From 83d82ef75b0b0fdeded5a49224365811983e33cc Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Sat, 23 Feb 2013 10:48:22 +0100 Subject: [PATCH] Current state --- .etckeeper | 5 +- conf.d/postgresql-9.2 | 2 +- eselect/postgresql/slots/9.2/base | 2 +- eselect/postgresql/slots/9.2/server | 2 +- init.d/policyd-weight | 20 ++++--- init.d/postgresql-9.2 | 7 +-- init.d/udev | 79 ++++++++-------------------- mercurial/hgrc.d/cacerts.rc | 2 + pam.d/{postgresql => postgresql-9.2} | 0 policyd-weight.conf | 4 +- revdep-rebuild/61-icedtea-bin-6 | 2 +- security/namespace.conf | 4 +- security/namespace.init | 2 +- security/pam_env.conf | 16 +++--- security/time.conf | 2 +- 15 files changed, 63 insertions(+), 86 deletions(-) create mode 100644 mercurial/hgrc.d/cacerts.rc rename pam.d/{postgresql => postgresql-9.2} (100%) diff --git a/.etckeeper b/.etckeeper index 6683655..0586936 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1063,6 +1063,9 @@ maybe chmod 0644 './mc/mc.menu.sr' maybe chmod 0644 './mc/mcedit.menu' maybe chmod 0644 './mc/sfs.ini' maybe chmod 0644 './mdadm.conf' +maybe chmod 0755 './mercurial' +maybe chmod 0755 './mercurial/hgrc.d' +maybe chmod 0644 './mercurial/hgrc.d/cacerts.rc' maybe chmod 0644 './mime.types' maybe chmod 0644 './mke2fs.conf' maybe chmod 0644 './mlocate-cron.conf' @@ -1216,7 +1219,7 @@ maybe chmod 0644 './pam.d/newusers' maybe chmod 0644 './pam.d/other' maybe chmod 0644 './pam.d/passwd' maybe chmod 0644 './pam.d/pop' -maybe chmod 0644 './pam.d/postgresql' +maybe chmod 0644 './pam.d/postgresql-9.2' maybe chmod 0644 './pam.d/samba' maybe chmod 0644 './pam.d/saslauthd' maybe chmod 0644 './pam.d/screen' diff --git a/conf.d/postgresql-9.2 b/conf.d/postgresql-9.2 index 2902e21..ba14421 100644 --- a/conf.d/postgresql-9.2 +++ b/conf.d/postgresql-9.2 @@ -55,4 +55,4 @@ DATA_DIR="/var/lib/postgresql/9.2/data" # Additional options to pass to initdb. # See `man initdb' for available options. -#PG_INITDB_OPTS="--locale=en_US.UTF-8" +PG_INITDB_OPTS="--encoding=UTF8" diff --git a/eselect/postgresql/slots/9.2/base b/eselect/postgresql/slots/9.2/base index 3adf466..b5f9c30 100644 --- a/eselect/postgresql/slots/9.2/base +++ b/eselect/postgresql/slots/9.2/base @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.2.1" +postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.2.3-r1" diff --git a/eselect/postgresql/slots/9.2/server b/eselect/postgresql/slots/9.2/server index bb30163..58b5479 100644 --- a/eselect/postgresql/slots/9.2/server +++ b/eselect/postgresql/slots/9.2/server @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-server-9.2.1" +postgres_ebuilds="${postgres_ebuilds} postgresql-server-9.2.3-r1" diff --git a/init.d/policyd-weight b/init.d/policyd-weight index d47e5be..ffcc17a 100755 --- a/init.d/policyd-weight +++ b/init.d/policyd-weight @@ -1,25 +1,29 @@ #!/sbin/runscript -opts="${opts} reload" + +extra_started_commands="reload" + +daemon="policyd-weight" +exec="/usr/libexec/postfix/policyd-weight" depend(){ before postfix - need net + use net } start(){ - ebegin "Starting policyd-weight" - /usr/lib/postfix/policyd-weight start + ebegin "Starting ${daemon}" + ${exec} start eend $? } stop(){ - ebegin "Stopping policyd-weight" - /usr/lib/postfix/policyd-weight -k stop + ebegin "Stopping ${daemon}" + ${exec} -k stop eend $? } reload(){ - ebegin "Reloading policyd-weight" - /usr/lib/postfix/policyd-weight reload + ebegin "Reloading ${daemon}" + ${exec} reload eend $? } diff --git a/init.d/postgresql-9.2 b/init.d/postgresql-9.2 index f8d3eb6..1785c73 100755 --- a/init.d/postgresql-9.2 +++ b/init.d/postgresql-9.2 @@ -1,5 +1,5 @@ #!/sbin/runscript -# Copyright 1999-2010 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ @@ -8,7 +8,8 @@ extra_started_commands="reload" get_config() { [ -f ${PGDATA%/}/postgresql.conf ] || return 1 - eval echo $(sed -e 's:#.*::' ${PGDATA%/}/postgresql.conf | awk '$1 == "'$1'" { print ($2 == "=" ? $3 : $2) }') + eval echo $(sed -e 's:#.*::' ${PGDATA%/}/postgresql.conf \ + | awk '$1 == "'$1'" { print ($2 == "=" ? $3 : $2) }') } depend() { @@ -16,7 +17,7 @@ depend() { provide postgresql if [ "$(get_config log_destination)" = "syslog" ]; then - need logger + use logger fi } diff --git a/init.d/udev b/init.d/udev index 6b69044..af0a40e 100755 --- a/init.d/udev +++ b/init.d/udev @@ -12,7 +12,6 @@ udev_debug="${udev_debug:-no}" udev_monitor="${udev_monitor:-no}" udev_monitor_keep_running="${udev_monitor_keep_running:-no}" udev_settle_timeout="${udev_settle_timeout:-60}" -kv_min="${kv_min:-2.6.34}" depend() { @@ -26,53 +25,21 @@ depend() keyword -vserver -lxc } -KV_to_int() -{ - [ -z $1 ] && return 1 - - local x=${1%%[!0-9.]*} y= z= - local KV_MAJOR=${x%%.*} - y=${x#*.} - [ "$x" = "$y" ] && y=0.0 - local KV_MINOR=${y%%.*} - z=${y#*.} - [ "$y" = "$z" ] && z=0 - local KV_MICRO=${z%%.*} - local KV_int=$((${KV_MAJOR} * 65536 + ${KV_MINOR} * 256 + ${KV_MICRO} )) - - # We make version 2.2.0 the minimum version we will handle as - # a sanity check ... if its less, we fail ... - [ "${KV_int}" -lt 131584 ] && return 1 - - echo "${KV_int}" -} - -_RC_GET_KV_CACHE="" -get_KV() -{ - if [ -z "${_RC_GET_KV_CACHE}" ] ; then - _RC_GET_KV_CACHE="$(uname -r)" - fi - echo "$(KV_to_int "${_RC_GET_KV_CACHE}")" - return $? -} - -# FIXME -# Instead of this script testing kernel version, udev itself should -# Maybe something like udevd --test || exit $? -check_kernel() +disable_oldnet_hotplug() { - if [ $(get_KV) -lt $(KV_to_int ${kv_min}) ]; then - eerror "Your kernel is too old to work with this version of udev." - eerror "Current udev only supports Linux kernel ${kv_min} and newer." - return 1 + if is_service_enabled network; then + # disable network hotplugging + local d="/run/udev/rules.d" + mkdir -p "${d}" + local f="${d}/90-network.rules" + echo "# This file disables network hotplug events calling" >> "${f}" + echo "# old-style openrc net scripts" >> "${f}" + echo "# as we use /etc/init.d/network to set up our network" >> "${f}" fi - return 0 } start_pre() { - check_kernel || return 1 if [ -e /proc/sys/kernel/hotplug ]; then echo "" >/proc/sys/kernel/hotplug fi @@ -92,7 +59,7 @@ start_pre() bins="/sbin/udevd /lib/systemd/systemd-udevd /usr/lib/systemd/systemd-udevd" for f in ${bins}; do - if [ -x "$f" ] && ! [ -L "$f" ]; then + if [ -x "$f" -a ! -L "$f" ]; then command="$f" fi done @@ -100,6 +67,10 @@ start_pre() eerror "Unable to find udev executable." return 1 fi + + # Need to do this before starting udev so it will load the rules. + disable_oldnet_hotplug + return 0 } @@ -114,17 +85,6 @@ is_service_enabled() return 1 } -disable_oldnet_hotplug() -{ - if is_service_enabled network; then - # disable network hotplugging - local f="/run/udev/rules.d/90-network.rules" - echo "# This file disables network hotplug events calling" >> "${f}" - echo "# old-style openrc net scripts" >> "${f}" - echo "# as we use /etc/init.d/network to set up our network" >> "${f}" - fi -} - start_udevmonitor() { yesno "${udev_monitor}" || return 0 @@ -186,7 +146,6 @@ display_hotplugged_services() start_post() { - disable_oldnet_hotplug start_udevmonitor populate_dev stop_udevmonitor @@ -196,9 +155,17 @@ start_post() stop() { + local rc=0 ebegin "Stopping ${name:-$RC_SVCNAME}" udevadm control --exit - eend $? "Failed to stop $RC_SVCNAME" + rc=$? + if [ $rc -ne 0 ]; then + eend $rc "Failed to stop $RC_SVCNAME using udevadm" + ebegin "Trying with start-stop-daemon" + start-stop-daemon --stop --exec /sbin/udevd + rc=$? + fi + eend $rc "Failed to stop $RC_SVCNAME" } reload() diff --git a/mercurial/hgrc.d/cacerts.rc b/mercurial/hgrc.d/cacerts.rc new file mode 100644 index 0000000..240261c --- /dev/null +++ b/mercurial/hgrc.d/cacerts.rc @@ -0,0 +1,2 @@ +[web] +cacerts = /etc/ssl/certs/ca-certificates.crt diff --git a/pam.d/postgresql b/pam.d/postgresql-9.2 similarity index 100% rename from pam.d/postgresql rename to pam.d/postgresql-9.2 diff --git a/policyd-weight.conf b/policyd-weight.conf index 0b33774..e3c9e6e 100644 --- a/policyd-weight.conf +++ b/policyd-weight.conf @@ -1,5 +1,5 @@ # ---------------------------------------------------------------- -# policyd-weight configuration (defaults) Version 0.1.14 beta-17 +# policyd-weight configuration (defaults) Version 0.1.15 beta-2 # ---------------------------------------------------------------- @@ -60,8 +60,8 @@ 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', - 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' + #'rbl.ipv6-world.net', 4.25, 0, 'IPv6_RBL' #don't use, kept for testing failures! ); $MAXDNSBLHITS = 2; # If Client IP is listed in MORE diff --git a/revdep-rebuild/61-icedtea-bin-6 b/revdep-rebuild/61-icedtea-bin-6 index 7405784..dccd7c5 100644 --- a/revdep-rebuild/61-icedtea-bin-6 +++ b/revdep-rebuild/61-icedtea-bin-6 @@ -1 +1 @@ -SEARCH_DIRS_MASK="/opt/icedtea-bin-6.1.11.5" +SEARCH_DIRS_MASK="/opt/icedtea-bin-6.1.12.2" diff --git a/security/namespace.conf b/security/namespace.conf index f973225..b611a0f 100644 --- a/security/namespace.conf +++ b/security/namespace.conf @@ -5,8 +5,8 @@ # Uncommenting the following three lines will polyinstantiate # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will # be polyinstantiated based on the MLS level part of the security context as well as user -# name, Polyinstantion will not be performed for user root and adm for directories -# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. +# name, Polyinstantion will not be performed for user root and adm for directories +# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. # The user name and context is appended to the instance prefix. # # Note that instance directories do not have to reside inside the diff --git a/security/namespace.init b/security/namespace.init index 9898bf3..9ab5806 100755 --- a/security/namespace.init +++ b/security/namespace.init @@ -1,5 +1,5 @@ #!/bin/sh -p -# It receives polydir path as $1, the instance path as $2, +# It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. # diff --git a/security/pam_env.conf b/security/pam_env.conf index d0ba35c..30e9d00 100644 --- a/security/pam_env.conf +++ b/security/pam_env.conf @@ -1,7 +1,7 @@ # -# This is the configuration file for pam_env, a PAM module to load in -# a configurable list of environment variables for a -# +# This is the configuration file for pam_env, a PAM module to load in +# a configurable list of environment variables for a +# # The original idea for this came from Andrew G. Morgan ... # # Mmm. Perhaps you might like to write a pam_env module that reads a @@ -22,16 +22,16 @@ # administrators rather than set by logging in, how to treat them both # in the same config file? # -# Here is my idea: +# Here is my idea: # # Each line starts with the variable name, there are then two possible -# options for each variable DEFAULT and OVERRIDE. +# options for each variable DEFAULT and OVERRIDE. # DEFAULT allows and administrator to set the value of the # variable to some default value, if none is supplied then the empty # string is assumed. The OVERRIDE option tells pam_env that it should # enter in its value (overriding the default value) if there is one # to use. OVERRIDE is not used, "" is assumed and no override will be -# done. +# done. # # VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] # @@ -42,7 +42,7 @@ # values can be delimited with "", escaped " not supported. # Note that many environment variables that you would like to use # may not be set by the time the module is called. -# For example, HOME is used below several times, but +# For example, HOME is used below several times, but # many PAM applications don't make it available by the time you need it. # # @@ -52,7 +52,7 @@ # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} # -# Set the DISPLAY variable if it seems reasonable +# Set the DISPLAY variable if it seems reasonable #DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} # # diff --git a/security/time.conf b/security/time.conf index c7b7989..68d2dad 100644 --- a/security/time.conf +++ b/security/time.conf @@ -1,4 +1,4 @@ -# this is an example configuration file for the pam_time module. Its syntax +# this is an example configuration file for the pam_time module. Its syntax # was initially based heavily on that of the shadow package (shadow-960129). # # the syntax of the lines is as follows: -- 2.39.5