From bc8dc24193056e837cc34ec2fae6bef523c086fc Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 13 Oct 2017 00:12:31 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: -apt 1.5~rc1 amd64 +apt 1.5 amd64 -apt-utils 1.5~rc1 amd64 +apt-utils 1.5 amd64 -base-passwd 3.5.43 amd64 +base-passwd 3.5.44 amd64 -binutils 2.29-8 amd64 -binutils-common 2.29-8 amd64 -binutils-x86-64-linux-gnu 2.29-8 amd64 +binutils 2.29.1-4 amd64 +binutils-common 2.29.1-4 amd64 +binutils-x86-64-linux-gnu 2.29.1-4 amd64 -bsdutils 1:2.29.2-4 amd64 -build-essential 12.3 amd64 -busybox 1:1.22.0-19+b3 amd64 +bsdutils 1:2.29.2-5+b1 amd64 +build-essential 12.4 amd64 +busybox 1:1.27.2-1 amd64 -chrony 3.1-5 amd64 +chrony 3.2-1 amd64 -console-setup 1.166 all -console-setup-linux 1.166 all +console-setup 1.167 all +console-setup-linux 1.167 all -cpp 4:7.1.0-2 amd64 -cpp-7 7.2.0-3 amd64 +cpp 4:7.2.0-1d1 amd64 +cpp-7 7.2.0-8 amd64 -cron 3.0pl1-128+b1 amd64 +cron 3.0pl1-128.1 amd64 -dbus 1.11.16+really1.10.22-1 amd64 +dbus 1.11.20-1 amd64 -debian-archive-keyring 2017.5 all +debian-archive-keyring 2017.6 all -dirmngr 2.1.23-2 amd64 +dirmngr 2.2.1-1 amd64 -dnsmasq-base 2.77-2 amd64 +dnsmasq-base 2.78-1 amd64 -fdisk 2.29.2-4 amd64 +fdisk 2.29.2-5+b1 amd64 -file 1:5.31-1 amd64 +file 1:5.32-1 amd64 -g++ 4:7.1.0-2 amd64 -g++-7 7.2.0-3 amd64 -gcc 4:7.1.0-2 amd64 -gcc-6-base 6.4.0-4 amd64 -gcc-7 7.2.0-3 amd64 -gcc-7-base 7.2.0-3 amd64 -geoip-database 20170831-1 all +g++ 4:7.2.0-1d1 amd64 +g++-7 7.2.0-8 amd64 +gcc 4:7.2.0-1d1 amd64 +gcc-6-base 6.4.0-7 amd64 +gcc-7 7.2.0-8 amd64 +gcc-7-base 7.2.0-8 amd64 +geoip-database 20170928-1 all -git 1:2.14.1-2 amd64 -git-email 1:2.14.1-2 all -git-man 1:2.14.1-2 all -gnupg 2.1.23-2 amd64 +git 1:2.14.2-1 amd64 +git-email 1:2.14.2-1 all +git-man 1:2.14.2-1 all +gnupg 2.2.1-1 amd64 -gnupg-l10n 2.1.23-2 all -gnupg-utils 2.1.23-2 amd64 -gpg 2.1.23-2 amd64 -gpg-agent 2.1.23-2 amd64 -gpg-wks-client 2.1.23-2 amd64 -gpg-wks-server 2.1.23-2 amd64 -gpgconf 2.1.23-2 amd64 -gpgsm 2.1.23-2 amd64 -gpgv 2.1.23-2 amd64 +gnupg-l10n 2.2.1-1 all +gnupg-utils 2.2.1-1 amd64 +gpg 2.2.1-1 amd64 +gpg-agent 2.2.1-1 amd64 +gpg-wks-client 2.2.1-1 amd64 +gpg-wks-server 2.2.1-1 amd64 +gpgconf 2.2.1-1 amd64 +gpgsm 2.2.1-1 amd64 +gpgv 2.2.1-1 amd64 -iproute2 4.9.0-1 amd64 +iproute2 4.9.0-2 amd64 -iso-codes 3.75-1 all -isoquery 3.2.1-2 amd64 +iso-codes 3.76-1 all +isoquery 3.2.2-1 amd64 -kbd 2.0.4-1 amd64 -keyboard-configuration 1.166 all +kbd 2.0.4-2 amd64 +keyboard-configuration 1.167 all -lftp 4.8.0-3 amd64 +lftp 4.8.1-1 amd64 -libapparmor1 2.11.0-10 amd64 -libapt-inst2.0 1.5~rc1 amd64 -libapt-pkg5.0 1.5~rc1 amd64 -libasan4 7.2.0-3 amd64 +libapparmor1 2.11.0-11 amd64 +libapt-inst2.0 1.5 amd64 +libapt-pkg5.0 1.5 amd64 +libasan4 7.2.0-8 amd64 -libatomic1 7.2.0-3 amd64 +libatomic1 7.2.0-8 amd64 -libaudit-common 1:2.7.7-1 all -libaudit1 1:2.7.7-1+b2 amd64 +libaudit-common 1:2.7.8-1 all +libaudit1 1:2.7.8-1 amd64 -libbinutils 2.29-8 amd64 -libblkid1 2.29.2-4 amd64 -libbluetooth3 5.45-1 amd64 +libbinutils 2.29.1-4 amd64 +libblkid1 2.29.2-5+b1 amd64 +libbluetooth3 5.47-1 amd64 -libbsd0 0.8.6-1 amd64 +libbsd0 0.8.6-2 amd64 -libcc1-0 7.2.0-3 amd64 -libcilkrts5 7.2.0-3 amd64 +libcc1-0 7.2.0-8 amd64 +libcilkrts5 7.2.0-8 amd64 -libcryptsetup4 2:1.7.3-4 amd64 -libcurl3-gnutls 7.55.0-1 amd64 +libcryptsetup4 2:1.7.5-1 amd64 +libcurl3-gnutls 7.55.1-1 amd64 -libdbus-1-3 1.11.16+really1.10.22-1 amd64 -libdebconfclient0 0.229 amd64 +libdbus-1-3 1.11.20-1 amd64 +libdebconfclient0 0.230 amd64 -libelf1 0.168-1 amd64 -liberror-perl 0.17024-1 all +libelf1 0.170-0.1 amd64 +liberror-perl 0.17025-1 all -libfdisk1 2.29.2-4 amd64 +libfdisk1 2.29.2-5+b1 amd64 -libgcc-7-dev 7.2.0-3 amd64 -libgcc1 1:7.2.0-3 amd64 +libgcc-7-dev 7.2.0-8 amd64 +libgcc1 1:7.2.0-8 amd64 -libglib2.0-0 2.53.6-1 amd64 -libglib2.0-data 2.53.6-1 all -libgmp10 2:6.1.2+dfsg-1 amd64 +libglib2.0-0 2.54.1-1 amd64 +libglib2.0-data 2.54.1-1 all +libgmp10 2:6.1.2+dfsg-1.1 amd64 -libgomp1 7.2.0-3 amd64 +libgomp1 7.2.0-8 amd64 -libhogweed4 3.3-1+b1 amd64 +libhogweed4 3.3-2 amd64 -libidn11 1.33-1 amd64 -libidn2-0 2.0.2-3 amd64 +libidn11 1.33-2 amd64 +libidn2-0 2.0.2-5 amd64 -libitm1 7.2.0-3 amd64 +libitm1 7.2.0-8 amd64 -libjs-jquery 3.1.1-2 all -libjs-sphinxdoc 1.5.6-2 all +libjs-jquery 3.2.1-1 all +libjs-sphinxdoc 1.6.4-2 all -liblsan0 7.2.0-3 amd64 +liblsan0 7.2.0-8 amd64 -libmagic-mgc 1:5.31-1 amd64 -libmagic1 1:5.31-1 amd64 -libmailutils5 1:3.1.1-1 amd64 +libmagic-mgc 1:5.32-1 amd64 +libmagic1 1:5.32-1 amd64 +libmailutils5 1:3.2-1 amd64 -libmount1 2.29.2-4 amd64 -libmpc3 1.0.3-1+b2 amd64 +libmount1 2.29.2-5+b1 amd64 +libmpc3 1.0.3-2 amd64 -libmpfr4 3.1.6~rc1-1 amd64 -libmpx2 7.2.0-3 amd64 -libncurses5 6.0+20170715-2 amd64 -libncursesw5 6.0+20170715-2 amd64 +libmpfr4 3.1.6-1 amd64 +libmpx2 7.2.0-8 amd64 +libncurses5 6.0+20170902-1 amd64 +libncursesw5 6.0+20170902-1 amd64 -libnettle6 3.3-1+b1 amd64 +libnettle6 3.3-2 amd64 -libnghttp2-14 1.25.0-1 amd64 +libnghttp2-14 1.26.0-1 amd64 -libnm0 1.8.2-1 amd64 +libnm0 1.8.4-2 amd64 -libpam-systemd 234-2.3 amd64 +libpam-systemd 234-3 amd64 -libpcap0.8 1.8.1-3 amd64 +libpcap0.8 1.8.1-5 amd64 -libperl5.26 5.26.0-5 amd64 +libperl5.26 5.26.0-8 amd64 -libpng16-16 1.6.32-1 amd64 +libpng16-16 1.6.34-1 amd64 -libpsl5 0.18.0-2 amd64 +libpsl5 0.18.0-4 amd64 -libquadmath0 7.2.0-3 amd64 +libquadmath0 7.2.0-8 amd64 -libselinux1 2.6-3+b2 amd64 -libsemanage-common 2.6-2 all -libsemanage1 2.6-2+b1 amd64 -libsepol1 2.6-2 amd64 +libselinux1 2.7-2 amd64 +libsemanage-common 2.7-2 all +libsemanage1 2.7-2 amd64 +libsepol1 2.7-1 amd64 -libsmartcols1 2.29.2-4 amd64 -libsodium18 1.0.13-1 amd64 +libsmartcols1 2.29.2-5+b1 amd64 +libsodium18 1.0.14-1 amd64 -libstdc++-7-dev 7.2.0-3 amd64 -libstdc++6 7.2.0-3 amd64 +libstdc++-7-dev 7.2.0-8 amd64 +libstdc++6 7.2.0-8 amd64 -libsystemd0 234-2.3 amd64 +libsystemd0 234-3 amd64 -libtinfo5 6.0+20170715-2 amd64 +libtinfo5 6.0+20170902-1 amd64 -libtsan0 7.2.0-3 amd64 -libubsan0 7.2.0-3 amd64 -libudev1 234-2.3 amd64 +libtsan0 7.2.0-8 amd64 +libubsan0 7.2.0-8 amd64 +libudev1 234-3 amd64 -libuuid1 2.29.2-4 amd64 +libuuid1 2.29.2-5+b1 amd64 -libxml2 2.9.4+dfsg1-3.1 amd64 +libxml2 2.9.4+dfsg1-4 amd64 -libzmq5 4.2.1-4 amd64 +libzmq5 4.2.2-1 amd64 +linux-image-4.13.0-1-amd64 4.13.4-1 amd64 -linux-image-amd64 4.12+84 amd64 -linux-libc-dev 4.12.6-1 amd64 +linux-image-amd64 4.13+86 amd64 +linux-libc-dev 4.13.4-1 amd64 -login 1:4.4-4.1 amd64 +login 1:4.5-1 amd64 -mailutils 1:3.1.1-1 amd64 -mailutils-common 1:3.1.1-1 all +mailutils 1:3.2-1 amd64 +mailutils-common 1:3.2-1 all -manpages 4.12-2 all -manpages-de 2.0-1 all -manpages-dev 4.12-2 all +manpages 4.13-3 all +manpages-de 2.1-1 all +manpages-dev 4.13-3 all -mount 2.29.2-4 amd64 +mount 2.29.2-5+b1 amd64 -ncurses-base 6.0+20170715-2 all -ncurses-bin 6.0+20170715-2 amd64 -ncurses-term 6.0+20170715-2 all +ncurses-base 6.0+20170902-1 all +ncurses-bin 6.0+20170902-1 amd64 +ncurses-term 6.0+20170902-1 all -network-manager 1.8.2-1 amd64 -openssh-client 1:7.5p1-10 amd64 -openssh-server 1:7.5p1-10 amd64 -openssh-sftp-server 1:7.5p1-10 amd64 +network-manager 1.8.4-2 amd64 +openssh-client 1:7.6p1-2 amd64 +openssh-server 1:7.6p1-2 amd64 +openssh-sftp-server 1:7.6p1-2 amd64 -passwd 1:4.4-4.1 amd64 +passwd 1:4.5-1 amd64 -perl 5.26.0-5 amd64 -perl-base 5.26.0-5 amd64 +perl 5.26.0-8 amd64 +perl-base 5.26.0-8 amd64 -perl-modules-5.26 5.26.0-5 all -pinentry-curses 1.0.0-2 amd64 +perl-modules-5.26 5.26.0-8 all +pinentry-curses 1.0.0-3 amd64 -python-decorator 4.1.1-1 all +python-decorator 4.1.2-1 all -python-scandir 1.5-1 amd64 +python-scandir 1.6-1 amd64 -python-six 1.10.0-4 all +python-six 1.11.0-1 all -python3-debian 0.1.30 all -python3-debianbts 2.6.1 all -python3-decorator 4.1.1-1 all +python3-debian 0.1.31 all +python3-debianbts 2.6.3 all +python3-decorator 4.1.2-1 all -python3-six 1.10.0-4 all +python3-six 1.11.0-1 all -qemu-guest-agent 1:2.8+dfsg-7 amd64 +qemu-guest-agent 1:2.10.0+dfsg-1 amd64 -rename 0.20-4 all +rename 0.20-6 all -rsyslog 8.28.0-1 amd64 -s-nail 14.8.16-1 amd64 +rsyslog 8.29.0-2 amd64 +s-nail 14.9.4-1 amd64 -sudo 1.8.20p2-1 amd64 -systemd 234-2.3 amd64 -systemd-sysv 234-2.3 amd64 -sysvinit-utils 2.88dsf-59.9 amd64 +sudo 1.8.21p2-2 amd64 +systemd 234-3 amd64 +systemd-sysv 234-3 amd64 +sysvinit-utils 2.88dsf-59.10 amd64 -task-german 3.39 all -task-ssh-server 3.39 all -tasksel 3.39 all -tasksel-data 3.39 all +task-german 3.41 all +task-ssh-server 3.41 all +tasksel 3.41 all +tasksel-data 3.41 all -udev 234-2.3 amd64 +udev 234-3 amd64 -util-linux 2.29.2-4 amd64 -vim 2:8.0.0197-5+b1 amd64 -vim-common 2:8.0.0197-5 all -vim-runtime 2:8.0.0197-5 all -vim-tiny 2:8.0.0197-5+b1 amd64 +util-linux 2.29.2-5+b1 amd64 +vim 2:8.0.1144-1 amd64 +vim-common 2:8.0.1144-1 all +vim-runtime 2:8.0.1144-1 all +vim-tiny 2:8.0.1144-1 amd64 -xml-core 0.17 all -xxd 2:8.0.0197-5+b1 amd64 +xml-core 0.18 all +xxd 2:8.0.1144-1 amd64 -zsh 5.4.1-1 amd64 -zsh-common 5.4.1-1 all +zsh 5.4.2-1 amd64 +zsh-common 5.4.2-1 all --- .etckeeper | 1 - NetworkManager/dispatcher.d/20-chrony | 34 +++- apt/apt.conf.d/01autoremove-kernels | 45 ++--- .../debian-archive-jessie-automatic.gpg | Bin 5138 -> 5106 bytes ...bian-archive-jessie-security-automatic.gpg | Bin 5147 -> 5115 bytes .../debian-archive-jessie-stable.gpg | Bin 2775 -> 2763 bytes .../debian-archive-stretch-automatic.gpg | Bin 7483 -> 7443 bytes ...ian-archive-stretch-security-automatic.gpg | Bin 7492 -> 7452 bytes .../debian-archive-stretch-stable.gpg | Bin 2275 -> 2263 bytes .../debian-archive-wheezy-automatic.gpg | Bin 3780 -> 3752 bytes .../debian-archive-wheezy-stable.gpg | Bin 2851 -> 2835 bytes console-setup/cached_setup_keyboard.sh | 2 +- init.d/sudo | 12 +- rc2.d/S01sudo | 1 + rc3.d/S01sudo | 1 + rc4.d/S01sudo | 1 + rc5.d/S01sudo | 1 + s-nail.rc | 181 ++++++++++++------ securetty | 5 - ssh/ssh_config | 8 +- sudoers.dist | 97 ---------- systemd/logind.conf | 2 +- 22 files changed, 185 insertions(+), 206 deletions(-) create mode 120000 rc2.d/S01sudo create mode 120000 rc3.d/S01sudo create mode 120000 rc4.d/S01sudo create mode 120000 rc5.d/S01sudo delete mode 100644 sudoers.dist diff --git a/.etckeeper b/.etckeeper index 0786365..bf46d73 100755 --- a/.etckeeper +++ b/.etckeeper @@ -627,7 +627,6 @@ maybe chmod 0644 'subuid' maybe chmod 0440 'sudoers' maybe chmod 0755 'sudoers.d' maybe chmod 0440 'sudoers.d/README' -maybe chmod 0644 'sudoers.dist' maybe chmod 0644 'sysctl.conf' maybe chmod 0755 'sysctl.d' maybe chmod 0644 'sysctl.d/README.sysctl' diff --git a/NetworkManager/dispatcher.d/20-chrony b/NetworkManager/dispatcher.d/20-chrony index 084aed6..51d7fa2 100755 --- a/NetworkManager/dispatcher.d/20-chrony +++ b/NetworkManager/dispatcher.d/20-chrony @@ -1,17 +1,35 @@ #!/bin/sh # This is a NetworkManager dispatcher script for chronyd to set its NTP sources -# online/offline when a default route is configured/removed on the system. +# online or offline when a network interface is configured or removed export LC_ALL=C -if [ "$2" = "up" ]; then - /sbin/ip route list dev "$1" | grep -q '^default' && - /usr/bin/chronyc online > /dev/null 2>&1 -fi +# Check if there is a default route -if [ "$2" = "down" ]; then - /sbin/ip route list | grep -q '^default' || - /usr/bin/chronyc offline > /dev/null 2>&1 +if /sbin/ip route list 2> /dev/null | grep -q '^default'; then + chronyc online > /dev/null 2>&1 + exit 0 fi +sources=$(chronyc -c -n sources 2> /dev/null) + +[ $? -ne 0 ] && exit 0 + +# Check each configured source if it has a route + +echo "$sources" | while IFS=, read mode state address rest; do + [ "$mode" != '^' ] && [ "$mode" != '=' ] && continue + + /sbin/ip route get "$address" > /dev/null 2>&1 && command="online" || command="offline" + + # Set priority of sources so that the selected source is set as + # last if offline to avoid unnecessary reselection + [ "$state" != '*' ] && priority=1 || priority=2 + + echo "$priority $command $address" + +done | sort | while read priority command address; do + echo "$command $address" +done | chronyc > /dev/null 2>&1 + exit 0 diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 294af4f..456cbb5 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,51 +1,52 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.11\.0-1-amd64$"; "^linux-image-4\.12\.0-1-amd64$"; - "^linux-headers-4\.11\.0-1-amd64$"; + "^linux-image-4\.13\.0-1-amd64$"; "^linux-headers-4\.12\.0-1-amd64$"; - "^linux-image-extra-4\.11\.0-1-amd64$"; + "^linux-headers-4\.13\.0-1-amd64$"; "^linux-image-extra-4\.12\.0-1-amd64$"; - "^linux-signed-image-4\.11\.0-1-amd64$"; + "^linux-image-extra-4\.13\.0-1-amd64$"; "^linux-signed-image-4\.12\.0-1-amd64$"; - "^kfreebsd-image-4\.11\.0-1-amd64$"; + "^linux-signed-image-4\.13\.0-1-amd64$"; "^kfreebsd-image-4\.12\.0-1-amd64$"; - "^kfreebsd-headers-4\.11\.0-1-amd64$"; + "^kfreebsd-image-4\.13\.0-1-amd64$"; "^kfreebsd-headers-4\.12\.0-1-amd64$"; - "^gnumach-image-4\.11\.0-1-amd64$"; + "^kfreebsd-headers-4\.13\.0-1-amd64$"; "^gnumach-image-4\.12\.0-1-amd64$"; - "^.*-modules-4\.11\.0-1-amd64$"; + "^gnumach-image-4\.13\.0-1-amd64$"; "^.*-modules-4\.12\.0-1-amd64$"; - "^.*-kernel-4\.11\.0-1-amd64$"; + "^.*-modules-4\.13\.0-1-amd64$"; "^.*-kernel-4\.12\.0-1-amd64$"; - "^linux-backports-modules-.*-4\.11\.0-1-amd64$"; + "^.*-kernel-4\.13\.0-1-amd64$"; "^linux-backports-modules-.*-4\.12\.0-1-amd64$"; - "^linux-tools-4\.11\.0-1-amd64$"; + "^linux-backports-modules-.*-4\.13\.0-1-amd64$"; "^linux-tools-4\.12\.0-1-amd64$"; + "^linux-tools-4\.13\.0-1-amd64$"; }; /* Debug information: # dpkg list: ii linux-image-4.11.0-1-amd64 4.11.6-1 amd64 Linux 4.11 for 64-bit PCs -iF linux-image-4.12.0-1-amd64 4.12.6-1 amd64 Linux 4.12 for 64-bit PCs -ii linux-image-4.9.0-3-amd64 4.9.30-2+deb9u2 amd64 Linux 4.9 for 64-bit PCs -iU linux-image-amd64 4.12+84 amd64 Linux for 64-bit PCs (meta-package) +ii linux-image-4.12.0-1-amd64 4.12.6-1 amd64 Linux 4.12 for 64-bit PCs +iF linux-image-4.13.0-1-amd64 4.13.4-1 amd64 Linux 4.13 for 64-bit PCs +rc linux-image-4.9.0-3-amd64 4.9.30-2+deb9u2 amd64 Linux 4.9 for 64-bit PCs +iU linux-image-amd64 4.13+86 amd64 Linux for 64-bit PCs (meta-package) # list of installed kernel packages: 4.11.0-1-amd64 4.11.6-1 4.12.0-1-amd64 4.12.6-1 -4.9.0-3-amd64 4.9.30-2+deb9u2 +4.13.0-1-amd64 4.13.4-1 # list of different kernel versions: +4.13.4-1 4.12.6-1 4.11.6-1 -4.9.30-2+deb9u2 -# Installing kernel: 4.12.6-1 (4.12.0-1-amd64) -# Running kernel: 4.11.6-1 (4.11.0-1-amd64) -# Last kernel: 4.12.6-1 -# Previous kernel: 4.11.6-1 +# Installing kernel: 4.13.4-1 (4.13.0-1-amd64) +# Running kernel: 4.12.6-1 (4.12.0-1-amd64) +# Last kernel: 4.13.4-1 +# Previous kernel: 4.12.6-1 # Kernel versions list to keep: -4.11.6-1 4.12.6-1 +4.13.4-1 # Kernel packages (version part) to protect: -4\.11\.0-1-amd64 4\.12\.0-1-amd64 +4\.13\.0-1-amd64 */ diff --git a/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg b/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg index fa4047c55cdd3cf3aa6c97195235d5786c66d3ff..c23629180c7c2cb4c3fe670e40d7d34787e44de0 100644 GIT binary patch delta 42 ucmbQF@kxDy7t3Zp7AvOBJ#0YY6h|l1=5TI#rp;BnKw>UGkT@Xd#{>X3WDSV` delta 82 zcmeyQK1pMP7YoYzaJTOQ0}*qqM`WA*XFSZf9SAhG~h C+Y=N3 diff --git a/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg b/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg index dcb55245be12726feca6f3c273792e04ad94c89b..fd22f2575b7e6a53f9fe0130656bd5adb8e68ddf 100644 GIT binary patch delta 17 ZcmcaEdRlZtFU#hMEb=Uyw{XZa0RTWc1_=NF delta 32 icmX>tdR=rwFAK{CCI;rsy)5!z7Q^N>9P&&cF$Mske+VJ~ diff --git a/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg b/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg index 7dc19c5c63c02d8c4c8cbd1e4e40e84c4575043c..81b99e4ae183d10725028430b5c955c1b8e94c23 100644 GIT binary patch delta 60 zcmdmOHQ8!IBFkg}Caul=Eb2^P#uGMmrp^4E3z#-<=8gce_{^9#dkV-iZO#z_68$1T JVv|@a8vr+85$6B^ delta 106 zcmbPiwcBb#A`8m~CI;rsi7bIkVAkYB7Ol;9*wi7s&CHw&psdB*5nvX>=HI+#P?n*9 UJd_n61Y_lkz*v1^t!!X30hK5i;Q#;t diff --git a/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg b/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg index 79542e0a1233aacd80a9f6f89dfbc542b1a40205..fd24510b596c00969384005a6f255cf2944e5b94 100644 GIT binary patch delta 60 zcmX?NHOFd0BFkg}Caul=Eb2^P#uGMmrp^4EE15R$;f`S1EWu~Sv^hvXo@sNb5RjN5 L0wi{ewXy*KKp_%1 delta 106 zcmbPZb;N2zA`8m~CI;rsi7bIkVAkYB7Ol;9*wi7s&CHxDp{zCB5nvX>W)?m(D9cJf U9?FUog0U(@V65q4t!!X30d+wbGXMYp diff --git a/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg b/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg index 2c3f78fc729cdb331b87a90bc9142ee38de699b6..046cf38bc2aa775c633eb5b19e23722e16ab2551 100644 GIT binary patch delta 17 ZcmaDXcwKPAOqR`aS>%~EA7GPb0sul>1~~u# delta 32 gcmcaE_*ihmOcs_6ObpDMXR^pMfmjTicd$WO0HxaqQUCw| diff --git a/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg b/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg index a23f2fe4b1fc7ba9080d9f9078690603fa3c3218..dcffc6556f6565c391bd6ee9c95c3b1473bf5fbe 100644 GIT binary patch delta 36 rcmX>iyFzxuY?jIMSv)qsX7Oa&Y{4$ixH+0bo@sL(7m!%UBhLf?^gRoQ delta 71 zcmZ1>dqj4_Y!;RcObpDEXR~;K7z~>qvv@K=SUT+Tj1ZPLhdfj)iwnl;f~x3GC^VwYzD08KvzegFUf delta 41 ocmbO%wpeUKFAK{CCI;rsy)5!fAQr>qHEbSW#^x_<@?c2@0PY+LK>z>% diff --git a/console-setup/cached_setup_keyboard.sh b/console-setup/cached_setup_keyboard.sh index f75dce0..30ea0c3 100755 --- a/console-setup/cached_setup_keyboard.sh +++ b/console-setup/cached_setup_keyboard.sh @@ -10,4 +10,4 @@ kbd_mode '-u' < '/dev/tty3' kbd_mode '-u' < '/dev/tty4' kbd_mode '-u' < '/dev/tty5' kbd_mode '-u' < '/dev/tty6' -loadkeys '/tmp/tmpkbd.YlH36m' > '/dev/null' +loadkeys '/tmp/tmpkbd.AZoi9h' > '/dev/null' diff --git a/init.d/sudo b/init.d/sudo index 0f01b97..c971310 100755 --- a/init.d/sudo +++ b/init.d/sudo @@ -20,9 +20,17 @@ set -e case "$1" in start) # make sure privileges don't persist across reboots - if [ -d /var/lib/sudo ] + # if the /run/sudo directory doesn't exist, let's create it with the + # correct permissions and SELinux label + if [ -d /run/sudo ] then - find /var/lib/sudo -exec touch -d @0 '{}' \; + find /run/sudo -exec touch -d @0 '{}' \; + else + mkdir /run/sudo /run/sudo/ts + chown root:root /run/sudo /run/sudo/ts + chmod 0711 /run/sudo + chmod 0700 /run/sudo/ts + [ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts fi ;; stop|reload|restart|force-reload|status) diff --git a/rc2.d/S01sudo b/rc2.d/S01sudo new file mode 120000 index 0000000..ae5ad77 --- /dev/null +++ b/rc2.d/S01sudo @@ -0,0 +1 @@ +../init.d/sudo \ No newline at end of file diff --git a/rc3.d/S01sudo b/rc3.d/S01sudo new file mode 120000 index 0000000..ae5ad77 --- /dev/null +++ b/rc3.d/S01sudo @@ -0,0 +1 @@ +../init.d/sudo \ No newline at end of file diff --git a/rc4.d/S01sudo b/rc4.d/S01sudo new file mode 120000 index 0000000..ae5ad77 --- /dev/null +++ b/rc4.d/S01sudo @@ -0,0 +1 @@ +../init.d/sudo \ No newline at end of file diff --git a/rc5.d/S01sudo b/rc5.d/S01sudo new file mode 120000 index 0000000..ae5ad77 --- /dev/null +++ b/rc5.d/S01sudo @@ -0,0 +1 @@ +../init.d/sudo \ No newline at end of file diff --git a/s-nail.rc b/s-nail.rc index 674a04c..f736cc8 100644 --- a/s-nail.rc +++ b/s-nail.rc @@ -1,9 +1,20 @@ #@ s-nail.rc -#@ Configuration file for S-nail(1) v14.8.16 -#@ S-nail(1): v14.8.16 / 2017-01-27 +#@ Configuration file for S-nail v14.9.4 +#@ The syntax of this file is interpreted as follows: +#@ - Leading and trailing " \t\n" + *ifs* whitespace is removed. +#@ - Empty lines are ignored. +#@ - Any other line is a command line. Such lines can be spread over +#@ multiple lines if the newline character is "escaped" by placing +#@ a reverse solidus character \ as the last character of the line; any +#@ leading whitespace of follow lines is ignored, trailing whitespace before +#@ the escaped newline is not. +#@ - The number sign # is the comment-command and causes the (joined) line +#@ (content) to be ignored. +#@ S-nail v14.9.4 / 2017-09-18 -## The standard POSIX 2008/Cor 1-2013 mandates the following initial settings: -# (Keep in sync: ./main.c:_startup(), ./nail.rc, ./nail.1:"Initial settings"!) +## Variables + +# The standard POSIX 2008/Cor 2-2016 mandates the following initial settings: # [a] noallnet, noappend, asksub, noaskbcc, noaskcc, noautoprint, # [b-e] nobang, nocmd, nocrt, nodebug, nodot, escape="~", # [f-i] noflipr, nofolder, header, nohold, noignore, noignoreeof, @@ -11,19 +22,18 @@ # [p-r] nopage, prompt="? ", noquiet, norecord, # [s] save, nosendwait, noshowto, nosign, noSign, # [t-z] toplines="5" +# # Notes: +# - *hold, *keep*, *keepsave* and *sendwait* are deliberately set below. # - no*onehop* doesn't exist in this implementation. -# (To pass options through to an MTA, either add them after a "--" separator -# on the command line or by setting the *sendmail-arguments* variable.) -# - *prompt* is "\\& " by default, which will act POSIX-compliant -# unless the user would set *bsdcompat* - -## The remaining content adjusts the standard-imposed default settings. -# Note that some of the following flags are specific to S-nail(1) and may thus -# not work with other Mail(1) / mailx(1) programs. -# Entries are marked [OPTION] if their availability is compile-time dependent - -## Variables +# (To pass options through to the MTA, either add them after a "--" +# separator on the command line or set the *mta-arguments* variable.) +# (Keep in SYNC: ./nail.h:okeys, ./nail.rc, ./nail.1:"Initial settings"!) +# +# Adjust the standard-imposed default variable settings. +# Some of the following variables are not portable and may thus have no effect +# with other Mail(1) / mailx(1) programs. +# Entries are marked [OPTION] if their availability is compile-time dependent. # If threaded mode is activated, automatically collapse thread set autocollapse @@ -38,60 +48,59 @@ set append # Ask for a message subject. set ask -# *bsdannounce* prints a header summary on folder change and thus complements -# *header* on a per-folder basis (it is meaningless unless *header* is set) -set bsdannounce - -# Uncomment this in order to get coloured output in $PAGER. -# (Coloured output is only used if $TERM is either found in *colour-terms* -# or includes the string "color") +# Uncomment this in order to get coloured output in $PAGER (if possible). #set colour-pager +# Btw., if your $PAGER is less(1) or lv(1) you will usually be served, as +# documented for $PAGER in the manual, very well by doing, e.g., less(1): +# ? wysh set PAGER=less; environ unset LESS -# Assume a CRT-like terminal and invoke a $PAGER +# Assume a CRT-like terminal and invoke a $PAGER if output doesn't fit on a +# the screen. (Set crt=0 to always page; value treated as number of lines) set crt -# Define date display in header summary -#set datefield="%R %m-%d" datefield-markout-older=" %g-%m-%d" - -# When composing messages a line consisting of `.' finalizes a message -set dot - -# Immediately start $EDITOR (or $VISUAL) when composing a message +# Startup into $EDITOR (or $VISUAL) in compose mode ("automatic `~e'") #set editalong +# When spawning an editor in compose mode (*editalong*, ~e), edit headers +set editheaders + # Startup into interactive mode even if the (given) mailbox is empty -#set emptystart +set emptystart -# When replying to or forwarding a message the comment and name parts of email -# addresses are removed unless this variable is set. -#set fullnames +# Name parts and comments are stripped from receiver addresses unless this +# variable is set +set fullnames -# [OPTION] Add more entries to the history as is done by default -set history-gabby +# [OPTION] Add more entries to the history as is done by default. +# The latter will cause the built-in editor to save those entries, too +set history-gabby history-gabby-persist -# Do not forward to mbox by default since this is likely to be -# irritating for most users today; also see *keepsave* +# Do not move read messages of system mailboxes to MBOX by default since this +# is likely to be irritating for most users today; also see *keepsave* set hold # Quote the original message in replies by "> " as usual on the Internet +# Historically this was a tabulator, as in "wysh set indentprefix=$'\t'" set indentprefix="> " # Mark messages that have been answered set markanswered -# Try to circumvent false or missing MIME Content-Type descriptions -# (Can be set to values for extended behaviour, please see the manual.) -set mime-counter-evidence +# Try to circumvent false or missing MIME Content-Type descriptions. +# Do set a value for extended behaviour (see the manual) +#set mime-counter-evidence +set mime-counter-evidence=0xE # Control loading of mime.types(5) file: the value may be a combination of the # letters "s" and "u": if "u" is seen ~/.mime.types will be loaded if possible; # "s" adds /etc/mime.types, if available; setting this without any value uses -# only a set of builtin mimetypes; the default behaviour equals "us". +# only a set of built-in mimetypes; the default behaviour equals "us". # An extended syntax that allows loading of other, specified files is available # if the value contains an equal sign "=", see the manual for more #set mimetypes-load-control -# Do not remove empty mail folders. +# Do not remove empty (MBOX) system mailboxes (or _no_ empty (MBOX) mailbox +# at all if $POSIXLY_CORRECT / *posix* are set!). # This may be relevant for privacy since other users could otherwise create # them with different permissions set keep @@ -107,18 +116,19 @@ set keepsave # became invalid; set this to include them nonetheless #set keep-content-length -# A nice prompt for ISO 6429/ECMA-48 terminals -#set prompt="\033[31m?\?[\$ \@]\& \033[0m" +# An informational prompt (and see "Gimmicks" below). +# Note the _real_ evaluation occurs once used (see *prompt* manual entry) +#wysh set prompt='?\$?!\$!/\$^ERRNAME[\${account-name}#\${mailbox-display}]? ' # Automatically quote the text of the message that is responded to set quote -# On group replies, specify only the sender of the original mail in To: and -# mention it's other recipients in the secondary Cc: instead of placing them -# all together in To: +# When replying, do not merge From: and To: of the original message +# into To:. Instead old From: -> new To:, old To: -> merge Cc:. set recipients-in-cc # When responding to a message, try to answer in the same character set +# (which is subject to `charsetalias' expansion, though) #set reply-in-same-charset # [OPTION] Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1. @@ -129,10 +139,10 @@ set recipients-in-cc # $LC_ALL / $LANG environment variables and react upon them) set sendcharsets=utf-8,iso-8859-1 -# When sending a message wait until the MTA (including the builtin SMTP one) +# When sending a message wait until the MTA (including the built-in SMTP one) # exits before accepting further commands. Only with this variable set errors # reported by the MTA will be recognizable! -#set sendwait +set sendwait # Display real sender names in header summaries instead of only addresses set showname @@ -142,26 +152,71 @@ set showto ## Commands -# Only include these selected header fields when forwarding messages -fwdretain subject date from to +# Most commands are not portable to other Mail(1) / mailx(1) programs, which is +# why most commands are commented out. To remain portable, place anything +# specific in its own file, then "set mailx-extra-rc=~/.my-file" in $MAILRC +# (usually ~/.mailrc). + +# Map ISO-8859-1 to LATIN1, and LATIN1 to CP1252. +# (These mappings are not applied to character sets specified by other +# variables, e.g., sendcharsets). +#charsetalias iso-8859-1 latin1 latin1 cp1252 # Only include the selected header fields when printing messages -retain date from to cc subject message-id mail-followup-to reply-to +# `headerpick' is not portable, so use the standard `retain' +retain from_ date from to cc subject message-id mail-followup-to reply-to +#headerpick type retain from_ date from to cc subject \ +# message-id mail-followup-to reply-to +# ...when forwarding messages +#headerpick forward retain subject date from to cc +# ...and don't include these when saving message, etc. +#if [ "$features" =@ +regex ] +# headerpick save ignore '^Original-.*$' '^X-.*$' +#end ## Some pipe-TYPE/SUBTYPE entries # HTML as text, inline display via lynx(1) -#if $features !@ HTML-FILTER -# set pipe-text/html="lynx -stdin -dump -force_html" +#if [ "$features" !@ +filter-html-tagsoup ] +# set pipe-text/html='lynx -stdin -dump -force_html' +#endif + +# PDF display, asynchronous display +#wysh set pipe-application/pdf='@=&@\ +# trap "rm -f \"${MAILX_FILENAME_TEMPORARY}\"" EXIT;\ +# trap "trap \"\" INT QUIT TERM; exit 1" INT QUIT TERM;\ +# mupdf "${MAILX_FILENAME_TEMPORARY}"' + +# "External body", URL type +#wysh set pipe-message/external-body='@* echo $MAILX_EXTERNAL_BODY_URL' + +## Gimmicks + +# More key bindings for the Mailx-Line-Editor (when in interactive mode) +#if terminal && [ "$features" =@ +key-bindings ] +# bind base $'\e',d mle-snarf-word-fwd +# bind base $'\e',$'\c?' mle-snarf-word-bwd +# bind base $'\e',f mle-go-word-fwd +# bind base $'\e',b mle-go-word-bwd +#endif + +# Coloured prompt for the Mailx-Line-Editor (when in interactive mode) +#if terminal && [ "$features" =@ +mle ] && [ "$features" =@ +colour ] +# colour 256 mle-position fg=202 +# colour 256 mle-prompt fg=red +# colour iso mle-position ft=reverse +# colour iso mle-prompt fg=red +# colour mono mle-position ft=reverse +# colour mono mle-prompt ft=bold #endif -# PDF display, asynchronous display via xpdf(1) -#set pipe-application/pdf="@&set -C;\ -# : > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\ -# trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \ -# EXIT INT QUIT PIPE TERM;\ -# set +C;\ -# cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\ -# xpdf \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\"" +# Install file-extension handlers to handle MBOXes in various formats +#filetype \ +# bz2 'bzip2 -dc' 'bzip2 -zc' \ +# gpg 'gpg -d' 'gpg -e' \ +# gz 'gzip -dc' 'gzip -c' \ +# xz 'xz -dc' 'xz -zc' \ +# zst 'zstd -dc' 'zstd -19 -zc' \ +# zst.pgp 'gpg -d | zstd -dc' 'zstd -19 -zc | gpg -e' # s-it-mode diff --git a/securetty b/securetty index f6fb304..2e34638 100644 --- a/securetty +++ b/securetty @@ -164,11 +164,6 @@ ttyM0 ttyM1 #... -# Unix98 PTY slaves -pts/0 -pts/1 -#... - # Technology Concepts serial card ttyT0 ttyT1 diff --git a/ssh/ssh_config b/ssh/ssh_config index 7801afd..2e1c960 100644 --- a/ssh/ssh_config +++ b/ssh/ssh_config @@ -20,8 +20,6 @@ Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes -# RhostsRSAAuthentication no -# RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no @@ -33,16 +31,14 @@ Host * # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any diff --git a/sudoers.dist b/sudoers.dist deleted file mode 100644 index c1563c9..0000000 --- a/sudoers.dist +++ /dev/null @@ -1,97 +0,0 @@ -## sudoers file. -## -## This file MUST be edited with the 'visudo' command as root. -## Failure to use 'visudo' may result in syntax or file permission errors -## that prevent sudo from running. -## -## See the sudoers man page for the details on how to write a sudoers file. -## - -## -## Host alias specification -## -## Groups of machines. These may include host names (optionally with wildcards), -## IP addresses, network numbers or netgroups. -# Host_Alias WEBSERVERS = www1, www2, www3 - -## -## User alias specification -## -## Groups of users. These may consist of user names, uids, Unix groups, -## or netgroups. -# User_Alias ADMINS = millert, dowdy, mikef - -## -## Cmnd alias specification -## -## Groups of commands. Often used to group related commands together. -# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ -# /usr/bin/pkill, /usr/bin/top -# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff - -## -## Defaults specification -## -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" -## -## Uncomment to use a hard-coded PATH instead of the user's to find commands -# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -## -## Uncomment to send mail if the user does not enter the correct password. -# Defaults mail_badpass -## -## Uncomment to enable logging of a command's output, except for -## sudoreplay and reboot. Use sudoreplay to play back logged sessions. -# Defaults log_output -# Defaults!/usr/bin/sudoreplay !log_output -# Defaults!/usr/local/bin/sudoreplay !log_output -# Defaults!REBOOT !log_output - -## -## Runas alias specification -## - -## -## User privilege specification -## -root ALL=(ALL) ALL - -## Uncomment to allow members of group wheel to execute any command -# %wheel ALL=(ALL) ALL - -## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL - -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - -## Read drop-in files from /etc/sudoers.d -## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d diff --git a/systemd/logind.conf b/systemd/logind.conf index 5ec6811..e03fbd9 100644 --- a/systemd/logind.conf +++ b/systemd/logind.conf @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=yes +#KillUserProcesses=no #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 -- 2.39.5