From 9907605e7727d1e5b91f6b4914f63dfca900d0c4 Mon Sep 17 00:00:00 2001 From: frank Date: Thu, 31 May 2012 10:37:53 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- UPower/UPower.conf | 6 + config-archive/etc/UPower/UPower.conf | 54 + .../etc/UPower/UPower.conf.dist | 0 config-archive/etc/gentoo/gentoorc | 3081 +++++++++++++++++ .../etc/gentoo/gentoorc.dist | 0 config-archive/etc/hosts | 32 + .../etc/hosts.dist.new | 0 config-archive/etc/init.d/consolekit | 24 + .../etc/init.d/consolekit.dist | 0 config-archive/etc/init.d/sysstat | 19 + .../etc/init.d/sysstat.dist | 0 config-archive/etc/layman/layman.cfg | 81 + .../etc/layman/layman.cfg.dist | 0 config-archive/etc/profile | 63 + .../etc/profile.dist | 0 config-archive/etc/sysctl.conf | 58 + .../etc/sysctl.conf.dist.new | 0 config-archive/etc/xdg/Thunar/uca.xml | 44 + .../etc/xdg/Thunar/uca.xml.dist | 0 .../autostart/user-dirs-update-gtk.desktop | 13 + .../user-dirs-update-gtk.desktop.dist | 0 .../etc/xdg/menus/xfce-applications.menu | 165 + .../etc/xdg/menus/xfce-applications.menu.dist | 0 config-archive/etc/xdg/xfce4/helpers.rc | 9 + .../etc/xdg/xfce4/helpers.rc.dist | 0 .../etc/xdg/xfce4/panel/default.xml | 66 + .../etc/xdg/xfce4/panel/default.xml.dist | 0 .../xfce4-keyboard-shortcuts.xml | 2 + .../xfce4-keyboard-shortcuts.xml.1 | 10 +- .../xfce4-keyboard-shortcuts.xml.dist | 8 +- .../xfce-perchannel-xml/xfce4-session.xml | 37 + .../xfce4-session.xml.dist | 0 .../xfconf/xfce-perchannel-xml/xsettings.xml | 11 + .../xfce-perchannel-xml/xsettings.xml.dist | 0 config-archive/etc/xdg/xfce4/xinitrc | 309 ++ .../etc/xdg/xfce4/xinitrc.dist | 0 .../usr/share/config/kdm/kdmrc.dist.new | 2 +- .../usr/share/openvpn/easy-rsa/README | 229 ++ .../usr/share/openvpn/easy-rsa/README.dist | 229 ++ .../usr/share/openvpn/easy-rsa/build-ca | 8 + .../usr/share/openvpn/easy-rsa/build-ca.dist | 8 + .../usr/share/openvpn/easy-rsa/build-dh | 11 + .../usr/share/openvpn/easy-rsa/build-dh.dist | 11 + .../usr/share/openvpn/easy-rsa/build-inter | 7 + .../share/openvpn/easy-rsa/build-inter.dist | 7 + .../usr/share/openvpn/easy-rsa/build-key | 7 + .../usr/share/openvpn/easy-rsa/build-key-pass | 7 + .../openvpn/easy-rsa/build-key-pass.dist | 7 + .../share/openvpn/easy-rsa/build-key-pkcs12 | 8 + .../openvpn/easy-rsa/build-key-pkcs12.dist | 8 + .../share/openvpn/easy-rsa/build-key-server | 10 + .../openvpn/easy-rsa/build-key-server.dist | 10 + .../usr/share/openvpn/easy-rsa/build-key.dist | 7 + .../usr/share/openvpn/easy-rsa/build-req | 7 + .../usr/share/openvpn/easy-rsa/build-req-pass | 7 + .../openvpn/easy-rsa/build-req-pass.dist | 7 + .../usr/share/openvpn/easy-rsa/build-req.dist | 7 + .../usr/share/openvpn/easy-rsa/clean-all | 16 + .../usr/share/openvpn/easy-rsa/clean-all.dist | 16 + .../usr/share/openvpn/easy-rsa/inherit-inter | 39 + .../share/openvpn/easy-rsa/inherit-inter.dist | 39 + .../usr/share/openvpn/easy-rsa/list-crl | 13 + .../usr/share/openvpn/easy-rsa/list-crl.dist | 13 + .../usr/share/openvpn/easy-rsa/pkitool | 373 ++ .../usr/share/openvpn/easy-rsa/pkitool.dist | 379 ++ .../usr/share/openvpn/easy-rsa/revoke-full | 40 + .../share/openvpn/easy-rsa/revoke-full.dist | 40 + .../usr/share/openvpn/easy-rsa/sign-req | 7 + .../usr/share/openvpn/easy-rsa/sign-req.dist | 7 + .../usr/share/openvpn/easy-rsa/vars | 68 + .../usr/share/openvpn/easy-rsa/vars.dist | 74 + .../share/openvpn/easy-rsa/whichopensslcnf | 13 + .../openvpn/easy-rsa/whichopensslcnf.dist | 26 + .../usr/share/xsessions/KDE-4.desktop | 20 +- .../usr/share/xsessions/KDE-4.desktop.1 | 83 + .../usr/share/xsessions/KDE-4.desktop.dist | 2 + .../usr/share/xsessions/xfce.desktop | 13 + .../usr/share/xsessions/xfce.desktop.dist | 13 + gentoo/gentoorc | 176 +- init.d/consolekit | 6 +- init.d/sysstat | 6 +- layman/layman.cfg | 14 +- profile | 2 +- xdg/Thunar/uca.xml | 4 +- xdg/autostart/user-dirs-update-gtk.desktop | 4 + xdg/menus/xfce-applications.menu | 4 +- xdg/xfce4/helpers.rc | 1 + xdg/xfce4/panel/default.xml | 18 +- .../xfce4-keyboard-shortcuts.xml | 8 +- .../xfce-perchannel-xml/xfce4-session.xml | 10 +- .../xfconf/xfce-perchannel-xml/xsettings.xml | 42 +- xdg/xfce4/xinitrc | 191 +- 92 files changed, 6188 insertions(+), 288 deletions(-) create mode 100644 config-archive/etc/UPower/UPower.conf rename UPower/._cfg0000_UPower.conf => config-archive/etc/UPower/UPower.conf.dist (100%) create mode 100644 config-archive/etc/gentoo/gentoorc rename gentoo/._cfg0000_gentoorc => config-archive/etc/gentoo/gentoorc.dist (100%) create mode 100644 config-archive/etc/hosts rename ._cfg0000_hosts => config-archive/etc/hosts.dist.new (100%) create mode 100755 config-archive/etc/init.d/consolekit rename init.d/._cfg0000_consolekit => config-archive/etc/init.d/consolekit.dist (100%) create mode 100755 config-archive/etc/init.d/sysstat rename init.d/._cfg0000_sysstat => config-archive/etc/init.d/sysstat.dist (100%) create mode 100644 config-archive/etc/layman/layman.cfg rename layman/._cfg0000_layman.cfg => config-archive/etc/layman/layman.cfg.dist (100%) create mode 100644 config-archive/etc/profile rename ._cfg0000_profile => config-archive/etc/profile.dist (100%) create mode 100644 config-archive/etc/sysctl.conf rename ._cfg0000_sysctl.conf => config-archive/etc/sysctl.conf.dist.new (100%) create mode 100644 config-archive/etc/xdg/Thunar/uca.xml rename xdg/Thunar/._cfg0000_uca.xml => config-archive/etc/xdg/Thunar/uca.xml.dist (100%) create mode 100644 config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop rename xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop => config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist (100%) create mode 100644 config-archive/etc/xdg/menus/xfce-applications.menu rename xdg/menus/._cfg0000_xfce-applications.menu => config-archive/etc/xdg/menus/xfce-applications.menu.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/helpers.rc rename xdg/xfce4/._cfg0000_helpers.rc => config-archive/etc/xdg/xfce4/helpers.rc.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/panel/default.xml rename xdg/xfce4/panel/._cfg0000_default.xml => config-archive/etc/xdg/xfce4/panel/default.xml.dist (100%) rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.1 (89%) create mode 100644 config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xinitrc rename xdg/xfce4/._cfg0000_xinitrc => config-archive/etc/xdg/xfce4/xinitrc.dist (100%) create mode 100644 config-archive/usr/share/openvpn/easy-rsa/README create mode 100644 config-archive/usr/share/openvpn/easy-rsa/README.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-ca create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-ca.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-dh create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-dh.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-inter create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-inter.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pass create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-server create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req-pass create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/clean-all create mode 100755 config-archive/usr/share/openvpn/easy-rsa/clean-all.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/inherit-inter create mode 100755 config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/list-crl create mode 100755 config-archive/usr/share/openvpn/easy-rsa/list-crl.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/pkitool create mode 100755 config-archive/usr/share/openvpn/easy-rsa/pkitool.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/revoke-full create mode 100755 config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/sign-req create mode 100755 config-archive/usr/share/openvpn/easy-rsa/sign-req.dist create mode 100644 config-archive/usr/share/openvpn/easy-rsa/vars create mode 100644 config-archive/usr/share/openvpn/easy-rsa/vars.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf create mode 100755 config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist create mode 100644 config-archive/usr/share/xsessions/KDE-4.desktop.1 create mode 100644 config-archive/usr/share/xsessions/xfce.desktop create mode 100644 config-archive/usr/share/xsessions/xfce.desktop.dist diff --git a/UPower/UPower.conf b/UPower/UPower.conf index c9da9cdf..23f06f8f 100644 --- a/UPower/UPower.conf +++ b/UPower/UPower.conf @@ -20,6 +20,12 @@ SleepTimeout=1000 # default=true AllowHibernateEncryptedSwap=true +# This controls whether we want the powersave commands to be run when running +# on battery or plugging AC. +# +# default=true +RunPowersaveCommand=true + # Enable the Watts Up Pro device. # # The Watts Up Pro contains a generic FTDI USB device without a specific diff --git a/config-archive/etc/UPower/UPower.conf b/config-archive/etc/UPower/UPower.conf new file mode 100644 index 00000000..c9da9cdf --- /dev/null +++ b/config-archive/etc/UPower/UPower.conf @@ -0,0 +1,54 @@ +# Only the system vendor should modify this file, ordinary users +# should not have to change anything. + +[UPower] + +# This is the smallest amount of time that UPower gives to session and system +# processes after the suspend or hibernate request is given. +# If the session power management component uses AboutToSuspend() then the +# session process can only make this time larger than the value below, never +# smaller. +# +# Reducing this time means the suspend happens quicker, but might also not give +# some processes enough time to save state. +# +# default=1000 +SleepTimeout=1000 + +# This controls whether hibernate is allowed when using encrypted swap. +# +# default=true +AllowHibernateEncryptedSwap=true + +# Enable the Watts Up Pro device. +# +# The Watts Up Pro contains a generic FTDI USB device without a specific +# vendor and product ID. When we probe for WUP devices, we can cause +# the user to get a perplexing "Device or resource busy" error when +# attempting to use their non-WUP device. +# +# The generic FTDI device is known to also be used on: +# +# - Sparkfun FT232 breakout board +# - Parallax Propeller +# +# default=true +EnableWattsUpPro=true + +# Poll the kernel for dock state changes. +# +# Some drivers are still broken, and do not send out uvents when the +# connected state changes. +# +# default=false +PollDockDevices=false + +# Do we ignore the lid state +# +# Some laptops are broken. The lid state is either inverted, or stuck +# on or off. We can't do much to fix these problems, but this is a way +# for users to make the laptop panel vanish and for programs like +# gnome-power-manager to not suspend on system startup. +# +# default=false +IgnoreLid=false diff --git a/UPower/._cfg0000_UPower.conf b/config-archive/etc/UPower/UPower.conf.dist similarity index 100% rename from UPower/._cfg0000_UPower.conf rename to config-archive/etc/UPower/UPower.conf.dist diff --git a/config-archive/etc/gentoo/gentoorc b/config-archive/etc/gentoo/gentoorc new file mode 100644 index 00000000..b39bf9de --- /dev/null +++ b/config-archive/etc/gentoo/gentoorc @@ -0,0 +1,3081 @@ + + + + "0.19.12" + + 2 + + 9 + + 0 + "I" + "icon" + + + 2 + 20 + + + 1 + "Name" + "name" + + FALSE + TRUE + + 0 + 267 + + + 2 + "Size" + "size" + + "bytesnounit" + TRUE + "," + 3 + TRUE + + 1 + 110 + + + 3 + "Mode" + "modenum" + + "%o" + + 1 + 57 + + + 4 + "Mode2" + "modestr" + + + 2 + 96 + + + 5 + "Nlink" + "nlink" + + "%d" + + 2 + 40 + + + 6 + "User" + "uname" + + + 2 + 80 + + + 7 + "Group" + "gname" + + + 2 + 64 + + + 8 + "Modified" + "mtime" + + "%Y-%m-%d %H:%M.%S" + + 2 + 180 + + + "name" + "dirs_first" + FALSE + FALSE + + "@history[0]" + FALSE + TRUE + TRUE + FALSE + TRUE + "Monospace 8" + TRUE + "system" + + + 9 + + 0 + "I" + "icon" + + + 2 + 20 + + + 1 + "Name" + "name" + + TRUE + TRUE + + 0 + 273 + + + 2 + "Size" + "size" + + "bytesnounit" + TRUE + "," + 3 + TRUE + + 1 + 99 + + + 3 + "Mode" + "modenum" + + "%o" + + 1 + 57 + + + 4 + "Mode2" + "modestr" + + + 2 + 96 + + + 5 + "Nlink" + "nlink" + + "%d" + + 2 + 40 + + + 6 + "User" + "uname" + + + 2 + 80 + + + 7 + "Group" + "gname" + + + 2 + 64 + + + 8 + "Modified" + "mtime" + + "%Y-%m-%d %H:%M.%S" + + 2 + 180 + + + "name" + "dirs_first" + FALSE + FALSE + + "@history[0]" + FALSE + TRUE + TRUE + FALSE + TRUE + "Monospace 8" + TRUE + "left" + + + "horizontal" + "ratio" + 0.500000 + + + + TRUE + + + + + "mouse_right" + 0 + + + "Built-In" + "SelectRow action=select" + 0 + + + "Built-In" + "MenuPopup" + 0 + + + + + "test_checkbox" + 0 + + + "External" + "echo {It:"Testing checkboxes"} {Ix:"One"} {Ix:"Two"} {Ix:"Three"}" + 0 + + 0 + 0 + 0 + + + + + + "wrap_about" + 0 + + + "Built-In" + "About" + 0 + + + + + "play_mod" + 0 + + + "External" + "xmp {fup}" + 0 + + 3 + 0 + 0 + + + + + + "test_pipe" + 0 + + + "External" + "bash -c 'echo {Fup} | wc'" + 0 + + 4 + 0 + 0 + + + + + + "run_file" + 0 + + + "External" + "/usr/bin/env bash -c {fup}" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_tar_bzip2" + 0 + + + "External" + "tar --use-compress-program=bzip2 -xf {fup}" + 0 + + 0 + 8 + 2 + + + + + + "test_uri" + 0 + + + "External" + "echo {uq}" + 0 + + 0 + 0 + 0 + + + + + + "unmount" + 0 + + + "External" + "umount {fpu}" + 0 + + 0 + 0 + 0 + + + + + + "view_rpm" + 0 + + + "External" + "rpm -SOME_SMART_OPTION {fup}" + 0 + + 4 + 0 + 0 + + + + + + "print_selected" + 0 + + + "External" + "echo {Fpu}" + 0 + + 0 + 0 + 0 + + + + + + "compress_gzip" + 0 + + + "External" + "gzip -9 {Fup}" + 0 + + 0 + 0 + 1 + + + + + + "view_video" + 0 + + + "External" + "mplayer -quiet -vo x11 {fup}" + 0 + + 0 + 0 + 0 + + + + + + "open_other" + 0 + + + "Built-In" + "DirToOther" + 0 + + + "Built-In" + "ActivateOther" + 0 + + + "Built-In" + "DirEnter" + 0 + + + "Built-In" + "ActivateOther" + 0 + + + "Built-In" + "UnselectFirst" + 0 + + + + + "view_rfc" + 0 + + + "External" + "less {fup}" + 0 + + 4 + 0 + 0 + + + + + + "view_tar_bzip2" + 0 + + + "External" + "tar -tvf {fpu} --use-compress-prog=bunzip2" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_rar" + 0 + + + "External" + "unrar x -inul {fup}" + 0 + + 0 + 8 + 2 + + + + + + "view_tar_gzip" + 0 + + + "External" + "tar -tvzf {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_grab" + 0 + + + "External" + "{$HOME}/data/src/C/spew --delay=5000000" + 0 + + 4 + 0 + 0 + + + + + + "test_exec" + 0 + + + "External" + "nonexistant {fup}" + 0 + + 0 + 0 + 0 + + + + + + "tar_extract" + 1 + + + "External" + "echo Extracting {fp} to {Pd}" + 0 + + 0 + 0 + 0 + + + + "External" + "tar xzf {fup}" + 0 + + 16 + 8 + 2 + + + + + + "view_gzip" + 0 + + + "External" + "zcat {fup}" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_zip" + 0 + + + "External" + "unzip -qq -o {fup}" + 0 + + 0 + 8 + 2 + + + + + + "test_call" + 0 + + + "Built-In" + "wrap_about" + 0 + + + + + "compress_tar" + 0 + + + "External" + "tar {It:"Create tar archive"}{Ic:"Mode"="-cf","-czf","-cyf"} {Pd}/{Is:"Archive Name"} {Ix:"Dereference links?"="-h",""}{Ix:"Compress?"="-z",""} {Fu}" + 0 + + 16 + 4 + 2 + + + + + + "view_man" + 0 + + + "External" + "groff -man -Tascii -P-b -P-u {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_menu" + 0 + + + "External" + "echo {Im:"First"="Hello,:1","Good day,:2","Good evening,:3","Hi,:4","Yo:5"} {Im:"Second"="person","dude","geek"}" + 0 + + 0 + 0 + 0 + + + + + + "view_tar" + 0 + + + "External" + "tar -tvf {fup}" + 0 + + 4 + 0 + 0 + + + + + + "edit_image" + 0 + + + "External" + "gimp {fup}" + 0 + + 3 + 0 + 0 + + + + + + "view_image" + 0 + + + "External" + "gliv {Fup}" + 0 + + 0 + 4 + 0 + + + + + + "view_html" + 0 + + + "External" + "lynx -dump {fup}" + 0 + + 4 + 0 + 0 + + + + + + "view_howto" + 0 + + + "External" + "less {fup}" + 0 + + 4 + 0 + 0 + + + + + + "play_mp3" + 0 + + + "External" + "xmms {Fup}" + 0 + + 1 + 0 + 0 + + + + + + "edit_text" + 0 + + + "External" + "{$EDITOR} {fup}" + 0 + + 1 + 0 + 0 + + + + + + "mkdir_and_enter_selected" + 0 + + + "Built-In" + "MkDir 1" + 0 + + + "Built-In" + "DirEnter dir={fpu}" + 0 + + + + + "run_missing" + 0 + + + "External" + "whatever {Fpu}" + 0 + + 0 + 0 + 0 + + + + + + "test_dirparent" + 0 + + + "Built-In" + "DirParent" + 0 + + + "Built-In" + "About" + 0 + + + + + "view_pdf" + 0 + + + "External" + " evince {fup}" + 0 + + 0 + 0 + 0 + + + + + + "Unnamed" + 0 + + + "External" + "echo {Fu}" + 0 + + 0 + 16 + 0 + + + + + + "diff" + 0 + + + "External" + "diff -pu {fpu} {fdup}" + 0 + + 4 + 16 + 0 + + + + + + "play_sid" + 0 + + + "External" + "sidplay {fup}" + 0 + + 1 + 0 + 0 + + + + + + "convert_mp3" + 1 + + + "External" + "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" + 0 + + 0 + 4 + 1 + + + + + + "view_deb" + 0 + + + "External" + "dpkg-deb -c {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_input" + 0 + + + "External" + "echo {It:"String input defaults to first selected filename:"} {It:"-"} {Is:"Name:"="prefix-{fQ}-postfix"}" + 0 + + 0 + 0 + 0 + + + + + + "view_bzip2" + 0 + + + "External" + "bzcat {fup}" + 0 + + 4 + 0 + 0 + + + + + + "run_script" + 0 + + + "External" + "/usr/bin/env bash {fup}" + 0 + + 16 + 20 + 0 + + + + + + "view_ps" + 0 + + + "External" + "gv {fut}" + 0 + + 1 + 0 + 0 + + + + + + "uncompress_gzip" + 0 + + + "External" + "gunzip {Fup}" + 0 + + 0 + 0 + 1 + + + + + + "uncompress_tar_gzip" + 1 + + + "External" + "tar xzf {fup}" + 0 + + 0 + 8 + 2 + + + + + + "run_calculator" + 0 + + + "External" + "gnome-calculator" + 0 + + 3 + 0 + 0 + + + + + + "view_zip" + 0 + + + "External" + "unzip -v {fup}" + 0 + + 4 + 0 + 0 + + + + + + "new_shell" + 0 + + + "External" + "xterm" + 0 + + 1 + 4 + 0 + + + + + + "play_sample" + 0 + + + "External" + "aplay {fup}" + 0 + + 0 + 0 + 0 + + + + + + "view_rar" + 0 + + + "External" + "unrar lt {fup}" + 0 + + 4 + 0 + 0 + + + + + + + + FALSE + + + TRUE + TRUE + TRUE + u2097152 + + + u1 + + + FALSE + FALSE + + + FALSE + + + TRUE + TRUE + "%Y-%m-%d %H:%M.%S" + "%Y-%m-%d %H:%M.%S" + "%Y-%m-%d %H:%M.%S" + "," + + + TRUE + FALSE + + + TRUE + u2 + + + u1048576 + u512 + TRUE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "Directory" + 16384 + + + + "Archive, Tar" + 32768 + ".tar" + + + + "Archive, Rar" + 32768 + ".rar" + + + + "Archive, Tar BZip2" + 32768 + "^.+\\.(tbz|tar\\.bz2)$" + FALSE + FALSE + + + + "Archive, Tar Gzip" + 32768 + ".+\\.(tar\\.gz|tgz)" + FALSE + FALSE + + + + "Archive, ZIP" + 32768 + ".zip" + + + + "Archive, Package, Debian" + 32768 + ".deb" + + + + "Archive, Package, RPM" + 32768 + ".rpm" + + + + "Image, BMP" + 32768 + ".bmp" + + + + "Image, GIF" + 32768 + ".gif" + + + + "Image, JPEG" + 32768 + "^.+\\.jpe?g$" + FALSE + TRUE + + + + "Image, IFF-ILBM" + 32768 + "\\.(lbm|iff)$" + FALSE + FALSE + + + + "Image, TARGA" + 32768 + ".tga" + + + + "Image, TIFF" + 32768 + "\\.tiff?$" + FALSE + FALSE + + + + "Image, PNG" + 32768 + ".png" + + + + "Image, XPM" + 32768 + ".xpm" + + + + "Sound, Music, Module" + 32768 + "(^mod\\..+)|(.+\\.mod$)" + FALSE + FALSE + + + + "Sound, Music, MP3" + 32768 + ".mp3" + + + + "Sound, Music, SID" + 32768 + ".sid" + + + + "Sound, Sample, WAV" + 32768 + "WAVE audio" + FALSE + FALSE + + + + "Sound, Sample, au" + 32768 + ".au" + + + + "Source Code, Assembly, ASM-One" + 32768 + "\\.(s|S)$" + FALSE + FALSE + + + + "Source Code, Assembly" + 32768 + "\\.(s|asm)$" + FALSE + FALSE + + + + "Source Code, C Header" + 32768 + ".h" + + + + "Source Code, C Source" + 32768 + ".c" + + + + "Source Code, C++ Source" + 32768 + "\\.(cpp|cc)$" + FALSE + FALSE + + + + "Source Code, Java" + 32768 + ".java" + + + + "Source Code, M4" + 32768 + ".m4" + + + + "Source Code, Perl" + 32768 + ".pl" + + + + "Source Code, PHP" + 32768 + ".php" + + + + "Source Code, Python" + 32768 + ".py" + + + + "Text, COPYING" + 32768 + "^(COPYING|COPYRIGHT|LICENSE)$" + FALSE + FALSE + + + + "Text, Config" + 32768 + "^\\..+rc$" + FALSE + FALSE + + + + "Text, HOWTO" + 32768 + "-HOWTO(\\.gz)?$" + FALSE + FALSE + + + + "Text, MS Word" + 32768 + ".doc" + + + + "Text, HTML" + 32768 + ".+\\.html?$" + FALSE + FALSE + + + + "Text, Makefile" + 32768 + "^Makefile" + FALSE + FALSE + + + + "Text, Man Page" + 32768 + "^[^.]+[^0-9]\\.[0-9][A-Za-z]?(\\.gz)?$" + FALSE + FALSE + + + + "Text, Package Information" + 32768 + "^(BUGS|ChangeLog|INSTALL|README|TODO)" + FALSE + FALSE + + + + "Text, PDF" + 32768 + ".pdf" + + + + "Text, Plain" + 32768 + ".txt" + "ASCII text" + FALSE + FALSE + + + + "Text, PostScript" + 32768 + ".ps" + + + + "Text, RFC" + 32768 + "^rfc[0-9]+(\\.gz)?$" + FALSE + FALSE + + + + "Video, 3GP" + 32768 + ".3gp" + + + + "Video, AVI" + 32768 + ".avi" + + + + "Video, MPEG" + 32768 + "\\.mpe?g$" + FALSE + FALSE + + + + "Video, MOV" + 32768 + ".mov" + + + + "Video, WMV" + 32768 + ".wmv" + + + + "Video, RealMedia" + 32768 + ".rm" + + + + "Executable, Shared Object" + 32768 + "^lib.+\\.so(\\.[0-9.]+)?" + FALSE + FALSE + + + + "Executable" + 32768 + 32 + + + + "Executable, Java Class" + 32768 + ".class" + + + + "Executable, Object" + 32768 + ".o" + + + + "Executable, Windows" + 32768 + ".exe" + + + + "Data, Compressed, GZip" + 32768 + ".gz" + + + + "Data, Compressed, BZip2" + 32768 + ".bz2" + + + + "Special, Link" + 40960 + + + + "Special, Socket" + 49152 + + + + "Special, FIFO" + 4096 + + + + "Unknown" + 0 + + + + + + + + + 1 + + + + + + 1 + + + + + + 1 + + + + + + 1 + + + + + + + + + + + 8 + + + + + + + + + + + + + 8 + + + + + + + + + + + + 8 + + + + + + + + + + + + + + + + + FALSE + 2 + + + + + + 0 + "icons:/usr/share/gentoo/icons" + + + 1 + "~" + + + 2 + "/etc/fstab" + + + 3 + "/proc/mounts" + + + + 1 + "^\\." + FALSE + + + + + u0 + 619 + 123 + 797 + 1112 + FALSE + FALSE + TRUE + TRUE + + + u1 + 32 + 32 + 800 + 600 + FALSE + FALSE + TRUE + TRUE + + + u2 + 32 + 32 + 694 + 600 + FALSE + FALSE + TRUE + TRUE + + + u3 + 32 + 32 + 320 + 480 + FALSE + FALSE + TRUE + TRUE + + + 4 + -24 + + + + "mouse" + + + + + "<Alt><Mod2>1" + "ActivateLeft" + + + "<Alt><Mod2>2" + "ActivateRight" + + + "<Alt>Down" + "DpFocus next" + + + "<Alt>Page_Down" + "DpFocus pagenext" + + + "<Alt>Page_Up" + "DpFocus pageprev" + + + "<Alt>Return" + "DpFocus select=true same" + + + "<Alt>Up" + "DpFocus prev" + + + "<Control><Mod2>F8" + "Rerun" + + + "<Control>Tab" + "DirFromOther" + + + "<Control>g" + "DpGotoRow {It:"Jump To Row Matching"} re=^{Is:"Regular Expression"} focus={Ix:"Focus Destination?"}" + + + "<Control>l" + "DpFocusPath select=true" + + + "<Control>r" + "DpReorient" + + + "<Control>s" + "DpFocusISrch text=" + + + "<Control>space" + "MenuPopup" + + + "<Mod2>c" + "Configure" + + + "<Mod2>q" + "Quit" + + + "<Shift><Mod2>r" + "DpMaximize" + + + "<Shift>Return" + "DpFocusPath select=true" + + + "BackSpace" + "DirParent" + + + "Delete" + "Delete" + + + "F1" + "About" + + + "F5" + "DirRescan" + + + "F8" + "Run" + + + "Left" + "DirParent" + + + "Tab" + "ActivateOther" + + + "c" + "Configure" + + + "h" + "DpHide" + + + "r" + "DpRecenter value=50" + + + + + + u5 + "SelectSuffix action=toggle" + + + + u8 + "SelectType action=toggle" + + + + u0 + "DirParent" + + + + u1 + "SelectRow" + + + + u0 + "MenuPopup" + + + + u1 + "mouse_right" + + + + u4 + "MenuPopup menu=<ActionMenu>" + + + + "FileAction action=ClickMClick" + 0.400000 + + + + "evt-path-rmb" + "About" + + + TRUE + + + 0 + FALSE + + + + + + diff --git a/gentoo/._cfg0000_gentoorc b/config-archive/etc/gentoo/gentoorc.dist similarity index 100% rename from gentoo/._cfg0000_gentoorc rename to config-archive/etc/gentoo/gentoorc.dist diff --git a/config-archive/etc/hosts b/config-archive/etc/hosts new file mode 100644 index 00000000..2a054492 --- /dev/null +++ b/config-archive/etc/hosts @@ -0,0 +1,32 @@ +# /etc/hosts: Local Host Database +# +# This file describes a number of aliases-to-address mappings for the for +# local hosts that share this file. +# +# In the presence of the domain name service or NIS, this file may not be +# consulted at all; see /etc/host.conf for the resolution order. +# + +# IPv4 and IPv6 localhost aliases +127.0.0.1 bruni.home.brehm-online.com bruni localhost +::1 bruni.home.brehm-online.com bruni localhost +2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga-six.brehm-online.com helga-six + +# +# Imaginary network. +#10.0.0.2 myname +#10.0.0.3 myfriend +# +# According to RFC 1918, you can use the following IP networks for private +# nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect directly to the Internet (i.e. not +# behind a NAT, ADSL router, etc...), you need real official assigned +# numbers. Do not try to invent your own network numbers but instead get one +# from your network provider (if any) or from your regional registry (ARIN, +# APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/._cfg0000_hosts b/config-archive/etc/hosts.dist.new similarity index 100% rename from ._cfg0000_hosts rename to config-archive/etc/hosts.dist.new diff --git a/config-archive/etc/init.d/consolekit b/config-archive/etc/init.d/consolekit new file mode 100755 index 00000000..d469b463 --- /dev/null +++ b/config-archive/etc/init.d/consolekit @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.1.rc,v 1.2 2009/09/12 19:46:19 nirbheek Exp $ + +depend() { + need dbus + use logger +} + +start() { + ebegin "Starting ConsoleKit daemon" + + start-stop-daemon --start -q \ + --pidfile /var/run/ConsoleKit/pid \ + --exec /usr/sbin/console-kit-daemon -- + eend $? +} + +stop() { + ebegin "Stopping ConsoleKit daemon" + start-stop-daemon --stop -q --pidfile /var/run/ConsoleKit/pid + eend $? +} diff --git a/init.d/._cfg0000_consolekit b/config-archive/etc/init.d/consolekit.dist similarity index 100% rename from init.d/._cfg0000_consolekit rename to config-archive/etc/init.d/consolekit.dist diff --git a/config-archive/etc/init.d/sysstat b/config-archive/etc/init.d/sysstat new file mode 100755 index 00000000..885782a2 --- /dev/null +++ b/config-archive/etc/init.d/sysstat @@ -0,0 +1,19 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ + +depend() { + use hostname +} + +start() { + ebegin "Writing a dummy startup record using sadc (see sadc(8))..." + /usr/lib/sa/sadc -F -L - + eend $? +} + +stop() { + ebegin "Cannot stop writing a dummy startup record (see sadc(8))..." + eend $? +} diff --git a/init.d/._cfg0000_sysstat b/config-archive/etc/init.d/sysstat.dist similarity index 100% rename from init.d/._cfg0000_sysstat rename to config-archive/etc/init.d/sysstat.dist diff --git a/config-archive/etc/layman/layman.cfg b/config-archive/etc/layman/layman.cfg new file mode 100644 index 00000000..b45c6f06 --- /dev/null +++ b/config-archive/etc/layman/layman.cfg @@ -0,0 +1,81 @@ +[MAIN] + +#----------------------------------------------------------- +# Defines the directory where overlays should be installed + +storage : /var/lib/layman + +#----------------------------------------------------------- +# Remote overlay lists will be stored here +# layman will append _md5(url).xml to each filename + +cache : %(storage)s/cache + +#----------------------------------------------------------- +# The list of locally installed overlays + +local_list: %(storage)s/overlays.xml + +#----------------------------------------------------------- +# Path to the make.conf file that should be modified by +# layman + +make_conf : %(storage)s/make.conf + +#----------------------------------------------------------- +# URLs of the remote lists of overlays (one per line) or +# local overlay definitions +# +#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml +# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml +# http://mydomain.org/my-layman-list.xml +# file:///var/lib/layman/my-list.xml + +overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml + +#----------------------------------------------------------- +# Proxy support +# If unset, layman will use the http_proxy environment variable. +# +#proxy : http://[user:pass@]www.my-proxy.org:3128 + +#----------------------------------------------------------- +# Strict checking of overlay definitions +# +# Set either to "yes" or "no". If "no" layman will issue +# warnings if an overlay definition is missing either +# description or contact information. +# +nocheck : yes + +#----------------------------------------------------------- +# Umask settings +# +# layman should usually work with a umask of 0022. You should +# only change this setting if you are absolutely certain that +# you know what you are doing. +# +#umask : 0022 + +#----------------------------------------------------------- +# Command overrides +# +# You can have commands point to either a binary at a different +# location, e.g. +# +# /home/you/local/bin/git +# +# or just the command, e.g. +# +# git +# +# to use PATH-based resolution of the binary to call. +# +#bzr_command : /usr/bin/bzr +#cvs_command : /usr/bin/cvs +#darcs_command : /usr/bin/darcs +#git_command : /usr/bin/git +#mercurial_command : /usr/bin/hg +#rsync_command : /usr/bin/rsync +#svn_command : /usr/bin/svn +#tar_command : /bin/tar diff --git a/layman/._cfg0000_layman.cfg b/config-archive/etc/layman/layman.cfg.dist similarity index 100% rename from layman/._cfg0000_layman.cfg rename to config-archive/etc/layman/layman.cfg.dist diff --git a/config-archive/etc/profile b/config-archive/etc/profile new file mode 100644 index 00000000..3565bab1 --- /dev/null +++ b/config-archive/etc/profile @@ -0,0 +1,63 @@ +# /etc/profile: login shell setup +# +# That this file is used by any Bourne-shell derivative to setup the +# environment for login shells. +# + +# Load environment settings from profile.env, which is created by +# env-update from the files in /etc/env.d +if [ -e /etc/profile.env ] ; then + . /etc/profile.env +fi + +# You should override these in your ~/.bashrc (or equivalent) for per-user +# settings. For system defaults, you can add a new file in /etc/profile.d/. +export EDITOR=${EDITOR:-/bin/nano} +export PAGER=${PAGER:-/usr/bin/less} + +# 077 would be more secure, but 022 is generally quite realistic +umask 022 + +# Set up PATH depending on whether we're root or a normal user. +# There's no real reason to exclude sbin paths from the normal user, +# but it can make tab-completion easier when they aren't in the +# user's PATH to pollute the executable namespace. +# +# It is intentional in the following line to use || instead of -o. +# This way the evaluation can be short-circuited and calling whoami is +# avoided. +if [ "$EUID" = "0" ] || [ "$USER" = "root" ] ; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${ROOTPATH}" +else + PATH="/usr/local/bin:/usr/bin:/bin:${PATH}" +fi +export PATH +unset ROOTPATH + +if [ -n "${BASH_VERSION}" ] ; then + # Newer bash ebuilds include /etc/bash/bashrc which will setup PS1 + # including color. We leave out color here because not all + # terminals support it. + if [ -f /etc/bash/bashrc ] ; then + # Bash login shells run only /etc/profile + # Bash non-login shells run only /etc/bash/bashrc + # Since we want to run /etc/bash/bashrc regardless, we source it + # from here. It is unfortunate that there is no way to do + # this *after* the user's .bash_profile runs (without putting + # it in the user's dot-files), but it shouldn't make any + # difference. + . /etc/bash/bashrc + else + PS1='\u@\h \w \$ ' + fi +else + # Setup a bland default prompt. Since this prompt should be useable + # on color and non-color terminals, as well as shells that don't + # understand sequences such as \h, don't put anything special in it. + PS1="${USER:-$(type whoami >/dev/null && whoami)}@$(type uname >/dev/null && uname -n) \$ " +fi + +for sh in /etc/profile.d/*.sh ; do + [ -r "$sh" ] && . "$sh" +done +unset sh diff --git a/._cfg0000_profile b/config-archive/etc/profile.dist similarity index 100% rename from ._cfg0000_profile rename to config-archive/etc/profile.dist diff --git a/config-archive/etc/sysctl.conf b/config-archive/etc/sysctl.conf new file mode 100644 index 00000000..04b86283 --- /dev/null +++ b/config-archive/etc/sysctl.conf @@ -0,0 +1,58 @@ +# /etc/sysctl.conf +# +# For more information on how this file works, please see +# the manpages sysctl(8) and sysctl.conf(5). +# +# In order for this file to work properly, you must first +# enable 'Sysctl support' in the kernel. +# +# Look in /proc/sys/ for all the things you can setup. +# + +# Disables packet forwarding +net.ipv4.ip_forward = 0 +# Disables IP dynaddr +#net.ipv4.ip_dynaddr = 0 +# Disable ECN +#net.ipv4.tcp_ecn = 0 +# Enables source route verification +net.ipv4.conf.default.rp_filter = 1 +# Enable reverse path +net.ipv4.conf.all.rp_filter = 1 + +net.ipv4.ip_forward = 1 +net.ipv6.conf.all.forwarding = 1 + +# Enable SYN cookies (yum!) +# http://cr.yp.to/syncookies.html +#net.ipv4.tcp_syncookies = 1 + +# Disable source route +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv4.conf.default.accept_source_route = 0 + +# Disable redirects +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv4.conf.default.accept_redirects = 0 + +# Disable secure redirects +#net.ipv4.conf.all.secure_redirects = 0 +#net.ipv4.conf.default.secure_redirects = 0 + +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 + +# Disables the magic-sysrq key +#kernel.sysrq = 0 +kernel.sysrq = 1 +# When the kernel panics, automatically reboot in 3 seconds +#kernel.panic = 3 +# Allow for more PIDs (cool factor!); may break some programs +#kernel.pid_max = 999999 + +# You should compile nfsd into the kernel or add it +# to modules.autoload for this to work properly +# TCP Port for lock manager +#fs.nfs.nlm_tcpport = 0 +# UDP Port for lock manager +#fs.nfs.nlm_udpport = 0 diff --git a/._cfg0000_sysctl.conf b/config-archive/etc/sysctl.conf.dist.new similarity index 100% rename from ._cfg0000_sysctl.conf rename to config-archive/etc/sysctl.conf.dist.new diff --git a/config-archive/etc/xdg/Thunar/uca.xml b/config-archive/etc/xdg/Thunar/uca.xml new file mode 100644 index 00000000..91f11769 --- /dev/null +++ b/config-archive/etc/xdg/Thunar/uca.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + +]> + + + + Terminal + * + Open Terminal Here + Terminal hier öffnen + Open Terminal Here + Открыть терминал + Mở Terminal tại thư mục này + exo-open --working-directory %f --launch TerminalEmulator + Example for a custom action + Beispiel für eine eigene Aktion + Example for a custom action + Пример особого действия + Ví dụ cho một hành động tuỳ biến + + + + + \ No newline at end of file diff --git a/xdg/Thunar/._cfg0000_uca.xml b/config-archive/etc/xdg/Thunar/uca.xml.dist similarity index 100% rename from xdg/Thunar/._cfg0000_uca.xml rename to config-archive/etc/xdg/Thunar/uca.xml.dist diff --git a/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop new file mode 100644 index 00000000..ea79903a --- /dev/null +++ b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Exec=xdg-user-dirs-gtk-update +Name=User folders update +Name[de]=Aktualisierung der Ordner des Benutzers +Name[en_GB]=User folders update +Comment=Update common folders names to match current locale +Comment[de]=Namen der Standardordner auf die momentan verwendete Sprache aktualisieren +Comment[en_GB]=Update common folders names to match current locale +Terminal=false +NotShowIn=KDE; +Type=Application +StartupNotify=false +X-KDE-autostart-after=panel diff --git a/xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist similarity index 100% rename from xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop rename to config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist diff --git a/config-archive/etc/xdg/menus/xfce-applications.menu b/config-archive/etc/xdg/menus/xfce-applications.menu new file mode 100644 index 00000000..51a27cbf --- /dev/null +++ b/config-archive/etc/xdg/menus/xfce-applications.menu @@ -0,0 +1,165 @@ + + + + Xfce + + + + + + + X-Xfce-Toplevel + + + + xfrun4.desktop + xfce4-run.desktop + + exo-terminal-emulator.desktop + exo-file-manager.desktop + exo-mail-reader.desktop + exo-web-browser.desktop + + Settings + + + + xfhelp4.desktop + xfce4-about.desktop + xfce4-session-logout.desktop + + + + Settings + xfce-settings.directory + + Settings + + + + xfce-settings-manager.desktop + + + + + + Screensavers + xfce-screensavers.directory + + Screensaver + + + + + + Accessories + xfce-accessories.directory + + + Accessibility + Core + Legacy + Utility + + + + + exo-file-manager.desktop + exo-terminal-emulator.desktop + xfce4-about.desktop + xfrun4.desktop + + + + + + Development + xfce-development.directory + + Development + + + + + Education + xfce-education.directory + + Education + + + + + Games + xfce-games.directory + + Game + + + + + Graphics + xfce-graphics.directory + + Graphics + + + + + Multimedia + xfce-multimedia.directory + + Audio + Video + AudioVideo + + + + + Network + xfce-network.directory + + Network + + + + exo-mail-reader.desktop + exo-web-browser.desktop + + + + + + Office + xfce-office.directory + + Office + + + + + System + xfce-system.directory + + + Emulator + System + + + + + xfce4-session-logout.desktop + + + + + + Other + xfce-other.directory + + + + + + + diff --git a/xdg/menus/._cfg0000_xfce-applications.menu b/config-archive/etc/xdg/menus/xfce-applications.menu.dist similarity index 100% rename from xdg/menus/._cfg0000_xfce-applications.menu rename to config-archive/etc/xdg/menus/xfce-applications.menu.dist diff --git a/config-archive/etc/xdg/xfce4/helpers.rc b/config-archive/etc/xdg/xfce4/helpers.rc new file mode 100644 index 00000000..74315c0b --- /dev/null +++ b/config-archive/etc/xdg/xfce4/helpers.rc @@ -0,0 +1,9 @@ +# +# Default helpers.rc for Xfce's Preferred Applications +# +# Copyright (c) 2005-2006 Benedikt Meurer +# + +WebBrowser=firefox +MailReader=thunderbird +TerminalEmulator=Terminal diff --git a/xdg/xfce4/._cfg0000_helpers.rc b/config-archive/etc/xdg/xfce4/helpers.rc.dist similarity index 100% rename from xdg/xfce4/._cfg0000_helpers.rc rename to config-archive/etc/xdg/xfce4/helpers.rc.dist diff --git a/config-archive/etc/xdg/xfce4/panel/default.xml b/config-archive/etc/xdg/xfce4/panel/default.xml new file mode 100644 index 00000000..244f0cc6 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/panel/default.xml @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/panel/._cfg0000_default.xml b/config-archive/etc/xdg/xfce4/panel/default.xml.dist similarity index 100% rename from xdg/xfce4/panel/._cfg0000_default.xml rename to config-archive/etc/xdg/xfce4/panel/default.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml index 723a10d3..47e592c4 100644 --- a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml @@ -8,6 +8,8 @@ + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.1 similarity index 89% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.1 index cf1978d7..723a10d3 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.1 @@ -3,19 +3,11 @@ - - - - - - - + - - diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist index 47e592c4..cf1978d7 100644 --- a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist @@ -3,7 +3,13 @@ - + + + + + + + diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml new file mode 100644 index 00000000..49f19c43 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist similarity index 100% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml new file mode 100644 index 00000000..2460fed6 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist similarity index 100% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xinitrc b/config-archive/etc/xdg/xfce4/xinitrc new file mode 100644 index 00000000..ebbfcfb2 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xinitrc @@ -0,0 +1,309 @@ +#!/bin/sh + +# fix broken $UID on some system... +if test "x$UID" = "x"; then + if test -x /usr/xpg4/bin/id; then + UID=`/usr/xpg4/bin/id -u`; + else + UID=`id -u`; + fi +fi + +# set $XDG_MENU_PREFIX to "xfce-" so that "xfce-applications.menu" is picked +# over "applications.menu" in all Xfce applications. +if test "x$XDG_MENU_PREFIX" = "x"; then + XDG_MENU_PREFIX="xfce-" + export XDG_MENU_PREFIX +fi + +# set DESKTOP_SESSION so that one can detect easily if an Xfce session is running +if test "x$DESKTOP_SESSION" = "x"; then + DESKTOP_SESSION="xfce" + export DESKTOP_SESSION +fi + +# $XDG_CONFIG_HOME defines the base directory relative to which user specific +# configuration files should be stored. If $XDG_CONFIG_HOME is either not set +# or empty, a default equal to $HOME/.config should be used. +if test "x$XDG_CONFIG_HOME" = "x" ; then + XDG_CONFIG_HOME=$HOME/.config +fi +[ -d "$XDG_CONFIG_HOME" ] || mkdir "$XDG_CONFIG_HOME" + +# $XDG_CACHE_HOME defines the base directory relative to which user specific +# non-essential data files should be stored. If $XDG_CACHE_HOME is either not +# set or empty, a default equal to $HOME/.cache should be used. +if test "x$XDG_CACHE_HOME" = "x" ; then + XDG_CACHE_HOME=$HOME/.cache +fi +[ -d "$XDG_CACHE_HOME" ] || mkdir "$XDG_CACHE_HOME" + + +# set up XDG user directores. see +# http://freedesktop.org/wiki/Software/xdg-user-dirs +if which xdg-user-dirs-update >/dev/null 2>&1; then + xdg-user-dirs-update +fi + +if test -f "$XDG_CONFIG_HOME/user-dirs.dirs"; then + . "$XDG_CONFIG_HOME/user-dirs.dirs" + # i'm deliberately not 'export'-ing the XDG_ vars, because you shouldn't + # rely on the env vars inside apps, since the file could be changed at + # any time by the user. this is solely here for migration purposes. + + # a bit of user dir migration... + if test -d "$HOME/Desktop" -a ! -L "$HOME/Desktop" \ + -a "$XDG_DESKTOP_DIR" \ + -a "$HOME/Desktop" != "$XDG_DESKTOP_DIR" + then + echo "Migrating $HOME/Desktop to $XDG_DESKTOP_DIR..." + test -d "$XDG_DESKTOP_DIR" && rmdir "$XDG_DESKTOP_DIR" + mv "$HOME/Desktop" "$XDG_DESKTOP_DIR" || echo "Desktop migration failed" >&2 + fi + + if test -d "$HOME/Templates" -a ! -L "$HOME/Templates" \ + -a "$XDG_TEMPLATES_DIR" \ + -a "$HOME/Templates" != "$XDG_TEMPLATES_DIR" + then + echo "Migrating $HOME/Templates to $XDG_TEMPLATES_DIR..." + test -d "$XDG_TEMPLATES_DIR" && rmdir "$XDG_TEMPLATES_DIR" + mv "$HOME/Templates" "$XDG_TEMPLATES_DIR" || echo "Templates migration failed" >&2 + fi +fi + + +# Modify libglade and glade environment variables so that +# it will find the files installed by Xfce +LIBGLADE_MODULE_PATH="$LIBGLADE_MODULE_PATH:" +GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:" +GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:" +GLADE_MODULE_PATH="$GLADE_MODULE_PATH:" +export LIBGLADE_MODULE_PATH +export GLADE_CATALOG_PATH +export GLADE_PIXMAP_PATH +export GLADE_MODULE_PATH + +# Export GTK_PATH so that GTK+ can find the Xfce theme engine +# https://bugzilla.xfce.org/show_bug.cgi?id=7483 +#GTK_PATH="$GTK_PATH:/usr/lib64/gtk-2.0" +#export GTK_PATH + +# For now, start with an empty list +XRESOURCES="" + +# Has to go prior to merging Xft.xrdb, as its the "Defaults" file +test -r "/etc/xdg/xfce4/Xft.xrdb" && XRESOURCES="$XRESOURCES /etc/xdg/xfce4/Xft.xrdb" +test -r $HOME/.Xdefaults && XRESOURCES="$XRESOURCES $HOME/.Xdefaults" + +BASEDIR=$XDG_CONFIG_HOME/xfce4 +if test -r "$BASEDIR/Xft.xrdb"; then + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +elif test -r "$XFCE4HOME/Xft.xrdb"; then + mkdir -p "$BASEDIR" + cp "$XFCE4HOME/Xft.xrdb" "$BASEDIR"/ + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +fi + +# merge in X cursor settings +test -r "$BASEDIR/Xcursor.xrdb" && XRESOURCES="$XRESOURCES $BASEDIR/Xcursor.xrdb" + +# ~/.Xresources contains overrides to the above +test -r "$HOME/.Xresources" && XRESOURCES="$XRESOURCES $HOME/.Xresources" + +# load all X resources (adds /dev/null to avoid an empty list that would hang the process) +cat /dev/null $XRESOURCES | xrdb -nocpp -merge - + +# load local modmap +test -r $HOME/.Xmodmap && xmodmap $HOME/.Xmodmap + +# Use dbus-launch if installed. +if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then + if which dbus-launch >/dev/null 2>&1; then + eval `dbus-launch --sh-syntax --exit-with-session` + # some older versions of dbus don't export the var properly + export DBUS_SESSION_BUS_ADDRESS + else + echo "Could not find dbus-launch; Xfce will not work properly" >&2 + fi +fi + +# launch gpg-agent or ssh-agent if enabled. +ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null` +if test "$ssh_agent_enabled" != "false"; then + # if the user has pam_ssh installed, it will start ssh-agent for us, but + # of course won't start gpg-agent. so, if ssh-agent is already running, + # but we want gpg-agent (and that's not running yet) start gpg-agent + # without ssh support + + ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null` + if test -z "$ssh_agent_type"; then + if which gpg-agent >/dev/null 2>&1; then + ssh_agent_type=gpg-agent + else + ssh_agent_type=ssh-agent + fi + fi + + # ignore stale ssh-agents + if test "$SSH_AGENT_PID"; then + if ! kill -0 $SSH_AGENT_PID; then + unset SSH_AGENT_PID + unset SSH_AUTH_SOCK + fi + fi + + case "$ssh_agent_type" in + gpg-agent) + if test -z "$SSH_AGENT_PID"; then + eval `gpg-agent --daemon --enable-ssh-support --write-env-file $XDG_CACHE_HOME/gpg-agent-info` + ssh_agent_kill_cmd="kill -INT $SSH_AGENT_PID; rm -f $XDG_CACHE_HOME/gpg-agent-info" + elif test -z "$GPG_AGENT_INFO"; then + echo "ssh-agent is already running; starting gpg-agent without ssh support" + eval `gpg-agent --daemon --write-env-file $XDG_CACHE_HOME/gpg-agent-info` + ssh_agent_kill_cmd="pkill -INT ^gpg-agent\$; rm -f $XDG_CACHE_HOME/gpg-agent-info" + else + echo "gpg-agent is already running" + fi + ;; + + ssh-agent) + if test -z "$SSH_AGENT_PID"; then + eval `ssh-agent -s` + ssh_agent_kill_cmd="ssh-agent -s -k" + else + echo "ssh-agent is already running" + fi + ;; + + *) + echo "Unrecognized agent type '$ssh_agent_type'" >&2 + ;; + esac +fi + + +# launch a screensaver if enabled. do not launch if we're root or if +# we're in a VNC session. +screensaver_enabled=`xfconf-query -c xfce4-session -p /startup/screensaver/enabled 2> /dev/null` +if test $UID -gt 0 -a -z "$VNCSESSION" -a "$screensaver_enabled" != "false"; then + screensaver_type=`xfconf-query -c xfce4-session -p /startup/screensaver/type 2> /dev/null` + + case "$screensaver_type" in + xscreensaver) + xscreensaver -no-splash & + ;; + + gnome-screensaver) + gnome-screensaver & + ;; + + *) + if test x"`which xscreensaver 2>/dev/null`" != x""; then + xscreensaver -no-splash & + elif test x"`which gnome-screensaver 2>/dev/null`" != x""; then + gnome-screensaver & + fi + ;; + esac +fi + + +# Run xfce4-session if installed +if which xfce4-session >/dev/null 2>&1; then + xfce4-session + + if test "$ssh_agent_kill_cmd"; then + echo "running '$ssh_agent_kill_cmd'" + eval "$ssh_agent_kill_cmd" + fi + + exit 0 +fi + + +################## +# IMPORTANT NOTE # +################## + +# Everything below here ONLY gets executed if you are NOT using xfce4-session +# (Xfce's session manager). If you are using the session manager, everything +# below is handled by it, and the code below is not executed at all. If you're +# not sure if you're using the session manager, type 'ps -e|grep xfce4-session' +# in a terminal while Xfce is running. + +################## + + +# this is only necessary when running w/o xfce4-session +xsetroot -solid black -cursor_name watch + +# or use old-fashioned startup script otherwise + +xfsettingsd & +xfwm4 --daemon + +# start up stuff in $XDG_CONFIG_HOME/autostart/, as that looks to be +# the new standard. if that directory doesn't exist, try the old +# ~/Desktop/Autostart method. we're not going to do any migration here. +if test -d "$XDG_CONFIG_HOME/autostart"; then + for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do + grep -q -E "^Hidden=true" "$i" && continue + if grep -q -E "^OnlyShowIn=" "$i"; then + # need to test twice, as lack of the line entirely means we still run it + grep -E "^OnlyShowIn=" "$i" | grep -q 'XFCE;' || continue + fi + grep -E "^NotShowIn=" "$i" | grep -q 'XFCE;' && continue + + # check for TryExec + trycmd=`grep -E "^TryExec=" "$i" | cut -d'=' -f2` + if test "$trycmd"; then + which "$trycmd" >/dev/null 2>&1 || continue + fi + + cmd=`grep -E "^Exec=" "$i" | cut -d'=' -f2` + if test "$cmd" && which "$cmd" >/dev/null 2>&1; then + $cmd & + fi + done +elif test -d "$HOME/Desktop/Autostart"; then + for i in `ls -1 -L ${HOME}/Desktop/Autostart/ 2>/dev/null`; do + if test -x $HOME/Desktop/Autostart/$i; then + $HOME/Desktop/Autostart/$i & + fi + done +fi + +xfdesktop& +orage & + +panel=`which xfce4-panel` +case "x$panel" in + x|xno*) + ;; + *) + $panel + ret=$? + while test $ret -ne 0; do + xmessage -center -file - -timeout 20 -title Error <&2 < + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the openssl.cnf file + included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/README.dist b/config-archive/usr/share/openvpn/easy-rsa/README.dist new file mode 100644 index 00000000..6f5395c1 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/README.dist @@ -0,0 +1,229 @@ +EASY-RSA Version 2.0-rc1 + +This is a small RSA key management package, based on the openssl +command line tool, that can be found in the easy-rsa subdirectory +of the OpenVPN distribution. While this tool is primary concerned +with key management for the SSL VPN application space, it can also +be used for building web certificates. + +These are reference notes. For step-by-step instructions, see the +HOWTO: + +http://openvpn.net/howto.html + +This package is based on the ./pkitool script. Run ./pkitool +without arguments for a detailed help message (which is also pasted +below). + +Release Notes for easy-rsa-2.0 + +* Most functionality has been consolidated into the pkitool + script. For compatibility, all previous scripts from 1.0 such + as build-key and build-key-server are provided as stubs + which call pkitool to do the real work. + +* pkitool has a --batch flag (enabled by default) which generates + keys/certs without needing any interactive input. pkitool + can still generate certs/keys using interactive prompting by + using the --interact flag. + +* The inherit-inter script has been provided for creating + a new PKI rooted on an intermediate certificate built within a + higher-level PKI. See comments in the inherit-inter script + for more info. + +* The openssl.cnf file has been modified. pkitool will not + work with the openssl.cnf file included with previous + easy-rsa releases. + +* The vars file has been modified -- the following extra + variables have been added: EASY_RSA, CA_EXPIRE, + KEY_EXPIRE. + +* The make-crl and revoke-crt scripts have been removed and + are replaced by the revoke-full script. + +* The "Organizational Unit" X509 field can be set using + the KEY_OU environmental variable before calling pkitool. + +* This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. + +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the correct openssl-.cnf + file included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca b/config-archive/usr/share/openvpn/easy-rsa/build-ca new file mode 100755 index 00000000..fb1e2ca7 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca @@ -0,0 +1,8 @@ +#!/bin/bash + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist new file mode 100755 index 00000000..bce29a6a --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh b/config-archive/usr/share/openvpn/easy-rsa/build-dh new file mode 100755 index 00000000..f019222e --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist new file mode 100755 index 00000000..4beb127f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist @@ -0,0 +1,11 @@ +#!/bin/sh + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter b/config-archive/usr/share/openvpn/easy-rsa/build-inter new file mode 100755 index 00000000..f831d6f7 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist new file mode 100755 index 00000000..87bf98d4 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key b/config-archive/usr/share/openvpn/easy-rsa/build-key new file mode 100755 index 00000000..61963083 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass new file mode 100755 index 00000000..35543e0b --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist new file mode 100755 index 00000000..8ef83077 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 new file mode 100755 index 00000000..5ef064ff --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 @@ -0,0 +1,8 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist new file mode 100755 index 00000000..ba90e6ad --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server b/config-archive/usr/share/openvpn/easy-rsa/build-key-server new file mode 100755 index 00000000..55026755 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server @@ -0,0 +1,10 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist new file mode 100755 index 00000000..fee01948 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist @@ -0,0 +1,10 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist new file mode 100755 index 00000000..6c0fed82 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req b/config-archive/usr/share/openvpn/easy-rsa/build-req new file mode 100755 index 00000000..26587d16 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass new file mode 100755 index 00000000..6e6c8637 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist new file mode 100755 index 00000000..b73ee1b5 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist new file mode 100755 index 00000000..559d512e --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all b/config-archive/usr/share/openvpn/easy-rsa/clean-all new file mode 100755 index 00000000..0576db5f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all @@ -0,0 +1,16 @@ +#!/bin/bash + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist new file mode 100755 index 00000000..cc6e3b2f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist @@ -0,0 +1,16 @@ +#!/bin/sh + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter new file mode 100755 index 00000000..21019516 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter @@ -0,0 +1,39 @@ +#!/bin/bash + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist new file mode 100755 index 00000000..aaa51688 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist @@ -0,0 +1,39 @@ +#!/bin/sh + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl b/config-archive/usr/share/openvpn/easy-rsa/list-crl new file mode 100755 index 00000000..afc0cd61 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl @@ -0,0 +1,13 @@ +#!/bin/bash + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist new file mode 100755 index 00000000..d1d8a69c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist @@ -0,0 +1,13 @@ +#!/bin/sh + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool b/config-archive/usr/share/openvpn/easy-rsa/pkitool new file mode 100755 index 00000000..72669887 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool @@ -0,0 +1,373 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist new file mode 100755 index 00000000..49588f58 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist @@ -0,0 +1,379 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + --help|--usage) + usage + exit ;; + --version) + echo "$PROGNAME $VERSION" + exit ;; + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full b/config-archive/usr/share/openvpn/easy-rsa/revoke-full new file mode 100755 index 00000000..efc94e86 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full @@ -0,0 +1,40 @@ +#!/bin/bash + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist new file mode 100755 index 00000000..4169c4ca --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist @@ -0,0 +1,40 @@ +#!/bin/sh + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req b/config-archive/usr/share/openvpn/easy-rsa/sign-req new file mode 100755 index 00000000..38655d35 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist new file mode 100755 index 00000000..6cae7b4e --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars b/config-archive/usr/share/openvpn/easy-rsa/vars new file mode 100644 index 00000000..cded8858 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars @@ -0,0 +1,68 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars.dist b/config-archive/usr/share/openvpn/easy-rsa/vars.dist new file mode 100644 index 00000000..2ea1ceda --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars.dist @@ -0,0 +1,74 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" +export KEY_EMAIL=mail@host.domain +export KEY_CN=changeme +export KEY_NAME=changeme +export KEY_OU=changeme +export PKCS11_MODULE_PATH=changeme +export PKCS11_PIN=1234 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf new file mode 100755 index 00000000..2260aa85 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf @@ -0,0 +1,13 @@ +#!/bin/sh + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + echo "$1/openssl-0.9.6.cnf" + else + echo "$1/openssl.cnf" + fi +else + echo "$1/openssl.cnf" +fi + +exit 0 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist new file mode 100755 index 00000000..2226a8e6 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist @@ -0,0 +1,26 @@ +#!/bin/sh + +cnf="$1/openssl.cnf" + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.6.cnf" + elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.8.cnf" + elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then + cnf="$1/openssl-1.0.0.cnf" + else + cnf="$1/openssl.cnf" + fi +fi + +echo $cnf + +if [ ! -r $cnf ]; then + echo "**************************************************************" >&2 + echo " No $cnf file could be found" >&2 + echo " Further invocations will fail" >&2 + echo "**************************************************************" >&2 +fi + +exit 0 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop b/config-archive/usr/share/xsessions/KDE-4.desktop index a03d170a..011ca711 100644 --- a/config-archive/usr/share/xsessions/KDE-4.desktop +++ b/config-archive/usr/share/xsessions/KDE-4.desktop @@ -4,7 +4,10 @@ Type=XSession Exec=/usr/bin/startkde TryExec=/usr/bin/startkde Name=KDE Plasma Workspace +Name[ar]=مساحة عمل بلازما كدي +Name[bg]=Работно пространство Plasma на KDE Name[ca]=Espai de treball del Plasma del KDE +Name[ca@valencia]=Espai de treball del Plasma del KDE Name[cs]=Pracovní plocha Plasma Name[da]=KDE Plasma arbejdsområde Name[de]=KDE-Plasma-Arbeitsbereich @@ -13,13 +16,13 @@ Name[et]=KDE Plasma töötsoon Name[eu]=KDE Plasma langunea Name[fi]=KDE Plasma-työtila Name[fr]=Espace de travail Plasma de KDE +Name[ga]=Spás Oibre KDE Plasma Name[he]=סביבת עבודה של KDE Plasma Name[hu]=KDE Plasma munkaterület Name[ia]=Spatio de labor de Plasma de KDE Name[is]=KDE Plasma-vinnurými Name[it]=Spazio di lavoro di KDE Plasma Name[kk]=KDE Plasma жұмыс орны -Name[km]=តំបន់​ការងារ​ផ្ទៃតុ​របស់​ប្លាស្មា​ Name[ko]=KDE Plasma 작업 공간 Name[lt]=KDE Plasma darbastalio erdvė Name[lv]=KDE Plasma darba vide @@ -27,23 +30,26 @@ Name[nb]=KDE Plasma arbeidsflate Name[nds]=KDE-Arbeitrebeet Plasma Name[nl]=KDE Plasma-werkruimte Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ -Name[pl]=Przestrzeń robocza KDE Name[pt]=Área de Trabalho Plasma do KDE -Name[pt_BR]=Espaço de trabalho Plasma do KDE +Name[pt_BR]=Espaço de trabalho do Plasma do KDE Name[ro]=Spațiu de lucru Plasma KDE Name[ru]=Рабочий стол Plasma +Name[sk]=KDE pracovná plocha Plasma Name[sr]=КДЕ‑ов плазма радни простор Name[sr@ijekavian]=КДЕ‑ов плазма радни простор Name[sr@ijekavianlatin]=KDE‑ov plasma radni prostor Name[sr@latin]=KDE‑ov plasma radni prostor Name[sv]=KDE Plasma arbetsyta -Name[tr]=KDE Plasma Çalışma Alanı Name[ug]=ك د ئې(KDE) پلازما خىزمەت بوشلۇقى Name[uk]=Робочий простір Плазми KDE Name[x-test]=xxKDE Plasma Workspacexx +Name[zh_CN]=KDE 离子工作空间 Name[zh_TW]=KDE Plasma 工作空間 Comment=The desktop made by KDE +Comment[ar]=سطح المكتب الذي أنتجته كدي +Comment[bg]=Настолна среда KDE Comment[ca]=L'escriptori creat pel KDE +Comment[ca@valencia]=L'escriptori creat pel KDE Comment[cs]=Prostředí od KDE Comment[da]=Skrivebordet fra KDE Comment[de]=Die von KDE erstellte Arbeitsfläche @@ -59,25 +65,25 @@ Comment[ia]=Le scriptorio facite per KDE Comment[is]=KDE Skjáborð Comment[it]=Il desktop fatto da KDE Comment[kk]=KDE үстелі -Comment[km]=ផ្ទៃ​តុ​បាន​បង្កើត​ដោយ​ KDE Comment[ko]=KDE에서 만든 데스크톱 Comment[lt]=Darbastalis sukurtas su KDE Comment[lv]=KDE veidota darbvirsma Comment[nb]=Skrivebordet som KDE laget Comment[nds]=KDE-Schriefdisch Comment[nl]=Het bureaublad gemaakt door KDE -Comment[pl]=Pulpit KDE +Comment[pa]=KDE ਵਲੋਂ ਬਣਾਇਆ ਡੈਸਕਟਾਪ Comment[pt]=O ambiente de trabalho feito pelo KDE Comment[pt_BR]=O ambiente de trabalho feito pelo KDE Comment[ro]=Biroul creat de KDE Comment[ru]=Окружение рабочего стола от команды KDE +Comment[sk]=Pracovná plocha vytvorená KDE Comment[sr]=Радна површ у изведби КДЕ‑а Comment[sr@ijekavian]=Радна површ у изведби КДЕ‑а Comment[sr@ijekavianlatin]=Radna površ u izvedbi KDE‑a Comment[sr@latin]=Radna površ u izvedbi KDE‑a Comment[sv]=Skrivbordet skapat av KDE -Comment[tr]=KDE masaüstü Comment[ug]=بۇ ئۈستەلئۈستى KDE دا ياسالغان Comment[uk]=Стільниця, створена командою KDE Comment[x-test]=xxThe desktop made by KDExx +Comment[zh_CN]=KDE 制作的桌面 Comment[zh_TW]=KDE 製作的桌面 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop.1 b/config-archive/usr/share/xsessions/KDE-4.desktop.1 new file mode 100644 index 00000000..a03d170a --- /dev/null +++ b/config-archive/usr/share/xsessions/KDE-4.desktop.1 @@ -0,0 +1,83 @@ +[Desktop Entry] +Encoding=UTF-8 +Type=XSession +Exec=/usr/bin/startkde +TryExec=/usr/bin/startkde +Name=KDE Plasma Workspace +Name[ca]=Espai de treball del Plasma del KDE +Name[cs]=Pracovní plocha Plasma +Name[da]=KDE Plasma arbejdsområde +Name[de]=KDE-Plasma-Arbeitsbereich +Name[es]=Espacio de trabajo Plasma de KDE +Name[et]=KDE Plasma töötsoon +Name[eu]=KDE Plasma langunea +Name[fi]=KDE Plasma-työtila +Name[fr]=Espace de travail Plasma de KDE +Name[he]=סביבת עבודה של KDE Plasma +Name[hu]=KDE Plasma munkaterület +Name[ia]=Spatio de labor de Plasma de KDE +Name[is]=KDE Plasma-vinnurými +Name[it]=Spazio di lavoro di KDE Plasma +Name[kk]=KDE Plasma жұмыс орны +Name[km]=តំបន់​ការងារ​ផ្ទៃតុ​របស់​ប្លាស្មា​ +Name[ko]=KDE Plasma 작업 공간 +Name[lt]=KDE Plasma darbastalio erdvė +Name[lv]=KDE Plasma darba vide +Name[nb]=KDE Plasma arbeidsflate +Name[nds]=KDE-Arbeitrebeet Plasma +Name[nl]=KDE Plasma-werkruimte +Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ +Name[pl]=Przestrzeń robocza KDE +Name[pt]=Área de Trabalho Plasma do KDE +Name[pt_BR]=Espaço de trabalho Plasma do KDE +Name[ro]=Spațiu de lucru Plasma KDE +Name[ru]=Рабочий стол Plasma +Name[sr]=КДЕ‑ов плазма радни простор +Name[sr@ijekavian]=КДЕ‑ов плазма радни простор +Name[sr@ijekavianlatin]=KDE‑ov plasma radni prostor +Name[sr@latin]=KDE‑ov plasma radni prostor +Name[sv]=KDE Plasma arbetsyta +Name[tr]=KDE Plasma Çalışma Alanı +Name[ug]=ك د ئې(KDE) پلازما خىزمەت بوشلۇقى +Name[uk]=Робочий простір Плазми KDE +Name[x-test]=xxKDE Plasma Workspacexx +Name[zh_TW]=KDE Plasma 工作空間 +Comment=The desktop made by KDE +Comment[ca]=L'escriptori creat pel KDE +Comment[cs]=Prostředí od KDE +Comment[da]=Skrivebordet fra KDE +Comment[de]=Die von KDE erstellte Arbeitsfläche +Comment[es]=El escritorio diseñado por KDE +Comment[et]=KDE loodud töölaud +Comment[eu]=KDE-k eginiko mahaigaina +Comment[fi]=KDE:n tekemä työpöytä +Comment[fr]=Le bureau réalisé par KDE +Comment[he]=שולחן העבודה של KDE +Comment[hr]=Radna površina koju je napravio KDE +Comment[hu]=A KDE által készített munkaasztal +Comment[ia]=Le scriptorio facite per KDE +Comment[is]=KDE Skjáborð +Comment[it]=Il desktop fatto da KDE +Comment[kk]=KDE үстелі +Comment[km]=ផ្ទៃ​តុ​បាន​បង្កើត​ដោយ​ KDE +Comment[ko]=KDE에서 만든 데스크톱 +Comment[lt]=Darbastalis sukurtas su KDE +Comment[lv]=KDE veidota darbvirsma +Comment[nb]=Skrivebordet som KDE laget +Comment[nds]=KDE-Schriefdisch +Comment[nl]=Het bureaublad gemaakt door KDE +Comment[pl]=Pulpit KDE +Comment[pt]=O ambiente de trabalho feito pelo KDE +Comment[pt_BR]=O ambiente de trabalho feito pelo KDE +Comment[ro]=Biroul creat de KDE +Comment[ru]=Окружение рабочего стола от команды KDE +Comment[sr]=Радна површ у изведби КДЕ‑а +Comment[sr@ijekavian]=Радна површ у изведби КДЕ‑а +Comment[sr@ijekavianlatin]=Radna površ u izvedbi KDE‑a +Comment[sr@latin]=Radna površ u izvedbi KDE‑a +Comment[sv]=Skrivbordet skapat av KDE +Comment[tr]=KDE masaüstü +Comment[ug]=بۇ ئۈستەلئۈستى KDE دا ياسالغان +Comment[uk]=Стільниця, створена командою KDE +Comment[x-test]=xxThe desktop made by KDExx +Comment[zh_TW]=KDE 製作的桌面 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop.dist b/config-archive/usr/share/xsessions/KDE-4.desktop.dist index 011ca711..3fc6cc13 100644 --- a/config-archive/usr/share/xsessions/KDE-4.desktop.dist +++ b/config-archive/usr/share/xsessions/KDE-4.desktop.dist @@ -30,6 +30,7 @@ Name[nb]=KDE Plasma arbeidsflate Name[nds]=KDE-Arbeitrebeet Plasma Name[nl]=KDE Plasma-werkruimte Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ +Name[pl]=Przestrzeń robocza plazmy KDE Name[pt]=Área de Trabalho Plasma do KDE Name[pt_BR]=Espaço de trabalho do Plasma do KDE Name[ro]=Spațiu de lucru Plasma KDE @@ -72,6 +73,7 @@ Comment[nb]=Skrivebordet som KDE laget Comment[nds]=KDE-Schriefdisch Comment[nl]=Het bureaublad gemaakt door KDE Comment[pa]=KDE ਵਲੋਂ ਬਣਾਇਆ ਡੈਸਕਟਾਪ +Comment[pl]=Pulpit wyprodukowany przez KDE Comment[pt]=O ambiente de trabalho feito pelo KDE Comment[pt_BR]=O ambiente de trabalho feito pelo KDE Comment[ro]=Biroul creat de KDE diff --git a/config-archive/usr/share/xsessions/xfce.desktop b/config-archive/usr/share/xsessions/xfce.desktop new file mode 100644 index 00000000..5de3842c --- /dev/null +++ b/config-archive/usr/share/xsessions/xfce.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Name=Xfce Session +Name[de]=Xfce-Sitzung +Name[en_GB]=Xfce Session +Name[ru]=Сеанс Xfce +Comment=Use this session to run Xfce as your desktop environment +Comment[de]=Verwenden Sie diese Sitzung, um Xfce als Ihre Arbeitsumgebung laufen zu lassen +Comment[en_GB]=Use this session to run Xfce as your desktop environment +Comment[ru]=Используйте данный сеанс для запуска Xfce как своей рабочей среды +Exec=startxfce4 +Icon= +Type=Application diff --git a/config-archive/usr/share/xsessions/xfce.desktop.dist b/config-archive/usr/share/xsessions/xfce.desktop.dist new file mode 100644 index 00000000..29ed9669 --- /dev/null +++ b/config-archive/usr/share/xsessions/xfce.desktop.dist @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Name=Xfce Session +Name[de]=Xfce-Sitzung +Name[en_GB]=Xfce Session +Name[ru]=Сеанс +Comment=Use this session to run Xfce as your desktop environment +Comment[de]=Wählen Sie diese Sitzung, um Xfce als Ihre Arbeitsumgebung auszuführen +Comment[en_GB]=Use this session to run Xfce as your desktop environment +Comment[ru]=Используйте этот сеанс, чтобы сделать Xfce вашим окружением +Exec=startxfce4 +Icon= +Type=Application diff --git a/gentoo/gentoorc b/gentoo/gentoorc index b39bf9de..37f74c99 100644 --- a/gentoo/gentoorc +++ b/gentoo/gentoorc @@ -1,7 +1,7 @@ - "0.19.12" + "0.19.13" 2 @@ -234,18 +234,18 @@ - "mouse_right" + "run_script" 0 - "Built-In" - "SelectRow action=select" - 0 - - - "Built-In" - "MenuPopup" + "External" + "/usr/bin/env bash {fup}" 0 + + 16 + 20 + 0 + @@ -277,15 +277,15 @@ - "play_mod" + "view_rar" 0 "External" - "xmp {fup}" + "unrar lt {fup}" 0 - 3 + 4 0 0 @@ -325,44 +325,44 @@ - "uncompress_tar_bzip2" + "view_ps" 0 "External" - "tar --use-compress-program=bzip2 -xf {fup}" + "gv {fut}" 0 - 0 - 8 - 2 + 1 + 0 + 0 - "test_uri" + "uncompress_tar_bzip2" 0 "External" - "echo {uq}" + "tar --use-compress-program=bzip2 -xf {fup}" 0 0 - 0 - 0 + 8 + 2 - "unmount" + "test_uri" 0 "External" - "umount {fpu}" + "echo {uq}" 0 0 @@ -373,15 +373,15 @@ - "view_rpm" + "play_sample" 0 "External" - "rpm -SOME_SMART_OPTION {fup}" + "aplay {fup}" 0 - 4 + 0 0 0 @@ -389,12 +389,12 @@ - "print_selected" + "unmount" 0 "External" - "echo {Fpu}" + "umount {fpu}" 0 0 @@ -421,16 +421,16 @@ - "view_video" + "new_shell" 0 "External" - "mplayer -quiet -vo x11 {fup}" + "xterm" 0 - 0 - 0 + 1 + 4 0 @@ -905,33 +905,33 @@ - "convert_mp3" - 1 + "print_selected" + 0 "External" - "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" + "echo {Fpu}" 0 0 - 4 - 1 + 0 + 0 - "view_deb" - 0 + "convert_mp3" + 1 "External" - "dpkg-deb -c {fup}" + "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" 0 - 4 - 0 - 0 + 0 + 4 + 1 @@ -953,12 +953,28 @@ - "view_bzip2" + "mouse_right" + 0 + + + "Built-In" + "SelectRow action=select" + 0 + + + "Built-In" + "MenuPopup" + 0 + + + + + "view_rpm" 0 "External" - "bzcat {fup}" + "rpm -SOME_SMART_OPTION {fup}" 0 4 @@ -969,31 +985,31 @@ - "run_script" + "view_bzip2" 0 "External" - "/usr/bin/env bash {fup}" + "bzcat {fup}" 0 - 16 - 20 + 4 + 0 0 - "view_ps" + "play_mod" 0 "External" - "gv {fut}" + "xmp {fup}" 0 - 1 + 3 0 0 @@ -1033,15 +1049,15 @@ - "run_calculator" + "view_video" 0 "External" - "gnome-calculator" + "mplayer -quiet -vo x11 {fup}" 0 - 3 + 0 0 0 @@ -1049,12 +1065,12 @@ - "view_zip" + "view_deb" 0 "External" - "unzip -v {fup}" + "dpkg-deb -c {fup}" 0 4 @@ -1065,31 +1081,15 @@ - "new_shell" - 0 - - - "External" - "xterm" - 0 - - 1 - 4 - 0 - - - - - - "play_sample" + "run_calculator" 0 "External" - "aplay {fup}" + "gnome-calculator" 0 - 0 + 3 0 0 @@ -1097,12 +1097,12 @@ - "view_rar" + "view_zip" 0 "External" - "unrar lt {fup}" + "unzip -v {fup}" 0 4 @@ -1358,6 +1358,10 @@ "uFG" C8080,0000,3333 + + "View" + "view_image" + "uIcon" "Image.xpm" @@ -1366,10 +1370,6 @@ "Edit" "edit_image" - - "View" - "view_image" - diff --git a/init.d/consolekit b/init.d/consolekit index d469b463..b2022676 100755 --- a/init.d/consolekit +++ b/init.d/consolekit @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2006 Gentoo Foundation +# Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.1.rc,v 1.2 2009/09/12 19:46:19 nirbheek Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.2.rc,v 1.1 2011/10/20 19:14:47 axs Exp $ depend() { need dbus @@ -11,6 +11,8 @@ depend() { start() { ebegin "Starting ConsoleKit daemon" + checkpath -q -d -m 0755 /var/run/ConsoleKit + start-stop-daemon --start -q \ --pidfile /var/run/ConsoleKit/pid \ --exec /usr/sbin/console-kit-daemon -- diff --git a/init.d/sysstat b/init.d/sysstat index 885782a2..7875fcd6 100755 --- a/init.d/sysstat +++ b/init.d/sysstat @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $ depend() { use hostname @@ -9,7 +9,7 @@ depend() { start() { ebegin "Writing a dummy startup record using sadc (see sadc(8))..." - /usr/lib/sa/sadc -F -L - + /usr/lib/sa/sa1 --boot eend $? } diff --git a/layman/layman.cfg b/layman/layman.cfg index b45c6f06..ea68e66e 100644 --- a/layman/layman.cfg +++ b/layman/layman.cfg @@ -42,9 +42,17 @@ overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml #----------------------------------------------------------- # Strict checking of overlay definitions # -# Set either to "yes" or "no". If "no" layman will issue -# warnings if an overlay definition is missing either -# description or contact information. +# The nocheck option is a bit confusing, for historical reasons. +# Hopefully this description eases the double negation trouble: +# +# nocheck : yes +# - Accepts completene overlay entries without warnings +# - Lists overlays of type foo (say Git) even with no foo installed +# +# nocheck : no +# - Checks overlay entries for missing description or contact +# information and issue warnings as needed +# - Hides overlays of type foo (say Git) if foo not not installed # nocheck : yes diff --git a/profile b/profile index 3565bab1..2dee4639 100644 --- a/profile +++ b/profile @@ -54,7 +54,7 @@ else # Setup a bland default prompt. Since this prompt should be useable # on color and non-color terminals, as well as shells that don't # understand sequences such as \h, don't put anything special in it. - PS1="${USER:-$(type whoami >/dev/null && whoami)}@$(type uname >/dev/null && uname -n) \$ " + PS1="${USER:-$(whoami 2>/dev/null)}@$(uname -n 2>/dev/null) \$ " fi for sh in /etc/profile.d/*.sh ; do diff --git a/xdg/Thunar/uca.xml b/xdg/Thunar/uca.xml index 91f11769..54e1f16b 100644 --- a/xdg/Thunar/uca.xml +++ b/xdg/Thunar/uca.xml @@ -14,6 +14,8 @@ + + @@ -37,7 +39,7 @@ Example for a custom action Пример особого действия Ví dụ cho một hành động tuỳ biến - + diff --git a/xdg/autostart/user-dirs-update-gtk.desktop b/xdg/autostart/user-dirs-update-gtk.desktop index ea79903a..a2d530bf 100644 --- a/xdg/autostart/user-dirs-update-gtk.desktop +++ b/xdg/autostart/user-dirs-update-gtk.desktop @@ -3,9 +3,13 @@ Exec=xdg-user-dirs-gtk-update Name=User folders update Name[de]=Aktualisierung der Ordner des Benutzers Name[en_GB]=User folders update +Name[ru]=Обновление папок пользователя +Name[vi]=Cập nhật thư mục người dùng Comment=Update common folders names to match current locale Comment[de]=Namen der Standardordner auf die momentan verwendete Sprache aktualisieren Comment[en_GB]=Update common folders names to match current locale +Comment[ru]=Обновить имена общих папок для соответствия текущему языку +Comment[vi]=Cập nhật tên các thư mục thông dụng cho khớp với ngôn ngữ bản địa Terminal=false NotShowIn=KDE; Type=Application diff --git a/xdg/menus/xfce-applications.menu b/xdg/menus/xfce-applications.menu index 51a27cbf..dc3056b3 100644 --- a/xdg/menus/xfce-applications.menu +++ b/xdg/menus/xfce-applications.menu @@ -13,7 +13,6 @@ - xfrun4.desktop xfce4-run.desktop exo-terminal-emulator.desktop @@ -25,7 +24,6 @@ - xfhelp4.desktop xfce4-about.desktop xfce4-session-logout.desktop @@ -68,7 +66,7 @@ exo-file-manager.desktop exo-terminal-emulator.desktop xfce4-about.desktop - xfrun4.desktop + xfce4-run.desktop diff --git a/xdg/xfce4/helpers.rc b/xdg/xfce4/helpers.rc index 74315c0b..0c77f078 100644 --- a/xdg/xfce4/helpers.rc +++ b/xdg/xfce4/helpers.rc @@ -7,3 +7,4 @@ WebBrowser=firefox MailReader=thunderbird TerminalEmulator=Terminal +FileManager=Thunar diff --git a/xdg/xfce4/panel/default.xml b/xdg/xfce4/panel/default.xml index 244f0cc6..8c540f63 100644 --- a/xdg/xfce4/panel/default.xml +++ b/xdg/xfce4/panel/default.xml @@ -1,23 +1,27 @@ - - + + + + + + - + + - + - @@ -35,6 +39,10 @@ + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml index 47e592c4..cf1978d7 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml @@ -3,7 +3,13 @@ - + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml index 49f19c43..a200a37f 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml @@ -13,20 +13,20 @@ - + - - + - + + - + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml index 2460fed6..8f9e2eb4 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml @@ -1,11 +1,45 @@ - + + - - + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/xinitrc b/xdg/xfce4/xinitrc index ebbfcfb2..9d20e8c9 100644 --- a/xdg/xfce4/xinitrc +++ b/xdg/xfce4/xinitrc @@ -2,11 +2,11 @@ # fix broken $UID on some system... if test "x$UID" = "x"; then - if test -x /usr/xpg4/bin/id; then - UID=`/usr/xpg4/bin/id -u`; - else - UID=`id -u`; - fi + if test -x /usr/xpg4/bin/id; then + UID=`/usr/xpg4/bin/id -u`; + else + UID=`id -u`; + fi fi # set $XDG_MENU_PREFIX to "xfce-" so that "xfce-applications.menu" is picked @@ -38,56 +38,21 @@ if test "x$XDG_CACHE_HOME" = "x" ; then fi [ -d "$XDG_CACHE_HOME" ] || mkdir "$XDG_CACHE_HOME" - # set up XDG user directores. see # http://freedesktop.org/wiki/Software/xdg-user-dirs if which xdg-user-dirs-update >/dev/null 2>&1; then xdg-user-dirs-update fi -if test -f "$XDG_CONFIG_HOME/user-dirs.dirs"; then - . "$XDG_CONFIG_HOME/user-dirs.dirs" - # i'm deliberately not 'export'-ing the XDG_ vars, because you shouldn't - # rely on the env vars inside apps, since the file could be changed at - # any time by the user. this is solely here for migration purposes. - - # a bit of user dir migration... - if test -d "$HOME/Desktop" -a ! -L "$HOME/Desktop" \ - -a "$XDG_DESKTOP_DIR" \ - -a "$HOME/Desktop" != "$XDG_DESKTOP_DIR" - then - echo "Migrating $HOME/Desktop to $XDG_DESKTOP_DIR..." - test -d "$XDG_DESKTOP_DIR" && rmdir "$XDG_DESKTOP_DIR" - mv "$HOME/Desktop" "$XDG_DESKTOP_DIR" || echo "Desktop migration failed" >&2 - fi - - if test -d "$HOME/Templates" -a ! -L "$HOME/Templates" \ - -a "$XDG_TEMPLATES_DIR" \ - -a "$HOME/Templates" != "$XDG_TEMPLATES_DIR" - then - echo "Migrating $HOME/Templates to $XDG_TEMPLATES_DIR..." - test -d "$XDG_TEMPLATES_DIR" && rmdir "$XDG_TEMPLATES_DIR" - mv "$HOME/Templates" "$XDG_TEMPLATES_DIR" || echo "Templates migration failed" >&2 - fi -fi - - # Modify libglade and glade environment variables so that # it will find the files installed by Xfce -LIBGLADE_MODULE_PATH="$LIBGLADE_MODULE_PATH:" -GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:" -GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:" -GLADE_MODULE_PATH="$GLADE_MODULE_PATH:" -export LIBGLADE_MODULE_PATH +GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:/usr/share/glade3/catalogs" +GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:/usr/lib64/glade3/modules" +GLADE_MODULE_PATH="$GLADE_MODULE_PATH:/usr/share/glade3/pixmaps" export GLADE_CATALOG_PATH export GLADE_PIXMAP_PATH export GLADE_MODULE_PATH -# Export GTK_PATH so that GTK+ can find the Xfce theme engine -# https://bugzilla.xfce.org/show_bug.cgi?id=7483 -#GTK_PATH="$GTK_PATH:/usr/lib64/gtk-2.0" -#export GTK_PATH - # For now, start with an empty list XRESOURCES="" @@ -116,111 +81,31 @@ cat /dev/null $XRESOURCES | xrdb -nocpp -merge - # load local modmap test -r $HOME/.Xmodmap && xmodmap $HOME/.Xmodmap -# Use dbus-launch if installed. -if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then - if which dbus-launch >/dev/null 2>&1; then - eval `dbus-launch --sh-syntax --exit-with-session` - # some older versions of dbus don't export the var properly - export DBUS_SESSION_BUS_ADDRESS - else - echo "Could not find dbus-launch; Xfce will not work properly" >&2 - fi -fi - -# launch gpg-agent or ssh-agent if enabled. -ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null` -if test "$ssh_agent_enabled" != "false"; then - # if the user has pam_ssh installed, it will start ssh-agent for us, but - # of course won't start gpg-agent. so, if ssh-agent is already running, - # but we want gpg-agent (and that's not running yet) start gpg-agent - # without ssh support +# run xfce4-session if installed +if which xfce4-session >/dev/null 2>&1; then - ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null` - if test -z "$ssh_agent_type"; then - if which gpg-agent >/dev/null 2>&1; then - ssh_agent_type=gpg-agent - else - ssh_agent_type=ssh-agent - fi - fi + # check if we start xfce4-session with ck-launch-session. this is only + # required for starting from a console, not a login manager + if test "x$XFCE4_SESSION_WITH_CK" = "x1"; then + if which ck-launch-session >/dev/null 2>&1; then + ck-launch-session xfce4-session + else + echo + echo "You have tried to start Xfce with consolekit support, but" + echo "ck-launch-session is not installed." + echo "Aborted startup..." + echo - # ignore stale ssh-agents - if test "$SSH_AGENT_PID"; then - if ! kill -0 $SSH_AGENT_PID; then - unset SSH_AGENT_PID - unset SSH_AUTH_SOCK - fi + exit 1 fi - - case "$ssh_agent_type" in - gpg-agent) - if test -z "$SSH_AGENT_PID"; then - eval `gpg-agent --daemon --enable-ssh-support --write-env-file $XDG_CACHE_HOME/gpg-agent-info` - ssh_agent_kill_cmd="kill -INT $SSH_AGENT_PID; rm -f $XDG_CACHE_HOME/gpg-agent-info" - elif test -z "$GPG_AGENT_INFO"; then - echo "ssh-agent is already running; starting gpg-agent without ssh support" - eval `gpg-agent --daemon --write-env-file $XDG_CACHE_HOME/gpg-agent-info` - ssh_agent_kill_cmd="pkill -INT ^gpg-agent\$; rm -f $XDG_CACHE_HOME/gpg-agent-info" - else - echo "gpg-agent is already running" - fi - ;; - - ssh-agent) - if test -z "$SSH_AGENT_PID"; then - eval `ssh-agent -s` - ssh_agent_kill_cmd="ssh-agent -s -k" - else - echo "ssh-agent is already running" - fi - ;; - - *) - echo "Unrecognized agent type '$ssh_agent_type'" >&2 - ;; - esac -fi - - -# launch a screensaver if enabled. do not launch if we're root or if -# we're in a VNC session. -screensaver_enabled=`xfconf-query -c xfce4-session -p /startup/screensaver/enabled 2> /dev/null` -if test $UID -gt 0 -a -z "$VNCSESSION" -a "$screensaver_enabled" != "false"; then - screensaver_type=`xfconf-query -c xfce4-session -p /startup/screensaver/type 2> /dev/null` - - case "$screensaver_type" in - xscreensaver) - xscreensaver -no-splash & - ;; - - gnome-screensaver) - gnome-screensaver & - ;; - - *) - if test x"`which xscreensaver 2>/dev/null`" != x""; then - xscreensaver -no-splash & - elif test x"`which gnome-screensaver 2>/dev/null`" != x""; then - gnome-screensaver & - fi - ;; - esac -fi - - -# Run xfce4-session if installed -if which xfce4-session >/dev/null 2>&1; then + else + # start xfce4-session normally xfce4-session + fi - if test "$ssh_agent_kill_cmd"; then - echo "running '$ssh_agent_kill_cmd'" - eval "$ssh_agent_kill_cmd" - fi - - exit 0 + exit 0 fi - ################## # IMPORTANT NOTE # ################## @@ -233,6 +118,16 @@ fi ################## +# Use dbus-launch if installed. +if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then + if which dbus-launch >/dev/null 2>&1; then + eval `dbus-launch --sh-syntax --exit-with-session` + # some older versions of dbus don't export the var properly + export DBUS_SESSION_BUS_ADDRESS + else + echo "Could not find dbus-launch; Xfce will not work properly" >&2 + fi +fi # this is only necessary when running w/o xfce4-session xsetroot -solid black -cursor_name watch @@ -242,9 +137,7 @@ xsetroot -solid black -cursor_name watch xfsettingsd & xfwm4 --daemon -# start up stuff in $XDG_CONFIG_HOME/autostart/, as that looks to be -# the new standard. if that directory doesn't exist, try the old -# ~/Desktop/Autostart method. we're not going to do any migration here. +# start up stuff in $XDG_CONFIG_HOME/autostart/ if test -d "$XDG_CONFIG_HOME/autostart"; then for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do grep -q -E "^Hidden=true" "$i" && continue @@ -265,12 +158,6 @@ if test -d "$XDG_CONFIG_HOME/autostart"; then $cmd & fi done -elif test -d "$HOME/Desktop/Autostart"; then - for i in `ls -1 -L ${HOME}/Desktop/Autostart/ 2>/dev/null`; do - if test -x $HOME/Desktop/Autostart/$i; then - $HOME/Desktop/Autostart/$i & - fi - done fi xfdesktop& @@ -302,8 +189,4 @@ EOF ;; esac -if test "$ssh_agent_kill_cmd"; then - eval "$ssh_agent_kill_cmd" -fi - xsetroot -bg white -fg red -solid black -cursor_name watch -- 2.39.5