur ) ) -} - -_apache2_conf() -{ - COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \ - | sed -e 's/[.]conf$//' )' -- $cur ) ) -} - -_a2enmod() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_mods mods-available -} -complete -F _a2enmod a2enmod - -_a2ensite() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_sites sites-available -} -complete -F _a2ensite a2ensite - -_a2enconf() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_conf conf-available -} -complete -F _a2enconf a2enconf - -_a2dismod() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_mods mods-enabled -} -complete -F _a2dismod a2dismod - -_a2dissite() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_sites sites-enabled -} -complete -F _a2dissite a2dissite - -_a2disconf() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - _apache2_conf conf-enabled -} -complete -F _a2disconf a2disconf diff --git a/bash_completion.d/debconf b/bash_completion.d/debconf deleted file mode 100644 index 1880689..0000000 --- a/bash_completion.d/debconf +++ /dev/null @@ -1,12 +0,0 @@ -have debconf-show && -_debconf_show() -{ - local cur - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - COMPREPLY=($( compgen -W '--listowners --listdbs --db=' -- $cur ) \ - $( apt-cache pkgnames -- $cur ) ) -} -complete -F _debconf_show debconf-show - diff --git a/bash_completion.d/fail2ban b/bash_completion.d/fail2ban index 7a42bd1..36e0cbb 100644 --- a/bash_completion.d/fail2ban +++ b/bash_completion.d/fail2ban @@ -19,10 +19,19 @@ __fail2ban_jails () { "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g' } +__fail2ban_jail_actions () { + "$1" get "$2" actions 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp' +} +__fail2ban_jail_action_properties () { + "$1" get "$2" actionproperties "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp' +} +__fail2ban_jail_action_methods () { + "$1" get "$2" actionmethods "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp' +} _fail2ban () { local cur prev words cword - _init_completion || return + _init_completion || return case $prev in -V|--version|-h|--help) @@ -50,7 +59,7 @@ _fail2ban () { _filedir return 0 elif [[ "$1" == *"fail2ban-client" ]];then - local cmd jail + local cmd jail action case $prev in "$1") COMPREPLY=( $( compgen -W \ @@ -71,7 +80,7 @@ _fail2ban () { ;; *) if [[ "${words[$cword-2]}" == "add" ]];then - COMPREPLY=( $( compgen -W "auto polling gamin pyinotify" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "auto polling gamin pyinotify systemd" -- "$cur" ) ) return 0 elif [[ "${words[$cword-2]}" == "set" || "${words[$cword-2]}" == "get" ]];then cmd="${words[cword-2]}" @@ -80,6 +89,11 @@ _fail2ban () { cmd="${words[$cword-3]}" jail="${words[$cword-2]}" # Handle in section below + elif [[ "${words[$cword-4]}" == "set" || "${words[$cword-4]}" == "get" && ${words[$cword-2]} == action* ]];then + cmd="${words[$cword-4]}" + jail="${words[$cword-3]}" + action="${words[$cword-1]}" + # Handle in section below fi ;; esac @@ -88,7 +102,7 @@ _fail2ban () { case $prev in loglevel) if [[ "$cmd" == "set" ]];then - COMPREPLY=( $( compgen -W "0 1 2 3 4" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "CRITICAL ERROR WARNING NOTICE INFO DEBUG" -- "$cur" ) ) fi return 0 ;; @@ -106,6 +120,25 @@ _fail2ban () { return 0 ;; esac + elif [[ -n "$jail" && -n "$action" ]];then + case ${words[$cwords-3]} in + action) + COMPREPLY=( $( compgen -W \ + "$( __fail2ban_jail_action_properties "$1" "$jail" "$action")" \ + -- "$cur" ) ) + if [[ "$cmd" == "set" ]];then + COMPREPLY+=( $(compgen -W "$(__fail2ban_jail_action_methods "$1" "$jail" "$action")" -- "$cur" ) ) + fi + return 0 + ;; + esac + elif [[ -n "$jail" && $prev == action* ]];then + case $prev in + action|actionproperties|actionmethods) + COMPREPLY=( $(compgen -W "$(__fail2ban_jail_actions "$1" "$jail")" -- "$cur" ) ) + return 0 + ;; + esac elif [[ -n "$jail" && "$cmd" == "set" ]];then case $prev in addlogpath) @@ -121,7 +154,7 @@ _fail2ban () { fi return 0 ;; - delfailregex|delignoregex) + delfailregex|delignoreregex) COMPREPLY=( $( compgen -W \ "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \ -- "$cur" ) ) diff --git a/bash_completion.d/initramfs-tools b/bash_completion.d/initramfs-tools deleted file mode 100644 index a52074f..0000000 --- a/bash_completion.d/initramfs-tools +++ /dev/null @@ -1,26 +0,0 @@ -# update-initramfs(8) completion - -_update_initramfs() -{ - local cur prev valid_options - - # TODO: this can be "_get_comp_words_by_ref cur prev" once - # bash-completion >= 1.2 is available, see #537139 - cur=$(_get_cword) - prev=${COMP_WORDS[COMP_CWORD-1]} - - # The only option that takes an argument is -k - if [[ "$prev" == '-k' ]]; then - # Complete with kernel versions - _kernel_versions - COMPREPLY=( $( compgen -W '${COMPREPLY[@]} all' -- "$cur" ) ) - return; - fi - - # Complete with available options (obtained from -h) - valid_options=$( update-initramfs -h 2>&1 | \ - sed -e '/^ -/!d;s/^ \(-\w\+\).*/\1/' ) - COMPREPLY=( $( compgen -W "$valid_options" -- $cur ) ) -} - -complete -F _update_initramfs update-initramfs diff --git a/bash_completion.d/isoquery b/bash_completion.d/isoquery deleted file mode 100644 index c27ed05..0000000 --- a/bash_completion.d/isoquery +++ /dev/null @@ -1,45 +0,0 @@ -# /etc/bash_completion.d/isoquery -# Programmable Bash command completion for the ‘isoquery’ command. - -shopt -s progcomp - -_isoquery_completion () { - local cur prev opts - - COMPREPLY=() - cur="${COMP_WORDS[COMP_CWORD]}" - prev="${COMP_WORDS[COMP_CWORD-1]}" - - opts="-h --help -v --version" - opts="${opts} -i --iso -x --xmlfile -l --locale -0 --null" - opts="${opts} -n --name -o --official_name -c --common_name" - - case "${prev}" in - -i|--iso) - local standards=(639 639-3 639-5 3166 3166-2 4217 15924) - COMPREPLY=( $(compgen -W "${standards[*]}" -- ${cur}) ) - ;; - - -x|--xmlfile) - COMPREPLY=( $(compgen -A file -- ${cur}) ) - ;; - - -l|--locale) - local locale_names=$(locale --all-locales) - COMPREPLY=( $(compgen -W "${locale_names}" -- ${cur}) ) - ;; - - *) - COMPREPLY=($(compgen -W "${opts}" -- ${cur})) - ;; - esac -} - -complete -F _isoquery_completion isoquery - - -# Local variables: -# coding: utf-8 -# mode: shell-script -# End: -# vim: fileencoding=utf-8 filetype=bash : diff --git a/bash_completion.d/subversion b/bash_completion.d/subversion deleted file mode 100644 index eabc15c..0000000 --- a/bash_completion.d/subversion +++ /dev/null @@ -1,1514 +0,0 @@ -# ------------------------------------------------------------ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# ------------------------------------------------------------ - -# Programmable completion for the Subversion svn command under bash. Source -# this file (or on some systems add it to ~/.bash_completion and start a new -# shell) and bash's completion mechanism will know all about svn's options! -# Provides completion for the svnadmin, svndumpfilter, svnlook and svnsync -# commands as well. Who wants to read man pages/help text... - -# Known to work with bash 3.* with programmable completion and extended -# pattern matching enabled (use 'shopt -s extglob progcomp' to enable -# these if they are not already enabled). - -shopt -s extglob - -# Tree helper functions which only use bash, to ease readability. - -# look for value associated to key from stdin in K/V hash file format -# val=$(_svn_read_hashfile svn:realmstring < some/file) -function _svn_read_hashfile() -{ - local tkey=$1 key= val= - while true; do - read tag len - [ $tag = 'END' ] && break - [ $tag != 'K' ] && { - #echo "unexpected tag '$tag' instead of 'K'" >&2 - return - } - read -r -n $len key ; read - read tag len - [ $tag != 'V' ] && { - #echo "unexpected tag '$tag' instead of 'V'" >&2 - return - } - read -r -n $len val ; read - if [[ $key = $tkey ]] ; then - echo "$val" - return - fi - done - #echo "target key '$tkey' not found" >&2 -} - -# _svn_grcut shell-regular-expression -# extract filenames from 'svn status' output -function _svn_grcut() -{ - local re=$1 line= old_IFS - # fix IFS, so that leading spaces are not ignored by next read. - # (there is a leading space in svn status output if only a prop is changed) - old_IFS="$IFS" - IFS=$'\n' - while read -r line ; do - [[ ! $re || $line == $re ]] && echo "${line/????????/}" - done - IFS="$old_IFS" -} - -# extract stuff from svn info output -# _svn_info (URL|Repository Root) -function _svn_info() -{ - local what=$1 line= - LANG=C LC_MESSAGES=C svn info --non-interactive 2> /dev/null | \ - while read line ; do - [[ $line == *"$what: "* ]] && echo ${line#*: } - done -} - -# _svn_lls (dir|file|all) files... -# list svn-managed files from list -# some 'svn status --all-files' would be welcome here? -function _svn_lls() -{ - local opt=$1 f= - shift - for f in "$@" ; do - # could try to check in .svn/entries? hmmm... - if [[ $opt == @(dir|all) && -d "$f" ]] ; then - echo "$f/" - elif [[ $opt == @(file|all) ]] ; then - # split f in directory/file names - local dn= fn="$f" - [[ "$f" == */* ]] && dn=${f%\/*}/ fn=${f##*\/} - # ??? this does not work for just added files, because they - # do not have a content reference yet... - [ -f "${dn}.svn/text-base/${fn}.svn-base" ] && echo "$f" - fi - done -} - -# This completion guides the command/option order along the one suggested -# by "svn help", although other syntaxes are allowed. -# -# - there is a "real" parser to check for what is available and deduce what -# can be suggested further. -# - the syntax should be coherent with subversion/svn/{cl.h,main.c} -# - although it is not a good practice, mixed options and arguments -# is supported by the completion as it is by the svn command. -# - the completion works in the middle of a line, -# but not really in the middle of an argument or option. -# - property names are completed: see comments about issues related to handling -# ":" within property names although it is a word completion separator. -# - unknown properties are assumed to be simple file properties. -# - --revprop and --revision options are forced to revision properties -# as they are mandatory in this case. -# - argument values are suggested to some other options, eg directory names -# for --config-dir. -# - values for some options can be extended with environment variables: -# SVN_BASH_FILE_PROPS: other properties on files/directories -# SVN_BASH_REV_PROPS: other properties on revisions -# SVN_BASH_ENCODINGS: encodings to be suggested -# SVN_BASH_MIME_TYPE: mime types to be suggested -# SVN_BASH_KEYWORDS: "svn:keywords" substitutions to be suggested -# SVN_BASH_USERNAME: usernames suggested for --username -# SVN_BASH_COMPL_EXT: completion extensions for file arguments, based on the -# current subcommand, so that for instance only modified files are -# suggested for 'revert', only not svn-managed files for 'add', and so on. -# Possible values are: -# - username: guess usernames from ~/.subversion/auth/... -# - urls: guess urls from ~/.subversion/auth/... or others -# - svnstatus: use 'svn status' for completion -# - recurse: allow recursion (expensive) -# - externals: recurse into externals (very expensive) -# Former options are reasonable, but beware that both later options -# may be unadvisable if used on large working copies. -# None of these costly completions are activated by default. -# Argument completion outside a working copy results in an error message. -# Filenames with spaces are not completed properly. -# -# TODO -# - other options? -# - obsolete options could be removed from auto-comp? (e.g. -N) -# - obsolete commands could be removed? (e.g. resolved) -# - completion does not work properly when editing in the middle of the line -# status/previous are those at the end of the line, not at the entry position -# - url completion should select more cases where it is relevant -# - url completion of http:// schemas could suggest sub directories? -# - add completion for experimental 'obliterate' feature? -_svn() -{ - local cur cmds cmdOpts pOpts mOpts rOpts qOpts nOpts optsParam opt - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - # Possible expansions, without pure-prefix abbreviations such as "up". - cmds='add blame annotate praise cat changelist cl checkout co cleanup' - cmds="$cmds commit ci copy cp delete remove rm diff export help import" - cmds="$cmds info list ls lock log merge mergeinfo mkdir move mv rename" - cmds="$cmds patch propdel pdel propedit pedit propget pget proplist" - cmds="$cmds plist propset pset relocate resolve resolved revert status" - cmds="$cmds switch unlock update upgrade" - - # help options have a strange command status... - local helpOpts='--help -h' - # all special options that have a command status - local specOpts="--version $helpOpts" - - # options that require a parameter - # note: continued lines must end '|' continuing lines must start '|' - optsParam="-r|--revision|--username|--password|--targets" - optsParam="$optsParam|-x|--extensions|-m|--message|-F|--file" - optsParam="$optsParam|--encoding|--diff-cmd|--diff3-cmd|--editor-cmd" - optsParam="$optsParam|--old|--new|--config-dir|--config-option" - optsParam="$optsParam|--native-eol|-l|--limit|-c|--change" - optsParam="$optsParam|--depth|--set-depth|--with-revprop" - optsParam="$optsParam|--cl|--changelist|--accept|--show-revs" - - # svn:* and other (env SVN_BASH_*_PROPS) properties - local svnProps revProps allProps psCmds propCmds - - # svn and user configured "file" (or directory) properties - # the "svn:mergeinfo" prop is not included by default because it is - # managed automatically, so there should be no need to edit it by hand. - svnProps="svn:keywords svn:executable svn:needs-lock svn:externals - svn:ignore svn:eol-style svn:mime-type $SVN_BASH_FILE_PROPS" - - # svn and user configured revision properties - revProps="svn:author svn:log svn:date $SVN_BASH_REV_PROPS" - - # all properties as an array variable - allProps=( $svnProps $revProps ) - - # subcommands that expect property names - psCmds='propset|pset|ps' - propCmds="$psCmds|propget|pget|pg|propedit|pedit|pe|propdel|pdel|pd" - - # possible URL schemas to access a subversion server - local urlSchemas='file:/// http:// https:// svn:// svn+ssh://' - - # Parse arguments and set various variables about what was found. - # - # cmd: the current command if available - # isPropCmd: whether it expects a property name argument - # isPsCmd: whether it also expects a property value argument - # isHelpCmd: whether it is about help - # nExpectArgs: how many arguments are expected by the command - # help: help requested about this command (if cmd=='help') - # prop: property name (if appropriate) - # isRevProp: is it a special revision property - # val: property value (if appropriate, under pset) - # options: all options encountered - # hasRevPropOpt: is --revprop set - # hasRevisionOpt: is --revision set - # hasRelocateOpt: is --relocate set - # hasReintegrateOpt: is --reintegrate set - # acceptOpt: the value of --accept - # nargs: how many arguments were found - # stat: status of parsing at the 'current' word - # - # prev: previous command in the loop - # last: status of last parameter analyzed - # i: index - local cmd= isPropCmd= isPsCmd= isHelpCmd= nExpectArgs= isCur= i=0 - local prev= help= prop= val= isRevProp= last='none' nargs=0 stat= - local options= hasRevPropOpt= hasRevisionOpt= hasRelocateOpt= - local acceptOpt= URL= hasReintegrateOpt= - - for opt in "${COMP_WORDS[@]}" - do - # get status of current word (from previous iteration) - [[ $isCur ]] && stat=$last - - # are we processing the current word - isCur= - [[ $i -eq $COMP_CWORD ]] && isCur=1 - let i++ - - # FIRST must be the "svn" command - [ $last = 'none' ] && { last='first'; continue ; } - - # SKIP option arguments - if [[ $prev == @($optsParam) ]] ; then - - # record accept value - [[ $prev = '--accept' ]] && acceptOpt=$opt - - prev='' - last='skip' - continue ; - fi - - # Argh... This looks like a bash bug... - # Redirections are passed to the completion function - # although it is managed by the shell directly... - # It matters because we want to tell the user when no more - # completion is available, so it does not necessary - # fallback to the default case. - if [[ $prev == @(<|>|>>|[12]>|[12]>>) ]] ; then - prev='' - last='skip' - continue ; - fi - prev=$opt - - # get the subCoMmanD - if [[ ! $cmd && $opt \ - && ( $opt != -* || $opt == @(${specOpts// /|}) ) ]] - then - cmd=$opt - [[ $cmd == @($propCmds) ]] && isPropCmd=1 - [[ $cmd == @($psCmds) ]] && isPsCmd=1 - [[ $cmd == @(${helpOpts// /|}) ]] && cmd='help' - [[ $cmd = 'help' ]] && isHelpCmd=1 - # HELP about a command asked with an option - if [[ $isHelpCmd && $cmd && $cmd != 'help' && ! $help ]] - then - help=$cmd - cmd='help' - fi - last='cmd' - continue - fi - - # HELP about a command - if [[ $isHelpCmd && ! $help && $opt && $opt != -* ]] - then - help=$opt - last='help' - continue - fi - - # PROPerty name - if [[ $isPropCmd && ! $prop && $opt && $opt != -* ]] - then - prop=$opt - [[ $prop == @(${revProps// /|}) ]] && isRevProp=1 - last='prop' - continue - fi - - # property VALue - if [[ $isPsCmd && $prop && ! $val && $opt != -* ]] ; - then - val=$opt - last='val' - continue - fi - - if [[ $last != 'onlyarg' ]] - then - # more OPTions - case $opt in - -r|--revision|--revision=*) - hasRevisionOpt=1 - ;; - --revprop) - hasRevPropOpt=1 - # restrict to revision properties! - allProps=( $revProps ) - # on revprops, only one URL is expected - nExpectArgs=1 - ;; - -h|--help) - isHelpCmd=1 - ;; - -F|--file) - val='-F' - ;; - --relocate) - hasRelocateOpt=1 - ;; - --reintegrate) - hasReintegrateOpt=1 - ;; - esac - - # no more options, only arguments, whatever they look like. - if [[ $opt = '--' && ! $isCur ]] ; then - last='onlyarg' - continue - fi - - # options are recorded... - if [[ $opt == -* ]] ; then - # but not the current one! - [[ ! $isCur ]] && options="$options $opt " - last='opt' - continue - fi - else - # onlyarg - let nargs++ - continue - fi - - # then we have an argument - if [[ $cmd = 'merge' && ! $URL ]] ; then - # fist argument is the source URL for the merge - URL=$opt - fi - - last='arg' - let nargs++ - done - # end opt option processing... - [[ $stat ]] || stat=$last - - # suggest all subcommands, including special help - if [[ ! $cmd || $stat = 'cmd' ]] - then - COMPREPLY=( $( compgen -W "$cmds $specOpts" -- $cur ) ) - return 0 - fi - - # suggest all subcommands - if [[ $stat = 'help' || ( $isHelpCmd && ! $help ) ]] - then - COMPREPLY=( $( compgen -W "$cmds" -- $cur ) ) - return 0 - fi - - # URL completion - if [[ $cmd == @(co|checkout|ls|list) && $stat = 'arg' && \ - $SVN_BASH_COMPL_EXT == *urls* ]] - then - # see about COMP_WORDBREAKS workaround in prop completion - if [[ $cur == file:* ]] - then - # file completion for file:// urls - local where=${cur/file:/} - COMPREPLY=( $(compgen -d -S '/' -X '*/.*' -- $where ) ) - return - elif [[ $cur == *:* ]] - then - # get known urls - local urls= file= - for file in ~/.subversion/auth/svn.simple/* ; do - if [ -r $file ] ; then - local url=$(_svn_read_hashfile svn:realmstring < $file) - url=${url/**/} - urls="$urls $url" - fi - done - - # only suggest/show possible suffixes - local prefix=${cur%:*} suffix=${cur#*:} c= choices= - for c in $urls ; do - [[ $c == $prefix:* ]] && choices="$choices ${c#*:}" - done - - COMPREPLY=( $(compgen -W "$choices" -- $suffix ) ) - return - else - # show schemas - COMPREPLY=( $(compgen -W "$urlSchemas" -- $cur) ) - return - fi - fi - - if [[ $cmd = 'merge' || $cmd = 'mergeinfo' ]] - then - local here=$(_svn_info URL) - # suggest a possible URL for merging - if [[ ! $URL && $stat = 'arg' ]] ; then - # we assume a 'standard' repos with branches and trunk - if [[ "$here" == */branches/* ]] ; then - # we guess that it is a merge from the trunk - COMPREPLY=( $(compgen -W ${here/\/branches\/*/\/trunk} -- $cur ) ) - return 0 - elif [[ "$here" == */trunk* ]] ; then - # we guess that it is a merge from a branch - COMPREPLY=( $(compgen -W ${here/\/trunk*/\/branches\/} -- $cur ) ) - return 0 - else - # no se, let us suggest the repository root... - COMPREPLY=( $(compgen -W $(_svn_info Root) -- $cur ) ) - return 0 - fi - elif [[ $URL == */branches/* && $here == */trunk* && \ - ! $hasReintegrateOpt && $cur = '' && $stat = 'arg' ]] ; then - # force --reintegrate only if the current word is empty - COMPREPLY=( $(compgen -W '--reintegrate' -- $cur ) ) - return 0 - fi - fi - - # help about option arguments - if [[ $stat = 'skip' ]] - then - local previous=${COMP_WORDS[COMP_CWORD-1]} - local values= dirs= beep= exes= - - [[ $previous = '--config-dir' ]] && dirs=1 - - # external editor, diff, diff3... - [[ $previous = --*-cmd ]] && exes=1 - - [[ $previous = '--native-eol' ]] && values='LF CR CRLF' - - # just to suggest that a number is expected. hummm. - [[ $previous = '--limit' ]] && values='0 1 2 3 4 5 6 7 8 9' - - # some special partial help about --revision option. - [[ $previous = '--revision' || $previous = '-r' ]] && \ - values='HEAD BASE PREV COMMITTED 0 {' - - [[ $previous = '--encoding' ]] && \ - values="latin1 utf8 $SVN_BASH_ENCODINGS" - - [[ $previous = '--extensions' || $previous = '-x' ]] && \ - values="--unified --ignore-space-change \ - --ignore-all-space --ignore-eol-style --show-c-functions" - - [[ $previous = '--depth' ]] && \ - values='empty files immediates infinity' - - [[ $previous = '--set-depth' ]] && \ - values='empty exclude files immediates infinity' - - [[ $previous = '--accept' ]] && \ - { - # the list is different for 'resolve' - if [[ $cmd = 'resolve' ]] ; then - # from svn help resolve - values='base working mine-full theirs-full' - else # checkout merge switch update - values="postpone base mine-full theirs-full edit launch \ - mine-conflict theirs-conflict" - fi - } - - [[ $previous = '--show-revs' ]] && values='merged eligible' - - if [[ $previous = '--username' ]] ; then - values="$SVN_BASH_USERNAME" - if [[ $SVN_BASH_COMPL_EXT == *username* ]] ; then - local file= - # digest? others? - for file in ~/.subversion/auth/svn.simple/* ; do - if [ -r $file ] ; then - values="$values $(_svn_read_hashfile username < $file)" - fi - done - fi - [[ ! "$values" ]] && beep=1 - fi - - # could look at ~/.subversion/ ? - # hmmm... this option should not exist - [[ $previous = '--password' ]] && beep=1 - - # TODO: provide help about other options such as: - # --old --new --with-revprop - - # if the previous option required a parameter, do something - # or fallback on ordinary filename expansion - [[ $values ]] && COMPREPLY=( $( compgen -W "$values" -- $cur ) ) - [[ $dirs ]] && COMPREPLY=( $( compgen -o dirnames -- $cur ) ) - [[ $exes ]] && COMPREPLY=( $( compgen -c -- $cur ) ) - [[ $beep ]] && - { - # 'no known completion'. hummm. - echo -en "\a" - COMPREPLY=( '' ) - } - return 0 - fi - - # provide allowed property names after property commands - if [[ $isPropCmd && ( ! $prop || $stat = 'prop' ) && $cur != -* ]] - then - # - # Ok, this part is pretty ugly. - # - # The issue is that ":" is a completion word separator, - # which is a good idea for file:// urls but not within - # property names... - # - # The first idea was to remove locally ":" from COMP_WORDBREAKS - # and then put it back in all cases but in property name - # completion. It does not always work. There is a strange bug - # where one may get "svn:svn:xxx" in some unclear cases. - # - # Thus the handling is reprogrammed here... - # The code assumes that property names look like *:*, - # but it also works reasonably well with simple names. - # - # This hack is broken in bash4... not sure what to do about it, - # especially while keeping the bash3 compatibility:-( - local choices= - - if [[ $cur == *:* ]] - then - # only suggest/show possible suffixes - local prefix=${cur%:*} suffix=${cur#*:} c= - for c in ${allProps[@]} ; do - [[ $c == $prefix:* ]] && choices="$choices ${c#*:}" - done - # everything will be appended to the prefix because ':' is - # a separator, so cur is restricted to the suffix part. - cur=$suffix - else - # only one choice is fine - COMPREPLY=( $( compgen -W "${allProps[*]}" -- $cur ) ) - [ ${#COMPREPLY[@]} -eq 1 ] && return 0 - - # no ':' so only suggest prefixes? - local seen= n=0 last= c= - for c in ${allProps[@]%:*} ; do - # do not put the same prefix twice... - if [[ $c == $cur* && ( ! $seen || $c != @($seen) ) ]] - then - let n++ - last=$c - choices="$choices $c:" - if [[ $seen ]] - then - seen="$seen|$c*" - else - seen="$c*" - fi - fi - done - - # supply two choices to force a partial completion and a beep - [[ $n -eq 1 ]] && choices="$last:1 $last:2" - fi - - COMPREPLY=( $( compgen -W "$choices" -- $cur ) ) - return 0 - fi - - # force mandatory --revprop option on revision properties - if [[ $isRevProp && ! $hasRevPropOpt ]] - then - COMPREPLY=( $( compgen -W '--revprop' -- $cur ) ) - return 0 - fi - - # force mandatory --revision option on revision properties - if [[ $isRevProp && $hasRevPropOpt && ! $hasRevisionOpt ]] - then - COMPREPLY=( $( compgen -W '--revision' -- $cur ) ) - return 0 - fi - - # possible completion when setting property values - if [[ $isPsCmd && $prop && ( ! $val || $stat = 'val' ) ]] - then - # ' is a reminder for an arbitrary value - local values="\' --file" - case $prop in - svn:keywords) - # just a subset? - values="Id Rev URL Date Author Header \' $SVN_BASH_KEYWORDS" - ;; - svn:executable|svn:needs-lock) - # hmmm... canonical value * is special to the shell. - values='\\*' - ;; - svn:eol-style) - values='native LF CR CRLF' - ;; - svn:mime-type) - # could read /etc/mime.types if available. overkill. - values="text/ text/plain text/html text/xml text/rtf - image/ image/png image/gif image/jpeg image/tiff - audio/ audio/midi audio/mpeg - video/ video/mpeg video/mp4 - application/ application/octet-stream - $SVN_BASH_MIME_TYPE" - ;; - esac - - COMPREPLY=( $( compgen -W "$values" -- $cur ) ) - # special case for --file... return even if within an option - [[ ${COMPREPLY} ]] && return 0 - fi - - # maximum number of additional arguments expected in various forms - case $cmd in - merge) - nExpectArgs=3 - ;; - mergeinfo) - nExpectArgs=1 - ;; - copy|cp|move|mv|rename|ren|export|import) - nExpectArgs=2 - ;; - switch|sw) - [[ ! $hasRelocateOpt ]] && nExpectArgs=2 - ;; - help|h) - nExpectArgs=0 - ;; - --version) - nExpectArgs=0 - ;; - esac - - # the maximum number of arguments is reached for a command - if [[ $nExpectArgs && $nargs -gt $nExpectArgs ]] - then - # some way to tell 'no completion at all'... is there a better one? - # Do not say 'file completion' here. - echo -en "\a" - COMPREPLY=( '' ) - return 0 - fi - - # if not typing an option, - # then fallback on filename expansion... - if [[ $cur != -* || $stat = 'onlyarg' ]] ; then - - # do we allow possible expensive completion here? - if [[ $SVN_BASH_COMPL_EXT == *svnstatus* ]] ; then - - # build status command and options - # "--quiet" removes 'unknown' files - local status='svn status --non-interactive' - - [[ $SVN_BASH_COMPL_EXT == *recurse* ]] || \ - status="$status --non-recursive" - - # I'm not sure that it can work with externals in call cases - # the output contains translatable sentences (even with quiet) - [[ $SVN_BASH_COMPL_EXT == *externals* ]] || \ - status="$status --ignore-externals" - - local cs= files= - # subtlety: must not set $cur* if $cur is empty in some cases - [[ $cur ]] && cs=$cur* - - # 'files' is set according to the current subcommand - case $cmd in - st*) # status completion must include all files - files=$cur* - ;; - ci|commit|revert|di*) # anything edited - files=$($status $cs| _svn_grcut '@([MADR!]*| M*|_M*)') - ;; - add) # unknown files - files=$($status $cs| _svn_grcut '\?*') - ;; - unlock) # unlock locked files - files=$($status $cs| _svn_grcut '@(??L*|?????[KOTB]*)') - ;; - resolve*) # files in conflict - files=$($status $cs| _svn_grcut '@(?C*|C*)') - ;; - praise|blame|ann*) # any svn file but added - files=$( _svn_lls all $cur* ) - ;; - p*) # prop commands - if [[ $cmd == @($propCmds) && \ - $prop == @(svn:ignore|svn:externals) ]] ; then - # directory specific props - files=$( _svn_lls dir . $cur* ) - else - # ??? added directories appear twice: foo foo/ - files="$( _svn_lls all $cur* ) - $($status $cs | _svn_grcut 'A*' )" - fi - ;; - info) # information on any file - files="$( _svn_lls all $cur* ) - $($status $cs | _svn_grcut 'A*' )" - ;; - remove|rm|del*|move|mv|rename) # changing existing files - files=$( _svn_lls all $cur* ) - ;; - mkdir) # completion in mkdir can only be for subdirs? - files=$( _svn_lls dir $cur* ) - ;; - log|lock|up*|cl*|switch) # misc, all but added files - files=$( _svn_lls all $cur* ) - ;; - merge) # may do a better job? URL/WCPATH - files=$( _svn_lls all $cur* ) - ;; - ls|list) # better job? what about URLs? - files=$( _svn_lls all $cur* ) - ;; - *) # other commands: changelist export import cat mergeinfo - local fallback=1 - ;; - esac - - # when not recursive, some relevant files may exist - # within subdirectories, so they are added here. - # should it be restricted to svn-managed subdirs? no?? - if [[ $SVN_BASH_COMPL_EXT != *recurse* ]] ; then - files="$files $( _svn_lls dir $cur* )" - fi - - # set completion depending on computed 'files' - if [[ $files ]] ; then - COMPREPLY=( $( compgen -W "$files" -- $cur ) ) - # if empty, set to nope? - [[ "${COMPREPLY[*]}" ]] || COMPREPLY=( '' ) - elif [[ ! $fallback ]] ; then - # this suggests no completion... - echo -en "\a" - COMPREPLY=( '' ) - fi - fi - # else fallback to ordinary filename completion... - return 0 - fi - - # otherwise build possible options for the command - pOpts="--username --password --no-auth-cache --non-interactive \ - --trust-server-cert --force-interactive" - mOpts="-m --message -F --file --encoding --force-log --with-revprop" - rOpts="-r --revision" - qOpts="-q --quiet" - nOpts="-N --non-recursive --depth" - gOpts="-g --use-merge-history" - cOpts="--cl --changelist" - - cmdOpts= - case $cmd in - --version) - cmdOpts="$qOpts" - ;; - add) - cmdOpts="--auto-props --no-auto-props --force --targets \ - --no-ignore --parents $nOpts $qOpts $pOpts" - ;; - blame|annotate|ann|praise) - cmdOpts="$rOpts $pOpts -v --verbose --incremental --xml \ - -x --extensions --force $gOpts" - ;; - cat) - cmdOpts="$rOpts $pOpts" - ;; - changelist|cl) - cmdOpts="--targets $pOpts $qOpts $cOpts \ - -R --recursive --depth --remove" - ;; - checkout|co) - cmdOpts="$rOpts $qOpts $nOpts $pOpts --ignore-externals \ - --force" - ;; - cleanup) - cmdOpts="--diff3-cmd $pOpts" - ;; - commit|ci) - cmdOpts="$mOpts $qOpts $nOpts --targets --editor-cmd $pOpts \ - --no-unlock $cOpts --keep-changelists \ - --include-externals" - ;; - copy|cp) - cmdOpts="$mOpts $rOpts $qOpts --editor-cmd $pOpts --parents \ - --ignore-externals" - ;; - delete|del|remove|rm) - cmdOpts="--force $mOpts $qOpts --targets --editor-cmd $pOpts \ - --keep-local" - ;; - diff|di) - cmdOpts="$rOpts -x --extensions --diff-cmd --no-diff-deleted \ - $nOpts $pOpts --force --old --new --notice-ancestry \ - -c --change --summarize $cOpts --xml --git \ - --internal-diff --show-copies-as-adds \ - --ignore-properties --properties-only --no-diff-added \ - --patch-compatible" - ;; - export) - cmdOpts="$rOpts $qOpts $pOpts $nOpts --force --native-eol \ - --ignore-externals --ignore-keywords" - ;; - help|h|\?) - cmdOpts= - ;; - import) - cmdOpts="--auto-props --no-auto-props $mOpts $qOpts $nOpts \ - --no-ignore --editor-cmd $pOpts --force" - ;; - info) - cmdOpts="$pOpts $rOpts --targets -R --recursive --depth \ - --incremental --xml $cOpts" - ;; - list|ls) - cmdOpts="$rOpts -v --verbose -R --recursive $pOpts \ - --incremental --xml --depth --include-externals" - ;; - lock) - cmdOpts="-m --message -F --file --encoding --force-log \ - --targets --force $pOpts" - ;; - log) - cmdOpts="$rOpts -v --verbose --targets $pOpts --stop-on-copy \ - --incremental --xml $qOpts -l --limit -c --change \ - $gOpts --with-all-revprops --with-revprop --depth \ - --diff --diff-cmd -x --extensions --internal-diff \ - --with-no-revprops --search --search-and" - ;; - merge) - cmdOpts="$rOpts $nOpts $qOpts --force --dry-run --diff3-cmd \ - $pOpts --ignore-ancestry -c --change -x --extensions \ - --record-only --accept --reintegrate \ - --allow-mixed-revisions -v --verbose" - ;; - mergeinfo) - cmdOpts="$rOpts $pOpts --depth --show-revs -R --recursive" - ;; - mkdir) - cmdOpts="$mOpts $qOpts --editor-cmd $pOpts --parents" - ;; - move|mv|rename|ren) - cmdOpts="$mOpts $rOpts $qOpts --force --editor-cmd $pOpts \ - --parents --allow-mixed-revisions" - ;; - patch) - cmdOpts="$qOpts $pOpts --dry-run --ignore-whitespace \ - --reverse-diff --strip" - ;; - propdel|pdel|pd) - cmdOpts="$qOpts -R --recursive $rOpts $pOpts $cOpts \ - --depth" - [[ $isRevProp || ! $prop ]] && cmdOpts="$cmdOpts --revprop" - ;; - propedit|pedit|pe) - cmdOpts="--editor-cmd $pOpts $mOpts --force" - [[ $isRevProp || ! $prop ]] && \ - cmdOpts="$cmdOpts --revprop $rOpts" - ;; - propget|pget|pg) - cmdOpts="-v --verbose -R --recursive $rOpts --strict \ - $pOpts $cOpts --depth --xml --show-inherited-props" - [[ $isRevProp || ! $prop ]] && cmdOpts="$cmdOpts --revprop" - ;; - proplist|plist|pl) - cmdOpts="-v --verbose -R --recursive $rOpts --revprop $qOpts \ - $pOpts $cOpts --depth --xml --show-inherited-props" - ;; - propset|pset|ps) - cmdOpts="$qOpts --targets -R --recursive \ - --encoding $pOpts --force $cOpts --depth" - [[ $isRevProp || ! $prop ]] && \ - cmdOpts="$cmdOpts --revprop $rOpts" - [[ $val ]] || cmdOpts="$cmdOpts -F --file" - ;; - relocate) - cmdOpts="--ignore-externals $pOpts" - ;; - resolve) - cmdOpts="--targets -R --recursive $qOpts $pOpts --accept \ - --depth" - ;; - resolved) - cmdOpts="--targets -R --recursive $qOpts $pOpts --depth" - ;; - revert) - cmdOpts="--targets -R --recursive $qOpts $cOpts \ - --depth $pOpts" - ;; - status|stat|st) - cmdOpts="-u --show-updates -v --verbose $nOpts $qOpts $pOpts \ - --no-ignore --ignore-externals --incremental --xml \ - $cOpts" - ;; - switch|sw) - cmdOpts="--relocate $rOpts $nOpts $qOpts $pOpts --diff3-cmd \ - --force --accept --ignore-externals --set-depth \ - --ignore-ancestry" - ;; - unlock) - cmdOpts="--targets --force $pOpts" - ;; - update|up) - cmdOpts="$rOpts $nOpts $qOpts $pOpts --diff3-cmd \ - --ignore-externals --force --accept $cOpts \ - --parents --editor-cmd --set-depth" - ;; - upgrade) - cmdOpts="$qOpts $pOpts" - ;; - *) - ;; - esac - - # add options that are nearly always available - [[ "$cmd" != "--version" ]] && cmdOpts="$cmdOpts $helpOpts" - cmdOpts="$cmdOpts --config-dir --config-option" - - # --accept (edit|launch) incompatible with --non-interactive - if [[ $acceptOpt == @(edit|launch) ]] ; - then - cmdOpts=${cmdOpts/ --non-interactive / } - fi - - # take out options already given - for opt in $options - do - local optBase - - # remove leading dashes and arguments - case $opt in - --*) optBase=${opt/=*/} ;; - -*) optBase=${opt:0:2} ;; - esac - - cmdOpts=" $cmdOpts " - cmdOpts=${cmdOpts/ ${optBase} / } - - # take out alternatives and mutually exclusives - case $optBase in - -v) cmdOpts=${cmdOpts/ --verbose / } ;; - --verbose) cmdOpts=${cmdOpts/ -v / } ;; - -N) cmdOpts=${cmdOpts/ --non-recursive / } ;; - --non-recursive) cmdOpts=${cmdOpts/ -N / } ;; - -R) cmdOpts=${cmdOpts/ --recursive / } ;; - --recursive) cmdOpts=${cmdOpts/ -R / } ;; - -x) cmdOpts=${cmdOpts/ --extensions / } ;; - --extensions) cmdOpts=${cmdOpts/ -x / } ;; - -q) cmdOpts=${cmdOpts/ --quiet / } ;; - --quiet) cmdOpts=${cmdOpts/ -q / } ;; - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - -l) cmdOpts=${cmdOpts/ --limit / } ;; - --limit) cmdOpts=${cmdOpts/ -l / } ;; - -r) cmdOpts=${cmdOpts/ --revision / } ;; - --revision) cmdOpts=${cmdOpts/ -r / } ;; - -c) cmdOpts=${cmdOpts/ --change / } ;; - --change) cmdOpts=${cmdOpts/ -c / } ;; - --auto-props) cmdOpts=${cmdOpts/ --no-auto-props / } ;; - --no-auto-props) cmdOpts=${cmdOpts/ --auto-props / } ;; - -g) cmdOpts=${cmdOpts/ --use-merge-history / } ;; - --use-merge-history) - cmdOpts=${cmdOpts/ -g / } ;; - -m|--message|-F|--file) - cmdOpts=${cmdOpts/ --message / } - cmdOpts=${cmdOpts/ -m / } - cmdOpts=${cmdOpts/ --file / } - cmdOpts=${cmdOpts/ -F / } - ;; - esac - - # remove help options within help subcommand - if [ $isHelpCmd ] ; then - cmdOpts=${cmdOpts/ -h / } - cmdOpts=${cmdOpts/ --help / } - fi - done - - # provide help about available options - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - return 0 -} -complete -F _svn -o default -X '@(*/.svn|*/.svn/|.svn|.svn/)' svn - -_svnadmin () -{ - local cur cmds cmdOpts optsParam opt helpCmds optBase i - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - # Possible expansions, without pure-prefix abbreviations such as "h". - cmds='crashtest create deltify dump freeze help hotcopy list-dblogs \ - list-unused-dblogs load lock lslocks lstxns pack recover rmlocks \ - rmtxns setlog setrevprop setuuid unlock upgrade verify --version' - - if [[ $COMP_CWORD -eq 1 ]] ; then - COMPREPLY=( $( compgen -W "$cmds" -- $cur ) ) - return 0 - fi - - # options that require a parameter - # note: continued lines must end '|' continuing lines must start '|' - optsParam="-r|--revision|--parent-dir|--fs-type|-M|--memory-cache-size" - optsParam="$optsParam|-F|--file" - - # if not typing an option, or if the previous option required a - # parameter, then fallback on ordinary filename expansion - helpCmds='help|--help|h|\?' - if [[ ${COMP_WORDS[1]} != @($helpCmds) ]] && \ - [[ "$cur" != -* ]] || \ - [[ ${COMP_WORDS[COMP_CWORD-1]} == @($optsParam) ]] ; then - return 0 - fi - - cmdOpts= - case ${COMP_WORDS[1]} in - create) - cmdOpts="--bdb-txn-nosync --bdb-log-keep --config-dir \ - --fs-type --pre-1.4-compatible --pre-1.5-compatible \ - --pre-1.6-compatible --compatible-version" - ;; - deltify) - cmdOpts="-r --revision -q --quiet" - ;; - dump) - cmdOpts="-r --revision --incremental -q --quiet --deltas \ - -M --memory-cache-size" - ;; - freeze) - cmdOpts="-F --file" - ;; - help|h|\?) - cmdOpts="$cmds" - ;; - hotcopy) - cmdOpts="--clean-logs" - ;; - load) - cmdOpts="--ignore-uuid --force-uuid --parent-dir -q --quiet \ - --use-pre-commit-hook --use-post-commit-hook \ - --bypass-prop-validation -M --memory-cache-size" - ;; - lock|unlock) - cmdOpts="--bypass-hooks" - ;; - recover) - cmdOpts="--wait" - ;; - rmtxns) - cmdOpts="-q --quiet" - ;; - setlog) - cmdOpts="-r --revision --bypass-hooks" - ;; - setrevprop) - cmdOpts="-r --revision --use-pre-revprop-change-hook \ - --use-post-revprop-change-hook" - ;; - verify) - cmdOpts="-r --revision -q --quiet" - ;; - *) - ;; - esac - - cmdOpts="$cmdOpts --help -h" - - # take out options already given - for (( i=2; i<=$COMP_CWORD-1; ++i )) ; do - opt=${COMP_WORDS[$i]} - - case $opt in - --*) optBase=${opt/=*/} ;; - -*) optBase=${opt:0:2} ;; - esac - - cmdOpts=" $cmdOpts " - cmdOpts=${cmdOpts/ ${optBase} / } - - # take out alternatives - case $optBase in - -q) cmdOpts=${cmdOpts/ --quiet / } ;; - --quiet) cmdOpts=${cmdOpts/ -q / } ;; - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - -r) cmdOpts=${cmdOpts/ --revision / } ;; - --revision) cmdOpts=${cmdOpts/ -r / } ;; - -F) cmdOpts=${cmdOpts/ --file / } ;; - --file) cmdOpts=${cmdOpts/ -F / } ;; - -M) cmdOpts=${cmdOpts/ --memory-cache-size / } ;; - --memory-cache-size) cmdOpts=${cmdOpts/ --M / } ;; - esac - - # skip next option if this one requires a parameter - if [[ $opt == @($optsParam) ]] ; then - ((++i)) - fi - done - - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - - return 0 -} -complete -F _svnadmin -o default svnadmin - -_svndumpfilter () -{ - local cur cmds cmdOpts optsParam opt helpCmds optBase i - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - # Possible expansions, without pure-prefix abbreviations such as "h". - cmds='exclude help include --version' - - if [[ $COMP_CWORD -eq 1 ]] ; then - COMPREPLY=( $( compgen -W "$cmds" -- $cur ) ) - return 0 - fi - - # options that require a parameter - # note: continued lines must end '|' continuing lines must start '|' - optsParam="--targets" - - # if not typing an option, or if the previous option required a - # parameter, then fallback on ordinary filename expansion - helpCmds='help|--help|h|\?' - if [[ ${COMP_WORDS[1]} != @($helpCmds) ]] && \ - [[ "$cur" != -* ]] || \ - [[ ${COMP_WORDS[COMP_CWORD-1]} == @($optsParam) ]] ; then - return 0 - fi - - cmdOpts= - case ${COMP_WORDS[1]} in - exclude|include) - cmdOpts="--drop-empty-revs --renumber-revs - --skip-missing-merge-sources --targets - --preserve-revprops --quiet" - ;; - help|h|\?) - cmdOpts="$cmds" - ;; - *) - ;; - esac - - cmdOpts="$cmdOpts --help -h" - - # take out options already given - for (( i=2; i<=$COMP_CWORD-1; ++i )) ; do - opt=${COMP_WORDS[$i]} - - case $opt in - --*) optBase=${opt/=*/} ;; - -*) optBase=${opt:0:2} ;; - esac - - cmdOpts=" $cmdOpts " - cmdOpts=${cmdOpts/ ${optBase} / } - - # take out alternatives - case $optBase in - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - esac - - # skip next option if this one requires a parameter - if [[ $opt == @($optsParam) ]] ; then - ((++i)) - fi - done - - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - - return 0 -} -complete -F _svndumpfilter -o default svndumpfilter - -_svnlook () -{ - local cur cmds cmdOpts optsParam opt helpCmds optBase i - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - # Possible expansions, without pure-prefix abbreviations such as "h". - cmds='author cat changed date diff dirs-changed help history info \ - lock log propget proplist tree uuid youngest --version' - - if [[ $COMP_CWORD -eq 1 ]] ; then - COMPREPLY=( $( compgen -W "$cmds" -- $cur ) ) - return 0 - fi - - # options that require a parameter - # note: continued lines must end '|' continuing lines must start '|' - optsParam="-r|--revision|-t|--transaction|-l|--limit|-x|--extensions" - - # if not typing an option, or if the previous option required a - # parameter, then fallback on ordinary filename expansion - helpCmds='help|--help|h|\?' - if [[ ${COMP_WORDS[1]} != @($helpCmds) ]] && \ - [[ "$cur" != -* ]] || \ - [[ ${COMP_WORDS[COMP_CWORD-1]} == @($optsParam) ]] ; then - return 0 - fi - - cmdOpts= - case ${COMP_WORDS[1]} in - author) - cmdOpts="-r --revision -t --transaction" - ;; - cat) - cmdOpts="-r --revision -t --transaction" - ;; - changed) - cmdOpts="-r --revision -t --transaction --copy-info" - ;; - date) - cmdOpts="-r --revision -t --transaction" - ;; - diff) - cmdOpts="-r --revision -t --transaction --diff-copy-from \ - --no-diff-added --no-diff-deleted -x --extensions" - ;; - dirs-changed) - cmdOpts="-r --revision -t --transaction" - ;; - help|h|\?) - cmdOpts="$cmds" - ;; - history) - cmdOpts="-r --revision -l --limit --show-ids" - ;; - info) - cmdOpts="-r --revision -t --transaction" - ;; - lock) - cmdOpts= - ;; - log) - cmdOpts="-r --revision -t --transaction" - ;; - propget|pget|pg) - cmdOpts="-r --revision -t --transaction --revprop" - ;; - proplist|plist|pl) - cmdOpts="-r --revision -t --transaction --revprop -v --verbose --xml" - ;; - tree) - cmdOpts="-r --revision -t --transaction --full-paths -N --non-recursive --show-ids" - ;; - uuid) - cmdOpts= - ;; - youngest) - cmdOpts= - ;; - *) - ;; - esac - - cmdOpts="$cmdOpts --help -h" - - # take out options already given - for (( i=2; i<=$COMP_CWORD-1; ++i )) ; do - opt=${COMP_WORDS[$i]} - - case $opt in - --*) optBase=${opt/=*/} ;; - -*) optBase=${opt:0:2} ;; - esac - - cmdOpts=" $cmdOpts " - cmdOpts=${cmdOpts/ ${optBase} / } - - # take out alternatives - case $optBase in - -N) cmdOpts=${cmdOpts/ --non-recursive / } ;; - --non-recursive) cmdOpts=${cmdOpts/ -N / } ;; - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - -l) cmdOpts=${cmdOpts/ --limit / } ;; - --limit) cmdOpts=${cmdOpts/ -l / } ;; - -r) cmdOpts=${cmdOpts/ --revision / } ;; - --revision) cmdOpts=${cmdOpts/ -r / } ;; - -t) cmdOpts=${cmdOpts/ --transaction / } ;; - --transaction) cmdOpts=${cmdOpts/ -t / } ;; - -v) cmdOpts=${cmdOpts/ --verbose / } ;; - --verbose) cmdOpts=${cmdOpts/ -v / } ;; - -x) cmdOpts=${cmdOpts/ --extensions / } ;; - --extensions) cmdOpts=${cmdOpts/ -x / } ;; - esac - - # skip next option if this one requires a parameter - if [[ $opt == @($optsParam) ]] ; then - ((++i)) - fi - done - - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - - return 0 -} -complete -F _svnlook -o default svnlook - -_svnsync () -{ - local cur cmds cmdOpts optsParam opt helpCmds optBase i - - COMPREPLY=() - cur=${COMP_WORDS[COMP_CWORD]} - - # Possible expansions, without pure-prefix abbreviations such as "h". - cmds='copy-revprops help info initialize synchronize --version' - - if [[ $COMP_CWORD -eq 1 ]] ; then - COMPREPLY=( $( compgen -W "$cmds" -- $cur ) ) - return 0 - fi - - # options that require a parameter - # note: continued lines must end '|' continuing lines must start '|' - optsParam="--config-dir|--config-option|--source-username|--source-password" - optsParam="$optsParam|--sync-username|--sync-password" - - # if not typing an option, or if the previous option required a - # parameter, then fallback on ordinary filename expansion - helpCmds='help|--help|h|\?' - if [[ ${COMP_WORDS[1]} != @($helpCmds) ]] && \ - [[ "$cur" != -* ]] || \ - [[ ${COMP_WORDS[COMP_CWORD-1]} == @($optsParam) ]] ; then - return 0 - fi - - cmdOpts= - case ${COMP_WORDS[1]} in - copy-revprops|initialize|init|synchronize|sync) - cmdOpts="--non-interactive --no-auth-cache --trust-server-cert \ - --source-username --source-password --sync-username \ - --sync-password --config-dir --config-option -q --quiet" - ;; - help|h|\?) - cmdOpts="$cmds" - ;; - info) - cmdOpts="--non-interactive --no-auth-cache --trust-server-cert \ - --source-username --source-password --sync-username \ - --sync-password --config-dir --config-option" - ;; - *) - ;; - esac - - cmdOpts="$cmdOpts --help -h" - - # take out options already given - for (( i=2; i<=$COMP_CWORD-1; ++i )) ; do - opt=${COMP_WORDS[$i]} - - case $opt in - --*) optBase=${opt/=*/} ;; - -*) optBase=${opt:0:2} ;; - esac - - cmdOpts=" $cmdOpts " - cmdOpts=${cmdOpts/ ${optBase} / } - - # take out alternatives - case $optBase in - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - -q) cmdOpts=${cmdOpts/ --quiet / } ;; - --quiet) cmdOpts=${cmdOpts/ -q / } ;; - esac - - # skip next option if this one requires a parameter - if [[ $opt == @($optsParam) ]] ; then - ((++i)) - fi - done - - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - - return 0 -} -complete -F _svnsync -o default svnsync - -# reasonable completion for 'svnversion' -_svnversion () -{ - local cmdOpts=" -n --no-newline -c --committed -h --help --version " - local cur=${COMP_WORDS[COMP_CWORD]} - - COMPREPLY=() - - # parse current options - local options= wcpath= trailurl= last='none' stat= opt= i=-1 isCur= - for opt in ${COMP_WORDS[@]} - do - [[ $i -eq $COMP_CWORD ]] && stat=$last - let i++ - - # are we processing the current word? - isCur= - [[ $i -eq $COMP_CWORD ]] && isCur=1 - - # skip first command, should be 'svnversion' - if [ $last = 'none' ] ; then - last='first' - continue - fi - - # get options - if [[ $last != 'arg' && $opt == -* ]] - then - # if '--' is at the current position, it means that we are looking - # for '--*' options, and not the end of option processing. - if [[ $opt = '--' && ! $isCur ]] - then - last='arg' - else - options="$options $opt " - last='opt' - fi - continue - fi - # get arguments - if [[ $opt != -* ]] - then - last='arg' - if [[ ! $wcpath ]] - then - wcpath=$opt - elif [[ ! $trailurl ]] - then - trailurl=$opt - fi - fi - done - [[ $stat ]] || stat=$last - - # argument part - if [[ $cur != -* || $stat = 'arg' ]] - then - [[ $wcpath && $trailurl ]] && COMPREPLY=( '' ) - return 0 - fi - - # suggest options, and take out already given options - for opt in $options - do - # take out options - cmdOpts=${cmdOpts/ $opt / } - - # take out alternatives - case $opt in - -n) cmdOpts=${cmdOpts/ --no-newline / } ;; - --no-newline) cmdOpts=${cmdOpts/ -n / } ;; - -h) cmdOpts=${cmdOpts/ --help / } ;; - --help) cmdOpts=${cmdOpts/ -h / } ;; - -c) cmdOpts=${cmdOpts/ --committed / } ;; - --committed) cmdOpts=${cmdOpts/ -c / } ;; - esac - done - - COMPREPLY=( $( compgen -W "$cmdOpts" -- $cur ) ) - - return 0 -} -# -X option does not seem to work? -complete -F _svnversion -o dirnames -X '*.svn*' svnversion diff --git a/bash_completion.d/whiptail b/bash_completion.d/whiptail deleted file mode 100644 index 6826e56..0000000 --- a/bash_completion.d/whiptail +++ /dev/null @@ -1,6 +0,0 @@ -complete -W "--msgbox --yesno --infobox --inputbox --passwordbox --textbox --menu --checklist \ - --radiochecklist --gauge --clear --defaultno --default-item \ - --fb --nocancel --yes-button --no-button --ok-button \ - --cancel-button -noitem --separate-output --output-fd \ - --title --backtitle -scrolltext --toplefti \ - --help" -f whiptail diff --git a/bind/db.root b/bind/db.root index 6c19741..f0b79d2 100644 --- a/bind/db.root +++ b/bind/db.root @@ -9,30 +9,32 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 +; last update: February 17, 2016 +; related version of root zone: 2016021701 ; ; formerly NS.INTERNIC.NET ; -. 3600000 IN NS A.ROOT-SERVERS.NET. +. 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; @@ -43,7 +45,7 @@ E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; @@ -53,26 +55,26 @@ G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; @@ -84,5 +86,5 @@ L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file diff --git a/bind/named-pri.conf b/bind/named-pri.conf index c6f79ae..d8e43e7 100644 --- a/bind/named-pri.conf +++ b/bind/named-pri.conf @@ -24,6 +24,20 @@ zone "uhu-banane.de" { }; }; +zone "brehm-online.com" { + type master; + file "/etc/bind/zones/brehm-online.com.zone"; + allow-update { none; }; + allow-transfer { + common-allow-transfer; + }; + also-notify { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; + }; +}; + zone "uhu-banane.eu" { type master; file "/etc/bind/zones/uhu-banane.eu.zone"; @@ -76,20 +90,6 @@ zone "0.0.0.0.7.b.d.1.8.f.6.0.1.0.0.2.ip6.arpa" { }; }; -zone "brehm-online.com" { - type master; - file "/etc/bind/zones/brehm-online.com.zone"; - allow-update { none; }; - allow-transfer { - common-allow-transfer; - }; - also-notify { - 195.50.185.7; - 46.189.56.7; - 85.199.64.7; - }; -}; - zone "11.12.10.in-addr.arpa" { type master; file "/etc/bind/zones/rev.10.12.11.zone"; diff --git a/bind/named-sec.conf b/bind/named-sec.conf index c9a8c2a..dc59d73 100644 --- a/bind/named-sec.conf +++ b/bind/named-sec.conf @@ -21,6 +21,17 @@ zone "0.0.0.1.6.0.0.3.1.7.1.0.8.f.4.0.1.0.a.2.ip6.arpa" { }; }; +zone "0.0.0.2.6.0.0.3.1.7.1.0.8.f.4.0.1.0.a.2.ip6.arpa" { + type slave; + file "rev.2a01-4f8-171-3006-2000.zone"; + masters { + 138.201.28.135; + }; + allow-transfer { + common-allow-transfer; + }; +}; + zone "0.29.172.in-addr.arpa" { type slave; file "rev.172.29.0.zone"; @@ -43,6 +54,17 @@ zone "0.31.172.in-addr.arpa" { }; }; +zone "0.32.172.in-addr.arpa" { + type slave; + file "rev.172.32.0.zone"; + masters { + 138.201.28.135; + }; + allow-transfer { + common-allow-transfer; + }; +}; + zone "acwain.com" { type slave; file "acwain.com.zone"; @@ -417,6 +439,28 @@ zone "planetec.de" { }; }; +zone "pontilus.com" { + type slave; + file "pontilus.com.zone"; + masters { + 138.201.28.135; + }; + allow-transfer { + common-allow-transfer; + }; +}; + +zone "pontilus.de" { + type slave; + file "pontilus.de.zone"; + masters { + 138.201.28.135; + }; + allow-transfer { + common-allow-transfer; + }; +}; + zone "saeger.cc" { type slave; file "saeger.cc.zone"; diff --git a/bind/zones/brehm-online.com.zone b/bind/zones/brehm-online.com.zone index 5d1754a..6edb2e7 100644 --- a/bind/zones/brehm-online.com.zone +++ b/bind/zones/brehm-online.com.zone @@ -4,7 +4,7 @@ $TTL 86400 ; 1 day ;$TTL 900 brehm-online.com SOA ns.uhu-banane.de. hostmaster.uhu-banane.de. ( - 2016112000 ; serial + 2017070100 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -15,7 +15,7 @@ brehm-online.com SOA ns.uhu-banane.de. hostmaster.uhu-banane.de. ( NS ns2.boreus.de. NS ns3.boreus.de. A 185.48.118.128 - AAAA 2001:6f8:1db7::2 +; AAAA 2001:6f8:1db7::2 MX 10 mail.uhu-banane.net. ; for Google Postmaster tools TXT "google-site-verification=RQ0rHiqHL1SeWtYts7eFurSGrodkzRNPQegXqZlfMck" diff --git a/bind/zones/frankepedia.eu.zone b/bind/zones/frankepedia.eu.zone index f6f503c..17902f8 100644 --- a/bind/zones/frankepedia.eu.zone +++ b/bind/zones/frankepedia.eu.zone @@ -2,7 +2,7 @@ $ORIGIN . ;$TTL 86400 ; 1 day $TTL 900 frankepedia.eu IN SOA ns3.uhu-banane.de. hostmaster.uhu-banane.de. ( - 2016072100 ; serial + 2017050400 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -16,12 +16,13 @@ frankepedia.eu IN SOA ns3.uhu-banane.de. hostmaster.uhu-banane.de. ( MX 10 mail.uhu-banane.net. $ORIGIN frankepedia.eu. -dkim._domainkey 3600 TXT ( +dkim._domainkey 3600 TXT "v=DKIM1; p=" +mail-2017-04-05._domainkey 3600 TXT ( "v=DKIM1; p=" - "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvzNfcyDG3NIYIXRZVUizrJsxR" - "Xb0g+M90EyYkEi4p4JXLrthZlzOLO4wC+urMJRnSUkc2FrKbx4Ii6lHkeDyjdWA0" - "0BDeL4iC8qHT+w8lDBRXWZTy3Ef3/iSFC3JfE19Ef9QTuqua/2V9Nhwe0f+JP1ld" - "SHGp123fDfwE75USMwIDAQAB") + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWFPIGYglWzHGTE9PSLYx7JnrZ" + "AuSw98rV36JS/1WKgIFpTk8XKzN+OAK+yMddwtVm3zDEnY0tbH09jeh6TsR0QOCm" + "oCFwcPpJX+44+pllWlKkt0Ci78EGZ5aWlIcFCCaGgc3byLIsNm8ka7xSCN6jZJ6R" + "0vT05f/4OVUjd/m/wwIDAQAB") git CNAME git.uhu-banane.de. mail CNAME mail.uhu-banane.net. www CNAME www.uhu-banane.de. diff --git a/bind/zones/home.brehm-online.com.zone b/bind/zones/home.brehm-online.com.zone index 63031a7..c121a57 100644 --- a/bind/zones/home.brehm-online.com.zone +++ b/bind/zones/home.brehm-online.com.zone @@ -3,7 +3,7 @@ $TTL 86400 ; 1 day ;$TTL 900 home SOA ns3.uhu-banane.de. hostmaster.brehm-online.com. ( - 2016100502 ; Serial + 2017080300 ; Serial 28800 ; Refresh 14400 ; Retry 604800 ; Expire - 1 week @@ -18,10 +18,15 @@ home SOA ns3.uhu-banane.de. hostmaster.brehm-online.com. ( $ORIGIN home.brehm-online.com. bruni A 10.12.11.2 - AAAA 2a02:8109:9300:488:5604:a6ff:fe38:99f9 + AAAA 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9 +; AAAA 2a02:8109:9300:488:5604:a6ff:fe38:99f9 TXT "Franks Linux-Buechse@home" else A 10.12.11.22 FranksGalaxy A 10.12.11.10 +fritzbox 300 A 91.65.124.33 + 300 AAAA 2a02:8109:8000:5c:31b6:7361:7b89:d14b +fritzbox-intern A 10.12.11.254 + AAAA 2a02:8109:ae3f:fa04:a96:d7ff:fe55:4821 gunner A 10.12.11.9 gw A 10.12.11.1 TXT "Der Buffalo-Router" @@ -42,7 +47,8 @@ lena A 10.12.11.28 karla A 10.12.11.29 AAAA 2a02:8109:ae3f:fa04:5054:ff:fe87:da41 ; AAAA 2001:6f8:1db7::29 - TXT "Wheezy-VM auf Bruni" + TXT "Debian stable VM auf Bruni" +mail CNAME bruni olga A 10.12.11.3 A 10.12.11.4 AAAA 2a02:8109:9300:488:4a5b:39ff:fe9b:d309 @@ -60,6 +66,8 @@ olga-wifi A 10.12.11.4 ;PatricksWildfire A 10.12.11.11 ps-kyocera A 10.12.11.32 TXT "Der Printserver fuer den Kyocera-Drucker" +vera A 10.12.11.25 + TXT "Debian unstable VM auf Bruni" xanthippe A 10.12.11.33 AAAA 2001:6f8:1db7:0:f66d:4ff:fe2f:621b TXT "Heikos neue Spiele-Buechse" diff --git a/bind/zones/rev.10.12.11.zone b/bind/zones/rev.10.12.11.zone index e41c0df..3b6173d 100644 --- a/bind/zones/rev.10.12.11.zone +++ b/bind/zones/rev.10.12.11.zone @@ -3,7 +3,7 @@ $ORIGIN 12.10.in-addr.arpa. $TTL 7200 11 SOA ns3.uhu-banane.de. hostmaster.brehm-online.com. ( - 2016031300 ; serial + 2017070400 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -43,7 +43,7 @@ $ORIGIN 11.12.10.in-addr.arpa. 22 PTR else.home.brehm-online.com. ;23 PTR g.home.brehm-online.com. ;24 PTR g.home.brehm-online.com. -;25 PTR g.home.brehm-online.com. +25 PTR vera.home.brehm-online.com. ;26 PTR g.home.brehm-online.com. ;27 PTR g.home.brehm-online.com. 28 PTR lena.home.brehm-online.com. diff --git a/bind/zones/rev.2001-6f8-1db7-0.zone b/bind/zones/rev.2001-6f8-1db7-0.zone index ad2606e..2a5c924 100644 --- a/bind/zones/rev.2001-6f8-1db7-0.zone +++ b/bind/zones/rev.2001-6f8-1db7-0.zone @@ -2,7 +2,7 @@ $ORIGIN 0.0.0.7.b.d.1.8.f.6.0.1.0.0.2.ip6.arpa. $TTL 7200 0 SOA ns3.uhu-banane.de. hostmaster.brehm-online.com. ( - 2016072000 ; serial + 2017070100 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -19,10 +19,10 @@ $ORIGIN 0.0.0.0.7.b.d.1.8.f.6.0.1.0.0.2.ip6.arpa. ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR bruni.home.brehm-online.com. ; 2001:6f8:1db7::2 -2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR ns1.uhu-banane.de. +2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR ns1-v6.uhu-banane.de. ; 2001:6f8:1db7::5 -5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR sarah.uhu-banane.de. +5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR sarah-v6.uhu-banane.de. ; 2001:6f8:1db7::28 ;8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR lena.home.brehm-online.com. diff --git a/bind/zones/uhu-banane.de.zone b/bind/zones/uhu-banane.de.zone index be90616..c109ce4 100644 --- a/bind/zones/uhu-banane.de.zone +++ b/bind/zones/uhu-banane.de.zone @@ -2,7 +2,7 @@ $ORIGIN . $TTL 86400 ; 1 day ;$TTL 900 uhu-banane.de SOA ns.uhu-banane.de. hostmaster.uhu-banane.de. ( - 2016112000 ; serial + 2017070100 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -13,7 +13,7 @@ uhu-banane.de SOA ns.uhu-banane.de. hostmaster.uhu-banane.de. ( NS ns2.boreus.de. NS ns3.boreus.de. A 185.48.118.128 - AAAA 2001:6f8:1db7::2 +; AAAA 2001:6f8:1db7::2 MX 10 mail.uhu-banane.net. ; for Google Postmaster tools TXT "google-site-verification=atrQiTw6OVfLu9GBiA3b8pxfv0r6wyBeBrau86gb4Lg" @@ -52,20 +52,26 @@ mx CNAME mail.uhu-banane.net. ns A 185.102.95.107 AAAA 2a06:2380:0:1::3a ns1 A 185.48.118.128 - AAAA 2001:6f8:1db7::2 +; AAAA 2001:6f8:1db7::2 ns1-local A 10.12.20.2 +ns1-v4 A 185.48.118.128 +ns1-v6 AAAA 2001:6f8:1db7::2 ns2 A 162.254.24.33 ; AAAA 2a01:238:4225:6e00:8f8c:808a:7fb8:88df ns3 A 185.102.95.107 AAAA 2a06:2380:0:1::3a +ns3-v4 A 185.102.95.107 +ns3-v6 AAAA 2a06:2380:0:1::3a online CNAME uhu-banane.de. repo CNAME ns1 repo1 CNAME ns1 repo2 CNAME ns2 -salt CNAME ns3 -salt-master CNAME ns3 +salt CNAME ns3-v4 +salt-master CNAME ns3-v4 sarah A 185.48.118.130 - AAAA 2001:6f8:1db7::5 +; AAAA 2001:6f8:1db7::5 +sarah-v4 A 185.48.118.130 +sarah-v6 AAAA 2001:6f8:1db7::5 sarah-local A 10.12.20.5 ;uhu1 A 46.16.73.175 ; AAAA 2001:4dd0:ff00:cd3::2 diff --git a/bind/zones/uhu-banane.net.zone b/bind/zones/uhu-banane.net.zone index 9b2746b..9cd682d 100644 --- a/bind/zones/uhu-banane.net.zone +++ b/bind/zones/uhu-banane.net.zone @@ -2,7 +2,7 @@ $ORIGIN . ;$TTL 86400 ; 1 day $TTL 900 uhu-banane.net IN SOA ns3.uhu-banane.de. hostmaster.uhu-banane.de. ( - 2016102600 ; serial + 2017040500 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) diff --git a/bind/zones/uhu-banane.org.zone b/bind/zones/uhu-banane.org.zone index 73d0fa2..1e36d0a 100644 --- a/bind/zones/uhu-banane.org.zone +++ b/bind/zones/uhu-banane.org.zone @@ -2,7 +2,7 @@ $ORIGIN . ;$TTL 86400 ; 1 day $TTL 900 uhu-banane.org IN SOA ns3.uhu-banane.de. hostmaster.uhu-banane.de. ( - 2016102600 ; serial + 2017022100 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) @@ -34,4 +34,5 @@ repo CNAME ns1.uhu-banane.de. repo1 CNAME ns1.uhu-banane.de. repo2 CNAME ns2.uhu-banane.de. sarah CNAME sarah.uhu-banane.de. +test-0000 TXT "Test TXT record" www CNAME www.uhu-banane.de. diff --git a/ca-certificates.conf b/ca-certificates.conf index 8bad138..358bc59 100644 --- a/ca-certificates.conf +++ b/ca-certificates.conf @@ -32,7 +32,7 @@ mozilla/Buypass_Class_2_CA_1.crt mozilla/Buypass_Class_2_Root_CA.crt !mozilla/Buypass_Class_3_CA_1.crt mozilla/Buypass_Class_3_Root_CA.crt -mozilla/CA_Disig.crt +!mozilla/CA_Disig.crt mozilla/CA_Disig_Root_R1.crt mozilla/CA_Disig_Root_R2.crt mozilla/Camerfirma_Chambers_of_Commerce_Root.crt @@ -102,10 +102,10 @@ mozilla/Juur-SK.crt mozilla/Microsec_e-Szigno_Root_CA_2009.crt mozilla/Microsec_e-Szigno_Root_CA.crt mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt -mozilla/NetLock_Business_=Class_B=_Root.crt -mozilla/NetLock_Express_=Class_C=_Root.crt -mozilla/NetLock_Notary_=Class_A=_Root.crt -mozilla/NetLock_Qualified_=Class_QA=_Root.crt +!mozilla/NetLock_Business_=Class_B=_Root.crt +!mozilla/NetLock_Express_=Class_C=_Root.crt +!mozilla/NetLock_Notary_=Class_A=_Root.crt +!mozilla/NetLock_Qualified_=Class_QA=_Root.crt mozilla/Network_Solutions_Certificate_Authority.crt mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt mozilla/PSCProcert.crt @@ -124,16 +124,16 @@ mozilla/Security_Communication_EV_RootCA1.crt mozilla/Security_Communication_RootCA2.crt mozilla/Security_Communication_Root_CA.crt !mozilla/SG_TRUST_SERVICES_RACINE.crt -mozilla/Sonera_Class_1_Root_CA.crt +!mozilla/Sonera_Class_1_Root_CA.crt mozilla/Sonera_Class_2_Root_CA.crt -mozilla/Staat_der_Nederlanden_Root_CA.crt +!mozilla/Staat_der_Nederlanden_Root_CA.crt mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt mozilla/Starfield_Class_2_CA.crt mozilla/Starfield_Root_Certificate_Authority_-_G2.crt mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt -mozilla/StartCom_Certification_Authority_2.crt -mozilla/StartCom_Certification_Authority.crt -mozilla/StartCom_Certification_Authority_G2.crt +!mozilla/StartCom_Certification_Authority_2.crt +!mozilla/StartCom_Certification_Authority.crt +!mozilla/StartCom_Certification_Authority_G2.crt mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt mozilla/Swisscom_Root_CA_1.crt mozilla/Swisscom_Root_CA_2.crt @@ -164,13 +164,13 @@ mozilla/TWCA_Root_Certification_Authority.crt mozilla/UTN_USERFirst_Email_Root_CA.crt mozilla/UTN_USERFirst_Hardware_Root_CA.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt -mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt +!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt -mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt -mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt @@ -178,12 +178,12 @@ mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt mozilla/VeriSign_Universal_Root_Certification_Authority.crt mozilla/Visa_eCommerce_Root.crt mozilla/WellsSecure_Public_Root_Certificate_Authority.crt -mozilla/WoSign_China.crt -mozilla/WoSign.crt +!mozilla/WoSign_China.crt +!mozilla/WoSign.crt mozilla/XRamp_Global_CA_Root.crt -spi-inc.org/spi-cacert-2008.crt -mozilla/CA_WoSign_ECC_Root.crt -mozilla/Certification_Authority_of_WoSign_G2.crt +!spi-inc.org/spi-cacert-2008.crt +!mozilla/CA_WoSign_ECC_Root.crt +!mozilla/Certification_Authority_of_WoSign_G2.crt mozilla/Certinomis_-_Root_CA.crt mozilla/CFCA_EV_ROOT.crt mozilla/COMODO_RSA_Certification_Authority.crt @@ -201,3 +201,13 @@ mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt mozilla/USERTrust_ECC_Certification_Authority.crt mozilla/USERTrust_RSA_Certification_Authority.crt +mozilla/Certplus_Root_CA_G1.crt +mozilla/Certplus_Root_CA_G2.crt +mozilla/Certum_Trusted_Network_CA_2.crt +mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt +mozilla/ISRG_Root_X1.crt +mozilla/OpenTrust_Root_CA_G1.crt +mozilla/OpenTrust_Root_CA_G2.crt +mozilla/OpenTrust_Root_CA_G3.crt +mozilla/SZAFIR_ROOT_CA2.crt diff --git a/ca-certificates.conf.dpkg-old b/ca-certificates.conf.dpkg-old index 9e08541..ef16bf1 100644 --- a/ca-certificates.conf.dpkg-old +++ b/ca-certificates.conf.dpkg-old @@ -21,18 +21,18 @@ mozilla/AffirmTrust_Commercial.crt mozilla/AffirmTrust_Networking.crt mozilla/AffirmTrust_Premium.crt mozilla/AffirmTrust_Premium_ECC.crt -mozilla/America_Online_Root_Certification_Authority_1.crt -mozilla/America_Online_Root_Certification_Authority_2.crt +!mozilla/America_Online_Root_Certification_Authority_1.crt +!mozilla/America_Online_Root_Certification_Authority_2.crt mozilla/ApplicationCA_-_Japanese_Government.crt mozilla/Atos_TrustedRoot_2011.crt -mozilla/A-Trust-nQual-03.crt +!mozilla/A-Trust-nQual-03.crt mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt mozilla/Baltimore_CyberTrust_Root.crt mozilla/Buypass_Class_2_CA_1.crt mozilla/Buypass_Class_2_Root_CA.crt -mozilla/Buypass_Class_3_CA_1.crt +!mozilla/Buypass_Class_3_CA_1.crt mozilla/Buypass_Class_3_Root_CA.crt -mozilla/CA_Disig.crt +!mozilla/CA_Disig.crt mozilla/CA_Disig_Root_R1.crt mozilla/CA_Disig_Root_R2.crt mozilla/Camerfirma_Chambers_of_Commerce_Root.crt @@ -52,7 +52,7 @@ mozilla/COMODO_ECC_Certification_Authority.crt mozilla/Comodo_Secure_Services_root.crt mozilla/Comodo_Trusted_Services_root.crt mozilla/ComSign_CA.crt -mozilla/ComSign_Secured_CA.crt +!mozilla/ComSign_Secured_CA.crt mozilla/Cybertrust_Global_Root.crt mozilla/Deutsche_Telekom_Root_CA_2.crt mozilla/DigiCert_Assured_ID_Root_CA.crt @@ -63,8 +63,8 @@ mozilla/DigiCert_Global_Root_G2.crt mozilla/DigiCert_Global_Root_G3.crt mozilla/DigiCert_High_Assurance_EV_Root_CA.crt mozilla/DigiCert_Trusted_Root_G4.crt -mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt -mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt +!mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt +!mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt mozilla/DST_ACES_CA_X6.crt mozilla/DST_Root_CA_X3.crt mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt @@ -72,7 +72,7 @@ mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt mozilla/EC-ACC.crt mozilla/EE_Certification_Centre_Root_CA.crt -mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt +!mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt mozilla/Entrust_Root_Certification_Authority.crt mozilla/ePKI_Root_Certification_Authority.crt @@ -93,7 +93,7 @@ mozilla/GlobalSign_Root_CA_-_R2.crt mozilla/GlobalSign_Root_CA_-_R3.crt mozilla/Go_Daddy_Class_2_CA.crt mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt -mozilla/GTE_CyberTrust_Global_Root.crt +!mozilla/GTE_CyberTrust_Global_Root.crt mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt mozilla/Hongkong_Post_Root_CA_1.crt mozilla/IGC_A.crt @@ -102,10 +102,10 @@ mozilla/Juur-SK.crt mozilla/Microsec_e-Szigno_Root_CA_2009.crt mozilla/Microsec_e-Szigno_Root_CA.crt mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt -mozilla/NetLock_Business_=Class_B=_Root.crt -mozilla/NetLock_Express_=Class_C=_Root.crt -mozilla/NetLock_Notary_=Class_A=_Root.crt -mozilla/NetLock_Qualified_=Class_QA=_Root.crt +!mozilla/NetLock_Business_=Class_B=_Root.crt +!mozilla/NetLock_Express_=Class_C=_Root.crt +!mozilla/NetLock_Notary_=Class_A=_Root.crt +!mozilla/NetLock_Qualified_=Class_QA=_Root.crt mozilla/Network_Solutions_Certificate_Authority.crt mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt mozilla/PSCProcert.crt @@ -123,10 +123,10 @@ mozilla/SecureTrust_CA.crt mozilla/Security_Communication_EV_RootCA1.crt mozilla/Security_Communication_RootCA2.crt mozilla/Security_Communication_Root_CA.crt -mozilla/SG_TRUST_SERVICES_RACINE.crt -mozilla/Sonera_Class_1_Root_CA.crt +!mozilla/SG_TRUST_SERVICES_RACINE.crt +!mozilla/Sonera_Class_1_Root_CA.crt mozilla/Sonera_Class_2_Root_CA.crt -mozilla/Staat_der_Nederlanden_Root_CA.crt +!mozilla/Staat_der_Nederlanden_Root_CA.crt mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt mozilla/Starfield_Class_2_CA.crt mozilla/Starfield_Root_Certificate_Authority_-_G2.crt @@ -142,39 +142,39 @@ mozilla/SwissSign_Gold_CA_-_G2.crt mozilla/SwissSign_Platinum_CA_-_G2.crt mozilla/SwissSign_Silver_CA_-_G2.crt mozilla/Taiwan_GRCA.crt -mozilla/TC_TrustCenter_Class_2_CA_II.crt +!mozilla/TC_TrustCenter_Class_2_CA_II.crt mozilla/TC_TrustCenter_Class_3_CA_II.crt -mozilla/TC_TrustCenter_Universal_CA_I.crt +!mozilla/TC_TrustCenter_Universal_CA_I.crt mozilla/TeliaSonera_Root_CA_v1.crt -mozilla/Thawte_Premium_Server_CA.crt +!mozilla/Thawte_Premium_Server_CA.crt mozilla/thawte_Primary_Root_CA.crt mozilla/thawte_Primary_Root_CA_-_G2.crt mozilla/thawte_Primary_Root_CA_-_G3.crt -mozilla/Thawte_Server_CA.crt +!mozilla/Thawte_Server_CA.crt mozilla/Trustis_FPS_Root_CA.crt mozilla/T-TeleSec_GlobalRoot_Class_2.crt mozilla/T-TeleSec_GlobalRoot_Class_3.crt mozilla/TÜBÄ°TAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt -mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt +!mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt -mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt +!mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt mozilla/TWCA_Global_Root_CA.crt mozilla/TWCA_Root_Certification_Authority.crt -mozilla/UTN_DATACorp_SGC_Root_CA.crt +!mozilla/UTN_DATACorp_SGC_Root_CA.crt mozilla/UTN_USERFirst_Email_Root_CA.crt mozilla/UTN_USERFirst_Hardware_Root_CA.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt -mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt +!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt -mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt -mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt -mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt +!mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt mozilla/VeriSign_Universal_Root_Certification_Authority.crt mozilla/Visa_eCommerce_Root.crt mozilla/WellsSecure_Public_Root_Certificate_Authority.crt @@ -182,3 +182,32 @@ mozilla/WoSign_China.crt mozilla/WoSign.crt mozilla/XRamp_Global_CA_Root.crt spi-inc.org/spi-cacert-2008.crt +mozilla/CA_WoSign_ECC_Root.crt +mozilla/Certification_Authority_of_WoSign_G2.crt +mozilla/Certinomis_-_Root_CA.crt +mozilla/CFCA_EV_ROOT.crt +mozilla/COMODO_RSA_Certification_Authority.crt +mozilla/Entrust_Root_Certification_Authority_-_EC1.crt +mozilla/Entrust_Root_Certification_Authority_-_G2.crt +mozilla/GlobalSign_ECC_Root_CA_-_R4.crt +mozilla/GlobalSign_ECC_Root_CA_-_R5.crt +mozilla/IdenTrust_Commercial_Root_CA_1.crt +mozilla/IdenTrust_Public_Sector_Root_CA_1.crt +mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt +mozilla/Staat_der_Nederlanden_EV_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt +mozilla/S-TRUST_Universal_Root_CA.crt +mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt +mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt +mozilla/USERTrust_ECC_Certification_Authority.crt +mozilla/USERTrust_RSA_Certification_Authority.crt +mozilla/Certplus_Root_CA_G1.crt +mozilla/Certplus_Root_CA_G2.crt +mozilla/Certum_Trusted_Network_CA_2.crt +mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt +mozilla/ISRG_Root_X1.crt +mozilla/OpenTrust_Root_CA_G1.crt +mozilla/OpenTrust_Root_CA_G2.crt +mozilla/OpenTrust_Root_CA_G3.crt +mozilla/SZAFIR_ROOT_CA2.crt diff --git a/chrony/chrony.conf.ucf-dist b/chrony/chrony.conf.ucf-dist new file mode 100644 index 0000000..c9ffc4b --- /dev/null +++ b/chrony/chrony.conf.ucf-dist @@ -0,0 +1,32 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. +pool 2.debian.pool.ntp.org iburst + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the +# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. +hwclockfile /etc/adjtime + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/chrony/chrony.keys b/chrony/chrony.keys index 1792d4e..cee70b3 100644 --- a/chrony/chrony.keys +++ b/chrony/chrony.keys @@ -1 +1,10 @@ -1 UpV4JSTs +# This file is solely used for NTP authentication with symmetric keys +# as defined by RFC 1305 and RFC 5905. +# +# It can contain ID/key pairs which can be generated using the “keygen” option +# from “chronyc”; for example: +# chronyc keygen 1 SHA256 256 >> /etc/chrony/chrony.keys +# would generate a 256-bit SHA-256 key using ID 1. +# +# A list of supported hash functions and output encoding can be found in +# the "keyfile" section from the "/usr/share/doc/chrony/chrony.txt.gz" file. diff --git a/colordiffrc b/colordiffrc index 4bcb02d..1ac1a17 100644 --- a/colordiffrc +++ b/colordiffrc @@ -23,7 +23,7 @@ diff_cmd=diff # this, use the default output colour" # plain=off -newtext=blue -oldtext=red -diffstuff=magenta -cvsstuff=green +newtext=darkgreen +oldtext=darkred +diffstuff=darkcyan +cvsstuff=cyan diff --git a/console-setup/cached_UTF-8_del.kmap.gz b/console-setup/cached_UTF-8_del.kmap.gz index 485f86f..631a40a 100644 Binary files a/console-setup/cached_UTF-8_del.kmap.gz and b/console-setup/cached_UTF-8_del.kmap.gz differ diff --git a/console-setup/cached_setup_font.sh b/console-setup/cached_setup_font.sh new file mode 100755 index 0000000..3939676 --- /dev/null +++ b/console-setup/cached_setup_font.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +setfont '/etc/console-setup/cached_Lat15-Fixed16.psf.gz' + +if ls /dev/fb* >/dev/null 2>/dev/null; then + for i in /dev/vcs[0-9]*; do + { : + setfont '/etc/console-setup/cached_Lat15-Fixed16.psf.gz' + } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs} + done +fi + +mkdir -p /run/console-setup +> /run/console-setup/font-loaded +for i in /dev/vcs[0-9]*; do + { : +printf '\033%%G' + } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs} +done diff --git a/console-setup/cached_setup_keyboard.sh b/console-setup/cached_setup_keyboard.sh new file mode 100755 index 0000000..30b46c1 --- /dev/null +++ b/console-setup/cached_setup_keyboard.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +if [ -f /run/console-setup/keymap_loaded ]; then + rm /run/console-setup/keymap_loaded + exit 0 +fi +kbd_mode '-u' < '/dev/tty1' +kbd_mode '-u' < '/dev/tty2' +kbd_mode '-u' < '/dev/tty3' +kbd_mode '-u' < '/dev/tty4' +kbd_mode '-u' < '/dev/tty5' +kbd_mode '-u' < '/dev/tty6' +loadkeys '/etc/console-setup/cached_UTF-8_del.kmap.gz' > '/dev/null' diff --git a/console-setup/cached_setup_terminal.sh b/console-setup/cached_setup_terminal.sh new file mode 100755 index 0000000..494e363 --- /dev/null +++ b/console-setup/cached_setup_terminal.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +{ : +printf '\033%%G' +} < /dev/tty${1#vcs} > /dev/tty${1#vcs} diff --git a/console-setup/compose.ISO-8859-1.inc b/console-setup/compose.ISO-8859-1.inc index c568ba8..a285ddf 100644 --- a/console-setup/compose.ISO-8859-1.inc +++ b/console-setup/compose.ISO-8859-1.inc @@ -56,13 +56,8 @@ compose '/' '^' to '|' compose '/' 'c' to '¢' compose '/' 'o' to 'ø' compose '/' 'u' to 'µ' -compose '0' 'c' to '©' -compose '0' 's' to '§' -compose '0' 'x' to '¤' compose '1' '2' to '½' compose '1' '4' to '¼' -compose '1' 's' to '¹' -compose '2' 's' to '²' compose '3' '4' to '¾' compose ':' '-' to '÷' compose '<' '/' to '\\' @@ -135,21 +130,21 @@ compose '`' 'u' to ' compose 'a' 'e' to 'æ' compose 'a' 'o' to 'å' compose 'a' 't' to '@' -compose 'b' 'v' to '¦' compose 'c' '0' to '©' compose 'c' 'o' to '©' -compose 'l' 'v' to '|' compose 'o' 'c' to '©' -compose 'o' 'r' to '®' -compose 'o' 's' to '§' compose 'o' 'x' to '¤' +compose 'r' 'o' to '®' compose 's' '0' to '§' +compose 's' '1' to '¹' compose 's' '2' to '²' compose 's' '3' to '³' compose 's' 'o' to '§' compose 't' 'h' to 'þ' compose 'v' 'b' to '¦' +compose 'v' 'l' to '|' compose 'x' '0' to '¤' +compose 'x' 'o' to '¤' compose '|' 'c' to '¢' compose '|' '|' to '¦' compose '~' 'A' to 'Ã' @@ -158,16 +153,3 @@ compose '~' 'O' to ' compose '~' 'a' to 'ã' compose '~' 'n' to 'ñ' compose '~' 'o' to 'õ' -compose '¨' 'A' to 'Ä' -compose '¨' 'E' to 'Ë' -compose '¨' 'I' to 'Ï' -compose '¨' 'O' to 'Ö' -compose '¨' 'U' to 'Ü' -compose '¨' 'a' to 'ä' -compose '¨' 'e' to 'ë' -compose '¨' 'i' to 'ï' -compose '¨' 'o' to 'ö' -compose '¨' 'u' to 'ü' -compose '¨' 'y' to 'ÿ' -compose '°' 'A' to 'Å' -compose '°' 'a' to 'å' diff --git a/console-setup/compose.ISO-8859-13.inc b/console-setup/compose.ISO-8859-13.inc index a867a9e..5b45a26 100644 --- a/console-setup/compose.ISO-8859-13.inc +++ b/console-setup/compose.ISO-8859-13.inc @@ -76,12 +76,8 @@ compose '/' 'c' to ' compose '/' 'l' to 'ù' compose '/' 'o' to '¸' compose '/' 'u' to 'µ' -compose '0' 'c' to '©' -compose '0' 's' to '§' -compose '0' 'x' to '¤' compose '1' '2' to '½' compose '1' '4' to '¼' -compose '2' 's' to '²' compose '3' '4' to '¾' compose ':' '-' to '÷' compose ';' 'A' to 'À' @@ -145,25 +141,21 @@ compose '_' 'u' to ' compose 'a' 'e' to '¿' compose 'a' 'o' to 'å' compose 'a' 't' to '@' -compose 'b' 'v' to '¦' +compose 'c' '0' to '©' compose 'c' 'o' to '©' compose 'm' 'u' to 'µ' compose 'o' 'c' to '©' -compose 'o' 'r' to '®' -compose 'o' 's' to '§' +compose 'o' 'x' to '¤' +compose 'r' 'o' to '®' compose 's' '0' to '§' compose 's' '1' to '¹' compose 's' '2' to '²' compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 'v' 'b' to '¦' compose 'x' '0' to '¤' compose 'x' 'o' to '¤' compose '|' 'c' to '¢' compose '|' '|' to '¦' compose '~' 'O' to 'Õ' compose '~' 'o' to 'õ' -compose '°' 'A' to 'Å' -compose '°' 'E' to 'Ë' -compose '°' 'Z' to 'Ý' -compose '°' 'a' to 'å' -compose '°' 'e' to 'ë' -compose '°' 'z' to 'ý' diff --git a/console-setup/compose.ISO-8859-14.inc b/console-setup/compose.ISO-8859-14.inc index 21f29ee..e2835df 100644 --- a/console-setup/compose.ISO-8859-14.inc +++ b/console-setup/compose.ISO-8859-14.inc @@ -56,9 +56,6 @@ compose '/' '<' to '\\' compose '/' 'O' to 'Ø' compose '/' '^' to '|' compose '/' 'o' to 'ø' -compose '0' 'c' to '©' -compose '0' 'r' to '®' -compose '0' 's' to '§' compose '<' '/' to '\\' compose '=' 'l' to '£' compose '>' 'A' to 'Â' @@ -117,14 +114,14 @@ compose '`' 'w' to ' compose '`' 'y' to '¼' compose 'a' 'e' to 'æ' compose 'a' 't' to '@' +compose 'c' '0' to '©' compose 'c' 'o' to '©' -compose 'l' 'v' to '|' compose 'o' 'c' to '©' -compose 'o' 'r' to '®' -compose 'o' 's' to '§' compose 'r' '0' to '®' +compose 'r' 'o' to '®' compose 's' '0' to '§' compose 's' 'o' to '§' +compose 'v' 'l' to '|' compose '~' 'A' to 'Ã' compose '~' 'N' to 'Ñ' compose '~' 'O' to 'Õ' diff --git a/console-setup/compose.ISO-8859-15.inc b/console-setup/compose.ISO-8859-15.inc index 63c89db..79c92ed 100644 --- a/console-setup/compose.ISO-8859-15.inc +++ b/console-setup/compose.ISO-8859-15.inc @@ -55,9 +55,6 @@ compose '/' '^' to '|' compose '/' 'c' to '¢' compose '/' 'o' to 'ø' compose '/' 'u' to 'µ' -compose '0' 'c' to '©' -compose '0' 's' to '§' -compose '1' 's' to '¹' compose ':' '-' to '÷' compose '<' '/' to '\\' compose '<' '<' to '«' @@ -139,8 +136,7 @@ compose 'c' 'o' to ' compose 'e' '=' to '¤' compose 'o' 'c' to '©' compose 'o' 'e' to '½' -compose 'o' 'r' to '®' -compose 'o' 's' to '§' +compose 'r' 'o' to '®' compose 's' '0' to '§' compose 's' '1' to '¹' compose 's' '2' to '²' @@ -155,5 +151,3 @@ compose '~' 'O' to ' compose '~' 'a' to 'ã' compose '~' 'n' to 'ñ' compose '~' 'o' to 'õ' -compose '°' 'A' to 'Å' -compose '°' 'a' to 'å' diff --git a/console-setup/compose.ISO-8859-2.inc b/console-setup/compose.ISO-8859-2.inc index 40734c3..6692ee3 100644 --- a/console-setup/compose.ISO-8859-2.inc +++ b/console-setup/compose.ISO-8859-2.inc @@ -46,13 +46,9 @@ compose '.' 'e' to ' compose '.' 'i' to '¹' compose '.' 'u' to 'ù' compose '.' 'z' to '¿' -compose '.' ' ' to 'ÿ' -compose '.' 'ÿ' to 'ÿ' compose '/' '/' to '\\' compose '/' '<' to '\\' compose '/' '^' to '|' -compose '0' 's' to '§' -compose '0' 'x' to '¤' compose ':' '-' to '÷' compose '<' '/' to '\\' compose '<' '<' to '·' @@ -116,7 +112,6 @@ compose '^' 'O' to ' compose '^' 'a' to 'â' compose '^' 'i' to 'î' compose '^' 'o' to 'ô' -compose '_' ' ' to '¯' compose 'a' 'U' to 'ã' compose 'l' '-' to '³' compose 'o' 'e' to '½' @@ -127,39 +122,3 @@ compose 'v' 'l' to '|' compose 'x' '0' to '¤' compose 'x' 'o' to '¤' compose 'z' '.' to '¿' -compose '¢' 'A' to 'Ã' -compose '¢' 'a' to 'ã' -compose '°' 'A' to 'Å' -compose '°' 'U' to 'Ù' -compose '°' 'a' to 'å' -compose '°' 'u' to 'ù' -compose '°' ' ' to '°' -compose '°' '°' to '°' -compose '²' 'A' to '¡' -compose '²' 'E' to 'Ê' -compose '²' 'a' to '±' -compose '²' 'e' to 'ê' -compose '·' 'C' to 'È' -compose '·' 'D' to 'Ï' -compose '·' 'E' to 'Ì' -compose '·' 'L' to '¥' -compose '·' 'N' to 'Ò' -compose '·' 'R' to 'Ø' -compose '·' 'S' to '©' -compose '·' 'T' to '«' -compose '·' 'Z' to '®' -compose '·' 'c' to 'è' -compose '·' 'd' to 'ï' -compose '·' 'e' to 'ì' -compose '·' 'l' to 'µ' -compose '·' 'n' to 'ò' -compose '·' 'r' to 'ø' -compose '·' 's' to '¹' -compose '·' 't' to '»' -compose '·' 'z' to '¾' -compose '¸' 'C' to 'Ç' -compose '¸' 'S' to 'ª' -compose '¸' 'T' to 'Þ' -compose '¸' 'c' to 'ç' -compose '¸' 's' to 'º' -compose '¸' 't' to 'þ' diff --git a/console-setup/compose.ISO-8859-3.inc b/console-setup/compose.ISO-8859-3.inc index 5e0daef..7e50b6c 100644 --- a/console-setup/compose.ISO-8859-3.inc +++ b/console-setup/compose.ISO-8859-3.inc @@ -57,9 +57,6 @@ compose '/' '/' to '\\' compose '/' '<' to '\\' compose '/' '^' to '|' compose '/' 'u' to 'µ' -compose '0' 's' to '§' -compose '2' 's' to '²' -compose '3' 's' to '³' compose ':' '-' to '÷' compose '<' '/' to '\\' compose '=' 'c' to '¤' @@ -136,8 +133,10 @@ compose '`' 'i' to ' compose '`' 'o' to 'ò' compose '`' 'u' to 'ù' compose 'g' 'U' to '»' -compose 'o' 'r' to '®' +compose 'r' 'o' to '®' compose 's' '0' to '§' +compose 's' '2' to '²' +compose 's' '3' to '³' compose 's' 'o' to '§' compose 'u' 'u' to 'ý' compose 'v' 'l' to '|' @@ -145,23 +144,3 @@ compose '~' 'A' to ' compose '~' 'O' to 'Õ' compose '~' 'a' to 'ã' compose '~' 'o' to 'õ' -compose '¢' 'G' to '«' -compose '¢' 'U' to 'Ý' -compose '¢' 'g' to '»' -compose '¢' 'u' to 'ý' -compose '¨' 'A' to 'Ä' -compose '¨' 'E' to 'Ë' -compose '¨' 'I' to 'Ï' -compose '¨' 'O' to 'Ö' -compose '¨' 'U' to 'Ü' -compose '¨' 'Y' to '¾' -compose '¨' 'a' to 'ä' -compose '¨' 'e' to 'ë' -compose '¨' 'i' to 'ï' -compose '¨' 'o' to 'ö' -compose '¨' 'u' to 'ü' -compose '¨' 'y' to 'ÿ' -compose '°' 'A' to 'Å' -compose '°' 'a' to 'å' -compose '¸' 'S' to 'ª' -compose '¸' 's' to 'º' diff --git a/console-setup/compose.ISO-8859-4.inc b/console-setup/compose.ISO-8859-4.inc index c95e946..4598a22 100644 --- a/console-setup/compose.ISO-8859-4.inc +++ b/console-setup/compose.ISO-8859-4.inc @@ -49,12 +49,10 @@ compose '-' 'u' to ' compose '.' '.' to 'ÿ' compose '.' 'E' to 'Ì' compose '.' 'e' to 'ì' -compose '.' 'ÿ' to 'ÿ' compose '/' 'O' to 'Ø' compose '/' 'T' to '¬' compose '/' 'o' to 'ø' compose '/' 't' to '¼' -compose '0' 's' to '§' compose ':' '-' to '÷' compose '<' '<' to '·' compose '<' 'C' to 'È' @@ -105,10 +103,10 @@ compose '_' 'e' to ' compose '_' 'i' to 'ï' compose '_' 'o' to 'ò' compose '_' 'u' to 'þ' -compose '_' '¯' to '¯' compose 'a' 'e' to 'æ' compose 'n' 'g' to '¿' compose 'o' 'x' to '¤' +compose 's' '0' to '§' compose 's' 'o' to '§' compose 't' '-' to '¼' compose 'x' '0' to '¤' @@ -121,5 +119,3 @@ compose '~' 'a' to ' compose '~' 'i' to 'µ' compose '~' 'o' to 'õ' compose '~' 'u' to 'ý' -compose '°' 'A' to 'Å' -compose '°' 'a' to 'å' diff --git a/console-setup/compose.ISO-8859-7.inc b/console-setup/compose.ISO-8859-7.inc index 6142e6c..1aa936a 100644 --- a/console-setup/compose.ISO-8859-7.inc +++ b/console-setup/compose.ISO-8859-7.inc @@ -2,10 +2,6 @@ compose '!' '^' to '¦' compose '!' 's' to '§' compose '"' '"' to '¨' -compose '"' 'É' to 'Ú' -compose '"' 'Õ' to 'Û' -compose '"' 'é' to 'ú' -compose '"' 'õ' to 'û' compose '(' '(' to '[' compose '(' '-' to '{' compose '(' 'c' to '©' @@ -26,9 +22,7 @@ compose '.' '^' to ' compose '/' '/' to '\\' compose '/' '<' to '\\' compose '/' '^' to '|' -compose '0' 's' to '§' compose '1' '2' to '½' -compose '2' 's' to '²' compose '<' '/' to '\\' compose '<' '<' to '«' compose '<' '\'' to '¡' @@ -38,20 +32,6 @@ compose '>' '\'' to ' compose '\'' '<' to '¡' compose '\'' '>' to '¢' compose '\'' '\'' to '´' -compose '\'' 'Á' to '¶' -compose '\'' 'Å' to '¸' -compose '\'' 'Ç' to '¹' -compose '\'' 'É' to 'º' -compose '\'' 'Ï' to '¼' -compose '\'' 'Õ' to '¾' -compose '\'' 'Ù' to '¿' -compose '\'' 'á' to 'Ü' -compose '\'' 'å' to 'Ý' -compose '\'' 'ç' to 'Þ' -compose '\'' 'é' to 'ß' -compose '\'' 'ï' to 'ü' -compose '\'' 'õ' to 'ý' -compose '\'' 'ù' to 'þ' compose '^' '!' to '¦' compose '^' '.' to '·' compose '^' '/' to '|' @@ -59,33 +39,14 @@ compose '^' '0' to ' compose '^' '2' to '²' compose '^' '3' to '³' compose 'a' 't' to '@' -compose 'b' 'v' to '¦' compose 'c' '0' to '©' compose 'c' 'o' to '©' compose 'o' 'c' to '©' -compose 'o' 's' to '§' compose 's' '0' to '§' +compose 's' '2' to '²' compose 's' '3' to '³' compose 's' 'o' to '§' compose 'v' 'b' to '¦' compose 'v' 'l' to '|' compose '|' '|' to '¦' compose '~' '~' to '¯' -compose 'Á' '\'' to '¶' -compose 'Å' '\'' to '¸' -compose 'Ç' '\'' to '¹' -compose 'É' '"' to 'Ú' -compose 'É' '\'' to 'º' -compose 'Ï' '\'' to '¼' -compose 'Õ' '"' to 'Û' -compose 'Õ' '\'' to '¾' -compose 'Ù' '\'' to '¿' -compose 'á' '\'' to 'Ü' -compose 'å' '\'' to 'Ý' -compose 'ç' '\'' to 'Þ' -compose 'é' '"' to 'ú' -compose 'é' '\'' to 'ß' -compose 'ï' '\'' to 'ü' -compose 'õ' '"' to 'û' -compose 'õ' '\'' to 'ý' -compose 'ù' '\'' to 'þ' diff --git a/console-setup/compose.ISO-8859-9.inc b/console-setup/compose.ISO-8859-9.inc index 54738d7..e642e1b 100644 --- a/console-setup/compose.ISO-8859-9.inc +++ b/console-setup/compose.ISO-8859-9.inc @@ -62,9 +62,6 @@ compose '/' '^' to '|' compose '/' 'c' to '¢' compose '/' 'o' to 'ø' compose '/' 'u' to 'µ' -compose '0' 'c' to '©' -compose '0' 's' to '§' -compose '3' 's' to '³' compose ':' '-' to '÷' compose '<' '/' to '\\' compose '<' '<' to '«' @@ -138,12 +135,13 @@ compose 'a' 'e' to ' compose 'c' '0' to '©' compose 'c' 'o' to '©' compose 'g' 'U' to 'ð' -compose 'l' 'v' to '|' compose 'o' 'c' to '©' compose 'o' 'e' to '¼' compose 'r' 'o' to '®' +compose 's' '0' to '§' compose 's' '1' to '¹' compose 's' '2' to '²' +compose 's' '3' to '³' compose 's' 'o' to '§' compose 't' 'h' to 'þ' compose 'v' 'Z' to '´' @@ -156,19 +154,3 @@ compose '~' 'O' to ' compose '~' 'a' to 'ã' compose '~' 'n' to 'ñ' compose '~' 'o' to 'õ' -compose '¨' 'A' to 'Ä' -compose '¨' 'E' to 'Ë' -compose '¨' 'I' to 'Ï' -compose '¨' 'O' to 'Ö' -compose '¨' 'U' to 'Ü' -compose '¨' 'Y' to '¾' -compose '¨' 'a' to 'ä' -compose '¨' 'e' to 'ë' -compose '¨' 'i' to 'ï' -compose '¨' 'o' to 'ö' -compose '¨' 'u' to 'ü' -compose '¨' 'y' to 'ÿ' -compose '°' 'A' to 'Å' -compose '°' 'a' to 'å' -compose '¸' 'S' to 'Þ' -compose '¸' 's' to 'þ' diff --git a/cron.d/php b/cron.d/php new file mode 100644 index 0000000..84e5d10 --- /dev/null +++ b/cron.d/php @@ -0,0 +1,14 @@ +# /etc/cron.d/php@PHP_VERSION@: crontab fragment for PHP +# This purges session files in session.save_path older than X, +# where X is defined in seconds as the largest value of +# session.gc_maxlifetime from all your SAPI php.ini files +# or 24 minutes if not defined. The script triggers only +# when session.save_handler=files. +# +# WARNING: The scripts tries hard to honour all relevant +# session PHP options, but if you do something unusual +# you have to disable this script and take care of your +# sessions yourself. + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi diff --git a/cron.d/php5 b/cron.d/php5 deleted file mode 100644 index e918149..0000000 --- a/cron.d/php5 +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/cron.d/php5: crontab fragment for php5 -# This purges session files in session.save_path older than X, -# where X is defined in seconds as the largest value of -# session.gc_maxlifetime from all your SAPI php.ini files -# or 24 minutes if not defined. The script triggers only -# when session.save_handler=files. -# -# WARNING: The scripts tries hard to honour all relevant -# session PHP options, but if you do something unusual -# you have to disable this script and take care of your -# sessions yourself. - -# Look for and purge old sessions every 30 minutes -09,39 * * * * root [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean diff --git a/cron.daily/apache2 b/cron.daily/apache2 index d5f9cbc..6461f07 100755 --- a/cron.daily/apache2 +++ b/cron.daily/apache2 @@ -1,30 +1,25 @@ #!/bin/sh -# run htcacheclean +# run htcacheclean if set to 'cron' mode set -e set -u type htcacheclean > /dev/null 2>&1 || exit 0 -[ -e /etc/default/apache2 ] || exit 0 +[ -e /etc/default/apache-htcacheclean ] || exit 0 -# edit /etc/default/apache2 to change this +# edit /etc/default/apache-htcacheclean to change this HTCACHECLEAN_MODE=daemon HTCACHECLEAN_RUN=auto HTCACHECLEAN_SIZE=300M HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk HTCACHECLEAN_OPTIONS="" -. /etc/default/apache2 +. /etc/default/apache-htcacheclean [ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0 -[ "$HTCACHECLEAN_RUN" = "yes" ] || -( [ "$HTCACHECLEAN_RUN" = "auto" ] && \ - [ -e /etc/apache2/mods-enabled/cache_disk.load ] ) || exit 0 - htcacheclean ${HTCACHECLEAN_OPTIONS} \ -p${HTCACHECLEAN_PATH} \ -l${HTCACHECLEAN_SIZE} - diff --git a/cron.daily/apt b/cron.daily/apt deleted file mode 100755 index ee0761b..0000000 --- a/cron.daily/apt +++ /dev/null @@ -1,507 +0,0 @@ -#!/bin/sh -#set -e -# -# This file understands the following apt configuration variables: -# Values here are the default. -# Create /etc/apt/apt.conf.d/02periodic file to set your preference. -# -# Dir "/"; -# - RootDir for all configuration files -# -# Dir::Cache "var/cache/apt/"; -# - Set apt package cache directory -# -# Dir::Cache::Archives "archives/"; -# - Set package archive directory -# -# APT::Periodic::Enable "1"; -# - Enable the update/upgrade script (0=disable) -# -# APT::Periodic::BackupArchiveInterval "0"; -# - Backup after n-days if archive contents changed.(0=disable) -# -# APT::Periodic::BackupLevel "3"; -# - Backup level.(0=disable), 1 is invalid. -# -# Dir::Cache::Backup "backup/"; -# - Set periodic package backup directory -# -# APT::Archives::MaxAge "0"; (old, deprecated) -# APT::Periodic::MaxAge "0"; (new) -# - Set maximum allowed age of a cache package file. If a cache -# package file is older it is deleted (0=disable) -# -# APT::Archives::MinAge "2"; (old, deprecated) -# APT::Periodic::MinAge "2"; (new) -# - Set minimum age of a package file. If a file is younger it -# will not be deleted (0=disable). Useful to prevent races -# and to keep backups of the packages for emergency. -# -# APT::Archives::MaxSize "0"; (old, deprecated) -# APT::Periodic::MaxSize "0"; (new) -# - Set maximum size of the cache in MB (0=disable). If the cache -# is bigger, cached package files are deleted until the size -# requirement is met (the oldest packages will be deleted -# first). -# -# APT::Periodic::Update-Package-Lists "0"; -# - Do "apt-get update" automatically every n-days (0=disable) -# -# APT::Periodic::Download-Upgradeable-Packages "0"; -# - Do "apt-get upgrade --download-only" every n-days (0=disable) -# -# APT::Periodic::Download-Upgradeable-Packages-Debdelta "1"; -# - Use debdelta-upgrade to download updates if available (0=disable) -# -# APT::Periodic::Unattended-Upgrade "0"; -# - Run the "unattended-upgrade" security upgrade script -# every n-days (0=disabled) -# Requires the package "unattended-upgrades" and will write -# a log in /var/log/unattended-upgrades -# -# APT::Periodic::AutocleanInterval "0"; -# - Do "apt-get autoclean" every n-days (0=disable) -# -# APT::Periodic::Verbose "0"; -# - Send report mail to root -# 0: no report (or null string) -# 1: progress report (actually any string) -# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d) -# 3: + trace on - -check_stamp() -{ - stamp="$1" - interval="$2" - - if [ $interval -eq 0 ]; then - debug_echo "check_stamp: interval=0" - # treat as no time has passed - return 1 - fi - - if [ ! -f $stamp ]; then - debug_echo "check_stamp: missing time stamp file: $stamp." - # treat as enough time has passed - return 0 - fi - - # compare midnight today to midnight the day the stamp was updated - stamp_file="$stamp" - stamp=$(date --date=$(date -r $stamp_file --iso-8601) +%s 2>/dev/null) - if [ "$?" != "0" ]; then - # Due to some timezones returning 'invalid date' for midnight on - # certain dates (e.g. America/Sao_Paulo), if date returns with error - # remove the stamp file and return 0. See coreutils bug: - # http://lists.gnu.org/archive/html/bug-coreutils/2007-09/msg00176.html - rm -f "$stamp_file" - return 0 - fi - - now=$(date --date=$(date --iso-8601) +%s 2>/dev/null) - if [ "$?" != "0" ]; then - # As above, due to some timezones returning 'invalid date' for midnight - # on certain dates (e.g. America/Sao_Paulo), if date returns with error - # return 0. - return 0 - fi - - delta=$(($now-$stamp)) - - # interval is in days, convert to sec. - interval=$(($interval*60*60*24)) - debug_echo "check_stamp: interval=$interval, now=$now, stamp=$stamp, delta=$delta (sec)" - - # remove timestamps a day (or more) in the future and force re-check - if [ $stamp -gt $(($now+86400)) ]; then - echo "WARNING: file $stamp_file has a timestamp in the future: $stamp" - rm -f "$stamp_file" - return 0 - fi - - if [ $delta -ge $interval ]; then - return 0 - fi - - return 1 -} - -update_stamp() -{ - stamp="$1" - touch $stamp -} - -# we check here if autoclean was enough sizewise -check_size_constraints() -{ - MaxAge=0 - eval $(apt-config shell MaxAge APT::Archives::MaxAge) - eval $(apt-config shell MaxAge APT::Periodic::MaxAge) - - MinAge=2 - eval $(apt-config shell MinAge APT::Archives::MinAge) - eval $(apt-config shell MinAge APT::Periodic::MinAge) - - MaxSize=0 - eval $(apt-config shell MaxSize APT::Archives::MaxSize) - eval $(apt-config shell MaxSize APT::Periodic::MaxSize) - - Cache="/var/cache/apt/archives/" - eval $(apt-config shell Cache Dir::Cache::archives/d) - - # sanity check - if [ -z "$Cache" ]; then - echo "empty Dir::Cache::archives, exiting" - exit - fi - - # check age - if [ ! $MaxAge -eq 0 ] && [ ! $MinAge -eq 0 ]; then - debug_echo "aged: ctime <$MaxAge and mtime <$MaxAge and ctime>$MinAge and mtime>$MinAge" - find $Cache -name "*.deb" \( -mtime +$MaxAge -and -ctime +$MaxAge \) -and -not \( -mtime -$MinAge -or -ctime -$MinAge \) -print0 | xargs -r -0 rm -f - elif [ ! $MaxAge -eq 0 ]; then - debug_echo "aged: ctime <$MaxAge and mtime <$MaxAge only" - find $Cache -name "*.deb" -ctime +$MaxAge -and -mtime +$MaxAge -print0 | xargs -r -0 rm -f - else - debug_echo "skip aging since MaxAge is 0" - fi - - # check size - if [ ! $MaxSize -eq 0 ]; then - # maxSize is in MB - MaxSize=$(($MaxSize*1024)) - - #get current time - now=$(date --date=$(date --iso-8601) +%s) - MinAge=$(($MinAge*24*60*60)) - - # reverse-sort by mtime - for file in $(ls -rt $Cache/*.deb 2>/dev/null); do - du=$(du -s $Cache) - size=${du%%/*} - # check if the cache is small enough - if [ $size -lt $MaxSize ]; then - debug_echo "end remove by archive size: size=$size < $MaxSize" - break - fi - - # check for MinAge of the file - if [ $MinAge -ne 0 ]; then - # check both ctime and mtime - mtime=$(stat -c %Y $file) - ctime=$(stat -c %Z $file) - if [ $mtime -gt $ctime ]; then - delta=$(($now-$mtime)) - else - delta=$(($now-$ctime)) - fi - if [ $delta -le $MinAge ]; then - debug_echo "skip remove by archive size: $file, delta=$delta < $MinAge" - break - else - # delete oldest file - debug_echo "remove by archive size: $file, delta=$delta >= $MinAge (sec), size=$size >= $MaxSize" - rm -f $file - fi - fi - done - fi -} - -# deal with the Apt::Periodic::BackupArchiveInterval -do_cache_backup() -{ - BackupArchiveInterval="$1" - if [ $BackupArchiveInterval -eq 0 ]; then - return - fi - - # Set default values and normalize - CacheDir="/var/cache/apt" - eval $(apt-config shell CacheDir Dir::Cache/d) - CacheDir=${CacheDir%/} - if [ -z "$CacheDir" ]; then - debug_echo "practically empty Dir::Cache, exiting" - return 0 - fi - - Cache="${CacheDir}/archives/" - eval $(apt-config shell Cache Dir::Cache::Archives/d) - if [ -z "$Cache" ]; then - debug_echo "practically empty Dir::Cache::archives, exiting" - return 0 - fi - - BackupLevel=3 - eval $(apt-config shell BackupLevel APT::Periodic::BackupLevel) - if [ $BackupLevel -le 1 ]; then - BackupLevel=2 ; - fi - - Back="${CacheDir}/backup/" - eval $(apt-config shell Back Dir::Cache::Backup/d) - if [ -z "$Back" ]; then - echo "practically empty Dir::Cache::Backup, exiting" 1>&2 - return - fi - - CacheArchive="$(basename "${Cache}")" - test -n "${CacheArchive}" || CacheArchive="archives" - BackX="${Back}${CacheArchive}/" - for x in $(seq 0 1 $((${BackupLevel}-1))); do - eval "Back${x}=${Back}${x}/" - done - - # backup after n-days if archive contents changed. - # (This uses hardlink to save disk space) - BACKUP_ARCHIVE_STAMP=/var/lib/apt/periodic/backup-archive-stamp - if check_stamp $BACKUP_ARCHIVE_STAMP $BackupArchiveInterval; then - if [ $({(cd $Cache 2>/dev/null; find . -name "*.deb"); (cd $Back0 2>/dev/null;find . -name "*.deb") ;}| sort|uniq -u|wc -l) -ne 0 ]; then - mkdir -p $Back - rm -rf $Back$((${BackupLevel}-1)) - for y in $(seq $((${BackupLevel}-1)) -1 1); do - eval BackY=${Back}$y - eval BackZ=${Back}$(($y-1)) - if [ -e $BackZ ]; then - mv -f $BackZ $BackY ; - fi - done - cp -la $Cache $Back ; mv -f $BackX $Back0 - update_stamp $BACKUP_ARCHIVE_STAMP - debug_echo "backup with hardlinks. (success)" - else - debug_echo "skip backup since same content." - fi - else - debug_echo "skip backup since too new." - fi -} - -# sleep for a random interval of time (default 30min) -# (some code taken from cron-apt, thanks) -random_sleep() -{ - RandomSleep=1800 - eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep) - if [ $RandomSleep -eq 0 ]; then - return - fi - if [ -z "$RANDOM" ] ; then - # A fix for shells that do not have this bash feature. - RANDOM=$(( $(dd if=/dev/urandom bs=2 count=1 2> /dev/null | cksum | cut -d' ' -f1) % 32767 )) - fi - TIME=$(($RANDOM % $RandomSleep)) - debug_echo "sleeping for $TIME seconds" - sleep $TIME -} - - -debug_echo() -{ - # Display message if $VERBOSE >= 1 - if [ "$VERBOSE" -ge 1 ]; then - echo $1 1>&2 - fi -} - -check_power(){ - # laptop check, on_ac_power returns: - # 0 (true) System is on main power - # 1 (false) System is not on main power - # 255 (false) Power status could not be determined - # Desktop systems always return 255 it seems - if which on_ac_power >/dev/null; then - on_ac_power - POWER=$? - if [ $POWER -eq 1 ]; then - debug_echo "exit: system NOT on main power" - return 1 - elif [ $POWER -ne 0 ]; then - debug_echo "power status ($POWER) undetermined, continuing" - fi - debug_echo "system is on main power." - fi - return 0 -} - -# ------------------------ main ---------------------------- - -if test -r /var/lib/apt/extended_states; then - # Backup the 7 last versions of APT's extended_states file - # shameless copy from dpkg cron - if cd /var/backups ; then - if ! cmp -s apt.extended_states.0 /var/lib/apt/extended_states; then - cp -p /var/lib/apt/extended_states apt.extended_states - savelog -c 7 apt.extended_states >/dev/null - fi - fi -fi - -# check apt-config existence -if ! which apt-config >/dev/null ; then - exit 0 -fi - -# check if the user really wants to do something -AutoAptEnable=1 # default is yes -eval $(apt-config shell AutoAptEnable APT::Periodic::Enable) - -if [ $AutoAptEnable -eq 0 ]; then - exit 0 -fi - -# Set VERBOSE mode from apt-config (or inherit from environment) -VERBOSE=0 -eval $(apt-config shell VERBOSE APT::Periodic::Verbose) -debug_echo "verbose level $VERBOSE" -if [ "$VERBOSE" -le 2 ]; then - # quiet for 0,1,2 - XSTDOUT=">/dev/null" - XSTDERR="2>/dev/null" - XAPTOPT="-qq" - XUUPOPT="" -else - XSTDOUT="" - XSTDERR="" - XAPTOPT="" - XUUPOPT="-d" -fi -if [ "$VERBOSE" -ge 3 ]; then - # trace output - set -x -fi - -check_power || exit 0 - -# check if we can lock the cache and if the cache is clean -if which apt-get >/dev/null && ! eval apt-get check $XAPTOPT $XSTDERR ; then - debug_echo "error encountered in cron job with \"apt-get check\"." - exit 0 -fi - -# Global current time in seconds since 1970-01-01 00:00:00 UTC -now=$(date +%s) - -# Support old Archive for compatibility. -# Document only Periodic for all controlling parameters of this script. - -UpdateInterval=0 -eval $(apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists) - -DownloadUpgradeableInterval=0 -eval $(apt-config shell DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages) - -UnattendedUpgradeInterval=0 -eval $(apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade) - -AutocleanInterval=0 -eval $(apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval) - -BackupArchiveInterval=0 -eval $(apt-config shell BackupArchiveInterval APT::Periodic::BackupArchiveInterval) - -Debdelta=1 -eval $(apt-config shell Debdelta APT::Periodic::Download-Upgradeable-Packages-Debdelta) - -# check if we actually have to do anything that requires locking the cache -if [ $UpdateInterval -eq 0 ] && - [ $DownloadUpgradeableInterval -eq 0 ] && - [ $UnattendedUpgradeInterval -eq 0 ] && - [ $BackupArchiveInterval -eq 0 ] && - [ $AutocleanInterval -eq 0 ]; then - - # check cache size - check_size_constraints - - exit 0 -fi - -# deal with BackupArchiveInterval -do_cache_backup $BackupArchiveInterval - -# sleep random amount of time to avoid hitting the -# mirrors at the same time -random_sleep -check_power || exit 0 - -# include default system language so that "apt-get update" will -# fetch the right translated package descriptions -if [ -r /etc/default/locale ]; then - . /etc/default/locale - export LANG LANGUAGE LC_MESSAGES LC_ALL -fi - -# update package lists -UPDATED=0 -UPDATE_STAMP=/var/lib/apt/periodic/update-stamp -if check_stamp $UPDATE_STAMP $UpdateInterval; then - if eval apt-get $XAPTOPT -y update $XSTDERR; then - debug_echo "download updated metadata (success)." - if which dbus-send >/dev/null && pidof dbus-daemon >/dev/null; then - if dbus-send --system / app.apt.dbus.updated boolean:true ; then - debug_echo "send dbus signal (success)" - else - debug_echo "send dbus signal (error)" - fi - else - debug_echo "dbus signal not send (command not available)" - fi - update_stamp $UPDATE_STAMP - UPDATED=1 - else - debug_echo "download updated metadata (error)" - fi -else - debug_echo "download updated metadata (not run)." -fi - -# download all upgradeable packages (if it is requested) -DOWNLOAD_UPGRADEABLE_STAMP=/var/lib/apt/periodic/download-upgradeable-stamp -if [ $UPDATED -eq 1 ] && check_stamp $DOWNLOAD_UPGRADEABLE_STAMP $DownloadUpgradeableInterval; then - if [ $Debdelta -eq 1 ]; then - debdelta-upgrade >/dev/null 2>&1 || true - fi - if eval apt-get $XAPTOPT -y -d dist-upgrade $XSTDERR; then - update_stamp $DOWNLOAD_UPGRADEABLE_STAMP - debug_echo "download upgradable (success)" - else - debug_echo "download upgradable (error)" - fi -else - debug_echo "download upgradable (not run)" -fi - -# auto upgrade all upgradeable packages -UPGRADE_STAMP=/var/lib/apt/periodic/upgrade-stamp -if which unattended-upgrade >/dev/null && check_stamp $UPGRADE_STAMP $UnattendedUpgradeInterval; then - if unattended-upgrade $XUUPOPT; then - update_stamp $UPGRADE_STAMP - debug_echo "unattended-upgrade (success)" - else - debug_echo "unattended-upgrade (error)" - fi -else - debug_echo "unattended-upgrade (not run)" -fi - -# autoclean package archive -AUTOCLEAN_STAMP=/var/lib/apt/periodic/autoclean-stamp -if check_stamp $AUTOCLEAN_STAMP $AutocleanInterval; then - if eval apt-get $XAPTOPT -y autoclean $XSTDERR; then - debug_echo "autoclean (success)." - update_stamp $AUTOCLEAN_STAMP - else - debug_echo "autoclean (error)" - fi -else - debug_echo "autoclean (not run)" -fi - -# check cache size -check_size_constraints - -# -# vim: set sts=4 ai : -# - diff --git a/cron.daily/apt-compat b/cron.daily/apt-compat new file mode 100755 index 0000000..095a44c --- /dev/null +++ b/cron.daily/apt-compat @@ -0,0 +1,55 @@ +#!/bin/sh + +set -e + +# Systemd systems use a systemd timer unit which is preferable to +# run. We want to randomize the apt update and unattended-upgrade +# runs as much as possible to avoid hitting the mirrors all at the +# same time. The systemd time is better at this than the fixed +# cron.daily time +if [ -d /run/systemd/system ]; then + exit 0 +fi + +check_power() +{ + # laptop check, on_ac_power returns: + # 0 (true) System is on main power + # 1 (false) System is not on main power + # 255 (false) Power status could not be determined + # Desktop systems always return 255 it seems + if which on_ac_power >/dev/null 2>&1; then + on_ac_power + POWER=$? + if [ $POWER -eq 1 ]; then + return 1 + fi + fi + return 0 +} + +# sleep for a random interval of time (default 30min) +# (some code taken from cron-apt, thanks) +random_sleep() +{ + RandomSleep=1800 + eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep) + if [ $RandomSleep -eq 0 ]; then + return + fi + if [ -z "$RANDOM" ] ; then + # A fix for shells that do not have this bash feature. + RANDOM=$(( $(dd if=/dev/urandom bs=2 count=1 2> /dev/null | cksum | cut -d' ' -f1) % 32767 )) + fi + TIME=$(($RANDOM % $RandomSleep)) + sleep $TIME +} + +# delay the job execution by a random amount of time +random_sleep + +# ensure we don't do this on battery +check_power || exit 0 + +# run daily job +exec /usr/lib/apt/apt.systemd.daily diff --git a/cron.daily/man-db b/cron.daily/man-db index c374604..0aeb8a5 100755 --- a/cron.daily/man-db +++ b/cron.daily/man-db @@ -13,18 +13,12 @@ fi if ! [ -d /var/cache/man ]; then # Recover from deletion, per FHS. - mkdir -p /var/cache/man - chown man:root /var/cache/man || true - chmod 2755 /var/cache/man + install -d -o man -g man -m 0755 /var/cache/man fi # expunge old catman pages which have not been read in a week if [ ! -d /run/systemd/system ] && [ -d /var/cache/man ]; then cd / - if ! dpkg-statoverride --list /var/cache/man >/dev/null 2>&1; then - find /var/cache/man -ignore_readdir_race ! -user man -print0 | \ - xargs -r0 chown -f man || true - fi start-stop-daemon --start --pidfile /dev/null --startas /bin/sh \ --oknodo --chuid man $iosched_idle -- -c \ "find /var/cache/man -type f -name '*.gz' -atime +6 -print0 | \ diff --git a/cron.daily/mlocate b/cron.daily/mlocate index aeb1a88..331d063 100755 --- a/cron.daily/mlocate +++ b/cron.daily/mlocate @@ -18,4 +18,10 @@ if [ -x /usr/bin/ionice ] && IONICE="/usr/bin/ionice -c3" fi -flock --nonblock /run/mlocate.daily.lock $IONICE /usr/bin/updatedb.mlocate +# See nocache(1) +NOCACHE= +if [ -x /usr/bin/nocache ]; then + NOCACHE="/usr/bin/nocache" +fi + +flock --nonblock /run/mlocate.daily.lock $NOCACHE $IONICE /usr/bin/updatedb.mlocate diff --git a/cron.weekly/man-db b/cron.weekly/man-db index b890d38..87da3b8 100755 --- a/cron.weekly/man-db +++ b/cron.weekly/man-db @@ -13,9 +13,7 @@ fi if ! [ -d /var/cache/man ]; then # Recover from deletion, per FHS. - mkdir -p /var/cache/man - chown man:root /var/cache/man || true - chmod 2755 /var/cache/man + install -d -o man -g man -m 0755 /var/cache/man fi # regenerate man database diff --git a/dbus-1/session.conf b/dbus-1/session.conf new file mode 120000 index 0000000..b4a3252 --- /dev/null +++ b/dbus-1/session.conf @@ -0,0 +1 @@ +/usr/share/dbus-1/session.conf \ No newline at end of file diff --git a/dbus-1/system.conf b/dbus-1/system.conf new file mode 120000 index 0000000..f22bf8f --- /dev/null +++ b/dbus-1/system.conf @@ -0,0 +1 @@ +/usr/share/dbus-1/system.conf \ No newline at end of file diff --git a/dbus-1/system.d/org.freedesktop.login1.conf b/dbus-1/system.d/org.freedesktop.login1.conf index 1318328..c89e404 100644 --- a/dbus-1/system.d/org.freedesktop.login1.conf +++ b/dbus-1/system.d/org.freedesktop.login1.conf @@ -88,6 +88,42 @@ send_interface="org.freedesktop.login1.Manager" send_member="ActivateSessionOnSeat"/> + + + + + + + + + + + + + + + + + + @@ -128,6 +164,26 @@ send_interface="org.freedesktop.login1.Manager" send_member="CanHybridSleep"/> + + + + + + + + + + @@ -136,6 +192,10 @@ send_interface="org.freedesktop.login1.Manager" send_member="FlushDevices"/> + + @@ -152,14 +212,34 @@ send_interface="org.freedesktop.login1.Seat" send_member="SwitchToNext"/> + + + + + + + + + + @@ -180,6 +260,14 @@ send_interface="org.freedesktop.login1.Session" send_member="PauseDeviceComplete"/> + + + + diff --git a/dbus-1/system.d/org.freedesktop.machine1.conf b/dbus-1/system.d/org.freedesktop.machine1.conf deleted file mode 100644 index 3a77c70..0000000 --- a/dbus-1/system.d/org.freedesktop.machine1.conf +++ /dev/null @@ -1,66 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/dbus-1/system.d/org.freedesktop.network1.conf b/dbus-1/system.d/org.freedesktop.network1.conf new file mode 100644 index 0000000..52dad33 --- /dev/null +++ b/dbus-1/system.d/org.freedesktop.network1.conf @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dbus-1/system.d/org.freedesktop.resolve1.conf b/dbus-1/system.d/org.freedesktop.resolve1.conf new file mode 100644 index 0000000..25b0977 --- /dev/null +++ b/dbus-1/system.d/org.freedesktop.resolve1.conf @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + + + + + diff --git a/dbus-1/system.d/org.freedesktop.systemd1.conf b/dbus-1/system.d/org.freedesktop.systemd1.conf index 9dfca81..a61677e 100644 --- a/dbus-1/system.d/org.freedesktop.systemd1.conf +++ b/dbus-1/system.d/org.freedesktop.systemd1.conf @@ -28,6 +28,8 @@ + + @@ -50,6 +52,10 @@ send_interface="org.freedesktop.systemd1.Manager" send_member="GetUnitByPID"/> + + @@ -66,14 +72,30 @@ send_interface="org.freedesktop.systemd1.Manager" send_member="ListUnitsFiltered"/> + + + + + + + + @@ -94,6 +116,140 @@ send_interface="org.freedesktop.systemd1.Manager" send_member="GetDefaultTarget"/> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/debian_version b/debian_version index 48c26da..28a2186 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -8.6 +9.1 diff --git a/default/apache-htcacheclean b/default/apache-htcacheclean new file mode 100644 index 0000000..73637fc --- /dev/null +++ b/default/apache-htcacheclean @@ -0,0 +1,22 @@ +# This file must only contain KEY=VALUE lines. Do not use advanced +# shell script constructs! + +## run mode: cron, daemon +## run in daemon mode or as daily cron job +## default: daemon +HTCACHECLEAN_MODE=daemon + +## cache size +HTCACHECLEAN_SIZE=300M + +## interval: if in daemon mode, clean cache every x minutes +HTCACHECLEAN_DAEMON_INTERVAL=120 + +## path to cache +## must be the same as in CacheRoot directive +#HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk + +## additional options: +## -n : be nice +## -t : remove empty directories +HTCACHECLEAN_OPTIONS="-n" diff --git a/default/apache2 b/default/apache2 deleted file mode 100644 index 020f079..0000000 --- a/default/apache2 +++ /dev/null @@ -1,26 +0,0 @@ -### htcacheclean settings ### - -## run htcacheclean: yes, no, auto -## auto means run if /etc/apache2/mods-enabled/cache_disk.load exists -## default: auto -HTCACHECLEAN_RUN=auto - -## run mode: cron, daemon -## run in daemon mode or as daily cron job -## default: daemon -HTCACHECLEAN_MODE=daemon - -## cache size -HTCACHECLEAN_SIZE=300M - -## interval: if in daemon mode, clean cache every x minutes -HTCACHECLEAN_DAEMON_INTERVAL=120 - -## path to cache -## must be the same as in CacheRoot directive -HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk - -## additional options: -## -n : be nice -## -t : remove empty directories -HTCACHECLEAN_OPTIONS="-n" diff --git a/default/chrony b/default/chrony new file mode 100644 index 0000000..929dea0 --- /dev/null +++ b/default/chrony @@ -0,0 +1,5 @@ +# This is a configuration file for /etc/init.d/chrony; it allows you to +# pass various options to the chrony daemon without editing the init script. + +# Options to pass to chrony. +DAEMON_OPTS="" diff --git a/default/dbus b/default/dbus new file mode 100644 index 0000000..4bc8e1b --- /dev/null +++ b/default/dbus @@ -0,0 +1,7 @@ +# This is a configuration file for /etc/init.d/dbus; it allows you to +# perform common modifications to the behavior of the dbus daemon +# startup without editing the init script (and thus getting prompted +# by dpkg on upgrades). We all love dpkg prompts. + +# Parameters to pass to dbus. +PARAMS="" diff --git a/default/grub b/default/grub index b3a3467..74eccbe 100644 --- a/default/grub +++ b/default/grub @@ -6,7 +6,8 @@ GRUB_DEFAULT=0 GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` -GRUB_CMDLINE_LINUX_DEFAULT="quiet" +#GRUB_CMDLINE_LINUX_DEFAULT="quiet" +GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="" # Uncomment to enable BadRAM filtering, modify to suit your needs diff --git a/default/grub.ucf-dist b/default/grub.ucf-dist new file mode 100644 index 0000000..93f810b --- /dev/null +++ b/default/grub.ucf-dist @@ -0,0 +1,32 @@ +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. +# For full documentation of the options in this file, see: +# info -f grub -n 'Simple configuration' + +GRUB_DEFAULT=0 +GRUB_TIMEOUT=5 +GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_CMDLINE_LINUX_DEFAULT="" +GRUB_CMDLINE_LINUX="" + +# Uncomment to enable BadRAM filtering, modify to suit your needs +# This works with Linux (no patch required) and with any kernel that obtains +# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) +#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +#GRUB_GFXMODE=640x480 + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY="true" + +# Uncomment to get a beep at grub start +#GRUB_INIT_TUNE="480 440 1" diff --git a/default/rcS b/default/rcS index 694ffc7..b60cf6b 100644 --- a/default/rcS +++ b/default/rcS @@ -1,3 +1,6 @@ +################################################################## +# NOTE: This file is ignored when systemd is used as init system # +################################################################## # # /etc/default/rcS # diff --git a/default/rsync b/default/rsync index 13780c2..424b1c0 100644 --- a/default/rsync +++ b/default/rsync @@ -1,4 +1,10 @@ # defaults file for rsync daemon mode +# +# This file is only used for init.d based systems! +# If this system uses systemd, you can specify options etc. for rsync +# in daemon mode by copying /lib/systemd/system/rsync.service to +# /etc/systemd/system/rsync.service and modifying the copy; add required +# options to the ExecStart line. # start rsync in daemon mode from init.d script? # only allowed values are "true", "false", and "inetd" diff --git a/default/tmpfs b/default/tmpfs index a19ba71..80e60a6 100644 --- a/default/tmpfs +++ b/default/tmpfs @@ -1,3 +1,7 @@ +################################################################## +# NOTE: This file is ignored when systemd is used as init system # +################################################################## +# # Configuration for tmpfs filesystems mounted in early boot, before # filesystems from /etc/fstab are mounted. For information about # these variables see the tmpfs(5) manual page. diff --git a/dhcp/dhclient-exit-hooks.d/timesyncd b/dhcp/dhclient-exit-hooks.d/timesyncd new file mode 100644 index 0000000..3cde992 --- /dev/null +++ b/dhcp/dhclient-exit-hooks.d/timesyncd @@ -0,0 +1,42 @@ +TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf + +timesyncd_servers_setup_remove() { + if [ -e $TIMESYNCD_CONF ]; then + rm -f $TIMESYNCD_CONF + systemctl try-restart systemd-timesyncd.service || true + fi +} + +timesyncd_servers_setup_add() { + if [ ! -d /run/systemd/system ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then + return + fi + + if [ -z "$new_ntp_servers" ]; then + timesyncd_servers_setup_remove + return + fi + + mkdir -p $(dirname $TIMESYNCD_CONF) + cat < ${TIMESYNCD_CONF}.new +# NTP server entries received from DHCP server +[Time] +NTP=$new_ntp_servers +EOF + mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF} + systemctl try-restart systemd-timesyncd.service || true +} + + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + timesyncd_servers_setup_add + ;; + EXPIRE|FAIL|RELEASE|STOP) + timesyncd_servers_setup_remove + ;; +esac diff --git a/dhcpcd.conf b/dhcpcd.conf index c77d5c7..1121fcf 100644 --- a/dhcpcd.conf +++ b/dhcpcd.conf @@ -6,6 +6,9 @@ noipv4ll #background reboot 0 +# Allow users of this group to interact with dhcpcd via the control socket. +#controlgroup wheel + # Inform the DHCP server of our hostname for DDNS. hostname @@ -13,8 +16,13 @@ hostname #clientid # or # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. +# Some non-RFC compliant DHCP servers do not reply with this set. +# In this case, comment out duid and enable clientid above. duid +# Persist interface configuration when dhcpcd exits. +persistent + # Rapid commit support. # Safe to enable by default because it requires the equivalent option set # on the server to actually work. @@ -25,13 +33,14 @@ option domain_name_servers, domain_name, domain_search, host_name option classless_static_routes # Most distributions have NTP support. option ntp_servers -# Respect the network MTU. -# Some interface drivers reset when changing the MTU so disabled by default. -#option interface_mtu +# Respect the network MTU. This is applied to DHCP routes. +option interface_mtu # A ServerID is required by RFC2131. require dhcp_server_identifier +# Generate Stable Private IPv6 Addresses instead of hardware based ones +slaac private # A hook script is provided to lookup the hostname if not set by the DHCP # server, but it should not be run by default. nohook lookup-hostname diff --git a/dhcpcd.conf.bak b/dhcpcd.conf.bak new file mode 100644 index 0000000..c77d5c7 --- /dev/null +++ b/dhcpcd.conf.bak @@ -0,0 +1,40 @@ +# A sample configuration for dhcpcd. +# See dhcpcd.conf(5) for details. + +# Gridscale Modifications +noipv4ll +#background +reboot 0 + +# Inform the DHCP server of our hostname for DDNS. +hostname + +# Use the hardware address of the interface for the Client ID. +#clientid +# or +# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. +duid + +# Rapid commit support. +# Safe to enable by default because it requires the equivalent option set +# on the server to actually work. +option rapid_commit + +# A list of options to request from the DHCP server. +option domain_name_servers, domain_name, domain_search, host_name +option classless_static_routes +# Most distributions have NTP support. +option ntp_servers +# Respect the network MTU. +# Some interface drivers reset when changing the MTU so disabled by default. +#option interface_mtu + +# A ServerID is required by RFC2131. +require dhcp_server_identifier + +# A hook script is provided to lookup the hostname if not set by the DHCP +# server, but it should not be run by default. +nohook lookup-hostname + +# Don't touch /etc/resolv.conf +nohook resolv.conf diff --git a/dhcpcd.conf.dpkg-dist b/dhcpcd.conf.dpkg-dist new file mode 100644 index 0000000..1121fcf --- /dev/null +++ b/dhcpcd.conf.dpkg-dist @@ -0,0 +1,49 @@ +# A sample configuration for dhcpcd. +# See dhcpcd.conf(5) for details. + +# Gridscale Modifications +noipv4ll +#background +reboot 0 + +# Allow users of this group to interact with dhcpcd via the control socket. +#controlgroup wheel + +# Inform the DHCP server of our hostname for DDNS. +hostname + +# Use the hardware address of the interface for the Client ID. +#clientid +# or +# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. +# Some non-RFC compliant DHCP servers do not reply with this set. +# In this case, comment out duid and enable clientid above. +duid + +# Persist interface configuration when dhcpcd exits. +persistent + +# Rapid commit support. +# Safe to enable by default because it requires the equivalent option set +# on the server to actually work. +option rapid_commit + +# A list of options to request from the DHCP server. +option domain_name_servers, domain_name, domain_search, host_name +option classless_static_routes +# Most distributions have NTP support. +option ntp_servers +# Respect the network MTU. This is applied to DHCP routes. +option interface_mtu + +# A ServerID is required by RFC2131. +require dhcp_server_identifier + +# Generate Stable Private IPv6 Addresses instead of hardware based ones +slaac private +# A hook script is provided to lookup the hostname if not set by the DHCP +# server, but it should not be run by default. +nohook lookup-hostname + +# Don't touch /etc/resolv.conf +nohook resolv.conf diff --git a/fail2ban/action.d/badips.conf b/fail2ban/action.d/badips.conf index 4a5c0f9..6f9513f 100644 --- a/fail2ban/action.d/badips.conf +++ b/fail2ban/action.d/badips.conf @@ -1,6 +1,6 @@ # Fail2ban reporting to badips.com # -# Note: This reports and IP only and does not actually ban traffic. Use +# Note: This reports an IP only and does not actually ban traffic. Use # another action in the same jail if you want bans to occur. # # Set the category to the appropriate value before use. @@ -10,7 +10,7 @@ [Definition] -actionban = curl --fail --user-agent "fail2ban v0.8.12" http://www.badips.com/add// +actionban = curl --fail --user-agent "" http://www.badips.com/add// [Init] diff --git a/fail2ban/action.d/badips.py b/fail2ban/action.d/badips.py new file mode 100644 index 0000000..4bc879a --- /dev/null +++ b/fail2ban/action.d/badips.py @@ -0,0 +1,377 @@ +# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- +# vi: set ft=python sts=4 ts=4 sw=4 noet : + +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +import sys +if sys.version_info < (2, 7): + raise ImportError("badips.py action requires Python >= 2.7") +import json +import threading +import logging +if sys.version_info >= (3, ): + from urllib.request import Request, urlopen + from urllib.parse import urlencode + from urllib.error import HTTPError +else: + from urllib2 import Request, urlopen, HTTPError + from urllib import urlencode + +from fail2ban.server.actions import ActionBase + + +class BadIPsAction(ActionBase): + """Fail2Ban action which reports bans to badips.com, and also + blacklist bad IPs listed on badips.com by using another action's + ban method. + + Parameters + ---------- + jail : Jail + The jail which the action belongs to. + name : str + Name assigned to the action. + category : str + Valid badips.com category for reporting failures. + score : int, optional + Minimum score for bad IPs. Default 3. + age : str, optional + Age of last report for bad IPs, per badips.com syntax. + Default "24h" (24 hours) + key : str, optional + Key issued by badips.com to report bans, for later retrieval + of personalised content. + banaction : str, optional + Name of banaction to use for blacklisting bad IPs. If `None`, + no blacklist of IPs will take place. + Default `None`. + bancategory : str, optional + Name of category to use for blacklisting, which can differ + from category used for reporting. e.g. may want to report + "postfix", but want to use whole "mail" category for blacklist. + Default `category`. + bankey : str, optional + Key issued by badips.com to blacklist IPs reported with the + associated key. + updateperiod : int, optional + Time in seconds between updating bad IPs blacklist. + Default 900 (15 minutes) + agent : str, optional + User agent transmitted to server. + Default `Fail2Ban/ver.` + + Raises + ------ + ValueError + If invalid `category`, `score`, `banaction` or `updateperiod`. + """ + + TIMEOUT = 10 + _badips = "http://www.badips.com" + def _Request(self, url, **argv): + return Request(url, headers={'User-Agent': self.agent}, **argv) + + def __init__(self, jail, name, category, score=3, age="24h", key=None, + banaction=None, bancategory=None, bankey=None, updateperiod=900, agent="Fail2Ban", + timeout=TIMEOUT): + super(BadIPsAction, self).__init__(jail, name) + + self.timeout = timeout + self.agent = agent + self.category = category + self.score = score + self.age = age + self.key = key + self.banaction = banaction + self.bancategory = bancategory or category + self.bankey = bankey + self.updateperiod = updateperiod + + self._bannedips = set() + # Used later for threading.Timer for updating badips + self._timer = None + + def getCategories(self, incParents=False): + """Get badips.com categories. + + Returns + ------- + set + Set of categories. + + Raises + ------ + HTTPError + Any issues with badips.com request. + ValueError + If badips.com response didn't contain necessary information + """ + try: + response = urlopen( + self._Request("/".join([self._badips, "get", "categories"])), timeout=self.timeout) + except HTTPError as response: + messages = json.loads(response.read().decode('utf-8')) + self._logSys.error( + "Failed to fetch categories. badips.com response: '%s'", + messages['err']) + raise + else: + response_json = json.loads(response.read().decode('utf-8')) + if not 'categories' in response_json: + err = "badips.com response lacked categories specification. Response was: %s" \ + % (response_json,) + self._logSys.error(err) + raise ValueError(err) + categories = response_json['categories'] + categories_names = set( + value['Name'] for value in categories) + if incParents: + categories_names.update(set( + value['Parent'] for value in categories + if "Parent" in value)) + return categories_names + + def getList(self, category, score, age, key=None): + """Get badips.com list of bad IPs. + + Parameters + ---------- + category : str + Valid badips.com category. + score : int + Minimum score for bad IPs. + age : str + Age of last report for bad IPs, per badips.com syntax. + key : str, optional + Key issued by badips.com to fetch IPs reported with the + associated key. + + Returns + ------- + set + Set of bad IPs. + + Raises + ------ + HTTPError + Any issues with badips.com request. + """ + try: + url = "?".join([ + "/".join([self._badips, "get", "list", category, str(score)]), + urlencode({'age': age})]) + if key: + url = "&".join([url, urlencode({'key': key})]) + response = urlopen(self._Request(url), timeout=self.timeout) + except HTTPError as response: + messages = json.loads(response.read().decode('utf-8')) + self._logSys.error( + "Failed to fetch bad IP list. badips.com response: '%s'", + messages['err']) + raise + else: + return set(response.read().decode('utf-8').split()) + + @property + def category(self): + """badips.com category for reporting IPs. + """ + return self._category + + @category.setter + def category(self, category): + if category not in self.getCategories(): + self._logSys.error("Category name '%s' not valid. " + "see badips.com for list of valid categories", + category) + raise ValueError("Invalid category: %s" % category) + self._category = category + + @property + def bancategory(self): + """badips.com bancategory for fetching IPs. + """ + return self._bancategory + + @bancategory.setter + def bancategory(self, bancategory): + if bancategory not in self.getCategories(incParents=True): + self._logSys.error("Category name '%s' not valid. " + "see badips.com for list of valid categories", + bancategory) + raise ValueError("Invalid bancategory: %s" % bancategory) + self._bancategory = bancategory + + @property + def score(self): + """badips.com minimum score for fetching IPs. + """ + return self._score + + @score.setter + def score(self, score): + score = int(score) + if 0 <= score <= 5: + self._score = score + else: + raise ValueError("Score must be 0-5") + + @property + def banaction(self): + """Jail action to use for banning/unbanning. + """ + return self._banaction + + @banaction.setter + def banaction(self, banaction): + if banaction is not None and banaction not in self._jail.actions: + self._logSys.error("Action name '%s' not in jail '%s'", + banaction, self._jail.name) + raise ValueError("Invalid banaction") + self._banaction = banaction + + @property + def updateperiod(self): + """Period in seconds between banned bad IPs will be updated. + """ + return self._updateperiod + + @updateperiod.setter + def updateperiod(self, updateperiod): + updateperiod = int(updateperiod) + if updateperiod > 0: + self._updateperiod = updateperiod + else: + raise ValueError("Update period must be integer greater than 0") + + def _banIPs(self, ips): + for ip in ips: + try: + self._jail.actions[self.banaction].ban({ + 'ip': ip, + 'failures': 0, + 'matches': "", + 'ipmatches': "", + 'ipjailmatches': "", + }) + except Exception as e: + self._logSys.error( + "Error banning IP %s for jail '%s' with action '%s': %s", + ip, self._jail.name, self.banaction, e, + exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) + else: + self._bannedips.add(ip) + self._logSys.info( + "Banned IP %s for jail '%s' with action '%s'", + ip, self._jail.name, self.banaction) + + def _unbanIPs(self, ips): + for ip in ips: + try: + self._jail.actions[self.banaction].unban({ + 'ip': ip, + 'failures': 0, + 'matches': "", + 'ipmatches': "", + 'ipjailmatches': "", + }) + except Exception as e: + self._logSys.info( + "Error unbanning IP %s for jail '%s' with action '%s': %s", + ip, self._jail.name, self.banaction, e, + exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) + else: + self._logSys.info( + "Unbanned IP %s for jail '%s' with action '%s'", + ip, self._jail.name, self.banaction) + finally: + self._bannedips.remove(ip) + + def start(self): + """If `banaction` set, blacklists bad IPs. + """ + if self.banaction is not None: + self.update() + + def update(self): + """If `banaction` set, updates blacklisted IPs. + + Queries badips.com for list of bad IPs, removing IPs from the + blacklist if no longer present, and adds new bad IPs to the + blacklist. + """ + if self.banaction is not None: + if self._timer: + self._timer.cancel() + self._timer = None + + try: + ips = self.getList( + self.bancategory, self.score, self.age, self.bankey) + # Remove old IPs no longer listed + self._unbanIPs(self._bannedips - ips) + # Add new IPs which are now listed + self._banIPs(ips - self._bannedips) + + self._logSys.info( + "Updated IPs for jail '%s'. Update again in %i seconds", + self._jail.name, self.updateperiod) + finally: + self._timer = threading.Timer(self.updateperiod, self.update) + self._timer.start() + + def stop(self): + """If `banaction` set, clears blacklisted IPs. + """ + if self.banaction is not None: + if self._timer: + self._timer.cancel() + self._timer = None + self._unbanIPs(self._bannedips.copy()) + + def ban(self, aInfo): + """Reports banned IP to badips.com. + + Parameters + ---------- + aInfo : dict + Dictionary which includes information in relation to + the ban. + + Raises + ------ + HTTPError + Any issues with badips.com request. + """ + try: + url = "/".join([self._badips, "add", self.category, aInfo['ip']]) + if self.key: + url = "?".join([url, urlencode({'key': self.key})]) + response = urlopen(self._Request(url), timeout=self.timeout) + except HTTPError as response: + messages = json.loads(response.read().decode('utf-8')) + self._logSys.error( + "Response from badips.com report: '%s'", + messages['err']) + raise + else: + messages = json.loads(response.read().decode('utf-8')) + self._logSys.info( + "Response from badips.com report: '%s'", + messages['suc']) + +Action = BadIPsAction diff --git a/fail2ban/action.d/blocklist_de.conf b/fail2ban/action.d/blocklist_de.conf index d4170ca..2f31d8b 100644 --- a/fail2ban/action.d/blocklist_de.conf +++ b/fail2ban/action.d/blocklist_de.conf @@ -7,13 +7,13 @@ # Action to report IP address to blocklist.de # Blocklist.de must be signed up to at www.blocklist.de # Once registered, one or more servers can be added. -# This action requires the server 'email address' and the assoicate apikey. +# This action requires the server 'email address' and the associated apikey. # # From blocklist.de: # www.blocklist.de is a free and voluntary service provided by a # Fraud/Abuse-specialist, whose servers are often attacked on SSH-, # Mail-Login-, FTP-, Webserver- and other services. -# The mission is to report all attacks to the abuse deparments of the +# The mission is to report all attacks to the abuse departments of the # infected PCs/servers to ensure that the responsible provider can inform # the customer about the infection and disable them # @@ -25,7 +25,7 @@ # * The recidive where the IP has been banned multiple times # * Where maxretry has been set quite high, beyond the normal user typing # password incorrectly. -# * For filters that have a low likelyhood of receiving human errors +# * For filters that have a low likelihood of receiving human errors # [Definition] @@ -54,7 +54,7 @@ actioncheck = # Tags: See jail.conf(5) man page # Values: CMD # -actionban = curl --fail --data-urlencode 'server=' --data 'apikey=' --data 'service=' --data 'ip=' --data-urlencode 'logs=' --data 'format=text' --user-agent "fail2ban v0.8.12" "https://www.blocklist.de/en/httpreports.html" +actionban = curl --fail --data-urlencode 'server=' --data 'apikey=' --data 'service=' --data 'ip=' --data-urlencode 'logs=' --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html" # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf index 1285361..8b0a51a 100644 --- a/fail2ban/action.d/bsd-ipfw.conf +++ b/fail2ban/action.d/bsd-ipfw.conf @@ -38,7 +38,7 @@ actioncheck = # Values: CMD # # requires an ipfw rule like "deny ip from table(1) to me" -actionban = ipfw table add +actionban = e=`ipfw table
add 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || { echo "$e" 1>&2; exit $x; } # Option: actionunban @@ -47,7 +47,7 @@ actionban = ipfw table
add # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = ipfw table
delete +actionunban = e=`ipfw table
delete 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || { echo "$e" 1>&2; exit $x; } [Init] # Option: table diff --git a/fail2ban/action.d/cloudflare.conf b/fail2ban/action.d/cloudflare.conf new file mode 100644 index 0000000..aa87163 --- /dev/null +++ b/fail2ban/action.d/cloudflare.conf @@ -0,0 +1,68 @@ +# +# Author: Mike Rushton +# +# IMPORTANT +# +# Please set jail.local's permission to 640 because it contains your CF API key. +# +# This action depends on curl. +# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE +# +# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account +# +# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2 + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +#