From dba16dda787bf29696efb850c96435f23ee701b5 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 11 Apr 2012 09:45:51 +0200 Subject: [PATCH] Current state --- ImageMagick/delegates.xml | 2 +- ImageMagick/policy.xml | 7 +- ImageMagick/quantization-table.xml | 43 ++++ ImageMagick/type-ghostscript.xml | 68 +++--- apache2/modules.d/00_apache_manual.conf | 4 +- .../etc/ImageMagick/delegates.xml,v | 59 ++++- config-archive/etc/ImageMagick/policy.xml,v | 50 +++- .../etc/ImageMagick/type-ghostscript.xml,v | 128 ++++++++++ .../apache2/modules.d/00_apache_manual.conf,v | 46 +++- config-archive/etc/init.d/apache2,v | 223 ++++++++++++++++++ config-archive/etc/init.d/{sshd => sshd,v} | 95 ++++++-- config-archive/etc/init.d/sshd.dist | 82 ------- config-archive/etc/ssh/sshd_config,v | 56 ++++- init.d/apache2 | 2 +- init.d/sshd | 23 +- ssh/sshd_config | 6 +- 16 files changed, 726 insertions(+), 168 deletions(-) create mode 100644 ImageMagick/quantization-table.xml create mode 100644 config-archive/etc/ImageMagick/type-ghostscript.xml,v create mode 100755 config-archive/etc/init.d/apache2,v rename config-archive/etc/init.d/{sshd => sshd,v} (51%) delete mode 100755 config-archive/etc/init.d/sshd.dist diff --git a/ImageMagick/delegates.xml b/ImageMagick/delegates.xml index b186532..a21e0e7 100644 --- a/ImageMagick/delegates.xml +++ b/ImageMagick/delegates.xml @@ -102,7 +102,7 @@ - + diff --git a/ImageMagick/policy.xml b/ImageMagick/policy.xml index 19e9796..3be0a4b 100644 --- a/ImageMagick/policy.xml +++ b/ImageMagick/policy.xml @@ -39,9 +39,10 @@ - Note, resource policies are maximums for each instance of ImageMagick (e.g. - policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit - is 1GB). + Define arguments for the memory, map, area, and disk resources with + SI prefixes (.e.g 100MB). In addition, resource policies are maximums for + each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + exceeds policy maximum so memory limit is 1GB). --> diff --git a/ImageMagick/quantization-table.xml b/ImageMagick/quantization-table.xml new file mode 100644 index 0000000..9688f25 --- /dev/null +++ b/ImageMagick/quantization-table.xml @@ -0,0 +1,43 @@ + + + + + + + + + +]> + + + + Luminance Quantization Table + + 16, 12, 14, 17, 22, 30, 45, 72, + 12, 13, 14, 17, 22, 31, 46, 74, + 14, 14, 16, 19, 25, 35, 52, 83, + 17, 17, 19, 23, 30, 41, 62, 100, + 22, 22, 25, 30, 39, 54, 80, 129, + 30, 31, 35, 41, 54, 74, 111, 178, + 45, 46, 52, 62, 80, 111, 166, 267, + 72, 74, 83, 100, 129, 178, 267, 428 + +
+ + + Chrominance Quantization Table + + 17, 18, 22, 31, 50, 92, 193, 465, + 18, 19, 24, 33, 54, 98, 207, 498, + 22, 24, 29, 41, 66, 120, 253, 609, + 31, 33, 41, 57, 92, 169, 355, 854, + 50, 54, 66, 92, 148, 271, 570, 1370, + 92, 98, 120, 169, 271, 498, 1046, 2516, + 193, 207, 253, 355, 570, 1046, 2198, 5289, + 465, 498, 609, 854, 1370,2516, 5289, 12725 + +
+ diff --git a/ImageMagick/type-ghostscript.xml b/ImageMagick/type-ghostscript.xml index 30182b8..213cb31 100644 --- a/ImageMagick/type-ghostscript.xml +++ b/ImageMagick/type-ghostscript.xml @@ -17,38 +17,38 @@ ]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/apache2/modules.d/00_apache_manual.conf b/apache2/modules.d/00_apache_manual.conf index a1bfed2..25de5d1 100644 --- a/apache2/modules.d/00_apache_manual.conf +++ b/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/ImageMagick/delegates.xml,v b/config-archive/etc/ImageMagick/delegates.xml,v index 8a32579..40c26ab 100644 --- a/config-archive/etc/ImageMagick/delegates.xml,v +++ b/config-archive/etc/ImageMagick/delegates.xml,v @@ -1,10 +1,16 @@ -head 1.1; +head 1.2; access; symbols; locks; strict; comment @# @; +expand @o@; +1.2 +date 2012.04.11.07.41.47; author root; state Exp; +branches; +next 1.1; + 1.1 date 2012.02.16.08.11.05; author root; state Exp; branches @@ -14,6 +20,11 @@ next ; 1.1.1.1 date 2012.02.16.08.11.11; author root; state Exp; branches; +next 1.1.1.2; + +1.1.1.2 +date 2012.04.11.07.41.47; author root; state Exp; +branches; next ; @@ -22,7 +33,7 @@ desc @ -1.1 +1.2 log @dispatch-conf update. @ @@ -109,14 +120,14 @@ text - + - + - + @@ -129,11 +140,11 @@ text - + - + @@ -142,6 +153,29 @@ text @ +1.1 +log +@dispatch-conf update. +@ +text +@d83 1 +a83 1 + +d86 1 +a86 1 + +d90 1 +a90 1 + +d103 1 +a103 1 + +d107 1 +a107 1 + +@ + + 1.1.1.1 log @dispatch-conf update. @@ -163,3 +197,14 @@ d107 1 a107 1 @ + + +1.1.1.2 +log +@dispatch-conf update. +@ +text +@d105 1 +a105 1 + +@ diff --git a/config-archive/etc/ImageMagick/policy.xml,v b/config-archive/etc/ImageMagick/policy.xml,v index 8550d3c..84f0309 100644 --- a/config-archive/etc/ImageMagick/policy.xml,v +++ b/config-archive/etc/ImageMagick/policy.xml,v @@ -1,10 +1,16 @@ -head 1.1; +head 1.2; access; symbols; locks; strict; comment @# @; +expand @o@; +1.2 +date 2012.04.11.07.41.47; author root; state Exp; +branches; +next 1.1; + 1.1 date 2012.02.16.08.11.06; author root; state Exp; branches @@ -14,6 +20,11 @@ next ; 1.1.1.1 date 2012.02.16.08.11.15; author root; state Exp; branches; +next 1.1.1.2; + +1.1.1.2 +date 2012.04.11.07.41.47; author root; state Exp; +branches; next ; @@ -22,7 +33,7 @@ desc @ -1.1 +1.2 log @dispatch-conf update. @ @@ -66,7 +77,7 @@ text Any large image is cached to disk rather than memory: - + Note, resource policies are maximums for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit @@ -77,8 +88,8 @@ text - - + + @@ -87,6 +98,21 @@ text @ +1.1 +log +@dispatch-conf update. +@ +text +@d40 1 +a40 1 + +d51 2 +a52 2 + + +@ + + 1.1.1.1 log @dispatch-conf update. @@ -100,3 +126,17 @@ a52 2 @ + + +1.1.1.2 +log +@dispatch-conf update. +@ +text +@d42 3 +a44 4 + Define arguments for the memory, map, area, and disk resources with + SI prefixes (.e.g 100MB). In addition, resource policies are maximums for + each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + exceeds policy maximum so memory limit is 1GB). +@ diff --git a/config-archive/etc/ImageMagick/type-ghostscript.xml,v b/config-archive/etc/ImageMagick/type-ghostscript.xml,v new file mode 100644 index 0000000..18e7803 --- /dev/null +++ b/config-archive/etc/ImageMagick/type-ghostscript.xml,v @@ -0,0 +1,128 @@ +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2012.04.11.07.41.47; author root; state Exp; +branches + 1.1.1.1; +next ; + +1.1.1.1 +date 2012.04.11.07.41.52; author root; state Exp; +branches; +next ; + + +desc +@Archived config file. +@ + + +1.1 +log +@dispatch-conf update. +@ +text +@ + + + + + + + + + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +@ + + +1.1.1.1 +log +@dispatch-conf update. +@ +text +@d20 34 +a53 34 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +@ diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf,v b/config-archive/etc/apache2/modules.d/00_apache_manual.conf,v index 240602e..3853bfb 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf,v +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf,v @@ -1,4 +1,4 @@ -head 1.5; +head 1.6; access; symbols; locks; strict; @@ -6,6 +6,11 @@ comment @# @; expand @o@; +1.6 +date 2012.04.11.07.41.47; author root; state Exp; +branches; +next 1.5; + 1.5 date 2011.10.26.07.00.23; author root; state Exp; branches; @@ -55,6 +60,11 @@ next 1.1.1.5; 1.1.1.5 date 2011.10.26.07.00.23; author root; state Exp; branches; +next 1.1.1.6; + +1.1.1.6 +date 2012.04.11.07.41.48; author root; state Exp; +branches; next ; @@ -63,7 +73,7 @@ desc @ -1.5 +1.6 log @dispatch-conf update. @ @@ -73,9 +83,9 @@ text # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" - + Options Indexes AllowOverride None Order allow,deny @@ -97,6 +107,20 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apac @ +1.5 +log +@dispatch-conf update. +@ +text +@d6 1 +a6 1 +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21/manual$1" +d8 1 +a8 1 + +@ + + 1.4 log @dispatch-conf update. @@ -221,3 +245,17 @@ d8 1 a8 1 @ + + +1.1.1.6 +log +@dispatch-conf update. +@ +text +@d6 1 +a6 1 +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" +d8 1 +a8 1 + +@ diff --git a/config-archive/etc/init.d/apache2,v b/config-archive/etc/init.d/apache2,v new file mode 100755 index 0000000..3fe8609 --- /dev/null +++ b/config-archive/etc/init.d/apache2,v @@ -0,0 +1,223 @@ +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2012.04.11.07.41.48; author root; state Exp; +branches + 1.1.1.1; +next ; + +1.1.1.1 +date 2012.04.11.07.41.55; author root; state Exp; +branches; +next ; + + +desc +@Archived config file. +@ + + +1.1 +log +@dispatch-conf update. +@ +text +@#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="configtest modules virtualhosts" +extra_started_commands="configdump fullstatus graceful gracefulstop reload" + +description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." +description_configtest="Run syntax tests for configuration files." +description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." +description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." +description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." +description_modules="Dump a list of loaded Static and Shared Modules." +description_reload="Kills all children and reloads the configuration." +description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." +description_stop="Kills all children and stops the server." + +depend() { + need net + use mysql dns logger netmount postgresql + after sshd +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +checkconfd() { + if [ ! -f /etc/init.d/sysfs ]; then + eerror "This init script works only with openrc (baselayout-2)." + eerror "If you still need baselayout-1.x, please, use" + eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" + fi + + PIDFILE="${PIDFILE:-/var/run/apache2.pid}" + TIMEOUT=${TIMEOUT:-15} + + SERVERROOT="${SERVERROOT:-/usr/lib64/apache2}" + if [ ! -d ${SERVERROOT} ]; then + eerror "SERVERROOT does not exist: ${SERVERROOT}" + return 1 + fi + + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + + APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" + APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" + [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" + + APACHE2="/usr/sbin/apache2" +} + +checkconfig() { + checkconfd || return 1 + + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your setup:" + ${APACHE2} ${APACHE2_OPTS} -t + fi + + return $ret +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + # Use start stop daemon to apply system limits #347301 + start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start + + i=0 + while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + else + checkconfd || return 1 + fi + + PID=$(cat "${PIDFILE}" 2>/dev/null) + if [ -z "${PID}" ]; then + einfo "${SVCNAME} not running (no pid file)" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k stop + + i=0 + while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k restart + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" + fi +} + +graceful() { + checkconfig || return 1 + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? +} + +gracefulstop() { + checkconfig || return 1 + ebegin "Gracefully stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful-stop + eend $? +} + +modules() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -M 2>&1 +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + ${LYNX} ${STATUSURL} + fi +} + +virtualhosts() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -S +} + +configdump() { + LYNX="${LYNX:-lynx -dump}" + INFOURL="${INFOURL:-http://localhost/server-info}" + + checkconfd || return 1 + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + echo "${APACHE2} started with '${APACHE2_OPTS}'" + for i in config server list; do + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' + done + fi +} + +# vim: ts=4 filetype=gentoo-init-d +@ + + +1.1.1.1 +log +@dispatch-conf update. +@ +text +@d105 1 +a105 1 + while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ +@ diff --git a/config-archive/etc/init.d/sshd b/config-archive/etc/init.d/sshd,v similarity index 51% rename from config-archive/etc/init.d/sshd rename to config-archive/etc/init.d/sshd,v index 2e0b442..059e53f 100755 --- a/config-archive/etc/init.d/sshd +++ b/config-archive/etc/init.d/sshd,v @@ -1,7 +1,36 @@ -#!/sbin/runscript -# Copyright 1999-2006 Gentoo Foundation +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2012.04.11.07.41.48; author root; state Exp; +branches + 1.1.1.1; +next ; + +1.1.1.1 +date 2012.04.11.07.42.00; author root; state Exp; +branches; +next ; + + +desc +@Archived config file. +@ + + +1.1 +log +@dispatch-conf update. +@ +text +@#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.27 2009/08/12 08:09:52 idl0r Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.1 2011/01/24 02:55:47 vapier Exp $ opts="${opts} reload checkconfig gen_keys" @@ -30,20 +59,23 @@ checkconfig() { "${SSHD_BINARY}" -t ${myopts} || return 1 } -gen_keys() { - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then - einfo "Generating Hostkey..." - /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then - einfo "Generating DSA-Hostkey..." - /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then - einfo "Generating RSA-Hostkey..." - /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 fi - return 0 + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? } start() { @@ -79,3 +111,36 @@ reload() { --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" eend $? } +@ + + +1.1.1.1 +log +@dispatch-conf update. +@ +text +@d4 1 +a4 1 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ +d6 1 +a6 2 +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" +d30 1 +a30 6 + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +d53 6 +a59 1 + +d63 1 +a63 1 + -- ${SSHD_OPTS} +d81 1 +a81 1 + start-stop-daemon --signal HUP \ +@ diff --git a/config-archive/etc/init.d/sshd.dist b/config-archive/etc/init.d/sshd.dist deleted file mode 100755 index 0afb948..0000000 --- a/config-archive/etc/init.d/sshd.dist +++ /dev/null @@ -1,82 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.1 2010/10/11 22:50:07 flameeyes Exp $ - -opts="${opts} reload checkconfig gen_keys" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - "${SSHD_BINARY}" -t ${myopts} || return 1 -} - -gen_keys() { - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \ - egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - einfo "Generating RSA1-Hostkey..." - /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then - einfo "Generating DSA-Hostkey..." - /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then - einfo "Generating RSA-Hostkey..." - /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 - fi - return 0 -} - -start() { - local myopts="" - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" - - checkconfig || return 1 - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${myopts} ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/config-archive/etc/ssh/sshd_config,v b/config-archive/etc/ssh/sshd_config,v index a58c897..e8cd103 100644 --- a/config-archive/etc/ssh/sshd_config,v +++ b/config-archive/etc/ssh/sshd_config,v @@ -1,4 +1,4 @@ -head 1.4; +head 1.5; access; symbols; locks; strict; @@ -6,6 +6,11 @@ comment @# @; expand @o@; +1.5 +date 2012.04.11.07.41.48; author root; state Exp; +branches; +next 1.4; + 1.4 date 2011.02.26.23.29.20; author root; state Exp; branches; @@ -40,6 +45,11 @@ next 1.1.1.3; 1.1.1.3 date 2011.02.26.23.35.37; author root; state Exp; branches; +next 1.1.1.4; + +1.1.1.4 +date 2012.04.11.07.41.48; author root; state Exp; +branches; next ; @@ -48,7 +58,7 @@ desc @ -1.4 +1.5 log @dispatch-conf update. @ @@ -78,6 +88,7 @@ text # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -234,6 +245,20 @@ PrintLastLog no # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no @@ -242,6 +267,16 @@ Subsystem sftp /usr/lib64/misc/sftp-server @ +1.4 +log +@dispatch-conf update. +@ +text +@d26 1 +d182 14 +@ + + 1.3 log @dispatch-conf update. @@ -483,3 +518,20 @@ a178 14 @ + + +1.1.1.4 +log +@dispatch-conf update. +@ +text +@d10 1 +a10 1 +# possible, but leave them commented. Uncommented options override the +a112 3 + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +a140 1 +#GSSAPIStrictAcceptorCheck yes +@ diff --git a/init.d/apache2 b/init.d/apache2 index 6d22ce8..c3ce4e7 100755 --- a/init.d/apache2 +++ b/init.d/apache2 @@ -102,7 +102,7 @@ stop() { ${APACHE2} ${APACHE2_OPTS} -k stop i=0 - while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ && [ $i -lt ${TIMEOUT} ]; do sleep 1 && i=$(expr $i + 1) done diff --git a/init.d/sshd b/init.d/sshd index 86f87ba..c55116e 100755 --- a/init.d/sshd +++ b/init.d/sshd @@ -1,9 +1,10 @@ #!/sbin/runscript # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.1 2011/01/24 02:55:47 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ -opts="${opts} reload checkconfig gen_keys" +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" depend() { use logger dns @@ -27,7 +28,12 @@ checkconfig() { gen_keys || return 1 - "${SSHD_BINARY}" -t ${myopts} || return 1 + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 } gen_key() { @@ -50,17 +56,12 @@ gen_keys() { } start() { - local myopts="" - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" - checkconfig || return 1 + ebegin "Starting ${SVCNAME}" start-stop-daemon --start --exec "${SSHD_BINARY}" \ --pidfile "${SSHD_PIDFILE}" \ - -- ${myopts} ${SSHD_OPTS} + -- ${SSHD_OPTS} eend $? } @@ -78,7 +79,7 @@ stop() { reload() { checkconfig || return 1 ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ + start-stop-daemon --signal HUP \ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" eend $? } diff --git a/ssh/sshd_config b/ssh/sshd_config index 284c2bc..b106d3c 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -111,6 +111,9 @@ PermitRootLogin no #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -140,6 +143,7 @@ ChallengeResponseAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -- 2.39.5