From: nutra-bot Date: Fri, 24 Jun 2022 13:42:59 +0000 (+0000) Subject: track all /etc X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=c4eddeba4f3e8307e299ff588258119f0270722b;p=nutratech%2Fvps-root.git track all /etc --- diff --git a/etc/.pwd.lock b/etc/.pwd.lock new file mode 100644 index 0000000..e69de29 diff --git a/etc/NetworkManager/dispatcher.d/hook-network-manager b/etc/NetworkManager/dispatcher.d/hook-network-manager new file mode 100755 index 0000000..67d9044 --- /dev/null +++ b/etc/NetworkManager/dispatcher.d/hook-network-manager @@ -0,0 +1,26 @@ +#!/bin/sh +# This file is part of cloud-init. See LICENSE file for license information. + +# This script hooks into NetworkManager(8) via its scripts +# arguments are 'interface-name' and 'action' +# +is_azure() { + local dmi_path="/sys/class/dmi/id/board_vendor" vendor="" + if [ -e "$dmi_path" ] && read vendor < "$dmi_path"; then + [ "$vendor" = "Microsoft Corporation" ] && return 0 + fi + return 1 +} + +is_enabled() { + # only execute hooks if cloud-init is enabled and on azure + [ -e /run/cloud-init/enabled ] || return 1 + is_azure +} + +if is_enabled; then + case "$1:$2" in + *:up) exec cloud-init dhclient-hook up "$1";; + *:down) exec cloud-init dhclient-hook down "$1";; + esac +fi diff --git a/etc/PackageKit/PackageKit.conf b/etc/PackageKit/PackageKit.conf new file mode 100644 index 0000000..41b487b --- /dev/null +++ b/etc/PackageKit/PackageKit.conf @@ -0,0 +1,21 @@ +# Only the system administrator should modify this file, ordinary users +# should not have to change anything. + +[Daemon] + +# Default backends, as chosen in the configure script. This will be used +# where no --backend="foo" option is given to the daemon. +# +# The order they are specified is the order they are tried, so for the +# value "foo,bar" first "foo" will be attempted and then "bar" if the +# libpk_backend_foo.so module load failed. +#DefaultBackend=auto + +# Unlock the backend after this many seconds idle. +#BackendShutdownTimeout=5 + +# Shut down the daemon after this many seconds idle. 0 means don't shutdown. +#ShutdownTimeout=300 + +# Keep the packages after they have been downloaded +#KeepCache=false diff --git a/etc/PackageKit/Vendor.conf b/etc/PackageKit/Vendor.conf new file mode 100644 index 0000000..752b8fd --- /dev/null +++ b/etc/PackageKit/Vendor.conf @@ -0,0 +1,48 @@ +# Only the system vendor should modify this file, ordinary users +# should not have to change anything. + +[PackagesNotFound] + +# This is a link to a vendor URL which is shown when a suitable package +# could not be found in any remote software repository. +# The page set here should explain how to add new software repositories if required. +# +# If the value is set to 'none' then no link is shown. +# +# default=http://www.packagekit.org/pk-package-not-found.html +DefaultUrl=https://help.ubuntu.com/community/Repositories/ + +# The URL which is shown to the user when a codec could not be found. +# It should explain why certain codecs cannot be used, and perhaps show +# links to web stores where the codec can be legally purchased. +# +# If the value is set to 'none' then the value of DefaultUrl is used. +# +# default=none +CodecUrl=http://shop.canonical.com/index.php?cPath=19&osCsid=f1e370ea7563ed5e654c10450364ff24 + +# The URL which is shown to the user when hardware drivers could not be found. +# It should explain why some hardware is not supported, and links to futher +# information. +# +# If the value is set to 'none' then the value of DefaultUrl is used. +# +# default=none +HardwareUrl=none + +# The URL which is shown to the user when fonts could not be found. +# Alternatives should probably be suggested where possible. +# +# If the value is set to 'none' then the value of DefaultUrl is used. +# +# default=none +FontUrl=none + +# The URL which is shown to the user when programs handing a mime tpye could not +# be found. It should probably explain how to use wine if the program is a +# Windows program, or suggest alternatives. +# +# If the value is set to 'none' then the value of DefaultUrl is used. +# +# default=none +MimeUrl=none diff --git a/etc/UPower/UPower.conf b/etc/UPower/UPower.conf new file mode 100644 index 0000000..e2c6a69 --- /dev/null +++ b/etc/UPower/UPower.conf @@ -0,0 +1,94 @@ +# Only the system vendor should modify this file, ordinary users +# should not have to change anything. + +[UPower] + +# Enable the Watts Up Pro device. +# +# The Watts Up Pro contains a generic FTDI USB device without a specific +# vendor and product ID. When we probe for WUP devices, we can cause +# the user to get a perplexing "Device or resource busy" error when +# attempting to use their non-WUP device. +# +# The generic FTDI device is known to also be used on: +# +# - Sparkfun FT232 breakout board +# - Parallax Propeller +# +# default=false +EnableWattsUpPro=false + +# Don't poll the kernel for battery level changes. +# +# Some hardware will send us battery level changes through +# events, rather than us having to poll for it. This option +# allows disabling polling for hardware that sends out events. +# +# default=false +NoPollBatteries=false + +# Do we ignore the lid state +# +# Some laptops are broken. The lid state is either inverted, or stuck +# on or off. We can't do much to fix these problems, but this is a way +# for users to make the laptop panel vanish, a state that might be used +# by a couple of user-space daemons. On Linux systems, see also +# logind.conf(5). +# +# default=false +IgnoreLid=false + +# Policy for warnings and action based on battery levels +# +# Whether battery percentage based policy should be used. The default +# is to use the time left, change to true to use the percentage, which +# should work around broken firmwares. It is also more reliable than +# the time left (frantically saving all your files is going to use more +# battery than letting it rest for example). +# default=true +UsePercentageForPolicy=true + +# When UsePercentageForPolicy is true, the levels at which UPower will +# consider the battery low, critical, or take action for the critical +# battery level. +# +# This will also be used for batteries which don't have time information +# such as that of peripherals. +# +# If any value is invalid, or not in descending order, the defaults +# will be used. +# +# Defaults: +# PercentageLow=10 +# PercentageCritical=3 +# PercentageAction=2 +PercentageLow=10 +PercentageCritical=3 +PercentageAction=2 + +# When UsePercentageForPolicy is false, the time remaining at which UPower +# will consider the battery low, critical, or take action for the critical +# battery level. +# +# If any value is invalid, or not in descending order, the defaults +# will be used. +# +# Defaults: +# TimeLow=1200 +# TimeCritical=300 +# TimeAction=120 +TimeLow=1200 +TimeCritical=300 +TimeAction=120 + +# The action to take when "TimeAction" or "PercentageAction" above has been +# reached for the batteries (UPS or laptop batteries) supplying the computer +# +# Possible values are: +# PowerOff +# Hibernate +# HybridSleep +# +# If HybridSleep isn't available, Hibernate will be used +# If Hibernate isn't available, PowerOff will be used +CriticalPowerAction=HybridSleep diff --git a/etc/X11/Xsession.d/20dbus_xdg-runtime b/etc/X11/Xsession.d/20dbus_xdg-runtime new file mode 100644 index 0000000..c541727 --- /dev/null +++ b/etc/X11/Xsession.d/20dbus_xdg-runtime @@ -0,0 +1,24 @@ +# vim:set ft=sh sw=2 sts=2 et: + +if [ -z "$DBUS_SESSION_BUS_ADDRESS" ] && [ -n "$XDG_RUNTIME_DIR" ] && \ + [ "$XDG_RUNTIME_DIR" = "/run/user/`id -u`" ] && \ + [ -S "$XDG_RUNTIME_DIR/bus" ]; then + # We are under systemd-logind or something remarkably similar, and + # a user-session socket has already been set up. + # + # Be nice to non-libdbus, non-sd-bus implementations by using + # that as the session bus address in the environment. The check for + # XDG_RUNTIME_DIR = "/run/user/`id -u`" is because we know that + # form of the address, from systemd-logind, doesn't need escaping, + # whereas arbitrary addresses might. + DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus" + export DBUS_SESSION_BUS_ADDRESS +fi + +if [ -x "/usr/bin/dbus-update-activation-environment" ]; then + # tell dbus-daemon --session (and systemd --user, if running) + # to put a minimal subset of the Xsession's environment in activated + # services' environments + dbus-update-activation-environment --verbose --systemd \ + DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY +fi diff --git a/etc/X11/Xsession.d/90gpg-agent b/etc/X11/Xsession.d/90gpg-agent new file mode 100644 index 0000000..8b45b05 --- /dev/null +++ b/etc/X11/Xsession.d/90gpg-agent @@ -0,0 +1,22 @@ +# On systems with systemd running, we expect the agent to be launched +# via systemd's user mode (see +# /usr/lib/systemd/user/gpg-agent.{socket,service} and +# systemd.unit(5)). This allows systemd to clean up the agent +# automatically at logout. + +# If systemd is absent from your system, or you do not permit it to +# run in user mode, then you may need to manually launch gpg-agent +# from your session initialization with something like "gpgconf +# --launch gpg-agent" + +# Nonetheless, ssh and older versions of gpg require environment +# variables to be set in order to find the agent, so we will set those +# here. + +agent_sock=$(gpgconf --list-dirs agent-socket) +export GPG_AGENT_INFO=${agent_sock}:0:1 +if [ -n "$(gpgconf --list-options gpg-agent | \ + awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +fi + diff --git a/etc/adduser.conf b/etc/adduser.conf new file mode 100644 index 0000000..d1e9e90 --- /dev/null +++ b/etc/adduser.conf @@ -0,0 +1,88 @@ +# /etc/adduser.conf: `adduser' configuration. +# See adduser(8) and adduser.conf(5) for full documentation. + +# The DSHELL variable specifies the default login shell on your +# system. +DSHELL=/bin/bash + +# The DHOME variable specifies the directory containing users' home +# directories. +DHOME=/home + +# If GROUPHOMES is "yes", then the home directories will be created as +# /home/groupname/user. +GROUPHOMES=no + +# If LETTERHOMES is "yes", then the created home directories will have +# an extra directory - the first letter of the user name. For example: +# /home/u/user. +LETTERHOMES=no + +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +SKEL=/etc/skel + +# FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs +# for dynamically allocated administrative and system accounts/groups. +# Please note that system software, such as the users allocated by the base-passwd +# package, may assume that UIDs less than 100 are unallocated. +FIRST_SYSTEM_UID=100 +LAST_SYSTEM_UID=999 + +FIRST_SYSTEM_GID=100 +LAST_SYSTEM_GID=999 + +# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically +# allocated user accounts/groups. +FIRST_UID=1000 +LAST_UID=59999 + +FIRST_GID=1000 +LAST_GID=59999 + +# The USERGROUPS variable can be either "yes" or "no". If "yes" each +# created user will be given their own group to use as a default. If +# "no", each created user will be placed in the group whose gid is +# USERS_GID (see below). +USERGROUPS=yes + +# If USERGROUPS is "no", then USERS_GID should be the GID of the group +# `users' (or the equivalent group) on your system. +USERS_GID=100 + +# If DIR_MODE is set, directories will be created with the specified +# mode. Otherwise the default mode 0755 will be used. +DIR_MODE=0755 + +# If SETGID_HOME is "yes" home directories for users with their own +# group the setgid bit will be set. This was the default for +# versions << 3.13 of adduser. Because it has some bad side effects we +# no longer do this per default. If you want it nevertheless you can +# still set it here. +SETGID_HOME=no + +# If QUOTAUSER is set, a default quota will be set from that user with +# `edquota -p QUOTAUSER newuser' +QUOTAUSER="" + +# If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this +# regular expression when creating a new home directory +SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)" + +# Set this if you want the --add_extra_groups option to adduser to add +# new users to other groups. +# This is the list of groups that new non-system users will be added to +# Default: +#EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users" + +# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS +# option above will be default behavior for adding new, non-system users +#ADD_EXTRA_GROUPS=1 + + +# check user and group names also against this regular expression. +#NAME_REGEX="^[a-z][-a-z0-9_]*\$" + +# use extrausers by default +#USE_EXTRAUSERS=1 diff --git a/etc/alternatives/ABORT.7.gz b/etc/alternatives/ABORT.7.gz new file mode 120000 index 0000000..caf9e0f --- /dev/null +++ b/etc/alternatives/ABORT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ABORT.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_AGGREGATE.7.gz b/etc/alternatives/ALTER_AGGREGATE.7.gz new file mode 120000 index 0000000..d4d1328 --- /dev/null +++ b/etc/alternatives/ALTER_AGGREGATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_AGGREGATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_COLLATION.7.gz b/etc/alternatives/ALTER_COLLATION.7.gz new file mode 120000 index 0000000..46563ad --- /dev/null +++ b/etc/alternatives/ALTER_COLLATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_COLLATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_CONVERSION.7.gz b/etc/alternatives/ALTER_CONVERSION.7.gz new file mode 120000 index 0000000..f60c156 --- /dev/null +++ b/etc/alternatives/ALTER_CONVERSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_CONVERSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_DATABASE.7.gz b/etc/alternatives/ALTER_DATABASE.7.gz new file mode 120000 index 0000000..ecbc44e --- /dev/null +++ b/etc/alternatives/ALTER_DATABASE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_DATABASE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_DEFAULT_PRIVILEGES.7.gz b/etc/alternatives/ALTER_DEFAULT_PRIVILEGES.7.gz new file mode 120000 index 0000000..b943d3c --- /dev/null +++ b/etc/alternatives/ALTER_DEFAULT_PRIVILEGES.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_DEFAULT_PRIVILEGES.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_DOMAIN.7.gz b/etc/alternatives/ALTER_DOMAIN.7.gz new file mode 120000 index 0000000..fa8ffd0 --- /dev/null +++ b/etc/alternatives/ALTER_DOMAIN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_DOMAIN.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_EVENT_TRIGGER.7.gz b/etc/alternatives/ALTER_EVENT_TRIGGER.7.gz new file mode 120000 index 0000000..534399e --- /dev/null +++ b/etc/alternatives/ALTER_EVENT_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_EVENT_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_EXTENSION.7.gz b/etc/alternatives/ALTER_EXTENSION.7.gz new file mode 120000 index 0000000..fbe7b37 --- /dev/null +++ b/etc/alternatives/ALTER_EXTENSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_EXTENSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_FOREIGN_DATA_WRAPPER.7.gz b/etc/alternatives/ALTER_FOREIGN_DATA_WRAPPER.7.gz new file mode 120000 index 0000000..c0c4f21 --- /dev/null +++ b/etc/alternatives/ALTER_FOREIGN_DATA_WRAPPER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_FOREIGN_DATA_WRAPPER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_FOREIGN_TABLE.7.gz b/etc/alternatives/ALTER_FOREIGN_TABLE.7.gz new file mode 120000 index 0000000..8978332 --- /dev/null +++ b/etc/alternatives/ALTER_FOREIGN_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_FOREIGN_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_FUNCTION.7.gz b/etc/alternatives/ALTER_FUNCTION.7.gz new file mode 120000 index 0000000..fb7d4a1 --- /dev/null +++ b/etc/alternatives/ALTER_FUNCTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_FUNCTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_GROUP.7.gz b/etc/alternatives/ALTER_GROUP.7.gz new file mode 120000 index 0000000..2f947cf --- /dev/null +++ b/etc/alternatives/ALTER_GROUP.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_GROUP.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_INDEX.7.gz b/etc/alternatives/ALTER_INDEX.7.gz new file mode 120000 index 0000000..9c14677 --- /dev/null +++ b/etc/alternatives/ALTER_INDEX.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_INDEX.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_LANGUAGE.7.gz b/etc/alternatives/ALTER_LANGUAGE.7.gz new file mode 120000 index 0000000..9b4f699 --- /dev/null +++ b/etc/alternatives/ALTER_LANGUAGE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_LANGUAGE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_LARGE_OBJECT.7.gz b/etc/alternatives/ALTER_LARGE_OBJECT.7.gz new file mode 120000 index 0000000..1496e56 --- /dev/null +++ b/etc/alternatives/ALTER_LARGE_OBJECT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_LARGE_OBJECT.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_MATERIALIZED_VIEW.7.gz b/etc/alternatives/ALTER_MATERIALIZED_VIEW.7.gz new file mode 120000 index 0000000..0a56127 --- /dev/null +++ b/etc/alternatives/ALTER_MATERIALIZED_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_MATERIALIZED_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_OPERATOR.7.gz b/etc/alternatives/ALTER_OPERATOR.7.gz new file mode 120000 index 0000000..1fdd3d0 --- /dev/null +++ b/etc/alternatives/ALTER_OPERATOR.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_OPERATOR.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_OPERATOR_CLASS.7.gz b/etc/alternatives/ALTER_OPERATOR_CLASS.7.gz new file mode 120000 index 0000000..e4d7707 --- /dev/null +++ b/etc/alternatives/ALTER_OPERATOR_CLASS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_OPERATOR_CLASS.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_OPERATOR_FAMILY.7.gz b/etc/alternatives/ALTER_OPERATOR_FAMILY.7.gz new file mode 120000 index 0000000..e54cb5f --- /dev/null +++ b/etc/alternatives/ALTER_OPERATOR_FAMILY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_OPERATOR_FAMILY.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_POLICY.7.gz b/etc/alternatives/ALTER_POLICY.7.gz new file mode 120000 index 0000000..5f90047 --- /dev/null +++ b/etc/alternatives/ALTER_POLICY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_POLICY.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_PROCEDURE.7.gz b/etc/alternatives/ALTER_PROCEDURE.7.gz new file mode 120000 index 0000000..b8a59fe --- /dev/null +++ b/etc/alternatives/ALTER_PROCEDURE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_PROCEDURE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_PUBLICATION.7.gz b/etc/alternatives/ALTER_PUBLICATION.7.gz new file mode 120000 index 0000000..8e63d89 --- /dev/null +++ b/etc/alternatives/ALTER_PUBLICATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_PUBLICATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_ROLE.7.gz b/etc/alternatives/ALTER_ROLE.7.gz new file mode 120000 index 0000000..77009b1 --- /dev/null +++ b/etc/alternatives/ALTER_ROLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_ROLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_ROUTINE.7.gz b/etc/alternatives/ALTER_ROUTINE.7.gz new file mode 120000 index 0000000..68f85ae --- /dev/null +++ b/etc/alternatives/ALTER_ROUTINE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_ROUTINE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_RULE.7.gz b/etc/alternatives/ALTER_RULE.7.gz new file mode 120000 index 0000000..e63e954 --- /dev/null +++ b/etc/alternatives/ALTER_RULE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_RULE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_SCHEMA.7.gz b/etc/alternatives/ALTER_SCHEMA.7.gz new file mode 120000 index 0000000..7acc207 --- /dev/null +++ b/etc/alternatives/ALTER_SCHEMA.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_SCHEMA.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_SEQUENCE.7.gz b/etc/alternatives/ALTER_SEQUENCE.7.gz new file mode 120000 index 0000000..490bfe8 --- /dev/null +++ b/etc/alternatives/ALTER_SEQUENCE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_SEQUENCE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_SERVER.7.gz b/etc/alternatives/ALTER_SERVER.7.gz new file mode 120000 index 0000000..7c8038c --- /dev/null +++ b/etc/alternatives/ALTER_SERVER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_SERVER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_STATISTICS.7.gz b/etc/alternatives/ALTER_STATISTICS.7.gz new file mode 120000 index 0000000..ecf8d3c --- /dev/null +++ b/etc/alternatives/ALTER_STATISTICS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_STATISTICS.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_SUBSCRIPTION.7.gz b/etc/alternatives/ALTER_SUBSCRIPTION.7.gz new file mode 120000 index 0000000..983b08d --- /dev/null +++ b/etc/alternatives/ALTER_SUBSCRIPTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_SUBSCRIPTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_SYSTEM.7.gz b/etc/alternatives/ALTER_SYSTEM.7.gz new file mode 120000 index 0000000..3482f27 --- /dev/null +++ b/etc/alternatives/ALTER_SYSTEM.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_SYSTEM.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TABLE.7.gz b/etc/alternatives/ALTER_TABLE.7.gz new file mode 120000 index 0000000..dec138c --- /dev/null +++ b/etc/alternatives/ALTER_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TABLESPACE.7.gz b/etc/alternatives/ALTER_TABLESPACE.7.gz new file mode 120000 index 0000000..7110f2a --- /dev/null +++ b/etc/alternatives/ALTER_TABLESPACE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TABLESPACE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TEXT_SEARCH_CONFIGURATION.7.gz b/etc/alternatives/ALTER_TEXT_SEARCH_CONFIGURATION.7.gz new file mode 120000 index 0000000..3fcd204 --- /dev/null +++ b/etc/alternatives/ALTER_TEXT_SEARCH_CONFIGURATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_CONFIGURATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TEXT_SEARCH_DICTIONARY.7.gz b/etc/alternatives/ALTER_TEXT_SEARCH_DICTIONARY.7.gz new file mode 120000 index 0000000..18194bb --- /dev/null +++ b/etc/alternatives/ALTER_TEXT_SEARCH_DICTIONARY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_DICTIONARY.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TEXT_SEARCH_PARSER.7.gz b/etc/alternatives/ALTER_TEXT_SEARCH_PARSER.7.gz new file mode 120000 index 0000000..3435a0b --- /dev/null +++ b/etc/alternatives/ALTER_TEXT_SEARCH_PARSER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_PARSER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TEXT_SEARCH_TEMPLATE.7.gz b/etc/alternatives/ALTER_TEXT_SEARCH_TEMPLATE.7.gz new file mode 120000 index 0000000..79cf350 --- /dev/null +++ b/etc/alternatives/ALTER_TEXT_SEARCH_TEMPLATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_TEMPLATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TRIGGER.7.gz b/etc/alternatives/ALTER_TRIGGER.7.gz new file mode 120000 index 0000000..f91bbe4 --- /dev/null +++ b/etc/alternatives/ALTER_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_TYPE.7.gz b/etc/alternatives/ALTER_TYPE.7.gz new file mode 120000 index 0000000..b684d26 --- /dev/null +++ b/etc/alternatives/ALTER_TYPE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_TYPE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_USER.7.gz b/etc/alternatives/ALTER_USER.7.gz new file mode 120000 index 0000000..2753f93 --- /dev/null +++ b/etc/alternatives/ALTER_USER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_USER.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_USER_MAPPING.7.gz b/etc/alternatives/ALTER_USER_MAPPING.7.gz new file mode 120000 index 0000000..86bad76 --- /dev/null +++ b/etc/alternatives/ALTER_USER_MAPPING.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_USER_MAPPING.7.gz \ No newline at end of file diff --git a/etc/alternatives/ALTER_VIEW.7.gz b/etc/alternatives/ALTER_VIEW.7.gz new file mode 120000 index 0000000..e1164e7 --- /dev/null +++ b/etc/alternatives/ALTER_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ALTER_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/ANALYZE.7.gz b/etc/alternatives/ANALYZE.7.gz new file mode 120000 index 0000000..d92707c --- /dev/null +++ b/etc/alternatives/ANALYZE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ANALYZE.7.gz \ No newline at end of file diff --git a/etc/alternatives/BEGIN.7.gz b/etc/alternatives/BEGIN.7.gz new file mode 120000 index 0000000..02af5de --- /dev/null +++ b/etc/alternatives/BEGIN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/BEGIN.7.gz \ No newline at end of file diff --git a/etc/alternatives/CALL.7.gz b/etc/alternatives/CALL.7.gz new file mode 120000 index 0000000..9814054 --- /dev/null +++ b/etc/alternatives/CALL.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CALL.7.gz \ No newline at end of file diff --git a/etc/alternatives/CHECKPOINT.7.gz b/etc/alternatives/CHECKPOINT.7.gz new file mode 120000 index 0000000..077d8b8 --- /dev/null +++ b/etc/alternatives/CHECKPOINT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CHECKPOINT.7.gz \ No newline at end of file diff --git a/etc/alternatives/CLOSE.7.gz b/etc/alternatives/CLOSE.7.gz new file mode 120000 index 0000000..15e7e00 --- /dev/null +++ b/etc/alternatives/CLOSE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CLOSE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CLUSTER.7.gz b/etc/alternatives/CLUSTER.7.gz new file mode 120000 index 0000000..de6cfbe --- /dev/null +++ b/etc/alternatives/CLUSTER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CLUSTER.7.gz \ No newline at end of file diff --git a/etc/alternatives/COMMENT.7.gz b/etc/alternatives/COMMENT.7.gz new file mode 120000 index 0000000..4894b43 --- /dev/null +++ b/etc/alternatives/COMMENT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/COMMENT.7.gz \ No newline at end of file diff --git a/etc/alternatives/COMMIT.7.gz b/etc/alternatives/COMMIT.7.gz new file mode 120000 index 0000000..a7b9344 --- /dev/null +++ b/etc/alternatives/COMMIT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/COMMIT.7.gz \ No newline at end of file diff --git a/etc/alternatives/COMMIT_PREPARED.7.gz b/etc/alternatives/COMMIT_PREPARED.7.gz new file mode 120000 index 0000000..17b0f73 --- /dev/null +++ b/etc/alternatives/COMMIT_PREPARED.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/COMMIT_PREPARED.7.gz \ No newline at end of file diff --git a/etc/alternatives/COPY.7.gz b/etc/alternatives/COPY.7.gz new file mode 120000 index 0000000..62e1dd8 --- /dev/null +++ b/etc/alternatives/COPY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/COPY.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_ACCESS_METHOD.7.gz b/etc/alternatives/CREATE_ACCESS_METHOD.7.gz new file mode 120000 index 0000000..2bd2c51 --- /dev/null +++ b/etc/alternatives/CREATE_ACCESS_METHOD.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_ACCESS_METHOD.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_AGGREGATE.7.gz b/etc/alternatives/CREATE_AGGREGATE.7.gz new file mode 120000 index 0000000..1c8baf1 --- /dev/null +++ b/etc/alternatives/CREATE_AGGREGATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_AGGREGATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_CAST.7.gz b/etc/alternatives/CREATE_CAST.7.gz new file mode 120000 index 0000000..e254003 --- /dev/null +++ b/etc/alternatives/CREATE_CAST.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_CAST.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_COLLATION.7.gz b/etc/alternatives/CREATE_COLLATION.7.gz new file mode 120000 index 0000000..456ea1c --- /dev/null +++ b/etc/alternatives/CREATE_COLLATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_COLLATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_CONVERSION.7.gz b/etc/alternatives/CREATE_CONVERSION.7.gz new file mode 120000 index 0000000..f0eb37a --- /dev/null +++ b/etc/alternatives/CREATE_CONVERSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_CONVERSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_DATABASE.7.gz b/etc/alternatives/CREATE_DATABASE.7.gz new file mode 120000 index 0000000..77e5091 --- /dev/null +++ b/etc/alternatives/CREATE_DATABASE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_DATABASE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_DOMAIN.7.gz b/etc/alternatives/CREATE_DOMAIN.7.gz new file mode 120000 index 0000000..effc484 --- /dev/null +++ b/etc/alternatives/CREATE_DOMAIN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_DOMAIN.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_EVENT_TRIGGER.7.gz b/etc/alternatives/CREATE_EVENT_TRIGGER.7.gz new file mode 120000 index 0000000..cb530c1 --- /dev/null +++ b/etc/alternatives/CREATE_EVENT_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_EVENT_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_EXTENSION.7.gz b/etc/alternatives/CREATE_EXTENSION.7.gz new file mode 120000 index 0000000..e77abea --- /dev/null +++ b/etc/alternatives/CREATE_EXTENSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_EXTENSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_FOREIGN_DATA_WRAPPER.7.gz b/etc/alternatives/CREATE_FOREIGN_DATA_WRAPPER.7.gz new file mode 120000 index 0000000..dc11737 --- /dev/null +++ b/etc/alternatives/CREATE_FOREIGN_DATA_WRAPPER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_FOREIGN_DATA_WRAPPER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_FOREIGN_TABLE.7.gz b/etc/alternatives/CREATE_FOREIGN_TABLE.7.gz new file mode 120000 index 0000000..699760b --- /dev/null +++ b/etc/alternatives/CREATE_FOREIGN_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_FOREIGN_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_FUNCTION.7.gz b/etc/alternatives/CREATE_FUNCTION.7.gz new file mode 120000 index 0000000..023bcc0 --- /dev/null +++ b/etc/alternatives/CREATE_FUNCTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_FUNCTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_GROUP.7.gz b/etc/alternatives/CREATE_GROUP.7.gz new file mode 120000 index 0000000..aa7dadb --- /dev/null +++ b/etc/alternatives/CREATE_GROUP.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_GROUP.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_INDEX.7.gz b/etc/alternatives/CREATE_INDEX.7.gz new file mode 120000 index 0000000..7a88f66 --- /dev/null +++ b/etc/alternatives/CREATE_INDEX.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_INDEX.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_LANGUAGE.7.gz b/etc/alternatives/CREATE_LANGUAGE.7.gz new file mode 120000 index 0000000..2bc3a01 --- /dev/null +++ b/etc/alternatives/CREATE_LANGUAGE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_LANGUAGE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_MATERIALIZED_VIEW.7.gz b/etc/alternatives/CREATE_MATERIALIZED_VIEW.7.gz new file mode 120000 index 0000000..5ade164 --- /dev/null +++ b/etc/alternatives/CREATE_MATERIALIZED_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_MATERIALIZED_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_OPERATOR.7.gz b/etc/alternatives/CREATE_OPERATOR.7.gz new file mode 120000 index 0000000..d29760f --- /dev/null +++ b/etc/alternatives/CREATE_OPERATOR.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_OPERATOR.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_OPERATOR_CLASS.7.gz b/etc/alternatives/CREATE_OPERATOR_CLASS.7.gz new file mode 120000 index 0000000..4f19d1b --- /dev/null +++ b/etc/alternatives/CREATE_OPERATOR_CLASS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_OPERATOR_CLASS.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_OPERATOR_FAMILY.7.gz b/etc/alternatives/CREATE_OPERATOR_FAMILY.7.gz new file mode 120000 index 0000000..531170f --- /dev/null +++ b/etc/alternatives/CREATE_OPERATOR_FAMILY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_OPERATOR_FAMILY.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_POLICY.7.gz b/etc/alternatives/CREATE_POLICY.7.gz new file mode 120000 index 0000000..6a5ac1d --- /dev/null +++ b/etc/alternatives/CREATE_POLICY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_POLICY.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_PROCEDURE.7.gz b/etc/alternatives/CREATE_PROCEDURE.7.gz new file mode 120000 index 0000000..6d0e6ed --- /dev/null +++ b/etc/alternatives/CREATE_PROCEDURE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_PROCEDURE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_PUBLICATION.7.gz b/etc/alternatives/CREATE_PUBLICATION.7.gz new file mode 120000 index 0000000..1080077 --- /dev/null +++ b/etc/alternatives/CREATE_PUBLICATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_PUBLICATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_ROLE.7.gz b/etc/alternatives/CREATE_ROLE.7.gz new file mode 120000 index 0000000..46dfea9 --- /dev/null +++ b/etc/alternatives/CREATE_ROLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_ROLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_RULE.7.gz b/etc/alternatives/CREATE_RULE.7.gz new file mode 120000 index 0000000..9e02aed --- /dev/null +++ b/etc/alternatives/CREATE_RULE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_RULE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_SCHEMA.7.gz b/etc/alternatives/CREATE_SCHEMA.7.gz new file mode 120000 index 0000000..7081f52 --- /dev/null +++ b/etc/alternatives/CREATE_SCHEMA.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_SCHEMA.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_SEQUENCE.7.gz b/etc/alternatives/CREATE_SEQUENCE.7.gz new file mode 120000 index 0000000..bce88bc --- /dev/null +++ b/etc/alternatives/CREATE_SEQUENCE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_SEQUENCE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_SERVER.7.gz b/etc/alternatives/CREATE_SERVER.7.gz new file mode 120000 index 0000000..70c65f5 --- /dev/null +++ b/etc/alternatives/CREATE_SERVER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_SERVER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_STATISTICS.7.gz b/etc/alternatives/CREATE_STATISTICS.7.gz new file mode 120000 index 0000000..854175e --- /dev/null +++ b/etc/alternatives/CREATE_STATISTICS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_STATISTICS.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_SUBSCRIPTION.7.gz b/etc/alternatives/CREATE_SUBSCRIPTION.7.gz new file mode 120000 index 0000000..0d284cf --- /dev/null +++ b/etc/alternatives/CREATE_SUBSCRIPTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_SUBSCRIPTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TABLE.7.gz b/etc/alternatives/CREATE_TABLE.7.gz new file mode 120000 index 0000000..a25f0d5 --- /dev/null +++ b/etc/alternatives/CREATE_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TABLESPACE.7.gz b/etc/alternatives/CREATE_TABLESPACE.7.gz new file mode 120000 index 0000000..6b26554 --- /dev/null +++ b/etc/alternatives/CREATE_TABLESPACE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TABLESPACE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TABLE_AS.7.gz b/etc/alternatives/CREATE_TABLE_AS.7.gz new file mode 120000 index 0000000..db9cc67 --- /dev/null +++ b/etc/alternatives/CREATE_TABLE_AS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TABLE_AS.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TEXT_SEARCH_CONFIGURATION.7.gz b/etc/alternatives/CREATE_TEXT_SEARCH_CONFIGURATION.7.gz new file mode 120000 index 0000000..f4225dd --- /dev/null +++ b/etc/alternatives/CREATE_TEXT_SEARCH_CONFIGURATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_CONFIGURATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TEXT_SEARCH_DICTIONARY.7.gz b/etc/alternatives/CREATE_TEXT_SEARCH_DICTIONARY.7.gz new file mode 120000 index 0000000..f25805f --- /dev/null +++ b/etc/alternatives/CREATE_TEXT_SEARCH_DICTIONARY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_DICTIONARY.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TEXT_SEARCH_PARSER.7.gz b/etc/alternatives/CREATE_TEXT_SEARCH_PARSER.7.gz new file mode 120000 index 0000000..81412c7 --- /dev/null +++ b/etc/alternatives/CREATE_TEXT_SEARCH_PARSER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_PARSER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TEXT_SEARCH_TEMPLATE.7.gz b/etc/alternatives/CREATE_TEXT_SEARCH_TEMPLATE.7.gz new file mode 120000 index 0000000..e14ee0e --- /dev/null +++ b/etc/alternatives/CREATE_TEXT_SEARCH_TEMPLATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_TEMPLATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TRANSFORM.7.gz b/etc/alternatives/CREATE_TRANSFORM.7.gz new file mode 120000 index 0000000..5f24fd2 --- /dev/null +++ b/etc/alternatives/CREATE_TRANSFORM.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TRANSFORM.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TRIGGER.7.gz b/etc/alternatives/CREATE_TRIGGER.7.gz new file mode 120000 index 0000000..e0fe3c9 --- /dev/null +++ b/etc/alternatives/CREATE_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_TYPE.7.gz b/etc/alternatives/CREATE_TYPE.7.gz new file mode 120000 index 0000000..dabfb84 --- /dev/null +++ b/etc/alternatives/CREATE_TYPE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_TYPE.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_USER.7.gz b/etc/alternatives/CREATE_USER.7.gz new file mode 120000 index 0000000..98c55cd --- /dev/null +++ b/etc/alternatives/CREATE_USER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_USER.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_USER_MAPPING.7.gz b/etc/alternatives/CREATE_USER_MAPPING.7.gz new file mode 120000 index 0000000..2c9bff7 --- /dev/null +++ b/etc/alternatives/CREATE_USER_MAPPING.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_USER_MAPPING.7.gz \ No newline at end of file diff --git a/etc/alternatives/CREATE_VIEW.7.gz b/etc/alternatives/CREATE_VIEW.7.gz new file mode 120000 index 0000000..87bccba --- /dev/null +++ b/etc/alternatives/CREATE_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/CREATE_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/DEALLOCATE.7.gz b/etc/alternatives/DEALLOCATE.7.gz new file mode 120000 index 0000000..b6ae17e --- /dev/null +++ b/etc/alternatives/DEALLOCATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DEALLOCATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DECLARE.7.gz b/etc/alternatives/DECLARE.7.gz new file mode 120000 index 0000000..557bb21 --- /dev/null +++ b/etc/alternatives/DECLARE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DECLARE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DELETE.7.gz b/etc/alternatives/DELETE.7.gz new file mode 120000 index 0000000..01677df --- /dev/null +++ b/etc/alternatives/DELETE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DELETE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DISCARD.7.gz b/etc/alternatives/DISCARD.7.gz new file mode 120000 index 0000000..9d92721 --- /dev/null +++ b/etc/alternatives/DISCARD.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DISCARD.7.gz \ No newline at end of file diff --git a/etc/alternatives/DO.7.gz b/etc/alternatives/DO.7.gz new file mode 120000 index 0000000..f56f0d0 --- /dev/null +++ b/etc/alternatives/DO.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DO.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_ACCESS_METHOD.7.gz b/etc/alternatives/DROP_ACCESS_METHOD.7.gz new file mode 120000 index 0000000..b2a02de --- /dev/null +++ b/etc/alternatives/DROP_ACCESS_METHOD.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_ACCESS_METHOD.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_AGGREGATE.7.gz b/etc/alternatives/DROP_AGGREGATE.7.gz new file mode 120000 index 0000000..989dade --- /dev/null +++ b/etc/alternatives/DROP_AGGREGATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_AGGREGATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_CAST.7.gz b/etc/alternatives/DROP_CAST.7.gz new file mode 120000 index 0000000..3814b05 --- /dev/null +++ b/etc/alternatives/DROP_CAST.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_CAST.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_COLLATION.7.gz b/etc/alternatives/DROP_COLLATION.7.gz new file mode 120000 index 0000000..1056c1d --- /dev/null +++ b/etc/alternatives/DROP_COLLATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_COLLATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_CONVERSION.7.gz b/etc/alternatives/DROP_CONVERSION.7.gz new file mode 120000 index 0000000..a6b6cbc --- /dev/null +++ b/etc/alternatives/DROP_CONVERSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_CONVERSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_DATABASE.7.gz b/etc/alternatives/DROP_DATABASE.7.gz new file mode 120000 index 0000000..5173ab2 --- /dev/null +++ b/etc/alternatives/DROP_DATABASE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_DATABASE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_DOMAIN.7.gz b/etc/alternatives/DROP_DOMAIN.7.gz new file mode 120000 index 0000000..ad4c54e --- /dev/null +++ b/etc/alternatives/DROP_DOMAIN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_DOMAIN.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_EVENT_TRIGGER.7.gz b/etc/alternatives/DROP_EVENT_TRIGGER.7.gz new file mode 120000 index 0000000..4ff6f92 --- /dev/null +++ b/etc/alternatives/DROP_EVENT_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_EVENT_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_EXTENSION.7.gz b/etc/alternatives/DROP_EXTENSION.7.gz new file mode 120000 index 0000000..5584bcc --- /dev/null +++ b/etc/alternatives/DROP_EXTENSION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_EXTENSION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_FOREIGN_DATA_WRAPPER.7.gz b/etc/alternatives/DROP_FOREIGN_DATA_WRAPPER.7.gz new file mode 120000 index 0000000..606565f --- /dev/null +++ b/etc/alternatives/DROP_FOREIGN_DATA_WRAPPER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_FOREIGN_DATA_WRAPPER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_FOREIGN_TABLE.7.gz b/etc/alternatives/DROP_FOREIGN_TABLE.7.gz new file mode 120000 index 0000000..dbe7ccb --- /dev/null +++ b/etc/alternatives/DROP_FOREIGN_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_FOREIGN_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_FUNCTION.7.gz b/etc/alternatives/DROP_FUNCTION.7.gz new file mode 120000 index 0000000..20bd1e8 --- /dev/null +++ b/etc/alternatives/DROP_FUNCTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_FUNCTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_GROUP.7.gz b/etc/alternatives/DROP_GROUP.7.gz new file mode 120000 index 0000000..a0079aa --- /dev/null +++ b/etc/alternatives/DROP_GROUP.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_GROUP.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_INDEX.7.gz b/etc/alternatives/DROP_INDEX.7.gz new file mode 120000 index 0000000..c377ed2 --- /dev/null +++ b/etc/alternatives/DROP_INDEX.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_INDEX.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_LANGUAGE.7.gz b/etc/alternatives/DROP_LANGUAGE.7.gz new file mode 120000 index 0000000..5c371cf --- /dev/null +++ b/etc/alternatives/DROP_LANGUAGE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_LANGUAGE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_MATERIALIZED_VIEW.7.gz b/etc/alternatives/DROP_MATERIALIZED_VIEW.7.gz new file mode 120000 index 0000000..2b51f7a --- /dev/null +++ b/etc/alternatives/DROP_MATERIALIZED_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_MATERIALIZED_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_OPERATOR.7.gz b/etc/alternatives/DROP_OPERATOR.7.gz new file mode 120000 index 0000000..7d6f7ff --- /dev/null +++ b/etc/alternatives/DROP_OPERATOR.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_OPERATOR.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_OPERATOR_CLASS.7.gz b/etc/alternatives/DROP_OPERATOR_CLASS.7.gz new file mode 120000 index 0000000..21e60a0 --- /dev/null +++ b/etc/alternatives/DROP_OPERATOR_CLASS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_OPERATOR_CLASS.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_OPERATOR_FAMILY.7.gz b/etc/alternatives/DROP_OPERATOR_FAMILY.7.gz new file mode 120000 index 0000000..c8fd417 --- /dev/null +++ b/etc/alternatives/DROP_OPERATOR_FAMILY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_OPERATOR_FAMILY.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_OWNED.7.gz b/etc/alternatives/DROP_OWNED.7.gz new file mode 120000 index 0000000..76f8fca --- /dev/null +++ b/etc/alternatives/DROP_OWNED.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_OWNED.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_POLICY.7.gz b/etc/alternatives/DROP_POLICY.7.gz new file mode 120000 index 0000000..adc2635 --- /dev/null +++ b/etc/alternatives/DROP_POLICY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_POLICY.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_PROCEDURE.7.gz b/etc/alternatives/DROP_PROCEDURE.7.gz new file mode 120000 index 0000000..27627fd --- /dev/null +++ b/etc/alternatives/DROP_PROCEDURE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_PROCEDURE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_PUBLICATION.7.gz b/etc/alternatives/DROP_PUBLICATION.7.gz new file mode 120000 index 0000000..e619206 --- /dev/null +++ b/etc/alternatives/DROP_PUBLICATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_PUBLICATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_ROLE.7.gz b/etc/alternatives/DROP_ROLE.7.gz new file mode 120000 index 0000000..f808078 --- /dev/null +++ b/etc/alternatives/DROP_ROLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_ROLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_ROUTINE.7.gz b/etc/alternatives/DROP_ROUTINE.7.gz new file mode 120000 index 0000000..a24b995 --- /dev/null +++ b/etc/alternatives/DROP_ROUTINE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_ROUTINE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_RULE.7.gz b/etc/alternatives/DROP_RULE.7.gz new file mode 120000 index 0000000..369bd4a --- /dev/null +++ b/etc/alternatives/DROP_RULE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_RULE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_SCHEMA.7.gz b/etc/alternatives/DROP_SCHEMA.7.gz new file mode 120000 index 0000000..9c167f8 --- /dev/null +++ b/etc/alternatives/DROP_SCHEMA.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_SCHEMA.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_SEQUENCE.7.gz b/etc/alternatives/DROP_SEQUENCE.7.gz new file mode 120000 index 0000000..fd7b9ac --- /dev/null +++ b/etc/alternatives/DROP_SEQUENCE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_SEQUENCE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_SERVER.7.gz b/etc/alternatives/DROP_SERVER.7.gz new file mode 120000 index 0000000..5d55bcc --- /dev/null +++ b/etc/alternatives/DROP_SERVER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_SERVER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_STATISTICS.7.gz b/etc/alternatives/DROP_STATISTICS.7.gz new file mode 120000 index 0000000..f2daa43 --- /dev/null +++ b/etc/alternatives/DROP_STATISTICS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_STATISTICS.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_SUBSCRIPTION.7.gz b/etc/alternatives/DROP_SUBSCRIPTION.7.gz new file mode 120000 index 0000000..eb1a450 --- /dev/null +++ b/etc/alternatives/DROP_SUBSCRIPTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_SUBSCRIPTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TABLE.7.gz b/etc/alternatives/DROP_TABLE.7.gz new file mode 120000 index 0000000..e60d20e --- /dev/null +++ b/etc/alternatives/DROP_TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TABLESPACE.7.gz b/etc/alternatives/DROP_TABLESPACE.7.gz new file mode 120000 index 0000000..8ce36ee --- /dev/null +++ b/etc/alternatives/DROP_TABLESPACE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TABLESPACE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TEXT_SEARCH_CONFIGURATION.7.gz b/etc/alternatives/DROP_TEXT_SEARCH_CONFIGURATION.7.gz new file mode 120000 index 0000000..9c309c8 --- /dev/null +++ b/etc/alternatives/DROP_TEXT_SEARCH_CONFIGURATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_CONFIGURATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TEXT_SEARCH_DICTIONARY.7.gz b/etc/alternatives/DROP_TEXT_SEARCH_DICTIONARY.7.gz new file mode 120000 index 0000000..256d3bd --- /dev/null +++ b/etc/alternatives/DROP_TEXT_SEARCH_DICTIONARY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_DICTIONARY.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TEXT_SEARCH_PARSER.7.gz b/etc/alternatives/DROP_TEXT_SEARCH_PARSER.7.gz new file mode 120000 index 0000000..d2de648 --- /dev/null +++ b/etc/alternatives/DROP_TEXT_SEARCH_PARSER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_PARSER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TEXT_SEARCH_TEMPLATE.7.gz b/etc/alternatives/DROP_TEXT_SEARCH_TEMPLATE.7.gz new file mode 120000 index 0000000..e52dbb0 --- /dev/null +++ b/etc/alternatives/DROP_TEXT_SEARCH_TEMPLATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_TEMPLATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TRANSFORM.7.gz b/etc/alternatives/DROP_TRANSFORM.7.gz new file mode 120000 index 0000000..6943c81 --- /dev/null +++ b/etc/alternatives/DROP_TRANSFORM.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TRANSFORM.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TRIGGER.7.gz b/etc/alternatives/DROP_TRIGGER.7.gz new file mode 120000 index 0000000..2a89519 --- /dev/null +++ b/etc/alternatives/DROP_TRIGGER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TRIGGER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_TYPE.7.gz b/etc/alternatives/DROP_TYPE.7.gz new file mode 120000 index 0000000..a0b61d3 --- /dev/null +++ b/etc/alternatives/DROP_TYPE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_TYPE.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_USER.7.gz b/etc/alternatives/DROP_USER.7.gz new file mode 120000 index 0000000..885aed4 --- /dev/null +++ b/etc/alternatives/DROP_USER.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_USER.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_USER_MAPPING.7.gz b/etc/alternatives/DROP_USER_MAPPING.7.gz new file mode 120000 index 0000000..09c8fd9 --- /dev/null +++ b/etc/alternatives/DROP_USER_MAPPING.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_USER_MAPPING.7.gz \ No newline at end of file diff --git a/etc/alternatives/DROP_VIEW.7.gz b/etc/alternatives/DROP_VIEW.7.gz new file mode 120000 index 0000000..a906e5a --- /dev/null +++ b/etc/alternatives/DROP_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/DROP_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/END.7.gz b/etc/alternatives/END.7.gz new file mode 120000 index 0000000..88f467c --- /dev/null +++ b/etc/alternatives/END.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/END.7.gz \ No newline at end of file diff --git a/etc/alternatives/EXECUTE.7.gz b/etc/alternatives/EXECUTE.7.gz new file mode 120000 index 0000000..21afce4 --- /dev/null +++ b/etc/alternatives/EXECUTE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/EXECUTE.7.gz \ No newline at end of file diff --git a/etc/alternatives/EXPLAIN.7.gz b/etc/alternatives/EXPLAIN.7.gz new file mode 120000 index 0000000..d63edbe --- /dev/null +++ b/etc/alternatives/EXPLAIN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/EXPLAIN.7.gz \ No newline at end of file diff --git a/etc/alternatives/FETCH.7.gz b/etc/alternatives/FETCH.7.gz new file mode 120000 index 0000000..9f21329 --- /dev/null +++ b/etc/alternatives/FETCH.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/FETCH.7.gz \ No newline at end of file diff --git a/etc/alternatives/GRANT.7.gz b/etc/alternatives/GRANT.7.gz new file mode 120000 index 0000000..2287170 --- /dev/null +++ b/etc/alternatives/GRANT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/GRANT.7.gz \ No newline at end of file diff --git a/etc/alternatives/IMPORT_FOREIGN_SCHEMA.7.gz b/etc/alternatives/IMPORT_FOREIGN_SCHEMA.7.gz new file mode 120000 index 0000000..8ecf53f --- /dev/null +++ b/etc/alternatives/IMPORT_FOREIGN_SCHEMA.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/IMPORT_FOREIGN_SCHEMA.7.gz \ No newline at end of file diff --git a/etc/alternatives/INSERT.7.gz b/etc/alternatives/INSERT.7.gz new file mode 120000 index 0000000..1f6a63f --- /dev/null +++ b/etc/alternatives/INSERT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/INSERT.7.gz \ No newline at end of file diff --git a/etc/alternatives/LISTEN.7.gz b/etc/alternatives/LISTEN.7.gz new file mode 120000 index 0000000..488e5aa --- /dev/null +++ b/etc/alternatives/LISTEN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/LISTEN.7.gz \ No newline at end of file diff --git a/etc/alternatives/LOAD.7.gz b/etc/alternatives/LOAD.7.gz new file mode 120000 index 0000000..fc6e92d --- /dev/null +++ b/etc/alternatives/LOAD.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/LOAD.7.gz \ No newline at end of file diff --git a/etc/alternatives/LOCK.7.gz b/etc/alternatives/LOCK.7.gz new file mode 120000 index 0000000..7731ef8 --- /dev/null +++ b/etc/alternatives/LOCK.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/LOCK.7.gz \ No newline at end of file diff --git a/etc/alternatives/MOVE.7.gz b/etc/alternatives/MOVE.7.gz new file mode 120000 index 0000000..0d3b1da --- /dev/null +++ b/etc/alternatives/MOVE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/MOVE.7.gz \ No newline at end of file diff --git a/etc/alternatives/NOTIFY.7.gz b/etc/alternatives/NOTIFY.7.gz new file mode 120000 index 0000000..034b543 --- /dev/null +++ b/etc/alternatives/NOTIFY.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/NOTIFY.7.gz \ No newline at end of file diff --git a/etc/alternatives/PREPARE.7.gz b/etc/alternatives/PREPARE.7.gz new file mode 120000 index 0000000..04eb794 --- /dev/null +++ b/etc/alternatives/PREPARE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/PREPARE.7.gz \ No newline at end of file diff --git a/etc/alternatives/PREPARE_TRANSACTION.7.gz b/etc/alternatives/PREPARE_TRANSACTION.7.gz new file mode 120000 index 0000000..5005ee6 --- /dev/null +++ b/etc/alternatives/PREPARE_TRANSACTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/PREPARE_TRANSACTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/README b/etc/alternatives/README new file mode 100644 index 0000000..4c4d215 --- /dev/null +++ b/etc/alternatives/README @@ -0,0 +1,2 @@ +Please read the update-alternatives(1) man page for information on this +directory and its contents. diff --git a/etc/alternatives/REASSIGN_OWNED.7.gz b/etc/alternatives/REASSIGN_OWNED.7.gz new file mode 120000 index 0000000..cecbd86 --- /dev/null +++ b/etc/alternatives/REASSIGN_OWNED.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/REASSIGN_OWNED.7.gz \ No newline at end of file diff --git a/etc/alternatives/REFRESH_MATERIALIZED_VIEW.7.gz b/etc/alternatives/REFRESH_MATERIALIZED_VIEW.7.gz new file mode 120000 index 0000000..efcf372 --- /dev/null +++ b/etc/alternatives/REFRESH_MATERIALIZED_VIEW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/REFRESH_MATERIALIZED_VIEW.7.gz \ No newline at end of file diff --git a/etc/alternatives/REINDEX.7.gz b/etc/alternatives/REINDEX.7.gz new file mode 120000 index 0000000..2313c49 --- /dev/null +++ b/etc/alternatives/REINDEX.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/REINDEX.7.gz \ No newline at end of file diff --git a/etc/alternatives/RELEASE_SAVEPOINT.7.gz b/etc/alternatives/RELEASE_SAVEPOINT.7.gz new file mode 120000 index 0000000..873611a --- /dev/null +++ b/etc/alternatives/RELEASE_SAVEPOINT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/RELEASE_SAVEPOINT.7.gz \ No newline at end of file diff --git a/etc/alternatives/RESET.7.gz b/etc/alternatives/RESET.7.gz new file mode 120000 index 0000000..c53b0de --- /dev/null +++ b/etc/alternatives/RESET.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/RESET.7.gz \ No newline at end of file diff --git a/etc/alternatives/REVOKE.7.gz b/etc/alternatives/REVOKE.7.gz new file mode 120000 index 0000000..4c54a6f --- /dev/null +++ b/etc/alternatives/REVOKE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/REVOKE.7.gz \ No newline at end of file diff --git a/etc/alternatives/ROLLBACK.7.gz b/etc/alternatives/ROLLBACK.7.gz new file mode 120000 index 0000000..16a274b --- /dev/null +++ b/etc/alternatives/ROLLBACK.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ROLLBACK.7.gz \ No newline at end of file diff --git a/etc/alternatives/ROLLBACK_PREPARED.7.gz b/etc/alternatives/ROLLBACK_PREPARED.7.gz new file mode 120000 index 0000000..7588cb9 --- /dev/null +++ b/etc/alternatives/ROLLBACK_PREPARED.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ROLLBACK_PREPARED.7.gz \ No newline at end of file diff --git a/etc/alternatives/ROLLBACK_TO_SAVEPOINT.7.gz b/etc/alternatives/ROLLBACK_TO_SAVEPOINT.7.gz new file mode 120000 index 0000000..b105494 --- /dev/null +++ b/etc/alternatives/ROLLBACK_TO_SAVEPOINT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/ROLLBACK_TO_SAVEPOINT.7.gz \ No newline at end of file diff --git a/etc/alternatives/SAVEPOINT.7.gz b/etc/alternatives/SAVEPOINT.7.gz new file mode 120000 index 0000000..d4882d9 --- /dev/null +++ b/etc/alternatives/SAVEPOINT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SAVEPOINT.7.gz \ No newline at end of file diff --git a/etc/alternatives/SECURITY_LABEL.7.gz b/etc/alternatives/SECURITY_LABEL.7.gz new file mode 120000 index 0000000..9f03e63 --- /dev/null +++ b/etc/alternatives/SECURITY_LABEL.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SECURITY_LABEL.7.gz \ No newline at end of file diff --git a/etc/alternatives/SELECT.7.gz b/etc/alternatives/SELECT.7.gz new file mode 120000 index 0000000..2e3d395 --- /dev/null +++ b/etc/alternatives/SELECT.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SELECT.7.gz \ No newline at end of file diff --git a/etc/alternatives/SELECT_INTO.7.gz b/etc/alternatives/SELECT_INTO.7.gz new file mode 120000 index 0000000..c1f8ca0 --- /dev/null +++ b/etc/alternatives/SELECT_INTO.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SELECT_INTO.7.gz \ No newline at end of file diff --git a/etc/alternatives/SET.7.gz b/etc/alternatives/SET.7.gz new file mode 120000 index 0000000..fecc15c --- /dev/null +++ b/etc/alternatives/SET.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SET.7.gz \ No newline at end of file diff --git a/etc/alternatives/SET_CONSTRAINTS.7.gz b/etc/alternatives/SET_CONSTRAINTS.7.gz new file mode 120000 index 0000000..cfd325b --- /dev/null +++ b/etc/alternatives/SET_CONSTRAINTS.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SET_CONSTRAINTS.7.gz \ No newline at end of file diff --git a/etc/alternatives/SET_ROLE.7.gz b/etc/alternatives/SET_ROLE.7.gz new file mode 120000 index 0000000..2a8dd4a --- /dev/null +++ b/etc/alternatives/SET_ROLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SET_ROLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/SET_SESSION_AUTHORIZATION.7.gz b/etc/alternatives/SET_SESSION_AUTHORIZATION.7.gz new file mode 120000 index 0000000..57b2f7b --- /dev/null +++ b/etc/alternatives/SET_SESSION_AUTHORIZATION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SET_SESSION_AUTHORIZATION.7.gz \ No newline at end of file diff --git a/etc/alternatives/SET_TRANSACTION.7.gz b/etc/alternatives/SET_TRANSACTION.7.gz new file mode 120000 index 0000000..7928271 --- /dev/null +++ b/etc/alternatives/SET_TRANSACTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SET_TRANSACTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/SHOW.7.gz b/etc/alternatives/SHOW.7.gz new file mode 120000 index 0000000..b86817d --- /dev/null +++ b/etc/alternatives/SHOW.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/SHOW.7.gz \ No newline at end of file diff --git a/etc/alternatives/START_TRANSACTION.7.gz b/etc/alternatives/START_TRANSACTION.7.gz new file mode 120000 index 0000000..cb90b41 --- /dev/null +++ b/etc/alternatives/START_TRANSACTION.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/START_TRANSACTION.7.gz \ No newline at end of file diff --git a/etc/alternatives/TABLE.7.gz b/etc/alternatives/TABLE.7.gz new file mode 120000 index 0000000..7238814 --- /dev/null +++ b/etc/alternatives/TABLE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/TABLE.7.gz \ No newline at end of file diff --git a/etc/alternatives/TRUNCATE.7.gz b/etc/alternatives/TRUNCATE.7.gz new file mode 120000 index 0000000..fdafbac --- /dev/null +++ b/etc/alternatives/TRUNCATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/TRUNCATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/UNLISTEN.7.gz b/etc/alternatives/UNLISTEN.7.gz new file mode 120000 index 0000000..1fed7f3 --- /dev/null +++ b/etc/alternatives/UNLISTEN.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/UNLISTEN.7.gz \ No newline at end of file diff --git a/etc/alternatives/UPDATE.7.gz b/etc/alternatives/UPDATE.7.gz new file mode 120000 index 0000000..9d5b234 --- /dev/null +++ b/etc/alternatives/UPDATE.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/UPDATE.7.gz \ No newline at end of file diff --git a/etc/alternatives/VACUUM.7.gz b/etc/alternatives/VACUUM.7.gz new file mode 120000 index 0000000..ed4408d --- /dev/null +++ b/etc/alternatives/VACUUM.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/VACUUM.7.gz \ No newline at end of file diff --git a/etc/alternatives/VALUES.7.gz b/etc/alternatives/VALUES.7.gz new file mode 120000 index 0000000..626869c --- /dev/null +++ b/etc/alternatives/VALUES.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/VALUES.7.gz \ No newline at end of file diff --git a/etc/alternatives/WITH.7.gz b/etc/alternatives/WITH.7.gz new file mode 120000 index 0000000..72beb91 --- /dev/null +++ b/etc/alternatives/WITH.7.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man7/WITH.7.gz \ No newline at end of file diff --git a/etc/alternatives/arptables b/etc/alternatives/arptables new file mode 120000 index 0000000..f8fcc7b --- /dev/null +++ b/etc/alternatives/arptables @@ -0,0 +1 @@ +/usr/sbin/arptables-nft \ No newline at end of file diff --git a/etc/alternatives/arptables-restore b/etc/alternatives/arptables-restore new file mode 120000 index 0000000..95e87dc --- /dev/null +++ b/etc/alternatives/arptables-restore @@ -0,0 +1 @@ +/usr/sbin/arptables-nft-restore \ No newline at end of file diff --git a/etc/alternatives/arptables-save b/etc/alternatives/arptables-save new file mode 120000 index 0000000..9bb1596 --- /dev/null +++ b/etc/alternatives/arptables-save @@ -0,0 +1 @@ +/usr/sbin/arptables-nft-save \ No newline at end of file diff --git a/etc/alternatives/awk b/etc/alternatives/awk new file mode 120000 index 0000000..19ba657 --- /dev/null +++ b/etc/alternatives/awk @@ -0,0 +1 @@ +/usr/bin/gawk \ No newline at end of file diff --git a/etc/alternatives/awk.1.gz b/etc/alternatives/awk.1.gz new file mode 120000 index 0000000..134262b --- /dev/null +++ b/etc/alternatives/awk.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/gawk.1.gz \ No newline at end of file diff --git a/etc/alternatives/builtins.7.gz b/etc/alternatives/builtins.7.gz new file mode 120000 index 0000000..96d1b74 --- /dev/null +++ b/etc/alternatives/builtins.7.gz @@ -0,0 +1 @@ +/usr/share/man/man7/bash-builtins.7.gz \ No newline at end of file diff --git a/etc/alternatives/c++ b/etc/alternatives/c++ new file mode 120000 index 0000000..e51afad --- /dev/null +++ b/etc/alternatives/c++ @@ -0,0 +1 @@ +/usr/bin/g++ \ No newline at end of file diff --git a/etc/alternatives/c++.1.gz b/etc/alternatives/c++.1.gz new file mode 120000 index 0000000..1c4ac1e --- /dev/null +++ b/etc/alternatives/c++.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/g++.1.gz \ No newline at end of file diff --git a/etc/alternatives/c89 b/etc/alternatives/c89 new file mode 120000 index 0000000..9e67d74 --- /dev/null +++ b/etc/alternatives/c89 @@ -0,0 +1 @@ +/usr/bin/c89-gcc \ No newline at end of file diff --git a/etc/alternatives/c89.1.gz b/etc/alternatives/c89.1.gz new file mode 120000 index 0000000..3a74238 --- /dev/null +++ b/etc/alternatives/c89.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/c89-gcc.1.gz \ No newline at end of file diff --git a/etc/alternatives/c99 b/etc/alternatives/c99 new file mode 120000 index 0000000..323b6db --- /dev/null +++ b/etc/alternatives/c99 @@ -0,0 +1 @@ +/usr/bin/c99-gcc \ No newline at end of file diff --git a/etc/alternatives/c99.1.gz b/etc/alternatives/c99.1.gz new file mode 120000 index 0000000..e033f2d --- /dev/null +++ b/etc/alternatives/c99.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/c99-gcc.1.gz \ No newline at end of file diff --git a/etc/alternatives/cc b/etc/alternatives/cc new file mode 120000 index 0000000..cd91449 --- /dev/null +++ b/etc/alternatives/cc @@ -0,0 +1 @@ +/usr/bin/gcc \ No newline at end of file diff --git a/etc/alternatives/cc.1.gz b/etc/alternatives/cc.1.gz new file mode 120000 index 0000000..406b60d --- /dev/null +++ b/etc/alternatives/cc.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/gcc.1.gz \ No newline at end of file diff --git a/etc/alternatives/clusterdb.1.gz b/etc/alternatives/clusterdb.1.gz new file mode 120000 index 0000000..d73b731 --- /dev/null +++ b/etc/alternatives/clusterdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/clusterdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/cpp b/etc/alternatives/cpp new file mode 120000 index 0000000..00fc3c4 --- /dev/null +++ b/etc/alternatives/cpp @@ -0,0 +1 @@ +/usr/bin/cpp \ No newline at end of file diff --git a/etc/alternatives/createdb.1.gz b/etc/alternatives/createdb.1.gz new file mode 120000 index 0000000..acb8b23 --- /dev/null +++ b/etc/alternatives/createdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/createdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/createuser.1.gz b/etc/alternatives/createuser.1.gz new file mode 120000 index 0000000..7f9a7f7 --- /dev/null +++ b/etc/alternatives/createuser.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/createuser.1.gz \ No newline at end of file diff --git a/etc/alternatives/dropdb.1.gz b/etc/alternatives/dropdb.1.gz new file mode 120000 index 0000000..78fcc31 --- /dev/null +++ b/etc/alternatives/dropdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/dropdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/dropuser.1.gz b/etc/alternatives/dropuser.1.gz new file mode 120000 index 0000000..3d342d9 --- /dev/null +++ b/etc/alternatives/dropuser.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/dropuser.1.gz \ No newline at end of file diff --git a/etc/alternatives/ebtables b/etc/alternatives/ebtables new file mode 120000 index 0000000..8d5f660 --- /dev/null +++ b/etc/alternatives/ebtables @@ -0,0 +1 @@ +/usr/sbin/ebtables-nft \ No newline at end of file diff --git a/etc/alternatives/ebtables-restore b/etc/alternatives/ebtables-restore new file mode 120000 index 0000000..c2e5813 --- /dev/null +++ b/etc/alternatives/ebtables-restore @@ -0,0 +1 @@ +/usr/sbin/ebtables-nft-restore \ No newline at end of file diff --git a/etc/alternatives/ebtables-save b/etc/alternatives/ebtables-save new file mode 120000 index 0000000..600f8c2 --- /dev/null +++ b/etc/alternatives/ebtables-save @@ -0,0 +1 @@ +/usr/sbin/ebtables-nft-save \ No newline at end of file diff --git a/etc/alternatives/editor b/etc/alternatives/editor new file mode 120000 index 0000000..7a06612 --- /dev/null +++ b/etc/alternatives/editor @@ -0,0 +1 @@ +/bin/nano \ No newline at end of file diff --git a/etc/alternatives/editor.1.gz b/etc/alternatives/editor.1.gz new file mode 120000 index 0000000..bb2d082 --- /dev/null +++ b/etc/alternatives/editor.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/nano.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex b/etc/alternatives/ex new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/ex @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/ex.1.gz b/etc/alternatives/ex.1.gz new file mode 120000 index 0000000..e02a6af --- /dev/null +++ b/etc/alternatives/ex.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.da.1.gz b/etc/alternatives/ex.da.1.gz new file mode 120000 index 0000000..c90068f --- /dev/null +++ b/etc/alternatives/ex.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.de.1.gz b/etc/alternatives/ex.de.1.gz new file mode 120000 index 0000000..d89833a --- /dev/null +++ b/etc/alternatives/ex.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.fr.1.gz b/etc/alternatives/ex.fr.1.gz new file mode 120000 index 0000000..af52858 --- /dev/null +++ b/etc/alternatives/ex.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.it.1.gz b/etc/alternatives/ex.it.1.gz new file mode 120000 index 0000000..4498a3d --- /dev/null +++ b/etc/alternatives/ex.it.1.gz @@ -0,0 +1 @@ +/usr/share/man/it/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.ja.1.gz b/etc/alternatives/ex.ja.1.gz new file mode 120000 index 0000000..071acfb --- /dev/null +++ b/etc/alternatives/ex.ja.1.gz @@ -0,0 +1 @@ +/usr/share/man/ja/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.pl.1.gz b/etc/alternatives/ex.pl.1.gz new file mode 120000 index 0000000..345590a --- /dev/null +++ b/etc/alternatives/ex.pl.1.gz @@ -0,0 +1 @@ +/usr/share/man/pl/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/ex.ru.1.gz b/etc/alternatives/ex.ru.1.gz new file mode 120000 index 0000000..ea9aa16 --- /dev/null +++ b/etc/alternatives/ex.ru.1.gz @@ -0,0 +1 @@ +/usr/share/man/ru/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/faked.1.gz b/etc/alternatives/faked.1.gz new file mode 120000 index 0000000..0682984 --- /dev/null +++ b/etc/alternatives/faked.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/faked-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/faked.es.1.gz b/etc/alternatives/faked.es.1.gz new file mode 120000 index 0000000..2a0233d --- /dev/null +++ b/etc/alternatives/faked.es.1.gz @@ -0,0 +1 @@ +/usr/share/man/es/man1/faked-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/faked.fr.1.gz b/etc/alternatives/faked.fr.1.gz new file mode 120000 index 0000000..9950991 --- /dev/null +++ b/etc/alternatives/faked.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/faked-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/faked.sv.1.gz b/etc/alternatives/faked.sv.1.gz new file mode 120000 index 0000000..7d76ada --- /dev/null +++ b/etc/alternatives/faked.sv.1.gz @@ -0,0 +1 @@ +/usr/share/man/sv/man1/faked-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/fakeroot b/etc/alternatives/fakeroot new file mode 120000 index 0000000..0b2f1ee --- /dev/null +++ b/etc/alternatives/fakeroot @@ -0,0 +1 @@ +/usr/bin/fakeroot-sysv \ No newline at end of file diff --git a/etc/alternatives/fakeroot.1.gz b/etc/alternatives/fakeroot.1.gz new file mode 120000 index 0000000..6abf7c3 --- /dev/null +++ b/etc/alternatives/fakeroot.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/fakeroot-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/fakeroot.es.1.gz b/etc/alternatives/fakeroot.es.1.gz new file mode 120000 index 0000000..6c5981a --- /dev/null +++ b/etc/alternatives/fakeroot.es.1.gz @@ -0,0 +1 @@ +/usr/share/man/es/man1/fakeroot-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/fakeroot.fr.1.gz b/etc/alternatives/fakeroot.fr.1.gz new file mode 120000 index 0000000..ab31fe0 --- /dev/null +++ b/etc/alternatives/fakeroot.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/fakeroot-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/fakeroot.sv.1.gz b/etc/alternatives/fakeroot.sv.1.gz new file mode 120000 index 0000000..73d056f --- /dev/null +++ b/etc/alternatives/fakeroot.sv.1.gz @@ -0,0 +1 @@ +/usr/share/man/sv/man1/fakeroot-sysv.1.gz \ No newline at end of file diff --git a/etc/alternatives/from b/etc/alternatives/from new file mode 120000 index 0000000..3ee6643 --- /dev/null +++ b/etc/alternatives/from @@ -0,0 +1 @@ +/usr/bin/bsd-from \ No newline at end of file diff --git a/etc/alternatives/from.1.gz b/etc/alternatives/from.1.gz new file mode 120000 index 0000000..9c0d8d3 --- /dev/null +++ b/etc/alternatives/from.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/bsd-from.1.gz \ No newline at end of file diff --git a/etc/alternatives/ftp b/etc/alternatives/ftp new file mode 120000 index 0000000..f0ae93f --- /dev/null +++ b/etc/alternatives/ftp @@ -0,0 +1 @@ +/usr/bin/netkit-ftp \ No newline at end of file diff --git a/etc/alternatives/ftp.1.gz b/etc/alternatives/ftp.1.gz new file mode 120000 index 0000000..5b3a00b --- /dev/null +++ b/etc/alternatives/ftp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/netkit-ftp.1.gz \ No newline at end of file diff --git a/etc/alternatives/futurize b/etc/alternatives/futurize new file mode 120000 index 0000000..7d32d09 --- /dev/null +++ b/etc/alternatives/futurize @@ -0,0 +1 @@ +/usr/bin/python3-futurize \ No newline at end of file diff --git a/etc/alternatives/infobrowser b/etc/alternatives/infobrowser new file mode 120000 index 0000000..2404fe4 --- /dev/null +++ b/etc/alternatives/infobrowser @@ -0,0 +1 @@ +/usr/bin/info \ No newline at end of file diff --git a/etc/alternatives/infobrowser.1.gz b/etc/alternatives/infobrowser.1.gz new file mode 120000 index 0000000..7152786 --- /dev/null +++ b/etc/alternatives/infobrowser.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/info.1.gz \ No newline at end of file diff --git a/etc/alternatives/initdb.1.gz b/etc/alternatives/initdb.1.gz new file mode 120000 index 0000000..acf9c83 --- /dev/null +++ b/etc/alternatives/initdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/initdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/ip6tables b/etc/alternatives/ip6tables new file mode 120000 index 0000000..0b2891f --- /dev/null +++ b/etc/alternatives/ip6tables @@ -0,0 +1 @@ +/usr/sbin/ip6tables-legacy \ No newline at end of file diff --git a/etc/alternatives/ip6tables-restore b/etc/alternatives/ip6tables-restore new file mode 120000 index 0000000..7bedefc --- /dev/null +++ b/etc/alternatives/ip6tables-restore @@ -0,0 +1 @@ +/usr/sbin/ip6tables-legacy-restore \ No newline at end of file diff --git a/etc/alternatives/ip6tables-save b/etc/alternatives/ip6tables-save new file mode 120000 index 0000000..502f99a --- /dev/null +++ b/etc/alternatives/ip6tables-save @@ -0,0 +1 @@ +/usr/sbin/ip6tables-legacy-save \ No newline at end of file diff --git a/etc/alternatives/iptables b/etc/alternatives/iptables new file mode 120000 index 0000000..cc39472 --- /dev/null +++ b/etc/alternatives/iptables @@ -0,0 +1 @@ +/usr/sbin/iptables-legacy \ No newline at end of file diff --git a/etc/alternatives/iptables-restore b/etc/alternatives/iptables-restore new file mode 120000 index 0000000..2293ced --- /dev/null +++ b/etc/alternatives/iptables-restore @@ -0,0 +1 @@ +/usr/sbin/iptables-legacy-restore \ No newline at end of file diff --git a/etc/alternatives/iptables-save b/etc/alternatives/iptables-save new file mode 120000 index 0000000..eaf74bb --- /dev/null +++ b/etc/alternatives/iptables-save @@ -0,0 +1 @@ +/usr/sbin/iptables-legacy-save \ No newline at end of file diff --git a/etc/alternatives/jsondiff b/etc/alternatives/jsondiff new file mode 120000 index 0000000..fae88ee --- /dev/null +++ b/etc/alternatives/jsondiff @@ -0,0 +1 @@ +/usr/bin/jsonpatch-jsondiff \ No newline at end of file diff --git a/etc/alternatives/lzcat b/etc/alternatives/lzcat new file mode 120000 index 0000000..1482e0d --- /dev/null +++ b/etc/alternatives/lzcat @@ -0,0 +1 @@ +/usr/bin/xzcat \ No newline at end of file diff --git a/etc/alternatives/lzcat.1.gz b/etc/alternatives/lzcat.1.gz new file mode 120000 index 0000000..c078545 --- /dev/null +++ b/etc/alternatives/lzcat.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzcat.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzcmp b/etc/alternatives/lzcmp new file mode 120000 index 0000000..5cdef99 --- /dev/null +++ b/etc/alternatives/lzcmp @@ -0,0 +1 @@ +/usr/bin/xzcmp \ No newline at end of file diff --git a/etc/alternatives/lzcmp.1.gz b/etc/alternatives/lzcmp.1.gz new file mode 120000 index 0000000..f0bafbe --- /dev/null +++ b/etc/alternatives/lzcmp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzcmp.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzdiff b/etc/alternatives/lzdiff new file mode 120000 index 0000000..0e42921 --- /dev/null +++ b/etc/alternatives/lzdiff @@ -0,0 +1 @@ +/usr/bin/xzdiff \ No newline at end of file diff --git a/etc/alternatives/lzdiff.1.gz b/etc/alternatives/lzdiff.1.gz new file mode 120000 index 0000000..5687b0a --- /dev/null +++ b/etc/alternatives/lzdiff.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzdiff.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzegrep b/etc/alternatives/lzegrep new file mode 120000 index 0000000..5fee024 --- /dev/null +++ b/etc/alternatives/lzegrep @@ -0,0 +1 @@ +/usr/bin/xzegrep \ No newline at end of file diff --git a/etc/alternatives/lzegrep.1.gz b/etc/alternatives/lzegrep.1.gz new file mode 120000 index 0000000..c9ad6de --- /dev/null +++ b/etc/alternatives/lzegrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzegrep.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzfgrep b/etc/alternatives/lzfgrep new file mode 120000 index 0000000..1b64c1b --- /dev/null +++ b/etc/alternatives/lzfgrep @@ -0,0 +1 @@ +/usr/bin/xzfgrep \ No newline at end of file diff --git a/etc/alternatives/lzfgrep.1.gz b/etc/alternatives/lzfgrep.1.gz new file mode 120000 index 0000000..b292ba9 --- /dev/null +++ b/etc/alternatives/lzfgrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzfgrep.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzgrep b/etc/alternatives/lzgrep new file mode 120000 index 0000000..05ef59b --- /dev/null +++ b/etc/alternatives/lzgrep @@ -0,0 +1 @@ +/usr/bin/xzgrep \ No newline at end of file diff --git a/etc/alternatives/lzgrep.1.gz b/etc/alternatives/lzgrep.1.gz new file mode 120000 index 0000000..8ccd2c5 --- /dev/null +++ b/etc/alternatives/lzgrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzgrep.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzless b/etc/alternatives/lzless new file mode 120000 index 0000000..5415736 --- /dev/null +++ b/etc/alternatives/lzless @@ -0,0 +1 @@ +/usr/bin/xzless \ No newline at end of file diff --git a/etc/alternatives/lzless.1.gz b/etc/alternatives/lzless.1.gz new file mode 120000 index 0000000..bc81750 --- /dev/null +++ b/etc/alternatives/lzless.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzless.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzma b/etc/alternatives/lzma new file mode 120000 index 0000000..cdc9bb5 --- /dev/null +++ b/etc/alternatives/lzma @@ -0,0 +1 @@ +/usr/bin/xz \ No newline at end of file diff --git a/etc/alternatives/lzma.1.gz b/etc/alternatives/lzma.1.gz new file mode 120000 index 0000000..16e4bcc --- /dev/null +++ b/etc/alternatives/lzma.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xz.1.gz \ No newline at end of file diff --git a/etc/alternatives/lzmore b/etc/alternatives/lzmore new file mode 120000 index 0000000..1fad361 --- /dev/null +++ b/etc/alternatives/lzmore @@ -0,0 +1 @@ +/usr/bin/xzmore \ No newline at end of file diff --git a/etc/alternatives/lzmore.1.gz b/etc/alternatives/lzmore.1.gz new file mode 120000 index 0000000..e79dfa4 --- /dev/null +++ b/etc/alternatives/lzmore.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzmore.1.gz \ No newline at end of file diff --git a/etc/alternatives/mt b/etc/alternatives/mt new file mode 120000 index 0000000..46c2596 --- /dev/null +++ b/etc/alternatives/mt @@ -0,0 +1 @@ +/bin/mt-gnu \ No newline at end of file diff --git a/etc/alternatives/mt.1.gz b/etc/alternatives/mt.1.gz new file mode 120000 index 0000000..cac0e18 --- /dev/null +++ b/etc/alternatives/mt.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/mt-gnu.1.gz \ No newline at end of file diff --git a/etc/alternatives/nawk b/etc/alternatives/nawk new file mode 120000 index 0000000..19ba657 --- /dev/null +++ b/etc/alternatives/nawk @@ -0,0 +1 @@ +/usr/bin/gawk \ No newline at end of file diff --git a/etc/alternatives/nawk.1.gz b/etc/alternatives/nawk.1.gz new file mode 120000 index 0000000..134262b --- /dev/null +++ b/etc/alternatives/nawk.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/gawk.1.gz \ No newline at end of file diff --git a/etc/alternatives/nc b/etc/alternatives/nc new file mode 120000 index 0000000..42844ed --- /dev/null +++ b/etc/alternatives/nc @@ -0,0 +1 @@ +/bin/nc.openbsd \ No newline at end of file diff --git a/etc/alternatives/nc.1.gz b/etc/alternatives/nc.1.gz new file mode 120000 index 0000000..e288d80 --- /dev/null +++ b/etc/alternatives/nc.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/nc_openbsd.1.gz \ No newline at end of file diff --git a/etc/alternatives/netcat b/etc/alternatives/netcat new file mode 120000 index 0000000..42844ed --- /dev/null +++ b/etc/alternatives/netcat @@ -0,0 +1 @@ +/bin/nc.openbsd \ No newline at end of file diff --git a/etc/alternatives/netcat.1.gz b/etc/alternatives/netcat.1.gz new file mode 120000 index 0000000..e288d80 --- /dev/null +++ b/etc/alternatives/netcat.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/nc_openbsd.1.gz \ No newline at end of file diff --git a/etc/alternatives/netrc.5.gz b/etc/alternatives/netrc.5.gz new file mode 120000 index 0000000..5702a2c --- /dev/null +++ b/etc/alternatives/netrc.5.gz @@ -0,0 +1 @@ +/usr/share/man/man5/netkit-netrc.5.gz \ No newline at end of file diff --git a/etc/alternatives/newt-palette b/etc/alternatives/newt-palette new file mode 120000 index 0000000..952208f --- /dev/null +++ b/etc/alternatives/newt-palette @@ -0,0 +1 @@ +/etc/newt/palette.ubuntu \ No newline at end of file diff --git a/etc/alternatives/oid2name.1.gz b/etc/alternatives/oid2name.1.gz new file mode 120000 index 0000000..2893334 --- /dev/null +++ b/etc/alternatives/oid2name.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/oid2name.1.gz \ No newline at end of file diff --git a/etc/alternatives/pager b/etc/alternatives/pager new file mode 120000 index 0000000..a967155 --- /dev/null +++ b/etc/alternatives/pager @@ -0,0 +1 @@ +/usr/bin/less \ No newline at end of file diff --git a/etc/alternatives/pager.1.gz b/etc/alternatives/pager.1.gz new file mode 120000 index 0000000..c1430af --- /dev/null +++ b/etc/alternatives/pager.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/less.1.gz \ No newline at end of file diff --git a/etc/alternatives/pasteurize b/etc/alternatives/pasteurize new file mode 120000 index 0000000..5263f7f --- /dev/null +++ b/etc/alternatives/pasteurize @@ -0,0 +1 @@ +/usr/bin/python3-pasteurize \ No newline at end of file diff --git a/etc/alternatives/pbr b/etc/alternatives/pbr new file mode 120000 index 0000000..0ac3fb3 --- /dev/null +++ b/etc/alternatives/pbr @@ -0,0 +1 @@ +/usr/bin/python3-pbr \ No newline at end of file diff --git a/etc/alternatives/pftp b/etc/alternatives/pftp new file mode 120000 index 0000000..f0ae93f --- /dev/null +++ b/etc/alternatives/pftp @@ -0,0 +1 @@ +/usr/bin/netkit-ftp \ No newline at end of file diff --git a/etc/alternatives/pftp.1.gz b/etc/alternatives/pftp.1.gz new file mode 120000 index 0000000..5b3a00b --- /dev/null +++ b/etc/alternatives/pftp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/netkit-ftp.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_archivecleanup.1.gz b/etc/alternatives/pg_archivecleanup.1.gz new file mode 120000 index 0000000..7b72be9 --- /dev/null +++ b/etc/alternatives/pg_archivecleanup.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_archivecleanup.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_basebackup.1.gz b/etc/alternatives/pg_basebackup.1.gz new file mode 120000 index 0000000..cad8aee --- /dev/null +++ b/etc/alternatives/pg_basebackup.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_basebackup.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_checksums.1.gz b/etc/alternatives/pg_checksums.1.gz new file mode 120000 index 0000000..acbfeb2 --- /dev/null +++ b/etc/alternatives/pg_checksums.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_checksums.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_controldata.1.gz b/etc/alternatives/pg_controldata.1.gz new file mode 120000 index 0000000..f183266 --- /dev/null +++ b/etc/alternatives/pg_controldata.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_controldata.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_ctl.1.gz b/etc/alternatives/pg_ctl.1.gz new file mode 120000 index 0000000..38653ca --- /dev/null +++ b/etc/alternatives/pg_ctl.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_ctl.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_dump.1.gz b/etc/alternatives/pg_dump.1.gz new file mode 120000 index 0000000..50d14b4 --- /dev/null +++ b/etc/alternatives/pg_dump.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_dump.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_dumpall.1.gz b/etc/alternatives/pg_dumpall.1.gz new file mode 120000 index 0000000..70dc980 --- /dev/null +++ b/etc/alternatives/pg_dumpall.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_dumpall.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_isready.1.gz b/etc/alternatives/pg_isready.1.gz new file mode 120000 index 0000000..31ee5e7 --- /dev/null +++ b/etc/alternatives/pg_isready.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_isready.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_receivewal.1.gz b/etc/alternatives/pg_receivewal.1.gz new file mode 120000 index 0000000..d307a75 --- /dev/null +++ b/etc/alternatives/pg_receivewal.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_receivewal.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_recvlogical.1.gz b/etc/alternatives/pg_recvlogical.1.gz new file mode 120000 index 0000000..118b71d --- /dev/null +++ b/etc/alternatives/pg_recvlogical.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_recvlogical.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_resetwal.1.gz b/etc/alternatives/pg_resetwal.1.gz new file mode 120000 index 0000000..6b3fe1c --- /dev/null +++ b/etc/alternatives/pg_resetwal.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_resetwal.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_restore.1.gz b/etc/alternatives/pg_restore.1.gz new file mode 120000 index 0000000..92abc69 --- /dev/null +++ b/etc/alternatives/pg_restore.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_restore.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_rewind.1.gz b/etc/alternatives/pg_rewind.1.gz new file mode 120000 index 0000000..1ac6c7e --- /dev/null +++ b/etc/alternatives/pg_rewind.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_rewind.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_standby.1.gz b/etc/alternatives/pg_standby.1.gz new file mode 120000 index 0000000..d4cfae1 --- /dev/null +++ b/etc/alternatives/pg_standby.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_standby.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_test_fsync.1.gz b/etc/alternatives/pg_test_fsync.1.gz new file mode 120000 index 0000000..01fedad --- /dev/null +++ b/etc/alternatives/pg_test_fsync.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_test_fsync.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_test_timing.1.gz b/etc/alternatives/pg_test_timing.1.gz new file mode 120000 index 0000000..6f9f3d7 --- /dev/null +++ b/etc/alternatives/pg_test_timing.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_test_timing.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_upgrade.1.gz b/etc/alternatives/pg_upgrade.1.gz new file mode 120000 index 0000000..53966d1 --- /dev/null +++ b/etc/alternatives/pg_upgrade.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_upgrade.1.gz \ No newline at end of file diff --git a/etc/alternatives/pg_waldump.1.gz b/etc/alternatives/pg_waldump.1.gz new file mode 120000 index 0000000..73ae81f --- /dev/null +++ b/etc/alternatives/pg_waldump.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pg_waldump.1.gz \ No newline at end of file diff --git a/etc/alternatives/pgbench.1.gz b/etc/alternatives/pgbench.1.gz new file mode 120000 index 0000000..6cec748 --- /dev/null +++ b/etc/alternatives/pgbench.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/pgbench.1.gz \ No newline at end of file diff --git a/etc/alternatives/pico b/etc/alternatives/pico new file mode 120000 index 0000000..7a06612 --- /dev/null +++ b/etc/alternatives/pico @@ -0,0 +1 @@ +/bin/nano \ No newline at end of file diff --git a/etc/alternatives/pico.1.gz b/etc/alternatives/pico.1.gz new file mode 120000 index 0000000..bb2d082 --- /dev/null +++ b/etc/alternatives/pico.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/nano.1.gz \ No newline at end of file diff --git a/etc/alternatives/pinentry b/etc/alternatives/pinentry new file mode 120000 index 0000000..01990a3 --- /dev/null +++ b/etc/alternatives/pinentry @@ -0,0 +1 @@ +/usr/bin/pinentry-curses \ No newline at end of file diff --git a/etc/alternatives/pinentry.1.gz b/etc/alternatives/pinentry.1.gz new file mode 120000 index 0000000..8e9ab4f --- /dev/null +++ b/etc/alternatives/pinentry.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/pinentry-curses.1.gz \ No newline at end of file diff --git a/etc/alternatives/postgres.1.gz b/etc/alternatives/postgres.1.gz new file mode 120000 index 0000000..d0852de --- /dev/null +++ b/etc/alternatives/postgres.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/postgres.1.gz \ No newline at end of file diff --git a/etc/alternatives/postmaster.1.gz b/etc/alternatives/postmaster.1.gz new file mode 120000 index 0000000..4a62e63 --- /dev/null +++ b/etc/alternatives/postmaster.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/postmaster.1.gz \ No newline at end of file diff --git a/etc/alternatives/psql.1.gz b/etc/alternatives/psql.1.gz new file mode 120000 index 0000000..37eb035 --- /dev/null +++ b/etc/alternatives/psql.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/psql.1.gz \ No newline at end of file diff --git a/etc/alternatives/rcp b/etc/alternatives/rcp new file mode 120000 index 0000000..594df9e --- /dev/null +++ b/etc/alternatives/rcp @@ -0,0 +1 @@ +/usr/bin/scp \ No newline at end of file diff --git a/etc/alternatives/rcp.1.gz b/etc/alternatives/rcp.1.gz new file mode 120000 index 0000000..63bfff3 --- /dev/null +++ b/etc/alternatives/rcp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/scp.1.gz \ No newline at end of file diff --git a/etc/alternatives/reindexdb.1.gz b/etc/alternatives/reindexdb.1.gz new file mode 120000 index 0000000..f10088a --- /dev/null +++ b/etc/alternatives/reindexdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/reindexdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/rlogin b/etc/alternatives/rlogin new file mode 120000 index 0000000..8db89a8 --- /dev/null +++ b/etc/alternatives/rlogin @@ -0,0 +1 @@ +/usr/bin/slogin \ No newline at end of file diff --git a/etc/alternatives/rlogin.1.gz b/etc/alternatives/rlogin.1.gz new file mode 120000 index 0000000..be0c6db --- /dev/null +++ b/etc/alternatives/rlogin.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/slogin.1.gz \ No newline at end of file diff --git a/etc/alternatives/rmt b/etc/alternatives/rmt new file mode 120000 index 0000000..82958a9 --- /dev/null +++ b/etc/alternatives/rmt @@ -0,0 +1 @@ +/usr/sbin/rmt-tar \ No newline at end of file diff --git a/etc/alternatives/rmt.8.gz b/etc/alternatives/rmt.8.gz new file mode 120000 index 0000000..8c87e21 --- /dev/null +++ b/etc/alternatives/rmt.8.gz @@ -0,0 +1 @@ +/usr/share/man/man8/rmt-tar.8.gz \ No newline at end of file diff --git a/etc/alternatives/rsh b/etc/alternatives/rsh new file mode 120000 index 0000000..50a1cff --- /dev/null +++ b/etc/alternatives/rsh @@ -0,0 +1 @@ +/usr/bin/ssh \ No newline at end of file diff --git a/etc/alternatives/rsh.1.gz b/etc/alternatives/rsh.1.gz new file mode 120000 index 0000000..b3b36c0 --- /dev/null +++ b/etc/alternatives/rsh.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/ssh.1.gz \ No newline at end of file diff --git a/etc/alternatives/rview b/etc/alternatives/rview new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/rview @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/rvim b/etc/alternatives/rvim new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/rvim @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/sar b/etc/alternatives/sar new file mode 120000 index 0000000..5498641 --- /dev/null +++ b/etc/alternatives/sar @@ -0,0 +1 @@ +/usr/bin/sar.sysstat \ No newline at end of file diff --git a/etc/alternatives/sar.1.gz b/etc/alternatives/sar.1.gz new file mode 120000 index 0000000..06a4f21 --- /dev/null +++ b/etc/alternatives/sar.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/sar.sysstat.1.gz \ No newline at end of file diff --git a/etc/alternatives/telnet b/etc/alternatives/telnet new file mode 120000 index 0000000..9276ced --- /dev/null +++ b/etc/alternatives/telnet @@ -0,0 +1 @@ +/usr/bin/telnet.netkit \ No newline at end of file diff --git a/etc/alternatives/telnet.1.gz b/etc/alternatives/telnet.1.gz new file mode 120000 index 0000000..9cd371e --- /dev/null +++ b/etc/alternatives/telnet.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/telnet.netkit.1.gz \ No newline at end of file diff --git a/etc/alternatives/text.plymouth b/etc/alternatives/text.plymouth new file mode 120000 index 0000000..74f8b90 --- /dev/null +++ b/etc/alternatives/text.plymouth @@ -0,0 +1 @@ +/usr/share/plymouth/themes/ubuntu-text/ubuntu-text.plymouth \ No newline at end of file diff --git a/etc/alternatives/traceroute6 b/etc/alternatives/traceroute6 new file mode 120000 index 0000000..7554b55 --- /dev/null +++ b/etc/alternatives/traceroute6 @@ -0,0 +1 @@ +/usr/bin/traceroute6.iputils \ No newline at end of file diff --git a/etc/alternatives/traceroute6.8.gz b/etc/alternatives/traceroute6.8.gz new file mode 120000 index 0000000..e69934c --- /dev/null +++ b/etc/alternatives/traceroute6.8.gz @@ -0,0 +1 @@ +/usr/share/man/man8/traceroute6.iputils.8.gz \ No newline at end of file diff --git a/etc/alternatives/unlzma b/etc/alternatives/unlzma new file mode 120000 index 0000000..c730a4a --- /dev/null +++ b/etc/alternatives/unlzma @@ -0,0 +1 @@ +/usr/bin/unxz \ No newline at end of file diff --git a/etc/alternatives/unlzma.1.gz b/etc/alternatives/unlzma.1.gz new file mode 120000 index 0000000..c772f41 --- /dev/null +++ b/etc/alternatives/unlzma.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/unxz.1.gz \ No newline at end of file diff --git a/etc/alternatives/vacuumdb.1.gz b/etc/alternatives/vacuumdb.1.gz new file mode 120000 index 0000000..93bc1aa --- /dev/null +++ b/etc/alternatives/vacuumdb.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/vacuumdb.1.gz \ No newline at end of file diff --git a/etc/alternatives/vacuumlo.1.gz b/etc/alternatives/vacuumlo.1.gz new file mode 120000 index 0000000..15b565d --- /dev/null +++ b/etc/alternatives/vacuumlo.1.gz @@ -0,0 +1 @@ +/usr/share/postgresql/12/man/man1/vacuumlo.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi b/etc/alternatives/vi new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/vi @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/vi.1.gz b/etc/alternatives/vi.1.gz new file mode 120000 index 0000000..e02a6af --- /dev/null +++ b/etc/alternatives/vi.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.da.1.gz b/etc/alternatives/vi.da.1.gz new file mode 120000 index 0000000..c90068f --- /dev/null +++ b/etc/alternatives/vi.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.de.1.gz b/etc/alternatives/vi.de.1.gz new file mode 120000 index 0000000..d89833a --- /dev/null +++ b/etc/alternatives/vi.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.fr.1.gz b/etc/alternatives/vi.fr.1.gz new file mode 120000 index 0000000..af52858 --- /dev/null +++ b/etc/alternatives/vi.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.it.1.gz b/etc/alternatives/vi.it.1.gz new file mode 120000 index 0000000..4498a3d --- /dev/null +++ b/etc/alternatives/vi.it.1.gz @@ -0,0 +1 @@ +/usr/share/man/it/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.ja.1.gz b/etc/alternatives/vi.ja.1.gz new file mode 120000 index 0000000..071acfb --- /dev/null +++ b/etc/alternatives/vi.ja.1.gz @@ -0,0 +1 @@ +/usr/share/man/ja/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.pl.1.gz b/etc/alternatives/vi.pl.1.gz new file mode 120000 index 0000000..345590a --- /dev/null +++ b/etc/alternatives/vi.pl.1.gz @@ -0,0 +1 @@ +/usr/share/man/pl/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vi.ru.1.gz b/etc/alternatives/vi.ru.1.gz new file mode 120000 index 0000000..ea9aa16 --- /dev/null +++ b/etc/alternatives/vi.ru.1.gz @@ -0,0 +1 @@ +/usr/share/man/ru/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view b/etc/alternatives/view new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/view @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/view.1.gz b/etc/alternatives/view.1.gz new file mode 120000 index 0000000..e02a6af --- /dev/null +++ b/etc/alternatives/view.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.da.1.gz b/etc/alternatives/view.da.1.gz new file mode 120000 index 0000000..c90068f --- /dev/null +++ b/etc/alternatives/view.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.de.1.gz b/etc/alternatives/view.de.1.gz new file mode 120000 index 0000000..d89833a --- /dev/null +++ b/etc/alternatives/view.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.fr.1.gz b/etc/alternatives/view.fr.1.gz new file mode 120000 index 0000000..af52858 --- /dev/null +++ b/etc/alternatives/view.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.it.1.gz b/etc/alternatives/view.it.1.gz new file mode 120000 index 0000000..4498a3d --- /dev/null +++ b/etc/alternatives/view.it.1.gz @@ -0,0 +1 @@ +/usr/share/man/it/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.ja.1.gz b/etc/alternatives/view.ja.1.gz new file mode 120000 index 0000000..071acfb --- /dev/null +++ b/etc/alternatives/view.ja.1.gz @@ -0,0 +1 @@ +/usr/share/man/ja/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.pl.1.gz b/etc/alternatives/view.pl.1.gz new file mode 120000 index 0000000..345590a --- /dev/null +++ b/etc/alternatives/view.pl.1.gz @@ -0,0 +1 @@ +/usr/share/man/pl/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/view.ru.1.gz b/etc/alternatives/view.ru.1.gz new file mode 120000 index 0000000..ea9aa16 --- /dev/null +++ b/etc/alternatives/view.ru.1.gz @@ -0,0 +1 @@ +/usr/share/man/ru/man1/vim.1.gz \ No newline at end of file diff --git a/etc/alternatives/vim b/etc/alternatives/vim new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/vim @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/vimdiff b/etc/alternatives/vimdiff new file mode 120000 index 0000000..1d112da --- /dev/null +++ b/etc/alternatives/vimdiff @@ -0,0 +1 @@ +/usr/bin/vim.basic \ No newline at end of file diff --git a/etc/alternatives/vtrgb b/etc/alternatives/vtrgb new file mode 120000 index 0000000..c1ccb64 --- /dev/null +++ b/etc/alternatives/vtrgb @@ -0,0 +1 @@ +/etc/console-setup/vtrgb \ No newline at end of file diff --git a/etc/alternatives/w b/etc/alternatives/w new file mode 120000 index 0000000..11c34c4 --- /dev/null +++ b/etc/alternatives/w @@ -0,0 +1 @@ +/usr/bin/w.procps \ No newline at end of file diff --git a/etc/alternatives/w.1.gz b/etc/alternatives/w.1.gz new file mode 120000 index 0000000..7391b64 --- /dev/null +++ b/etc/alternatives/w.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/w.procps.1.gz \ No newline at end of file diff --git a/etc/alternatives/write b/etc/alternatives/write new file mode 120000 index 0000000..121ab03 --- /dev/null +++ b/etc/alternatives/write @@ -0,0 +1 @@ +/usr/bin/bsd-write \ No newline at end of file diff --git a/etc/alternatives/write.1.gz b/etc/alternatives/write.1.gz new file mode 120000 index 0000000..9bcde45 --- /dev/null +++ b/etc/alternatives/write.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/bsd-write.1.gz \ No newline at end of file diff --git a/etc/apparmor.d/abstractions/X b/etc/apparmor.d/abstractions/X new file mode 100644 index 0000000..db3521e --- /dev/null +++ b/etc/apparmor.d/abstractions/X @@ -0,0 +1,57 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + #include + + + # .ICEauthority files required for X authentication, per user + owner @{HOME}/.ICEauthority r, + + # .Xauthority files required for X connections, per user + owner @{HOME}/.Xauthority r, + owner @{HOME}/.local/share/sddm/.Xauthority r, + owner /{,var/}run/gdm{,3}/*/database r, + owner /{,var/}run/lightdm/authority/[0-9]* r, + owner /{,var/}run/lightdm/*/xauthority r, + owner /{,var/}run/user/*/gdm/Xauthority r, + owner /{,var/}run/user/*/X11/Xauthority r, + + # the unix socket to use to connect to the display + /tmp/.X11-unix/* rw, + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.X11-unix/X[0-9]*"), + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.ICE-unix/[0-9]*"), + + /usr/include/X11/ r, + /usr/include/X11/** r, + + # The X tree changes and is large -- grant read access to the whole thing + /usr/X11R6/** r, + /usr/share/X11/ r, + /usr/share/X11/** r, + /usr/X11R6/**.so* mr, + + # EGL + /usr/lib/@{multiarch}/egl/*.so* mr, + + # Xcompose + owner @{HOME}/.XCompose r, + + # mouse themes + /etc/X11/cursors/ r, + /etc/X11/cursors/** r, + + # Xwayland + owner /run/user/*/.mutter-Xwaylandauth.* r, diff --git a/etc/apparmor.d/abstractions/apache2-common b/etc/apparmor.d/abstractions/apache2-common new file mode 100644 index 0000000..850dd89 --- /dev/null +++ b/etc/apparmor.d/abstractions/apache2-common @@ -0,0 +1,34 @@ +# vim:syntax=apparmor + +# This file contains basic permissions for Apache and every vHost + + #include + + # Allow unconfined processes to send us signals by default + signal (receive) peer=unconfined, + # Allow apache to send us signals by default + signal (receive) peer=apache2, + # Allow other hats to signal by default + signal peer=apache2//*, + # Allow us to signal ourselves + signal peer=@{profile_name}, + + # Apache + network inet stream, + network inet6 stream, + # apache manual, error pages and icons + /usr/share/apache2/** r, + + # changehat itself + @{PROC}/@{pid}/attr/current rw, + + # htaccess files - for what ever it is worth + /**/.htaccess r, + + /dev/urandom r, + + # sasl-auth + /run/saslauthd/mux rw, + + # OCSP stapling + /var/log/apache2/stapling-cache rw, diff --git a/etc/apparmor.d/abstractions/apparmor_api/change_profile b/etc/apparmor.d/abstractions/apparmor_api/change_profile new file mode 100644 index 0000000..30f6b70 --- /dev/null +++ b/etc/apparmor.d/abstractions/apparmor_api/change_profile @@ -0,0 +1,11 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include + +@{PROC}/@{tid}/attr/{current,exec} w, diff --git a/etc/apparmor.d/abstractions/apparmor_api/examine b/etc/apparmor.d/abstractions/apparmor_api/examine new file mode 100644 index 0000000..2f2ea15 --- /dev/null +++ b/etc/apparmor.d/abstractions/apparmor_api/examine @@ -0,0 +1,12 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# Make sure to include at least tunables/proc and tunables/kernelvars +# when using this abstraction, if not tunables/global. + +@{PROC}/@{pids}/attr/{current,prev,exec} r, diff --git a/etc/apparmor.d/abstractions/apparmor_api/find_mountpoint b/etc/apparmor.d/abstractions/apparmor_api/find_mountpoint new file mode 100644 index 0000000..b8ac54d --- /dev/null +++ b/etc/apparmor.d/abstractions/apparmor_api/find_mountpoint @@ -0,0 +1,14 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#permissions needed for aa_find_mountpoint + +# Make sure to include at least tunables/proc and tunables/kernelvars +# when using this abstraction, if not tunables/global. + +@{PROC}/@{pids}/mounts r, diff --git a/etc/apparmor.d/abstractions/apparmor_api/introspect b/etc/apparmor.d/abstractions/apparmor_api/introspect new file mode 100644 index 0000000..e110c84 --- /dev/null +++ b/etc/apparmor.d/abstractions/apparmor_api/introspect @@ -0,0 +1,12 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# Make sure to include at least tunables/proc and tunables/kernelvars +# when using this abstraction, if not tunables/global. + +@{PROC}/@{tid}/attr/{current,prev,exec} r, diff --git a/etc/apparmor.d/abstractions/apparmor_api/is_enabled b/etc/apparmor.d/abstractions/apparmor_api/is_enabled new file mode 100644 index 0000000..a637d3c --- /dev/null +++ b/etc/apparmor.d/abstractions/apparmor_api/is_enabled @@ -0,0 +1,17 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# permissions needed for aa_is_enabled + +# Make sure to include tunables/apparmorfs and tunables/global +# when using this abstraction + +#include +@{sys}/module/apparmor/parameters/enabled r, + +# TODO: add alternate apparmorfs interface for enabled diff --git a/etc/apparmor.d/abstractions/aspell b/etc/apparmor.d/abstractions/aspell new file mode 100644 index 0000000..9547689 --- /dev/null +++ b/etc/apparmor.d/abstractions/aspell @@ -0,0 +1,13 @@ +# vim:syntax=apparmor +# aspell permissions + + # per-user settings and dictionaries + owner @{HOME}/.aspell.*.{pws,prepl} rwk, + + # system libraries and dictionaries + /usr/lib/aspell/ r, + /usr/lib/aspell/* r, + /usr/lib/aspell/*.so m, + /usr/share/aspell/ r, + /usr/share/aspell/* r, + /var/lib/aspell/* r, diff --git a/etc/apparmor.d/abstractions/audio b/etc/apparmor.d/abstractions/audio new file mode 100644 index 0000000..f4dbaac --- /dev/null +++ b/etc/apparmor.d/abstractions/audio @@ -0,0 +1,83 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + + +/dev/admmidi* rw, +/dev/adsp* rw, +/dev/aload* rw, +/dev/amidi* rw, +/dev/audio* rw, +/dev/dmfm* rw, +/dev/dmmidi* rw, +/dev/dsp* rw, +/dev/midi* rw, +/dev/mixer* rw, +/dev/mpu401data rw, +/dev/mpu401stat rw, +/dev/patmgr* rw, +/dev/phone* rw, +/dev/radio* rw, +/dev/rmidi* rw, +/dev/sequencer rw, +/dev/sequencer2 rw, +/dev/smpte* rw, + +/dev/snd/* rw, +/dev/sound/* rw, + +@{PROC}/asound/** rw, + +/usr/share/alsa/** r, +/usr/share/sounds/** r, + +owner @{HOME}/.esd_auth r, +/etc/asound.conf r, +owner @{HOME}/.asoundrc r, +/etc/esound/esd.conf r, + +# libao +/etc/libao.conf r, +owner @{HOME}/.libao r, + +# libcanberra +owner @{HOME}/.cache/event-sound-cache.* rwk, + +# pulse +/etc/pulse/ r, +/etc/pulse/** r, +/{run,dev}/shm/ r, +owner /{run,dev}/shm/pulse-shm* rwk, +owner @{HOME}/.pulse-cookie rwk, +owner @{HOME}/.pulse/ rw, +owner @{HOME}/.pulse/* rwk, +owner /{,var/}run/user/*/pulse/ rw, +owner /{,var/}run/user/*/pulse/{native,pid} rwk, +owner @{HOME}/.config/pulse/*.conf r, +owner @{HOME}/.config/pulse/client.conf.d/{,*.conf} r, +owner @{HOME}/.config/pulse/cookie rwk, +owner /tmp/pulse-*/ rw, +owner /tmp/pulse-*/* rw, + +# libgnome2 +/etc/sound/ r, +/etc/sound/** r, + +# openal +/etc/alsa/conf.d/{,*} r, +/etc/openal/alsoft.conf r, +owner @{HOME}/.alsoftrc r, +/usr/{,local/}share/openal/hrtf/{,**} r, +owner @{HOME}/.local/share/openal/hrtf/{,**} r, + +# wildmidi +/etc/wildmidi/wildmidi.cfg r, diff --git a/etc/apparmor.d/abstractions/authentication b/etc/apparmor.d/abstractions/authentication new file mode 100644 index 0000000..adc338b --- /dev/null +++ b/etc/apparmor.d/abstractions/authentication @@ -0,0 +1,51 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2012 Canonical Ltd +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + + + # Some services need to perform authentication of users + # Such authentication almost certainly needs access to the local users + # databases containing passwords, PAM configuration files, PAM libraries + /etc/nologin r, + /etc/pam.d/* r, + /etc/securetty r, + /etc/security/* r, + /etc/shadow r, + /etc/gshadow r, + /etc/pwdb.conf r, + + /{usr/,}lib{,32,64}/security/pam_filter/* mr, + /{usr/,}lib{,32,64}/security/pam_*.so mr, + /{usr/,}lib{,32,64}/security/ r, + /{usr/,}lib/@{multiarch}/security/pam_filter/* mr, + /{usr/,}lib/@{multiarch}/security/pam_*.so mr, + /{usr/,}lib/@{multiarch}/security/ r, + + # kerberos + #include + # SuSE's pwdutils are different: + /etc/default/passwd r, + /etc/login.defs r, + + # nis + #include + + # winbind + #include + + # likewise + #include + + # smbpass + #include + + # p11-kit (PKCS#11 modules configuration) + #include diff --git a/etc/apparmor.d/abstractions/base b/etc/apparmor.d/abstractions/base new file mode 100644 index 0000000..1dc77a3 --- /dev/null +++ b/etc/apparmor.d/abstractions/base @@ -0,0 +1,168 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + + + # (Note that the ldd profile has inlined this file; if you make + # modifications here, please consider including them in the ldd + # profile as well.) + + # The __canary_death_handler function writes a time-stamped log + # message to /dev/log for logging by syslogd. So, /dev/log, timezones, + # and localisations of date should be available EVERYWHERE, so + # StackGuard, FormatGuard, etc., alerts can be properly logged. + /dev/log w, + /dev/random r, + /dev/urandom r, + # Allow access to the uuidd daemon (this daemon is a thin wrapper around + # time and getrandom()/{,u}random and, when available, runs under an + # unprivilged, dedicated user). + /run/uuidd/request r, + /etc/locale/** r, + /etc/locale.alias r, + /etc/localtime r, + /etc/writable/localtime r, + /usr/share/locale-bundle/** r, + /usr/share/locale-langpack/** r, + /usr/share/locale/** r, + /usr/share/**/locale/** r, + /usr/share/zoneinfo/ r, + /usr/share/zoneinfo/** r, + /usr/share/X11/locale/** r, + /run/systemd/journal/dev-log w, + # systemd native journal API (see sd_journal_print(4)) + /run/systemd/journal/socket w, + # Nested containers and anything using systemd-cat need this. 'r' shouldn't + # be required but applications fail without it. journald doesn't leak + # anything when reading so this is ok. + /run/systemd/journal/stdout rw, + + /usr/lib{,32,64}/locale/** mr, + /usr/lib{,32,64}/gconv/*.so mr, + /usr/lib{,32,64}/gconv/gconv-modules* mr, + /usr/lib/@{multiarch}/gconv/*.so mr, + /usr/lib/@{multiarch}/gconv/gconv-modules* mr, + + # used by glibc when binding to ephemeral ports + /etc/bindresvport.blacklist r, + + # ld.so.cache and ld are used to load shared libraries; they are best + # available everywhere + /etc/ld.so.cache mr, + /etc/ld.so.conf r, + /etc/ld.so.conf.d/{,*.conf} r, + /etc/ld.so.preload r, + /{usr/,}lib{,32,64}/ld{,32,64}-*.so mr, + /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr, + /{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so mr, + /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mr, + /opt/*-linux-uclibc/lib/ld-uClibc*so* mr, + + # we might as well allow everything to use common libraries + /{usr/,}lib{,32,64}/** r, + /{usr/,}lib{,32,64}/**.so* mr, + /{usr/,}lib/@{multiarch}/** r, + /{usr/,}lib/@{multiarch}/**.so* mr, + /{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so* mr, + /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so* mr, + + # /dev/null is pretty harmless and frequently used + /dev/null rw, + # as is /dev/zero + /dev/zero rw, + # recent glibc uses /dev/full in preference to /dev/null for programs + # that don't have open fds at exec() + /dev/full rw, + + # Sometimes used to determine kernel/user interfaces to use + @{PROC}/sys/kernel/version r, + # Depending on which glibc routine uses this file, base may not be the + # best place -- but many profiles require it, and it is quite harmless. + @{PROC}/sys/kernel/ngroups_max r, + + # glibc's sysconf(3) routine to determine free memory, etc + @{PROC}/meminfo r, + @{PROC}/stat r, + @{PROC}/cpuinfo r, + @{sys}/devices/system/cpu/ r, + @{sys}/devices/system/cpu/online r, + + # glibc's *printf protections read the maps file + @{PROC}/@{pid}/{maps,auxv,status} r, + + # libgcrypt reads some flags from /proc + @{PROC}/sys/crypto/* r, + + # some applications will display license information + /usr/share/common-licenses/** r, + + # glibc statvfs + @{PROC}/filesystems r, + + # glibc malloc (man 5 proc) + @{PROC}/sys/vm/overcommit_memory r, + + # Allow determining the highest valid capability of the running kernel + @{PROC}/sys/kernel/cap_last_cap r, + + # Allow other processes to read our /proc entries, futexes, perf tracing and + # kcmp for now (they will need 'read' in the first place). Administrators can + # override with: + # deny ptrace (readby) ... + ptrace (readby), + + # Allow other processes to trace us by default (they will need 'trace' in + # the first place). Administrators can override with: + # deny ptrace (tracedby) ... + ptrace (tracedby), + + # Allow us to ptrace read ourselves + ptrace (read) peer=@{profile_name}, + + # Allow unconfined processes to send us signals by default + signal (receive) peer=unconfined, + + # Allow us to signal ourselves + signal peer=@{profile_name}, + + # Checking for PID existence is quite common so add it by default for now + signal (receive, send) set=("exists"), + + # Allow us to create and use abstract and anonymous sockets + unix peer=(label=@{profile_name}), + + # Allow unconfined processes to us via unix sockets + unix (receive) peer=(label=unconfined), + + # Allow us to create abstract and anonymous sockets + unix (create), + + # Allow us to getattr, getopt, setop and shutdown on unix sockets + unix (getattr, getopt, setopt, shutdown), + + # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked + # filesystems generally. This does not appreciably decrease security with + # Ubuntu profiles because the user is expected to have access to files owned + # by him/her. Exceptions to this are explicit in the profiles. While this rule + # grants access to those exceptions, the intended privacy is maintained due to + # the encrypted contents of the files in this directory. Files in this + # directory will also use filename encryption by default, so the files are + # further protected. Also, with the use of 'owner', this rule properly + # prevents access to the files from processes running under a different uid. + + # encrypted ~/.Private and old-style encrypted $HOME + owner @{HOME}/.Private/ r, + owner @{HOME}/.Private/** mrixwlk, + # new-style encrypted $HOME + owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, + owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, + diff --git a/etc/apparmor.d/abstractions/bash b/etc/apparmor.d/abstractions/bash new file mode 100644 index 0000000..e8dcd75 --- /dev/null +++ b/etc/apparmor.d/abstractions/bash @@ -0,0 +1,44 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # user-specific bash files + @{HOMEDIRS} r, + @{HOME}/.bashrc r, + @{HOME}/.profile r, + @{HOME}/.bash_profile r, + @{HOME}/.bash_history rw, + + # system-wide bash configuration + /etc/profile.dos r, + /etc/profile r, + /etc/profile.d/ r, + /etc/profile.d/* r, + /etc/bashrc r, + /etc/bash.bashrc r, + /etc/bash.bashrc.local r, + /etc/bash_completion r, + /etc/bash_completion.d/ r, + /etc/bash_completion.d/* r, + + # bash relies on system-wide readline configuration + /etc/inputrc r, + + # bash inspects filesystems at startup + /etc/mtab r, + @{PROC}/@{pid}/mounts r, + @{PROC}/filesystems r, + + # probably readline wants to know terminal capabilities + /usr/share/terminfo/** r, + + # run out of /etc/bash.bashrc + /etc/DIR_COLORS r, + /{usr/,}bin/ls mix, + /usr/bin/dircolors mix, diff --git a/etc/apparmor.d/abstractions/consoles b/etc/apparmor.d/abstractions/consoles new file mode 100644 index 0000000..d6c30be --- /dev/null +++ b/etc/apparmor.d/abstractions/consoles @@ -0,0 +1,23 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + + + # there are three common ways to refer to consoles + /dev/console rw, + /dev/tty rw, + # this next entry is a tad unfortunate; /dev/tty will always be + # associated with the controlling terminal by the kernel, but if a + # program uses the /dev/pts/ interface, it actually has access to + # -all- xterm, sshd, etc, terminals on the system. + /dev/pts/[0-9]* rw, + /dev/pts/ r, + diff --git a/etc/apparmor.d/abstractions/cups-client b/etc/apparmor.d/abstractions/cups-client new file mode 100644 index 0000000..f38ac09 --- /dev/null +++ b/etc/apparmor.d/abstractions/cups-client @@ -0,0 +1,18 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009-2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # discoverable system configuration for non-local cupsd + /etc/cups/client.conf r, + # client should be able to talk the local cupsd + /{,var/}run/cups/cups.sock rw, + # client should be able to read user-specified cups configuration + owner @{HOME}/.cups/client.conf r, + owner @{HOME}/.cups/lpoptions r, diff --git a/etc/apparmor.d/abstractions/dbus b/etc/apparmor.d/abstractions/dbus new file mode 100644 index 0000000..c670fc2 --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus @@ -0,0 +1,16 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009-2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # This abstraction grants full system bus access. Consider using the + # dbus-strict abstraction for fine-grained bus mediation. + + #include + dbus bus=system, diff --git a/etc/apparmor.d/abstractions/dbus-accessibility b/etc/apparmor.d/abstractions/dbus-accessibility new file mode 100644 index 0000000..40a3308 --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus-accessibility @@ -0,0 +1,16 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # This abstraction grants full accessibility bus access. Consider using the + # dbus-accessibility-strict abstraction for fine-grained bus mediation. + + #include + dbus bus=accessibility, diff --git a/etc/apparmor.d/abstractions/dbus-accessibility-strict b/etc/apparmor.d/abstractions/dbus-accessibility-strict new file mode 100644 index 0000000..a853ce2 --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus-accessibility-strict @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + dbus send + bus=accessibility + path=/org/freedesktop/DBus + interface=org.freedesktop.DBus + member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} + peer=(name=org.freedesktop.DBus), diff --git a/etc/apparmor.d/abstractions/dbus-session b/etc/apparmor.d/abstractions/dbus-session new file mode 100644 index 0000000..eb1ed91 --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus-session @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2011-2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # This abstraction grants full session bus access. Consider using the + # dbus-session-strict abstraction for fine-grained bus mediation. + + #include + /usr/bin/dbus-launch ix, + dbus bus=session, diff --git a/etc/apparmor.d/abstractions/dbus-session-strict b/etc/apparmor.d/abstractions/dbus-session-strict new file mode 100644 index 0000000..1600554 --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus-session-strict @@ -0,0 +1,29 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2011-2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # unique per-machine identifier + /etc/machine-id r, + /var/lib/dbus/machine-id r, + owner /run/user/*/bus rw, + + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/dbus-*"), + + # dbus with systemd and --enable-user-session + owner /run/user/[0-9]*/bus rw, + + dbus send + bus=session + path=/org/freedesktop/DBus + interface=org.freedesktop.DBus + member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} + peer=(name=org.freedesktop.DBus), diff --git a/etc/apparmor.d/abstractions/dbus-strict b/etc/apparmor.d/abstractions/dbus-strict new file mode 100644 index 0000000..01a426e --- /dev/null +++ b/etc/apparmor.d/abstractions/dbus-strict @@ -0,0 +1,19 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009-2013 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /{,var/}run/dbus/system_bus_socket rw, + + dbus send + bus=system + path=/org/freedesktop/DBus + interface=org.freedesktop.DBus + member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} + peer=(name=org.freedesktop.DBus), diff --git a/etc/apparmor.d/abstractions/dconf b/etc/apparmor.d/abstractions/dconf new file mode 100644 index 0000000..7ef6978 --- /dev/null +++ b/etc/apparmor.d/abstractions/dconf @@ -0,0 +1,8 @@ +# vim:syntax=apparmor + +# permissions for querying dconf settings; granting write access should +# be specified in a specific application's profile. + + /etc/dconf/** r, + owner /{,var/}run/user/*/dconf/user r, + owner @{HOME}/.config/dconf/user r, diff --git a/etc/apparmor.d/abstractions/dovecot-common b/etc/apparmor.d/abstractions/dovecot-common new file mode 100644 index 0000000..e1681d9 --- /dev/null +++ b/etc/apparmor.d/abstractions/dovecot-common @@ -0,0 +1,19 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical, Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# used with dovecot/* + + capability setgid, + + deny capability block_suspend, + + # dovecot's master can send us signals + signal receive peer=dovecot, + + /{var/,}run/dovecot/config rw, diff --git a/etc/apparmor.d/abstractions/dri-common b/etc/apparmor.d/abstractions/dri-common new file mode 100644 index 0000000..b5e0a5c --- /dev/null +++ b/etc/apparmor.d/abstractions/dri-common @@ -0,0 +1,14 @@ +# vim:syntax=apparmor + +# This file contains common DRI-specific rules useful for GUI applications +# (needed by libdrm and similar). + + /usr/lib{,32,64}/dri/** mr, + /usr/lib/@{multiarch}/dri/** mr, + /usr/lib/fglrx/dri/** mr, + /dev/dri/ r, + /dev/dri/** rw, + /etc/drirc r, + /usr/share/drirc.d/{,*.conf} r, + owner @{HOME}/.drirc r, + diff --git a/etc/apparmor.d/abstractions/dri-enumerate b/etc/apparmor.d/abstractions/dri-enumerate new file mode 100644 index 0000000..e101be5 --- /dev/null +++ b/etc/apparmor.d/abstractions/dri-enumerate @@ -0,0 +1,8 @@ +# vim:syntax=apparmor + +# This file contains common DRI-specific rules useful for GUI applications that +# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from +# libdrm). + + @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, + diff --git a/etc/apparmor.d/abstractions/enchant b/etc/apparmor.d/abstractions/enchant new file mode 100644 index 0000000..fd3c813 --- /dev/null +++ b/etc/apparmor.d/abstractions/enchant @@ -0,0 +1,56 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # abstraction for Enchant spellchecking frontend + + /usr/share/enchant/ r, + /usr/share/enchant/enchant.ordering r, + + # aspell + #include + /var/lib/dictionaries-common/aspell/ r, + /var/lib/dictionaries-common/aspell/* r, + + # hspell + /usr/share/hspell/ r, + /usr/share/hspell/*.wgz.* r, + + # hunspell + /usr/share/hunspell/ r, + /usr/share/hunspell/* r, + + # ispell + /usr/lib/ispell/ r, + /usr/lib/ispell/*.hash r, + /usr/share/dict/ r, + /usr/share/dict/* r, + /var/lib/dictionaries-common/ r, + /var/lib/dictionaries-common/{ispell,wordlist}/ r, + /var/lib/dictionaries-common/{ispell,wordlist}/* r, + + # myspell + /usr/share/myspell/ r, + /usr/share/myspell/** r, + + # voikko + /usr/lib/voikko/ r, + /usr/lib/voikko/2/ r, + /usr/lib/voikko/2/mor-standard/ r, + /usr/lib/voikko/2/mor-standard/voikko* r, + + # zemberek + /usr/share/java/ r, + /usr/share/java/zemberek-[0-9]*.jar r, + /usr/share/java/zemberek-tr-[0-9]*.jar r, + + # per-user dictionaries + owner @{HOME}/.config/enchant/ rw, + owner @{HOME}/.config/enchant/* rwk, diff --git a/etc/apparmor.d/abstractions/fcitx b/etc/apparmor.d/abstractions/fcitx new file mode 100644 index 0000000..3d26cc9 --- /dev/null +++ b/etc/apparmor.d/abstractions/fcitx @@ -0,0 +1,13 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + #include + dbus bus=fcitx, diff --git a/etc/apparmor.d/abstractions/fcitx-strict b/etc/apparmor.d/abstractions/fcitx-strict new file mode 100644 index 0000000..d773734 --- /dev/null +++ b/etc/apparmor.d/abstractions/fcitx-strict @@ -0,0 +1,21 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + #include + + dbus send + bus=fcitx + path=/org/freedesktop/DBus + interface=org.freedesktop.DBus + member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} + peer=(name=org.freedesktop.DBus), + + owner @{HOME}/.config/fcitx/dbus/* r, diff --git a/etc/apparmor.d/abstractions/fonts b/etc/apparmor.d/abstractions/fonts new file mode 100644 index 0000000..222aa5a --- /dev/null +++ b/etc/apparmor.d/abstractions/fonts @@ -0,0 +1,61 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /usr/share/AbiSuite/fonts/** r, + + /usr/lib/xorg/modules/fonts/**.so* mr, + + /usr/share/fonts/ r, + /usr/share/fonts/** r, + + /etc/fonts/** r, + # Debian, openSUSE paths are different + /usr/share/{fontconfig,fonts-config,*-fonts}/conf.avail/{,**} r, + /usr/share/ghostscript/fonts/{,**} r, + + /opt/kde3/share/fonts/** r, + + /usr/lib{,32,64}/openoffice/share/fonts/** r, + + /var/cache/fonts/** r, + /var/cache/fontconfig/** mr, + /var/lib/defoma/** mr, + + /usr/share/a2ps/fonts/** r, + /usr/share/xfce/fonts/** r, + /usr/share/ghostscript/fonts/** r, + /usr/share/javascript/*/fonts/** r, + /usr/share/texmf/{,*/}fonts/** r, + /usr/share/texlive/texmf-dist/fonts/** r, + /var/lib/ghostscript/** r, + + owner @{HOME}/.fonts.conf r, + owner @{HOME}/.fonts/ r, + owner @{HOME}/.fonts/** r, + owner @{HOME}/.local/share/fonts/ r, + owner @{HOME}/.local/share/fonts/** r, + owner @{HOME}/.fonts.cache-2 mr, + owner @{HOME}/.{,cache/}fontconfig/ rw, + owner @{HOME}/.{,cache/}fontconfig/** mrl, + owner @{HOME}/.fonts.conf.d/ r, + owner @{HOME}/.fonts.conf.d/** r, + owner @{HOME}/.config/fontconfig/ r, + owner @{HOME}/.config/fontconfig/** r, + + /usr/local/share/fonts/ r, + /usr/local/share/fonts/** r, + + # poppler CMap tables + /usr/share/poppler/cMap/** r, + + # data files for LibThai + /usr/share/libthai/thbrk.tri r, diff --git a/etc/apparmor.d/abstractions/freedesktop.org b/etc/apparmor.d/abstractions/freedesktop.org new file mode 100644 index 0000000..4ec1745 --- /dev/null +++ b/etc/apparmor.d/abstractions/freedesktop.org @@ -0,0 +1,36 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # system configuration + @{system_share_dirs}/applications/{**,} r, + @{system_share_dirs}/icons/{**,} r, + @{system_share_dirs}/pixmaps/{**,} r, + + # communitheme snap + /snap/communitheme/*/share/icons/ r, + /snap/communitheme/*/share/icons/** r, + + # mimeinfo and desktop files for snaps + /var/lib/snapd/desktop/applications/mimeinfo.cache r, + /var/lib/snapd/desktop/applications/{,*.desktop} r, + + # this should probably go elsewhere + @{system_share_dirs}/mime/** r, + + # per-user configurations + owner @{HOME}/.icons/ r, + owner @{HOME}/.recently-used.xbel* rw, + owner @{HOME}/.local/share/recently-used.xbel* rw, + owner @{HOME}/.config/user-dirs.dirs r, + owner @{HOME}/.config/mimeapps.list r, + owner @{user_share_dirs}/applications/{**,} r, + owner @{user_share_dirs}/icons/{**,} r, + owner @{user_share_dirs}/mime/{**,} r, diff --git a/etc/apparmor.d/abstractions/gnome b/etc/apparmor.d/abstractions/gnome new file mode 100644 index 0000000..a0459c3 --- /dev/null +++ b/etc/apparmor.d/abstractions/gnome @@ -0,0 +1,113 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +#include +#include +#include +#include +#include +#include +#include + + # systemwide gtk defaults + /etc/gnome/gtkrc* r, + /etc/gtk/* r, + /usr/lib{,32,64}/gtk/** mr, + /usr/lib/@{multiarch}/gtk/** mr, + /usr/lib{,32,64}/gtk-[0-9]*/** mr, + /usr/lib/@{multiarch}/gtk-[0-9]*/** mr, + /usr/share/themes/ r, + /usr/share/themes/** r, + + # communitheme snap + /snap/communitheme/*/share/themes/ r, + /snap/communitheme/*/share/themes/** r, + + # for gnome 1 applications + /etc/orbitrc r, + + # gtk-2 needed some new rights + /etc/fonts/* r, + /etc/gtk-*/* r, + /etc/pango/* r, + /usr/lib{,32,64}/pango/** mr, + /usr/lib{,32,64}/gtk-*/** mr, + /usr/lib{,32,64}/gdk-pixbuf-*/** mr, + /usr/lib/@{multiarch}/pango/** mr, + /usr/lib/@{multiarch}/gtk-*/** mr, + /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr, + + # per-user gtk configuration + owner @{HOME}/.config/gtk-3.0/ w, + owner @{HOME}/.config/gtk-3.0/* r, + owner @{HOME}/.gnome/Gnome r, + owner @{HOME}/.gtk r, + owner @{HOME}/.gtkrc r, + owner @{HOME}/.gtkrc-2.0 r, + owner @{HOME}/.gtk-bookmarks r, + owner @{HOME}/.themes/ r, + owner @{HOME}/.themes/** r, + owner @{user_share_dirs}/themes/ r, + owner @{user_share_dirs}/themes/** r, + + # for gtk file dialog + owner @{HOME}/.config/gtk-2.0/ w, + owner @{HOME}/.config/gtk-2.0/** r, + owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw, + + # from evolution-mail + owner @{HOME}/.gconfd/lock/* r, + owner @{HOME}/.gnome/application-info r, + + # per-user font business + owner @{HOME}/.fonts.cache-* rwl, + + # GtkComposeTable + owner @{HOME}/.cache/gtk-3.0/** r, + + # icon caches + /var/cache/**/icon-theme.cache r, + /usr/share/**/icon-theme.cache r, + + # GLib schemas + /usr/{local/,}share/glib-[0-9]*/schemas/ r, + /usr/{local/,}share/glib-[0-9]*/schemas/** r, + + # gnome VFS modules + /etc/gnome-vfs-2.0/modules/ r, + /etc/gnome-vfs-2.0/modules/* r, + /usr/lib/gnome-vfs-2.0/modules/*.so mr, + /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr, + + # gvfs + /usr/share/gvfs/remote-volume-monitors/ r, + /usr/share/gvfs/remote-volume-monitors/* r, + @{PROC}/@{pid}/mounts r, + + # printing + /etc/papersize r, + /etc/cups/lpoptions r, + /usr/share/cups/charmaps/** r, + + # holds MIT-MAGIC-COOKIE for gnome + owner /{,var/}run/gdm/auth*/database r, + + # mime-types + /etc/gnome/defaults.list r, + /etc/xdg/{,*-}mimeapps.list r, + /usr/share/gnome/applications/ r, + /usr/share/gnome/applications/mimeinfo.cache r, + + # Allow connecting to the GNOME vfs socket (still need corresponding DBus + # rules) + unix (send, receive, connect) + type=stream + peer=(addr="@/dbus-vfs-daemon/socket-*"), diff --git a/etc/apparmor.d/abstractions/gnupg b/etc/apparmor.d/abstractions/gnupg new file mode 100644 index 0000000..d04c920 --- /dev/null +++ b/etc/apparmor.d/abstractions/gnupg @@ -0,0 +1,11 @@ +# vim:syntax=apparmor +# gnupg sub-process running permissions + + # user configurations + owner @{HOME}/.gnupg/options r, + owner @{HOME}/.gnupg/pubring.gpg r, + owner @{HOME}/.gnupg/pubring.kbx r, + owner @{HOME}/.gnupg/random_seed rw, + owner @{HOME}/.gnupg/secring.gpg r, + owner @{HOME}/.gnupg/so/*.x86_64 mr, + owner @{HOME}/.gnupg/trustdb.gpg rw, diff --git a/etc/apparmor.d/abstractions/ibus b/etc/apparmor.d/abstractions/ibus new file mode 100644 index 0000000..a4431b9 --- /dev/null +++ b/etc/apparmor.d/abstractions/ibus @@ -0,0 +1,29 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # abstraction for ibus input methods + owner @{HOME}/.config/ibus/ r, + owner @{HOME}/.config/ibus/bus/ rw, + owner @{HOME}/.config/ibus/bus/* rw, + + # abstract path in ibus < 1.5.22 uses /tmp + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/ibus/dbus-*"), + + # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache) + # This should use this, but due to LP: #1856738 we cannot + #unix (connect, receive, send) + # type=stream + # peer=(addr="@@{HOME}/.cache/ibus/dbus-*"), + unix (connect, receive, send) + type=stream + peer=(addr="@/home/*/.cache/ibus/dbus-*"), diff --git a/etc/apparmor.d/abstractions/kde b/etc/apparmor.d/abstractions/kde new file mode 100644 index 0000000..cad5c7d --- /dev/null +++ b/etc/apparmor.d/abstractions/kde @@ -0,0 +1,77 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include +#include +#include +#include +#include +#include +#include + +/etc/qt3/kstylerc r, +/etc/qt3/qt_plugins_3.3rc r, +/etc/qt3/qtrc r, +/etc/kderc r, +/etc/kde3/* r, +/etc/kde4rc r, +/etc/xdg/kdeglobals r, +/etc/xdg/Trolltech.conf r, +/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent() +/usr/share/kubuntu-default-settings/kf5-settings/* r, + +owner @{HOME}/.DCOPserver_* r, +owner @{HOME}/.ICEauthority r, +owner @{HOME}/.fonts.* lrw, +owner @{HOME}/.kde{,4}/share/config/kdeglobals rw, +owner @{HOME}/.kde{,4}/share/config/*.lock rwl, +owner @{HOME}/.qt/** rw, +owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache +owner @{HOME}/.config/Trolltech.conf rwk, +owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget +owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget +owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() +owner @{HOME}/.config/kdeglobals r, # global settings, used by Breeze style, etc. +owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so +owner @{HOME}/.config/trashrc r, # Used by KFileWidget + +/usr/share/X11/XKeysymDB r, + +# kde3 +/usr/lib*/kde3/plugins/styles/ r, +/usr/lib*/kde3/plugins/styles/* mr, +/usr/lib*/kde3/lib*so* mr, +/usr/lib/@{multiarch}/kde3/plugins/styles/ r, +/usr/lib/@{multiarch}/kde3/plugins/styles/* mr, +/usr/lib/@{multiarch}/kde3/lib*so* mr, +/usr/lib*/qt3/lib*/lib*so* mr, +/usr/lib*/qt3/plugins/** mr, +/usr/lib/@{multiarch}/qt3/lib*/lib*so* mr, +/usr/lib/@{multiarch}/qt3/plugins/** mr, +/usr/lib*/libqt-mt*so* mr, +/usr/lib*/libqui*so* mr, +/usr/lib/@{multiarch}/libqt-mt*so* mr, +/usr/lib/@{multiarch}/libqui*so* mr, +/usr/share/qt3/lib*/libqt-mt*so* mr, +/usr/share/qt3/lib*/libqui*so* mr, + +# kde4 +/usr/lib*/kde4/plugins/*/*.so mr, +/usr/lib*/kde4/plugins/*/ r, +/usr/lib*/kde4/lib*so* mr, +/usr/lib/@{multiarch}/kde4/plugins/*/*.so mr, +/usr/lib/@{multiarch}/kde4/plugins/*/ r, +/usr/lib/@{multiarch}/kde4/lib*so* mr, +/usr/lib*/qt4/lib*/lib*so* mr, +/usr/lib*/qt4/plugins/** mr, +/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr, +/usr/lib/@{multiarch}/qt4/plugins/** mr, +/usr/share/qt4/** r, diff --git a/etc/apparmor.d/abstractions/kde-globals-write b/etc/apparmor.d/abstractions/kde-globals-write new file mode 100644 index 0000000..5f878e8 --- /dev/null +++ b/etc/apparmor.d/abstractions/kde-globals-write @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# Rules for changing KDE settings (for KFileDialog and other). + + # User files + + owner @{HOME}/.config/#[0-9]* rw, + owner @{HOME}/.config/kdeglobals rw, + owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/kdeglobals.lock rwk, + diff --git a/etc/apparmor.d/abstractions/kde-icon-cache-write b/etc/apparmor.d/abstractions/kde-icon-cache-write new file mode 100644 index 0000000..d37fb3b --- /dev/null +++ b/etc/apparmor.d/abstractions/kde-icon-cache-write @@ -0,0 +1,7 @@ +# vim:syntax=apparmor +# Rules for writing KDE icon cache + + # User files + + owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader + diff --git a/etc/apparmor.d/abstractions/kde-language-write b/etc/apparmor.d/abstractions/kde-language-write new file mode 100644 index 0000000..8e95399 --- /dev/null +++ b/etc/apparmor.d/abstractions/kde-language-write @@ -0,0 +1,12 @@ +# vim:syntax=apparmor +# Rules for changing per-application language settings on KDE. Some KDE +# applications have "Help -> Switch Application Language..." option, that needs +# write access to language settings file. + + # User files + + owner @{HOME}/.config/#[0-9]* rw, + owner @{HOME}/.config/klanguageoverridesrc rw, + owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/klanguageoverridesrc.lock rwk, + diff --git a/etc/apparmor.d/abstractions/kerberosclient b/etc/apparmor.d/abstractions/kerberosclient new file mode 100644 index 0000000..5b79e3d --- /dev/null +++ b/etc/apparmor.d/abstractions/kerberosclient @@ -0,0 +1,34 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # files required by kerberos client programs + /usr/lib{,32,64}/krb5/plugins/libkrb5/ r, + /usr/lib{,32,64}/krb5/plugins/libkrb5/* mr, + /usr/lib/@{multiarch}/krb5/plugins/libkrb5/ r, + /usr/lib/@{multiarch}/krb5/plugins/libkrb5/* mr, + + /usr/lib{,32,64}/krb5/plugins/preauth/ r, + /usr/lib{,32,64}/krb5/plugins/preauth/* mr, + /usr/lib/@{multiarch}/krb5/plugins/preauth/ r, + /usr/lib/@{multiarch}/krb5/plugins/preauth/* mr, + + /etc/krb5.keytab rk, + /etc/krb5.conf r, + /etc/krb5.conf.d/ r, + /etc/krb5.conf.d/* r, + + # config files found via strings on libs + /etc/krb.conf r, + /etc/krb.realms r, + /etc/srvtab r, + + # credential caches + /tmp/krb5cc* r, diff --git a/etc/apparmor.d/abstractions/ldapclient b/etc/apparmor.d/abstractions/ldapclient new file mode 100644 index 0000000..0c52728 --- /dev/null +++ b/etc/apparmor.d/abstractions/ldapclient @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2011 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # files required by LDAP clients (e.g. nss_ldap/pam_ldap) + /etc/ldap.conf r, + /etc/ldap.secret r, + /etc/openldap/* r, + /etc/openldap/cacerts/* r, + + # SASL plugins and config + /etc/sasl2/* r, + /usr/lib{,32,64}/sasl2/* r, + + # local LDAP name service daemon + /{,var/}run/nslcd/socket rw, + + #include diff --git a/etc/apparmor.d/abstractions/libpam-systemd b/etc/apparmor.d/abstractions/libpam-systemd new file mode 100644 index 0000000..76ee869 --- /dev/null +++ b/etc/apparmor.d/abstractions/libpam-systemd @@ -0,0 +1,19 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2015-2016 Simon Deziel +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include + + # libpam-systemd notifies systemd-logind about session logins/logouts + dbus send + bus=system + path=/org/freedesktop/login1 + interface=org.freedesktop.login1.Manager + member={CreateSession,ReleaseSession}, diff --git a/etc/apparmor.d/abstractions/likewise b/etc/apparmor.d/abstractions/likewise new file mode 100644 index 0000000..7482842 --- /dev/null +++ b/etc/apparmor.d/abstractions/likewise @@ -0,0 +1,13 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /tmp/.lwidentity/pipe rw, + /var/lib/likewise-open/lwidentity_privileged/pipe rw, diff --git a/etc/apparmor.d/abstractions/mdns b/etc/apparmor.d/abstractions/mdns new file mode 100644 index 0000000..14c31b8 --- /dev/null +++ b/etc/apparmor.d/abstractions/mdns @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # mdnsd + /etc/mdns.allow r, + /etc/nss_mdns.conf r, + /{,var/}run/mdnsd w, diff --git a/etc/apparmor.d/abstractions/mesa b/etc/apparmor.d/abstractions/mesa new file mode 100644 index 0000000..be699c7 --- /dev/null +++ b/etc/apparmor.d/abstractions/mesa @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# Rules for Mesa implementation of the OpenGL API + + # System files + /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2() + + # Needed to check if the kernel supports the i915 perf interface + # (src/intel/perf/gen_perf.c, load_oa_metrics()) + @{PROC}/sys/dev/i915/perf_stream_paranoid r, + + # User files + owner @{HOME}/.cache/ w, # if user clears all caches + owner @{HOME}/.cache/mesa_shader_cache/ w, + owner @{HOME}/.cache/mesa_shader_cache/index rw, + owner @{HOME}/.cache/mesa_shader_cache/??/ w, + owner @{HOME}/.cache/mesa_shader_cache/??/* rwk, + diff --git a/etc/apparmor.d/abstractions/mir b/etc/apparmor.d/abstractions/mir new file mode 100644 index 0000000..16c57ec --- /dev/null +++ b/etc/apparmor.d/abstractions/mir @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2015 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # mir libraries sometimes do not have a lib prefix + # see LP: #1422521 + /usr/lib/@{multiarch}/mir/*.so* mr, + /usr/lib/@{multiarch}/mir/**/*.so* mr, + + # unprivileged mir socket for clients diff --git a/etc/apparmor.d/abstractions/mozc b/etc/apparmor.d/abstractions/mozc new file mode 100644 index 0000000..f736bc2 --- /dev/null +++ b/etc/apparmor.d/abstractions/mozc @@ -0,0 +1,12 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"), diff --git a/etc/apparmor.d/abstractions/mysql b/etc/apparmor.d/abstractions/mysql new file mode 100644 index 0000000..fed759b --- /dev/null +++ b/etc/apparmor.d/abstractions/mysql @@ -0,0 +1,15 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2013 Christian Boltz +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /var/lib/mysql{,d}/mysql{,d}.sock rw, + /{var/,}run/mysql{,d}/mysql{,d}.sock rw, + /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r, + /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r, diff --git a/etc/apparmor.d/abstractions/nameservice b/etc/apparmor.d/abstractions/nameservice new file mode 100644 index 0000000..357eaa8 --- /dev/null +++ b/etc/apparmor.d/abstractions/nameservice @@ -0,0 +1,148 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # Many programs wish to perform nameservice-like operations, such as + # looking up users by name or id, groups by name or id, hosts by name + # or IP, etc. These operations may be performed through files, dns, + # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here. + /etc/group r, + /etc/host.conf r, + /etc/hosts r, + /etc/nsswitch.conf r, + /etc/gai.conf r, + /etc/passwd r, + /etc/protocols r, + + # libtirpc (used for NIS/YP login) needs this + /etc/netconfig r, + + # When using libnss-extrausers, the passwd and group files are merged from + # an alternate path + /var/lib/extrausers/group r, + /var/lib/extrausers/passwd r, + + # NSS records from systemd-userdbd.service + /{,var/}run/systemd/userdb/ r, + /{,var/}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r, + @{PROC}/sys/kernel/random/boot_id r, + + # When using sssd, the passwd and group files are stored in an alternate path + # and the nss plugin also needs to talk to a pipe + /var/lib/sss/mc/group r, + /var/lib/sss/mc/initgroups r, + /var/lib/sss/mc/passwd r, + /var/lib/sss/pipes/nss rw, + + /etc/resolv.conf r, + # On systems where /etc/resolv.conf is managed programmatically, it is + # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf. + /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r, + /etc/resolvconf/run/resolv.conf r, + /{,var/}run/systemd/resolve/stub-resolv.conf r, + + /etc/samba/lmhosts r, + /etc/services r, + # db backend + /var/lib/misc/*.db r, + # The Name Service Cache Daemon can cache lookups, sometimes leading + # to vast speed increases when working with network-based lookups. + /{,var/}run/.nscd_socket rw, + /{,var/}run/nscd/socket rw, + /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r, + # nscd renames and unlinks files in it's operation that clients will + # have open + /{,var/}run/nscd/db* rmix, + + # The nss libraries are sometimes used in addition to PAM; make sure + # they are available + /{usr/,}lib{,32,64}/libnss_*.so* mr, + /{usr/,}lib/@{multiarch}/libnss_*.so* mr, + /etc/default/nss r, + + # avahi-daemon is used for mdns4 resolution + /{,var/}run/avahi-daemon/socket rw, + + # libnl-3-200 via libnss-gw-name + @{PROC}/@{pid}/net/psched r, + /etc/libnl-*/classid r, + + # nis + #include + + # ldap + #include + + # winbind + #include + + # likewise + #include + + # mdnsd + #include + + # kerberos + #include + + # resolve + # + # Allow access to the safe members of the systemd-resolved D-Bus API: + # + # https://www.freedesktop.org/wiki/Software/systemd/resolved/ + # + # This API may be used directly over the D-Bus system bus or it may be used + # indirectly via the nss-resolve plugin: + # + # https://www.freedesktop.org/software/systemd/man/nss-resolve.html + # + #include + dbus send + bus=system + path="/org/freedesktop/resolve1" + interface="org.freedesktop.resolve1.Manager" + member="Resolve{Address,Hostname,Record,Service}" + peer=(name="org.freedesktop.resolve1"), + + # libnss-systemd + # + # https://systemd.io/USER_GROUP_API/ + # https://systemd.io/USER_RECORD/ + # https://www.freedesktop.org/software/systemd/man/nss-systemd.html + # + # Allow User/Group lookups via common VarLink socket APIs. Applications need + # to either consult all of them or the io.systemd.Multiplexer frontend. + /run/systemd/userdb/ r, + /run/systemd/userdb/io.systemd.Multiplexer rw, + /run/systemd/userdb/io.systemd.DynamicUser rw, # systemd-exec users + /run/systemd/userdb/io.systemd.Home rw, # systemd-home dirs + /run/systemd/userdb/io.systemd.NameServiceSwitch rw, # UNIX/glibc NSS + + # Also allow lookups for systemd-exec's DynamicUsers via D-Bus + # https://www.freedesktop.org/software/systemd/man/systemd.exec.html + dbus send + bus=system + path="/org/freedesktop/systemd1" + interface="org.freedesktop.systemd1.Manager" + member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}" + peer=(name="org.freedesktop.systemd1"), + + # TCP/UDP network access + network inet stream, + network inet6 stream, + network inet dgram, + network inet6 dgram, + + # TODO: adjust when support finer-grained netlink rules + # Netlink raw needed for nscd + network netlink raw, + + # interface details + @{PROC}/@{pid}/net/route r, diff --git a/etc/apparmor.d/abstractions/nis b/etc/apparmor.d/abstractions/nis new file mode 100644 index 0000000..690e679 --- /dev/null +++ b/etc/apparmor.d/abstractions/nis @@ -0,0 +1,15 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # NIS rules + /var/yp/binding/* r, + # portmapper may ask root processes to do nis/ldap at low ports + capability net_bind_service, + diff --git a/etc/apparmor.d/abstractions/nvidia b/etc/apparmor.d/abstractions/nvidia new file mode 100644 index 0000000..b01ef8b --- /dev/null +++ b/etc/apparmor.d/abstractions/nvidia @@ -0,0 +1,28 @@ +# vim:syntax=apparmor +# nvidia access requirements + + # configuration queries + capability ipc_lock, + + /usr/share/nvidia/nvidia-application-profiles* r, + + # libvdpau config file for nvidia workarounds + /etc/vdpau_wrapper.cfg r, + + # device files + /dev/nvidiactl rw, + /dev/nvidia-modeset rw, + /dev/nvidia[0-9]* rw, + + @{PROC}/interrupts r, + @{PROC}/sys/vm/max_map_count r, + @{PROC}/driver/nvidia/params r, + @{PROC}/modules r, + + @{sys}/devices/system/memory/block_size_bytes r, + + owner @{HOME}/.nv/ w, + owner @{HOME}/.nv/GLCache/ rw, + owner @{HOME}/.nv/GLCache/** rwk, + + unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"), diff --git a/etc/apparmor.d/abstractions/opencl b/etc/apparmor.d/abstractions/opencl new file mode 100644 index 0000000..32a21b2 --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl @@ -0,0 +1,9 @@ +# vim:syntax=apparmor +# OpenCL access requirements + + # TODO: use conditionals to select allowed implementations + #include + #include + #include + #include + diff --git a/etc/apparmor.d/abstractions/opencl-common b/etc/apparmor.d/abstractions/opencl-common new file mode 100644 index 0000000..0ad3d55 --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl-common @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# implementation-independent OpenCL access requirements + + # System files + + /etc/OpenCL/** r, + @{sys}/bus/pci/devices/ r, # libpocl.so -> libhwlock.so, libnvidia-opencl.so, beignet/libcl.so -> libdrm_intel.so + @{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so + @{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so + diff --git a/etc/apparmor.d/abstractions/opencl-intel b/etc/apparmor.d/abstractions/opencl-intel new file mode 100644 index 0000000..353eeca --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl-intel @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# OpenCL access requirements for Intel implementation + + #include + + # for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay()) + #include + + # for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so + #include + + # System files + + /dev/dri/card[0-9]* rw, # beignet/libcl.so + @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?) + /usr/lib/@{multiarch}/beignet/** r, + diff --git a/etc/apparmor.d/abstractions/opencl-mesa b/etc/apparmor.d/abstractions/opencl-mesa new file mode 100644 index 0000000..9d7f82b --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl-mesa @@ -0,0 +1,20 @@ +# vim:syntax=apparmor +# OpenCL access requirements for Mesa implementation + + #include + + # Additional libraries + + /usr/lib/@{multiarch}/gallium-pipe/*.so mr, # libMesaOpenCL.so + /usr/lib{,64}/gallium-pipe/*.so mr, # libMesaOpenCL.so on openSUSE + + # System files + + /dev/dri/ r, # libMesaOpenCL.so -> libdrm.so + /dev/dri/render* rw, # libMesaOpenCL.so + /etc/drirc r, # libMesaOpenCL.so + + # User files + + owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so + diff --git a/etc/apparmor.d/abstractions/opencl-nvidia b/etc/apparmor.d/abstractions/opencl-nvidia new file mode 100644 index 0000000..8a4764e --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl-nvidia @@ -0,0 +1,30 @@ +# vim:syntax=apparmor +# OpenCL access requirements for NVIDIA implementation + + #include + #include + + # Executables + + # https://github.com/NVIDIA/nvidia-modprobe + # This setuid executable is used to create various device files and load the + # the nvidia kernel module. + /usr/bin/nvidia-modprobe Px -> nvidia_modprobe, + + # System files + + # libnvidia-opencl.so rules: + /dev/nvidia-uvm rw, + /dev/nvidia-uvm-tools rw, + @{sys}/devices/pci[0-9]*/**/config r, + @{sys}/devices/system/memory/block_size_bytes r, + /usr/share/nvidia/** r, + @{PROC}/devices r, + @{PROC}/sys/vm/mmap_min_addr r, + + # User files + + owner @{HOME}/.nv/ComputeCache/ w, + owner @{HOME}/.nv/ComputeCache/** rw, + owner @{HOME}/.nv/ComputeCache/index rwk, + diff --git a/etc/apparmor.d/abstractions/opencl-pocl b/etc/apparmor.d/abstractions/opencl-pocl new file mode 100644 index 0000000..054689a --- /dev/null +++ b/etc/apparmor.d/abstractions/opencl-pocl @@ -0,0 +1,76 @@ +# vim:syntax=apparmor +# OpenCL access requirements for POCL implementation + + #include + + # Executables + + /usr/bin/{,@{multiarch}-}ld.bfd Cx -> opencl_pocl_ld, + /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang Cx -> opencl_pocl_clang, + + # System files + + / r, # libpocl.so -> libhwloc.so + @{sys}/bus/pci/slots/ r, # libpocl.so -> hwloc_topology_load() from libhwloc.so + @{sys}/bus/{cpu,node}/devices/ r, # libpocl.so -> libhwlock.so + @{sys}/class/net/ r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/ r, # for libpocl -> hwloc_linux_lookup_block_class() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so + @{sys}/devices/pci[0-9]*/*/net/*/address r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so + @{sys}/devices/system/cpu/ r, # libpocl.so -> libnuma.so + @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/* r, # libpocl.so -> libhwloc.so + @{sys}/devices/system/cpu/cpu[0-9]*/online r, # libpocl.so -> libhwlock.so + @{sys}/devices/system/cpu/cpu[0-9]*/topology/* r, # *_siblings, physical_package_id and lot's of others, for libpocl.so -> libhwloc.so + @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/* r, # for clGetPlatformIDs() from libpocl.so + @{sys}/devices/system/cpu/possible r, # libpocl.so -> libhwloc.so + @{sys}/devices/virtual/dmi/id/{,*} r, # libpocl.so -> libhwloc.so + @{sys}/fs/cgroup/cpuset/cpuset.{cpus,mems} r, # libpocl.so -> libhwloc.so + @{sys}/kernel/mm/hugepages{/,/**} r, # libpocl.so -> libhwloc.so + /usr/share/pocl/** r, + /{,var/}run/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so + + # User files + + owner @{HOME}/.cache/pocl/ w, + owner @{HOME}/.cache/pocl/kcache/ w, + owner @{HOME}/.cache/pocl/kcache/** rw, + owner @{HOME}/.cache/pocl/kcache/**.so mrw, # dangerous! + owner @{PROC}/@{pid}/{cgroup,cpuset,status} r, # libpocl.so -> libhwloc.so, status for libpocl.so -> libnuma.so + + # Child profiles + + profile opencl_pocl_ld { + #include + + # Main executables + + /usr/bin/{,@{multiarch}-}ld.bfd mr, + + # User files + + owner @{HOME}/.cache/pocl/kcache/tempfile*.so rw, + owner @{HOME}/.cache/pocl/kcache/**.so.o r, + } + + profile opencl_pocl_clang { + #include + + # Main executables + + /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang mr, + + # Additional executables + + /usr/bin/{,@{multiarch}-}ld.bfd ix, # TODO: transfer to opencl_ld child profile? + + # System files + + /etc/debian-version r, + /etc/lsb-release r, + + # User files + + owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw, + } + diff --git a/etc/apparmor.d/abstractions/openssl b/etc/apparmor.d/abstractions/openssl new file mode 100644 index 0000000..697da7a --- /dev/null +++ b/etc/apparmor.d/abstractions/openssl @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2011 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/ssl/openssl.cnf r, + /usr/share/ssl/openssl.cnf r, + @{PROC}/sys/crypto/fips_enabled r, + diff --git a/etc/apparmor.d/abstractions/orbit2 b/etc/apparmor.d/abstractions/orbit2 new file mode 100644 index 0000000..b8df9df --- /dev/null +++ b/etc/apparmor.d/abstractions/orbit2 @@ -0,0 +1,5 @@ +# vim:syntax=apparmor +# orbit2 permissions + + # system library + /usr/lib/orbit-2.0/*.so mr, diff --git a/etc/apparmor.d/abstractions/p11-kit b/etc/apparmor.d/abstractions/p11-kit new file mode 100644 index 0000000..84b7b11 --- /dev/null +++ b/etc/apparmor.d/abstractions/p11-kit @@ -0,0 +1,27 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/pkcs11/ r, + /etc/pkcs11/pkcs11.conf r, + /etc/pkcs11/modules/ r, + /etc/pkcs11/modules/* r, + + /usr/lib{,32,64}/pkcs11/*.so mr, + /usr/lib/@{multiarch}/pkcs11/*.so mr, + + /usr/share/p11-kit/modules/ r, + /usr/share/p11-kit/modules/* r, + + # gnome-keyring pkcs11 module + owner /{,var/}run/user/[0-9]*/keyring*/pkcs11 rw, + + # p11-kit also supports reading user configuration from ~/.pkcs11 depending + # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be + # included in this abstraction. diff --git a/etc/apparmor.d/abstractions/perl b/etc/apparmor.d/abstractions/perl new file mode 100644 index 0000000..0e20aeb --- /dev/null +++ b/etc/apparmor.d/abstractions/perl @@ -0,0 +1,23 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # a few files typically required for perl scripts + /usr/bin/perl rmix, + /usr/bin/perl[0-9].[0-9].[0-9] rmix, + + /usr/lib{,32,64}/perl5/** r, + /usr/lib{,32,64}/perl{,5}/**.so* mr, + /usr/lib/@{multiarch}/perl{,5,-base}/** r, + /usr/lib/@{multiarch}/perl{,5,-base}/[0-9]*/**.so* mr, + + /usr/share/perl/** r, + /usr/share/perl5/** r, + /etc/perl/** r, diff --git a/etc/apparmor.d/abstractions/php b/etc/apparmor.d/abstractions/php new file mode 100644 index 0000000..4aba241 --- /dev/null +++ b/etc/apparmor.d/abstractions/php @@ -0,0 +1,39 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2009-2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # shared snippets for config files + /etc/php{,5,7}/**/ r, + /etc/php{,5,7}/**.ini r, + + # Xlibs + /usr/X11R6/lib{,32,64}/lib*.so* mr, + # php extensions + /usr/lib{64,}/php{,5,7}/*/*.so mr, + + # ICU (unicode support) data tables + /usr/share/icu/*/*.dat r, + + # php session mmap socket + /var/lib/php{,5,7}/session_mm_* rwlk, + # file based session handler + /var/lib/php{,5,7}/sess_* rwlk, + /var/lib/php{,5,7}/sessions/* rwlk, + + # php libraries + /usr/share/php{,5,7}/ r, + /usr/share/php{,5,7}/** mr, + + # MySQL extension + /usr/share/mysql/** r, + + # Zend opcache + /tmp/.ZendSem.* rwlk, diff --git a/etc/apparmor.d/abstractions/php5 b/etc/apparmor.d/abstractions/php5 new file mode 100644 index 0000000..9f5355f --- /dev/null +++ b/etc/apparmor.d/abstractions/php5 @@ -0,0 +1,3 @@ +#backwards compatibility include, actual abstraction moved from php5 to php + +#include diff --git a/etc/apparmor.d/abstractions/postfix-common b/etc/apparmor.d/abstractions/postfix-common new file mode 100644 index 0000000..3dc599a --- /dev/null +++ b/etc/apparmor.d/abstractions/postfix-common @@ -0,0 +1,37 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) 2015 Canonical, Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# used with postfix/* + + + capability setuid, + capability setgid, + capability sys_chroot, + + # postfix's master can send us signals + signal receive peer=/usr/lib/postfix/master, + signal receive peer=postfix-master, + + unix (send, receive) peer=(label=/usr/lib/postfix/master), + unix (send, receive) peer=(label=postfix-master), + + /etc/mailname r, + /etc/postfix/*.cf r, + /etc/postfix/*.db rk, + @{PROC}/net/if_inet6 r, + /usr/lib/postfix/*.so mr, + /usr/lib{,32,64}/sasl2/* mr, + /usr/lib{,32,64}/sasl2/ r, + /usr/lib/@{multiarch}/sasl2/* mr, + /usr/lib/@{multiarch}/sasl2/ r, + + /var/spool/postfix/etc/* r, + /var/spool/postfix/lib/lib*.so* mr, + /var/spool/postfix/lib/@{multiarch}/lib*.so* mr, diff --git a/etc/apparmor.d/abstractions/private-files b/etc/apparmor.d/abstractions/private-files new file mode 100644 index 0000000..09f6d9b --- /dev/null +++ b/etc/apparmor.d/abstractions/private-files @@ -0,0 +1,47 @@ +# vim:syntax=apparmor +# privacy-violations contains rules for common files that you want to +# explicitly deny access + + # privacy violations (don't audit files under $HOME otherwise get a + # lot of false positives when reading contents of directories) + deny @{HOME}/.*history mrwkl, + deny @{HOME}/.fetchmail* mrwkl, + deny @{HOME}/.mutt** mrwkl, + deny @{HOME}/.viminfo* mrwkl, + deny @{HOME}/.*~ mrwkl, + deny @{HOME}/.*.swp mrwkl, + deny @{HOME}/.*~1~ mrwkl, + deny @{HOME}/.*.bak mrwkl, + + # special attention to (potentially) executable files + audit deny @{HOME}/bin/{,**} wl, + audit deny @{HOME}/.config/ w, + audit deny @{HOME}/.config/autostart/{,**} wl, + audit deny @{HOME}/.config/upstart/{,**} wl, + audit deny @{HOME}/.init/{,**} wl, + audit deny @{HOME}/.kde{,4}/ w, + audit deny @{HOME}/.kde{,4}/Autostart/{,**} wl, + audit deny @{HOME}/.kde{,4}/env/{,**} wl, + audit deny @{HOME}/.local/{,share/} w, + audit deny @{HOME}/.local/share/thumbnailers/{,**} wl, + audit deny @{HOME}/.pki/ w, + audit deny @{HOME}/.pki/nssdb/{,*.so{,.[0-9]*}} wl, + + # don't allow reading/updating of run control files + deny @{HOME}/.*rc mrk, + audit deny @{HOME}/.*rc wl, + + # bash + deny @{HOME}/.bash* mrk, + audit deny @{HOME}/.bash* wl, + deny @{HOME}/.inputrc mrk, + audit deny @{HOME}/.inputrc wl, + + # sh/dash/csh/tcsh/pdksh/zsh + deny @{HOME}/.{,z}profile* mrk, + audit deny @{HOME}/.{,z}profile* wl, + deny @{HOME}/.{,z}log{in,out} mrk, + audit deny @{HOME}/.{,z}log{in,out} wl, + + deny @{HOME}/.zshenv mrk, + audit deny @{HOME}/.zshenv wl, diff --git a/etc/apparmor.d/abstractions/private-files-strict b/etc/apparmor.d/abstractions/private-files-strict new file mode 100644 index 0000000..3193431 --- /dev/null +++ b/etc/apparmor.d/abstractions/private-files-strict @@ -0,0 +1,25 @@ +# vim:syntax=apparmor +# privacy-violations-strict contains additional rules for sensitive +# files that you want to explicitly deny access + + #include + + # potentially extremely sensitive files + audit deny @{HOME}/.aws/{,**} mrwkl, + audit deny @{HOME}/.gnupg/{,**} mrwkl, + audit deny @{HOME}/.ssh/{,**} mrwkl, + audit deny @{HOME}/.gnome2_private/{,**} mrwkl, + audit deny @{HOME}/.gnome2/ w, + audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl, + # don't allow access to any gnome-keyring modules + audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl, + audit deny @{HOME}/.mozilla/{,**} mrwkl, + audit deny @{HOME}/.config/ w, + audit deny @{HOME}/.config/chromium/{,**} mrwkl, + audit deny @{HOME}/.config/evolution/{,**} mrwkl, + audit deny @{HOME}/.evolution/{,**} mrwkl, + audit deny @{HOME}/.{,mozilla-}thunderbird/{,**} mrwkl, + audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w, + audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl, + audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl, + diff --git a/etc/apparmor.d/abstractions/python b/etc/apparmor.d/abstractions/python new file mode 100644 index 0000000..925161c --- /dev/null +++ b/etc/apparmor.d/abstractions/python @@ -0,0 +1,37 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{pyc,so} mr, + /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{egg,py,pth} r, + /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/{site,dist}-packages/ r, + /usr/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr, + + /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so} mr, + /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth} r, + /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/ r, + /usr/local/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr, + + # Site-wide configuration + /etc/python{2.[4-7],3.[0-9]}/** r, + + # shared python paths + /usr/share/{pyshared,pycentral,python-support}/** r, + /{var,usr}/lib/{pyshared,pycentral,python-support}/** r, + /usr/lib/{pyshared,pycentral,python-support}/**.so mr, + /var/lib/{pyshared,pycentral,python-support}/**.pyc mr, + /usr/lib/python3/dist-packages/**.so mr, + + # wx paths + /usr/lib/wx/python/*.pth r, + + # python build configuration and headers + /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r, diff --git a/etc/apparmor.d/abstractions/qt5 b/etc/apparmor.d/abstractions/qt5 new file mode 100644 index 0000000..66a574b --- /dev/null +++ b/etc/apparmor.d/abstractions/qt5 @@ -0,0 +1,22 @@ +# vim:syntax=apparmor +# Common rules for Qt5-based applications + + # Additional libraries + + /usr/lib{,64,/@{multiarch}}/qt5/plugins/**.so mr, + /usr/lib{,64,/@{multiarch}}/qt5/qml/**.so mr, + /usr/lib{,64,/@{multiarch}}/qt5/qml/**.{qmlc,jsc} mr, # Precompiled QML/JavaScript modules + + # System files + + /etc/xdg/QtProject/qtlogging.ini r, + /usr/share/qt5/translations/*.qm r, + /usr/lib{,64,/@{multiarch}}/qt5/plugins/** r, + /usr/lib{,64,/@{multiarch}}/qt5/qml/** r, + + # User files + + owner @{HOME}/.config/QtProject/qtlogging.ini r, + owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access) + owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins + diff --git a/etc/apparmor.d/abstractions/qt5-compose-cache-write b/etc/apparmor.d/abstractions/qt5-compose-cache-write new file mode 100644 index 0000000..38cb234 --- /dev/null +++ b/etc/apparmor.d/abstractions/qt5-compose-cache-write @@ -0,0 +1,8 @@ +# vim:syntax=apparmor +# Allow writing cache for Qt5 "platforminputcontexts" plugins + + # User files + + owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9], + owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory) + diff --git a/etc/apparmor.d/abstractions/qt5-settings-write b/etc/apparmor.d/abstractions/qt5-settings-write new file mode 100644 index 0000000..07d1097 --- /dev/null +++ b/etc/apparmor.d/abstractions/qt5-settings-write @@ -0,0 +1,11 @@ +# vim:syntax=apparmor +# Allow writing shared settings for Qt-based applications + + # User files + + owner @{HOME}/.config/#[0-9]*[0-9] rw, + owner @{HOME}/.config/QtProject.conf rwl -> @{HOME}/.config/#[0-9]*[0-9], + # for temporary files like QtProject.conf.Aqrgeb + owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{HOME}/.config/QtProject.conf.lock rwk, + diff --git a/etc/apparmor.d/abstractions/recent-documents-write b/etc/apparmor.d/abstractions/recent-documents-write new file mode 100644 index 0000000..d95febb --- /dev/null +++ b/etc/apparmor.d/abstractions/recent-documents-write @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# Allow updating recent documents + + # User files + + owner @{HOME}/.local/share/RecentDocuments/ rw, + owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw, + owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*, + owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, + diff --git a/etc/apparmor.d/abstractions/ruby b/etc/apparmor.d/abstractions/ruby new file mode 100644 index 0000000..ff4ac9f --- /dev/null +++ b/etc/apparmor.d/abstractions/ruby @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/ r, + /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/**.rb r, + /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/*-linux/**.so mr, + + /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/ r, + /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/**.rb r, + /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/*-linux/**.so mr, + + /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/ r, + /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/** r, diff --git a/etc/apparmor.d/abstractions/samba b/etc/apparmor.d/abstractions/samba new file mode 100644 index 0000000..1cab730 --- /dev/null +++ b/etc/apparmor.d/abstractions/samba @@ -0,0 +1,27 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009-2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/samba/* r, + /usr/lib*/ldb/*.so mr, + /usr/lib*/samba/ldb/*.so mr, + /usr/share/samba/*.dat r, + /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + /var/cache/samba/ w, + /var/cache/samba/lck/* rwk, + /var/lib/samba/** rwk, + /var/log/samba/cores/ rw, + /var/log/samba/cores/** rw, + /var/log/samba/* w, + /{,var/}run/samba/ w, + /{,var/}run/samba/*.tdb rw, + + # required for clustering + /var/lib/ctdb/** rwk, diff --git a/etc/apparmor.d/abstractions/smbpass b/etc/apparmor.d/abstractions/smbpass new file mode 100644 index 0000000..eb4cf26 --- /dev/null +++ b/etc/apparmor.d/abstractions/smbpass @@ -0,0 +1,13 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # libpam-smbpass/pam_smbpass.so permissions + /var/lib/samba/*.[lt]db rwk, diff --git a/etc/apparmor.d/abstractions/ssl_certs b/etc/apparmor.d/abstractions/ssl_certs new file mode 100644 index 0000000..b5382ec --- /dev/null +++ b/etc/apparmor.d/abstractions/ssl_certs @@ -0,0 +1,40 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# Copyright (C) 2010-2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/ssl/ r, + /etc/ssl/certs/ r, + /etc/ssl/certs/* r, + /etc/pki/trust/ r, + /etc/pki/trust/* r, + /etc/pki/trust/anchors/ r, + /etc/pki/trust/anchors/** r, + /usr/share/ca-certificates/ r, + /usr/share/ca-certificates/** r, + /usr/share/ssl/certs/ca-bundle.crt r, + /usr/local/share/ca-certificates/ r, + /usr/local/share/ca-certificates/** r, + /var/lib/ca-certificates/ r, + /var/lib/ca-certificates/** r, + + # acmetool + /var/lib/acme/certs/*/chain r, + /var/lib/acme/certs/*/cert r, + + # dehydrated + /{etc,var/lib}/dehydrated/certs/*/cert*.pem r, + /{etc,var/lib}/dehydrated/certs/*/chain*.pem r, + /{etc,var/lib}/dehydrated/certs/*/fullchain*.pem r, + /{etc,var/lib}/dehydrated/certs/*/ocsp*.der r, + + # certbot + /etc/letsencrypt/archive/*/cert*.pem r, + /etc/letsencrypt/archive/*/chain*.pem r, + /etc/letsencrypt/archive/*/fullchain*.pem r, diff --git a/etc/apparmor.d/abstractions/ssl_keys b/etc/apparmor.d/abstractions/ssl_keys new file mode 100644 index 0000000..84f5c50 --- /dev/null +++ b/etc/apparmor.d/abstractions/ssl_keys @@ -0,0 +1,28 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # private ssl permissions + + # Just include the whole /etc/ssl directory if we should have access to + # private keys too + /etc/ssl/ r, + /etc/ssl/** r, + + # acmetool + /var/lib/acme/live/* r, + /var/lib/acme/certs/** r, + /var/lib/acme/keys/** r, + + # dehydrated + /{etc,var/lib}/dehydrated/certs/*/privkey*.pem r, + + # certbot / letsencrypt + /etc/letsencrypt/archive/*/privkey*.pem r, diff --git a/etc/apparmor.d/abstractions/svn-repositories b/etc/apparmor.d/abstractions/svn-repositories new file mode 100644 index 0000000..68ac5e0 --- /dev/null +++ b/etc/apparmor.d/abstractions/svn-repositories @@ -0,0 +1,52 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # This little snippet should abstract the read/write access to a repository. + # it is intended to be included in profiles for svnserve/apache2 and maybe + # some repository viewers like trac/viewvc + + # no hooks exec by default; please define whatever you need explicitely. + + /srv/svn/**/conf/* r, + /srv/svn/**/format r, + /srv/svn/**/db/fs-type r, + /srv/svn/**/db/format r, + + # FSFS + /srv/svn/**/db/ r, + /srv/svn/**/db/uuid r, + /srv/svn/**/db/write-lock rwl, + /srv/svn/**/db/current rwl, + /srv/svn/**/db/current*.tmp rwl, + /srv/svn/**/db/revs/ r, + /srv/svn/**/db/revs/* rw, + /srv/svn/**/db/revprops/ r, + /srv/svn/**/db/revprops/* rw, + /srv/svn/**/db/transactions/** rw, + + # BDB + /srv/svn/**/db/DB_CONFIG r, + /srv/svn/**/db/__db.[0-9]* rwl, + /srv/svn/**/db/log.[0-9]* rwl, + /srv/svn/**/db/nodes rwl, + /srv/svn/**/db/revisions rwl, + /srv/svn/**/db/transactions rwl, + /srv/svn/**/db/copies rwl, + /srv/svn/**/db/changes rwl, + /srv/svn/**/db/representations rwl, + /srv/svn/**/db/strings rwl, + /srv/svn/**/db/uuids rwl, + /srv/svn/**/db/locks rwl, + /srv/svn/**/db/lock-tokens rwl, + + # temp files + /tmp/apr* rwl, + /var/tmp/apr* rwl, + /tmp/report*.tmp rwl, diff --git a/etc/apparmor.d/abstractions/ubuntu-bittorrent-clients b/etc/apparmor.d/abstractions/ubuntu-bittorrent-clients new file mode 100644 index 0000000..fb820c5 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-bittorrent-clients @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# +# abstraction for allowing graphical bittorrent clients in Ubuntu +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/azureus Cxr -> sanitized_helper, + /usr/bin/bitstormlite Cxr -> sanitized_helper, + /usr/bin/btmaketorrentgui Cxr -> sanitized_helper, + /usr/bin/deluge{,-gtk,-console} Cxr -> sanitized_helper, + /usr/bin/gnome-btdownload Cxr -> sanitized_helper, + /usr/bin/kget Cxr -> sanitized_helper, + /usr/bin/ktorrent Cxr -> sanitized_helper, + /usr/bin/qbittorrent Cxr -> sanitized_helper, + /usr/bin/transmission{,-gtk,-qt,-cli} Cxr -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers b/etc/apparmor.d/abstractions/ubuntu-browsers new file mode 100644 index 0000000..d4438ad --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers @@ -0,0 +1,42 @@ +# vim:syntax=apparmor +# +# abstraction for allowing access to graphical browsers in Ubuntu +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/arora Cx -> sanitized_helper, + /usr/bin/conkeror Cx -> sanitized_helper, + /usr/bin/dillo Cx -> sanitized_helper, + /usr/bin/Dooble Cx -> sanitized_helper, + /usr/bin/epiphany Cx -> sanitized_helper, + /usr/bin/epiphany-browser Cx -> sanitized_helper, + /usr/bin/epiphany-webkit Cx -> sanitized_helper, + /usr/lib/fennec-*/fennec Cx -> sanitized_helper, + /usr/bin/galeon Cx -> sanitized_helper, + /usr/bin/kazehakase Cx -> sanitized_helper, + /usr/bin/konqueror Cx -> sanitized_helper, + /usr/bin/midori Cx -> sanitized_helper, + /usr/bin/netsurf Cx -> sanitized_helper, + /usr/bin/prism Cx -> sanitized_helper, + /usr/bin/rekonq Cx -> sanitized_helper, + /usr/bin/seamonkey Cx -> sanitized_helper, + /usr/bin/sensible-browser Pixr, + + /usr/bin/chromium{,-browser} Cx -> sanitized_helper, + /usr/lib{,64}/chromium{,-browser}/chromium{,-browser} Cx -> sanitized_helper, + + # this should cover all firefox browsers and versions (including shiretoko + # and abrowser) + /usr/bin/firefox Cxr -> sanitized_helper, + /usr/lib{,64}/firefox*/firefox* Cx -> sanitized_helper, + + # Iceweasel + /usr/bin/iceweasel Cxr -> sanitized_helper, + /usr/lib/iceweasel/iceweasel Cx -> sanitized_helper, + + # some unpackaged, but popular browsers + /usr/lib/icecat-*/icecat Cx -> sanitized_helper, + /usr/bin/opera Cx -> sanitized_helper, + /opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} Cx -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/java b/etc/apparmor.d/abstractions/ubuntu-browsers.d/java new file mode 100644 index 0000000..e0a67cf --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/java @@ -0,0 +1,118 @@ +# vim:syntax=apparmor + + # Java plugin + owner @{HOME}/.java/deployment/deployment.properties k, + /etc/java-*/ r, + /etc/java-*/** r, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}lib/*/IcedTeaPlugin.so mr, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}lib/*/IcedTeaPlugin.so mr, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java cx -> browser_openjdk, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java cx -> browser_openjdk, + /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java, + /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java, + /usr/lib/j2*-ibm/jre/bin/java cx -> browser_java, + owner /{,var/}run/user/*/icedteaplugin-*/ rw, + owner /{,var/}run/user/*/icedteaplugin-*/** rwk, + + # Profile for the supported OpenJDK in Ubuntu. This doesn't require the + # unfortunate workarounds of the proprietary Javas, so have a separate + # profile. + profile browser_openjdk { + #include + #include + #include + #include + #include + #include + #include + #include + + network inet stream, + network inet6 stream, + @{PROC}/@{pid}/net/if_inet6 r, + @{PROC}/@{pid}/net/ipv6_route r, + + /etc/java-*/ r, + /etc/java-*/** r, + /etc/lsb-release r, + /etc/ssl/certs/java/* r, + /etc/timezone r, + /etc/writable/timezone r, + + @{PROC}/@{pid}/ r, + @{PROC}/@{pid}/fd/ r, + @{PROC}/filesystems r, + @{sys}/devices/system/cpu/ r, + @{sys}/devices/system/cpu/** r, + /usr/share/** r, + /var/lib/dbus/machine-id r, + + /usr/bin/env ix, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java ix, + /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java ix, + /usr/lib/jvm/java-{6,7}-openjdk*/jre/lib/i386/client/classes.jsa m, + + # Why would java need this? + deny /usr/bin/gconftool-2 x, + + owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-appletviewer-to-plugin rw, + owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-plugin-{,debug-}to-appletviewer r, + owner @{HOME}/ r, + owner @{HOME}/** rwk, + } + + # Profile for commercial Javas. These need workarounds to work right (eg + # Sun's forcing of an executable stack (LP: #535247)). + profile browser_java { + #include + #include + #include + #include + #include + #include + #include + #include + + network inet stream, + network inet6 stream, + @{PROC}/@{pid}/net/if_inet6 r, + @{PROC}/@{pid}/net/ipv6_route r, + @{PROC}/loadavg r, + + /etc/debian_version r, + /etc/java-*/ r, + /etc/java-*/** r, + /etc/lsb-release r, + /etc/ssl/certs/java/* r, + /etc/timezone r, + /etc/writable/timezone r, + + @{PROC}/@{pid}/ r, + @{PROC}/@{pid}/fd/ r, + @{PROC}/filesystems r, + @{sys}/devices/system/cpu/ r, + @{sys}/devices/system/cpu/** r, + /usr/share/** r, + /var/lib/dbus/machine-id r, + + /usr/bin/env ix, + /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix, + /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m, + /usr/lib/j2*-ibm/jre/bin/java ix, + + # noisy, can't write here anyway + deny /etc/.java/ w, + deny /etc/.java/** w, + + deny /usr/bin/gconftool-2 x, + + owner @{HOME}/ r, + owner @{HOME}/** rwk, + + # These are seriously unfortunate, but required due to LP: #535247 + /etc/passwd m, + owner @{HOME}/.java/**/cache/** m, + owner /tmp/** m, + /usr/lib{,32,64}/jvm/**/*.jar mr, + /usr/share/fonts/** m, + } diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/kde b/etc/apparmor.d/abstractions/ubuntu-browsers.d/kde new file mode 100644 index 0000000..038952a --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/kde @@ -0,0 +1,7 @@ +# vim:syntax=apparmor +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + #include + /usr/bin/kde4-config Cx -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/mailto b/etc/apparmor.d/abstractions/ubuntu-browsers.d/mailto new file mode 100644 index 0000000..40236a7 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/mailto @@ -0,0 +1,9 @@ +# vim:syntax=apparmor + + # for mailto: + #include + #include + + # Terminals for using console applications. These abstractions should ideally + # have 'ix' to restrct access to what only firefox is allowed to do + #include diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia b/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia new file mode 100644 index 0000000..591d6b8 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia @@ -0,0 +1,66 @@ +# vim:syntax=apparmor +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + #include + + # Pulseaudio + /usr/bin/pulseaudio Pixr, + + # Image viewers + /usr/bin/eog Cxr -> sanitized_helper, + /usr/bin/gimp* Cxr -> sanitized_helper, + /usr/bin/shotwell Cxr -> sanitized_helper, + /usr/bin/digikam Cxr -> sanitized_helper, + /usr/bin/f-spot Cxr -> sanitized_helper, + /usr/bin/gwenview Cxr -> sanitized_helper, + + #include + owner @{HOME}/.adobe/ w, + owner @{HOME}/.adobe/** rw, + owner @{HOME}/.macromedia/ w, + owner @{HOME}/.macromedia/** rw, + /opt/real/RealPlayer/mozilla/nphelix.so rm, + /usr/bin/lpstat Cxr -> sanitized_helper, + /usr/bin/lpr Cxr -> sanitized_helper, + + # npviewer + /usr/lib/nspluginwrapper/i386/linux/npviewer{,.bin} ixr, + /var/lib/ r, + /var/lib/**/*.so mr, + /usr/bin/setarch ixr, + + # Bittorrent clients + #include + + # Mozplugger + /etc/mozpluggerrc r, + /usr/bin/mozplugger-helper Cxr -> sanitized_helper, + + # Archivers + /usr/bin/ark Cxr -> sanitized_helper, + /usr/bin/file-roller Cxr -> sanitized_helper, + /usr/bin/xarchiver Cxr -> sanitized_helper, + /usr/local/lib{,32,64}/*.so* mr, + + # News feed readers + #include + + # Googletalk + /opt/google/talkplugin/*.so mr, + /opt/google/talkplugin/lib/*.so mr, + /opt/google/talkplugin/GoogleTalkPlugin ixr, + owner @{HOME}/.config/google-googletalkplugin/** rw, + + # If we allow the above, nvidia based systems will also need this + #include + + # Virus scanners + /usr/bin/clamscan Cx -> sanitized_helper, + + # gxine (LP: #1057642) + /var/lib/xine/gxine.desktop r, + + # For WebRTC camera access (LP: #1665535) + /dev/video[0-9]* rw, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common b/etc/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common new file mode 100644 index 0000000..c928f92 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common @@ -0,0 +1,16 @@ +# vim:syntax=apparmor + + # + # Plugins/helpers + # + @{PROC}/@{pid}/fd/ r, + /usr/lib/** rm, + /{,usr/}bin/bash ixr, + /{,usr/}bin/dash ixr, + /{,usr/}bin/grep ixr, + /{,usr/}bin/sed ixr, + /usr/bin/m4 ixr, + + # Since all the ubuntu-browsers.d abstractions need this, just include it + # here + #include diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/productivity b/etc/apparmor.d/abstractions/ubuntu-browsers.d/productivity new file mode 100644 index 0000000..2c898d1 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/productivity @@ -0,0 +1,28 @@ +# vim:syntax=apparmor +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + # Openoffice.org + /usr/bin/ooffice Cxr -> sanitized_helper, + /usr/bin/oocalc Cxr -> sanitized_helper, + /usr/bin/oodraw Cxr -> sanitized_helper, + /usr/bin/ooimpress Cxr -> sanitized_helper, + /usr/bin/oowriter Cxr -> sanitized_helper, + /usr/lib/openoffice/program/soffice Cxr -> sanitized_helper, + + # LibreOffice + /usr/bin/libreoffice Cxr -> sanitized_helper, + /usr/bin/localc Cxr -> sanitized_helper, + /usr/bin/lodraw Cxr -> sanitized_helper, + /usr/bin/loimpress Cxr -> sanitized_helper, + /usr/bin/lowriter Cxr -> sanitized_helper, + /usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper, + + # PDFs + /usr/bin/evince Cxr -> sanitized_helper, + /usr/bin/okular Cxr -> sanitized_helper, + + owner @{HOME}/.adobe/** rw, + /opt/Adobe/Reader9/bin/acroread Cxr -> sanitized_helper, + /opt/Adobe/Reader9/** r, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/text-editors b/etc/apparmor.d/abstractions/ubuntu-browsers.d/text-editors new file mode 100644 index 0000000..bf5eb1d --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/text-editors @@ -0,0 +1,14 @@ +# vim:syntax=apparmor +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + # Text editors (It's All Text [https://addons.mozilla.org/en-US/firefox/addon/4125]) + /usr/bin/emacsclient.emacs-snapshot Cxr -> sanitized_helper, + /usr/bin/emacsclient.emacs2[2-9] Cxr -> sanitized_helper, + /usr/bin/emacs-snapshot-gtk Cxr -> sanitized_helper, + /usr/bin/gedit Cxr -> sanitized_helper, + /usr/bin/vim.gnome Cxr -> sanitized_helper, + /usr/bin/leafpad Cxr -> sanitized_helper, + /usr/bin/mousepad Cxr -> sanitized_helper, + /usr/bin/kate Cxr -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration b/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration new file mode 100644 index 0000000..0cd0928 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration @@ -0,0 +1,41 @@ +# vim:syntax=apparmor +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + # Apport + /usr/bin/apport-bug Cx -> sanitized_helper, + + # Package installation + /usr/bin/apturl Cxr -> sanitized_helper, + /usr/bin/gnome-codec-install Cxr -> sanitized_helper, + /usr/lib/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix, + /usr/lib/@{multiarch}/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix, + /usr/share/software-center/software-center Cxr -> sanitized_helper, + + # Input Methods + /usr/bin/scim Cx -> sanitized_helper, + /usr/bin/scim-bridge Cx -> sanitized_helper, + + # File managers + /usr/bin/nautilus Cxr -> sanitized_helper, + /usr/bin/{t,T}hunar Cxr -> sanitized_helper, + /usr/bin/dolphin Cxr -> sanitized_helper, + + # Themes + /usr/bin/gnome-appearance-properties Cxr -> sanitized_helper, + + # Kubuntu + /usr/lib/mozilla/kmozillahelper Cxr -> sanitized_helper, + + # Exo-aware applications + /usr/bin/exo-open ixr, + /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr, + /etc/xdg/xdg-xubuntu/xfce4/helpers.rc r, + /etc/xdg/xfce4/helpers.rc r, + + # unity webapps integration. Could go in its own abstraction + owner /run/user/*/dconf/user rw, + owner @{HOME}/.local/share/unity-webapps/availableapps*.db rwk, + /usr/bin/debconf-communicate Cxr -> sanitized_helper, + owner @{HOME}/.config/libaccounts-glib/accounts.db rk, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul b/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul new file mode 100644 index 0000000..0429c13 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul @@ -0,0 +1,6 @@ +# vim:syntax=apparmor + + # firefox-notify + #include + /usr/bin/python2.[4567] ix, + /usr/share/xul-ext/notify/**/download_complete_notify.py ix, diff --git a/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files new file mode 100644 index 0000000..ffe6824 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files @@ -0,0 +1,28 @@ +# vim:syntax=apparmor + + # Allow read to all files user has DAC access to and write access to all + # files owned by the user in $HOME. + @{HOME}/ r, + @{HOME}/** r, + owner @{HOME}/** w, + + # Do not allow read and/or write to particularly sensitive/problematic files + #include + audit deny @{HOME}/.ssh/{,**} mrwkl, + audit deny @{HOME}/.gnome2_private/{,**} mrwkl, + audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w, + audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl, + + # Comment this out if using gpg plugin/addons + audit deny @{HOME}/.gnupg/{,**} mrwkl, + + # Allow read to all files user has DAC access to and write for files the user + # owns on removable media and filesystems. + /media/** r, + /mnt/** r, + /srv/** r, + /net/** r, + owner /media/** w, + owner /mnt/** w, + owner /srv/** w, + owner /net/** w, diff --git a/etc/apparmor.d/abstractions/ubuntu-console-browsers b/etc/apparmor.d/abstractions/ubuntu-console-browsers new file mode 100644 index 0000000..554469e --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-console-browsers @@ -0,0 +1,18 @@ +# vim:syntax=apparmor +# +# abstraction for allowing access to text-only browsers in Ubuntu. These will +# typically also need a terminal, so when using this abstraction, should also +# do something like: +# +# #include +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/elinks Cx -> sanitized_helper, + /usr/bin/links Cx -> sanitized_helper, + /usr/bin/lynx.cur Cx -> sanitized_helper, + /usr/bin/netrik Cx -> sanitized_helper, + /usr/bin/w3m Cx -> sanitized_helper, + diff --git a/etc/apparmor.d/abstractions/ubuntu-console-email b/etc/apparmor.d/abstractions/ubuntu-console-email new file mode 100644 index 0000000..f77c9bd --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-console-email @@ -0,0 +1,18 @@ +# vim:syntax=apparmor +# +# abstraction for allowing console email clients in Ubuntu. These will +# typically also need a terminal, so when using this abstraction, should also +# do something like: +# +# #include +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/alpine Cx -> sanitized_helper, + /usr/bin/citadel Cx -> sanitized_helper, + /usr/bin/cone Cx -> sanitized_helper, + /usr/bin/elmo Cx -> sanitized_helper, + /usr/bin/mutt Cx -> sanitized_helper, + diff --git a/etc/apparmor.d/abstractions/ubuntu-email b/etc/apparmor.d/abstractions/ubuntu-email new file mode 100644 index 0000000..48e0c6f --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-email @@ -0,0 +1,24 @@ +# vim:syntax=apparmor +# +# abstraction for allowing graphical email clients in Ubuntu +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/anjal Cx -> sanitized_helper, + /usr/bin/balsa Cx -> sanitized_helper, + /usr/bin/claws-mail Cx -> sanitized_helper, + /usr/bin/evolution Cx -> sanitized_helper, + /usr/bin/geary Cx -> sanitized_helper, + /usr/bin/gnome-gmail Cx -> sanitized_helper, + /usr/lib/GNUstep/Applications/GNUMail.app/GNUMail Cx -> sanitized_helper, + /usr/bin/kmail Cx -> sanitized_helper, + /usr/bin/mailody Cx -> sanitized_helper, + /usr/bin/modest Cx -> sanitized_helper, + /usr/bin/seamonkey Cx -> sanitized_helper, + /usr/bin/sylpheed Cx -> sanitized_helper, + /usr/bin/tkrat Cx -> sanitized_helper, + + /usr/bin/thunderbird Cx -> sanitized_helper, # used by gio-launch-desktop + /usr/lib/thunderbird*/thunderbird{,.sh,-bin} Cx -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-feed-readers b/etc/apparmor.d/abstractions/ubuntu-feed-readers new file mode 100644 index 0000000..85379e3 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-feed-readers @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# +# abstraction for allowing graphical news feed readers in Ubuntu +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/akregator Cxr -> sanitized_helper, + /usr/bin/liferea-add-feed Cxr -> sanitized_helper, diff --git a/etc/apparmor.d/abstractions/ubuntu-gnome-terminal b/etc/apparmor.d/abstractions/ubuntu-gnome-terminal new file mode 100644 index 0000000..7604df1 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-gnome-terminal @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# +# for allowing access to gnome-terminal +# + + #include + + # do not use ux or PUx here. Use at a minimum ix + /usr/bin/gnome-terminal ix, + diff --git a/etc/apparmor.d/abstractions/ubuntu-helpers b/etc/apparmor.d/abstractions/ubuntu-helpers new file mode 100644 index 0000000..a1ab7bc --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-helpers @@ -0,0 +1,83 @@ +# Lenient profile that is intended to be used when 'Ux' is desired but +# does not provide enough environment sanitizing. This effectively is an +# open profile that blacklists certain known dangerous files and also +# does not allow any capabilities. For example, it will not allow 'm' on files +# owned be the user invoking the program. While this provides some additional +# protection, please use with care as applications running under this profile +# are effectively running without any AppArmor protection. Use this profile +# only if the process absolutely must be run (effectively) unconfined. +# +# Usage: +# Because this abstraction defines the sanitized_helper profile, it must only +# be #included once. Therefore this abstraction should typically not be +# included in other abstractions so as to avoid parser errors regarding +# multiple definitions. +# +# Limitations: +# 1. This does not work for root owned processes, because of the way we use +# owner matching in the sanitized helper. We could do a better job with +# this to support root, but it would make the policy harder to understand +# and going unconfined as root is not desirable any way. +# +# 2. For this sanitized_helper to work, the program running in the sanitized +# environment must open symlinks directly in order for AppArmor to mediate +# it. This is confirmed to work with: +# - compiled code which can load shared libraries +# - python imports +# It is known not to work with: +# - perl includes +# 3. Sanitizing ruby and java +# +# Use at your own risk. This profile was developed as an interim workaround for +# LP: #851986 until AppArmor utilizes proper environment filtering. + +profile sanitized_helper { + #include + #include + + # Allow all networking + network inet, + network inet6, + + # Allow all DBus communications + #include + #include + dbus, + + # Needed for Google Chrome + ptrace (trace) peer=**//sanitized_helper, + + # Allow exec of anything, but under this profile. Allow transition + # to other profiles if they exist. + /{usr/,usr/local/,}{bin,sbin}/* Pixr, + + # Allow exec of libexec applications in /usr/lib* and /usr/local/lib* + /usr/{,local/}lib*/{,**/}* Pixr, + + # Allow exec of software-center scripts. We may need to allow wider + # permissions for /usr/share, but for now just do this. (LP: #972367) + /usr/share/software-center/* Pixr, + + # Allow exec of texlive font build scripts (LP: #1010909) + /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr, + + # While the chromium and chrome sandboxes are setuid root, they only link + # in limited libraries so glibc's secure execution should be enough to not + # require the santized_helper (ie, LD_PRELOAD will only use standard system + # paths (man ld.so)). + /usr/lib/chromium-browser/chromium-browser-sandbox PUxr, + /usr/lib/chromium{,-browser}/chrome-sandbox PUxr, + /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr, + /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr, + /opt/google/chrome{,-beta,-unstable}/chrome Pixr, + /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m, + + # Full access + / r, + /** rwkl, + /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m, + + # Dangerous files + audit deny owner /**/* m, # compiled libraries + audit deny owner /**/*.py* r, # python imports +} diff --git a/etc/apparmor.d/abstractions/ubuntu-konsole b/etc/apparmor.d/abstractions/ubuntu-konsole new file mode 100644 index 0000000..baa8fb3 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-konsole @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# +# for allowing access to konsole +# + + #include + #include + capability sys_ptrace, + @{PROC}/@{pid}/status r, + @{PROC}/@{pid}/stat r, + @{PROC}/@{pid}/cmdline r, + /{,var/}run/utmp r, + /dev/ptmx rw, + + # do not use ux or Ux here. Use at a minimum ix + /usr/bin/konsole ix, + diff --git a/etc/apparmor.d/abstractions/ubuntu-media-players b/etc/apparmor.d/abstractions/ubuntu-media-players new file mode 100644 index 0000000..5918cb8 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-media-players @@ -0,0 +1,60 @@ +# vim:syntax=apparmor +# +# abstraction for allowing access to media players in Ubuntu +# +# Users of this abstraction need to #include the ubuntu-helpers abstraction +# in the toplevel profile. Eg: +# #include + + /usr/bin/amarok Cxr -> sanitized_helper, + /usr/bin/audacious2 Cxr -> sanitized_helper, + /usr/bin/audacity Cxr -> sanitized_helper, + /usr/bin/bangarang Cxr -> sanitized_helper, + /usr/bin/banshee Cxr -> sanitized_helper, + /usr/bin/banshee-1 Cxr -> sanitized_helper, + /usr/bin/decibel Cxr -> sanitized_helper, + /usr/bin/dragon Cxr -> sanitized_helper, + /usr/bin/esperanza Cxr -> sanitized_helper, + /usr/bin/exaile Cxr -> sanitized_helper, + /usr/bin/freevo Cxr -> sanitized_helper, + /usr/bin/gmerlin Cxr -> sanitized_helper, + /usr/bin/gxmms Cxr -> sanitized_helper, + /usr/bin/gxmms2 Cxr -> sanitized_helper, + /usr/bin/hornsey Cxr -> sanitized_helper, + /usr/bin/jlgui Cxr -> sanitized_helper, + /usr/bin/juk Cxr -> sanitized_helper, + /usr/bin/kaffeine Cxr -> sanitized_helper, + /usr/bin/listen Cxr -> sanitized_helper, + /usr/share/minirok/minirok.py Cxr -> sanitized_helper, + + # mplayer + /etc/mplayerplug-in.conf r, + /usr/bin/gmplayer Cxr -> sanitized_helper, + /usr/bin/gnome-mplayer Cxr -> sanitized_helper, + /usr/bin/kmplayer Cxr -> sanitized_helper, + /usr/bin/mplayer Cxr -> sanitized_helper, + /usr/bin/smplayer Cxr -> sanitized_helper, + + /usr/bin/muine Cxr -> sanitized_helper, + /usr/bin/potamus Cxr -> sanitized_helper, + /usr/bin/promoe Cxr -> sanitized_helper, + /usr/bin/qmmp Cxr -> sanitized_helper, + /usr/bin/quodlibet Cxr -> sanitized_helper, + /usr/bin/rhythmbox Cxr -> sanitized_helper, + /usr/bin/strange-quark Cxr -> sanitized_helper, + /usr/bin/swfdec-player Cxr -> sanitized_helper, + /usr/bin/timidity Cxr -> sanitized_helper, + /usr/lib/totem/** ixr, + /usr/bin/totem-gstreamer Cxr -> sanitized_helper, + /usr/bin/totem-xine Cxr -> sanitized_helper, + /usr/bin/totem Cxr -> sanitized_helper, + /usr/bin/vlc Cxr -> sanitized_helper, + /usr/bin/xfmedia Cxr -> sanitized_helper, + /usr/bin/xmms Cxr -> sanitized_helper, + + # gnash + /usr/bin/gtk-gnash ixr, + /etc/gnashrc r, + /etc/gnashpluginrc r, + owner @{HOME}/.gnash/ rw, + owner @{HOME}/.gnash/** rw, diff --git a/etc/apparmor.d/abstractions/ubuntu-unity7-base b/etc/apparmor.d/abstractions/ubuntu-unity7-base new file mode 100644 index 0000000..25e88b6 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-unity7-base @@ -0,0 +1,100 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2013-2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# +# Rules common to applications running under Unity 7 +# + +#include + +#include +#include + + # + # Access required for connecting to/communication with Unity HUD + # + dbus (send) + bus=session + path="/com/canonical/hud", + dbus (send) + bus=session + interface="com.canonical.hud.*", + dbus (send) + bus=session + path="/com/canonical/hud/applications/*", + dbus (receive) + bus=session + path="/com/canonical/hud", + dbus (receive) + bus=session + interface="com.canonical.hud.*", + + # + # Allow access for connecting to/communication with the appmenu + # + # dbusmenu + dbus (send) + bus=session + interface="com.canonical.AppMenu.*", + dbus (receive, send) + bus=session + path=/com/canonical/menu/**, + + # gmenu + dbus (receive, send) + bus=session + interface=org.gtk.Actions, + dbus (receive, send) + bus=session + interface=org.gtk.Menus, + + # + # Access required for using freedesktop notifications + # + dbus (send) + bus=session + path=/org/freedesktop/Notifications + member=GetCapabilities, + dbus (send) + bus=session + path=/org/freedesktop/Notifications + member=GetServerInformation, + dbus (send) + bus=session + path=/org/freedesktop/Notifications + member=Notify, + dbus (receive) + bus=session + member="Notify" + peer=(name="org.freedesktop.DBus"), + dbus (receive) + bus=session + path=/org/freedesktop/Notifications + member=NotificationClosed, + dbus (send) + bus=session + path=/org/freedesktop/Notifications + member=CloseNotification, + + # accessibility + dbus (send) + bus=session + peer=(name=org.a11y.Bus), + dbus (receive) + bus=session + interface=org.a11y.atspi*, + dbus (receive, send) + bus=accessibility, + + # + # Deny potentially dangerous access + # + deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**, diff --git a/etc/apparmor.d/abstractions/ubuntu-unity7-launcher b/etc/apparmor.d/abstractions/ubuntu-unity7-launcher new file mode 100644 index 0000000..52f6cd4 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-unity7-launcher @@ -0,0 +1,7 @@ + # + # Access required for connecting to/communicating with the Unity Launcher + # + dbus (send) + bus=session + interface="com.canonical.Unity.LauncherEntry" + member="Update", diff --git a/etc/apparmor.d/abstractions/ubuntu-unity7-messaging b/etc/apparmor.d/abstractions/ubuntu-unity7-messaging new file mode 100644 index 0000000..828592e --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-unity7-messaging @@ -0,0 +1,7 @@ + # + # Access required for connecting to/communicating with the Unity messaging + # indicator + # + dbus (receive, send) + bus=session + path="/com/canonical/indicator/messages/*", diff --git a/etc/apparmor.d/abstractions/ubuntu-xterm b/etc/apparmor.d/abstractions/ubuntu-xterm new file mode 100644 index 0000000..a062cc7 --- /dev/null +++ b/etc/apparmor.d/abstractions/ubuntu-xterm @@ -0,0 +1,13 @@ +# vim:syntax=apparmor +# +# for allowing access to xterm +# + + #include + /dev/ptmx rw, + /{,var/}run/utmp r, + /etc/X11/app-defaults/XTerm r, + + # do not use ux or Ux here. Use at a minimum ix + /usr/bin/xterm ix, + diff --git a/etc/apparmor.d/abstractions/user-download b/etc/apparmor.d/abstractions/user-download new file mode 100644 index 0000000..ea1043a --- /dev/null +++ b/etc/apparmor.d/abstractions/user-download @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# Description: Where common programs should allow users to download +# files + + owner @{HOME}/tmp/** rwl, + owner @{HOME}/[dD]ownload{,s}/ r, + owner @{HOME}/[dD]ownload{,s}/** rwl, + owner @{HOME}/[^.]* rwl, + owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, + owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl, + owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r, + owner @{HOME}/@{XDG_DOWNLOAD_DIR}/* rwl, + owner "@{HOME}/My Downloads/" r, + owner "@{HOME}/My Downloads/**" rwl, diff --git a/etc/apparmor.d/abstractions/user-mail b/etc/apparmor.d/abstractions/user-mail new file mode 100644 index 0000000..b799ffc --- /dev/null +++ b/etc/apparmor.d/abstractions/user-mail @@ -0,0 +1,23 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # location of user mail, spool and mboxes + owner @{HOME}/[mM]ail/ r, + owner @{HOME}/[mM]ail/** rwl, + owner @{HOME}/postponed* rwl, + /var/{,spool/}mail/ r, + owner /var/{,spool/}mail/* rwl, + owner @{HOME}/mbox.lock* rwl, + owner @{HOME}/mbox rw, + owner @{HOME}/inbox rw, + owner @{HOME}/.forward r, + owner @{HOME}/Maildir/ r, + owner @{HOME}/Maildir/** rwl, diff --git a/etc/apparmor.d/abstractions/user-manpages b/etc/apparmor.d/abstractions/user-manpages new file mode 100644 index 0000000..b7cc0cb --- /dev/null +++ b/etc/apparmor.d/abstractions/user-manpages @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # perhaps your configuration has users elsewhere, or you don't wish + # them to read their own manpages + owner @{HOME}/man/ r, + owner @{HOME}/man/** r, + owner @{HOME}/tmp/groff* rwl, + + # kindof required + owner /tmp/groff* rwl, + + # standard system manpages + /usr/local/share/man/man?/ r, + /usr/local/share/man/man?/** r, + /usr/{share,X11R6,local,kerberos}/man/** r, + /usr/man/** r, diff --git a/etc/apparmor.d/abstractions/user-tmp b/etc/apparmor.d/abstractions/user-tmp new file mode 100644 index 0000000..63993d6 --- /dev/null +++ b/etc/apparmor.d/abstractions/user-tmp @@ -0,0 +1,20 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009-2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # per-user tmp directories + owner @{HOME}/tmp/** rwkl, + owner @{HOME}/tmp/ rw, + + # global tmp directories + owner /var/tmp/** rwkl, + /var/tmp/ rw, + owner /tmp/** rwkl, + /tmp/ rw, diff --git a/etc/apparmor.d/abstractions/user-write b/etc/apparmor.d/abstractions/user-write new file mode 100644 index 0000000..c6ea29b --- /dev/null +++ b/etc/apparmor.d/abstractions/user-write @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # per-user write directories + owner @{HOME}/ r, + owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, + owner @{HOME}/@{XDG_DOCUMENTS_DIR}/ r, + owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/ r, + owner @{HOME}/[^.]*/ rw, + owner @{HOME}/[^.]* rwl, + owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl, + owner @{HOME}/@{XDG_DOCUMENTS_DIR}/** rwl, + owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/** rwl, diff --git a/etc/apparmor.d/abstractions/video b/etc/apparmor.d/abstractions/video new file mode 100644 index 0000000..00a8346 --- /dev/null +++ b/etc/apparmor.d/abstractions/video @@ -0,0 +1,6 @@ +# vim:syntax=apparmor +# video device access + + # System devices + @{sys}/class/video4linux r, + @{sys}/class/video4linux/** r, diff --git a/etc/apparmor.d/abstractions/vulkan b/etc/apparmor.d/abstractions/vulkan new file mode 100644 index 0000000..7f0d8cb --- /dev/null +++ b/etc/apparmor.d/abstractions/vulkan @@ -0,0 +1,15 @@ +# vim:syntax=apparmor +# Vulkan access requirements + + # System files + /dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa) + /etc/vulkan/icd.d/{,*.json} r, + /etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r, + # for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa) + @{sys}/devices/pci[0-9]*/*/drm/ r, + /usr/share/vulkan/icd.d/{,*.json} r, + /usr/share/vulkan/{explicit,implicit}_layer.d/{,*.json} r, + + # User files + owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r, + diff --git a/etc/apparmor.d/abstractions/wayland b/etc/apparmor.d/abstractions/wayland new file mode 100644 index 0000000..f5290b2 --- /dev/null +++ b/etc/apparmor.d/abstractions/wayland @@ -0,0 +1,14 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 intrigeri +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + owner /var/run/user/*/weston-shared-* rw, + owner /run/user/*/wayland-[0-9]* rw, + owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw, diff --git a/etc/apparmor.d/abstractions/web-data b/etc/apparmor.d/abstractions/web-data new file mode 100644 index 0000000..0baf299 --- /dev/null +++ b/etc/apparmor.d/abstractions/web-data @@ -0,0 +1,25 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2006 Novell/SUSE +# Copyright (C) 2014 Canonical Ltd +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /srv/www/htdocs/ r, + /srv/www/htdocs/** r, + # virtual hosting + /srv/www/vhosts/ r, + /srv/www/vhosts/** r, + # mod_userdir + @{HOME}/public_html/ r, + @{HOME}/public_html/** r, + + /srv/www/rails/*/public/ r, + /srv/www/rails/*/public/** r, + + /var/www/html/ r, + /var/www/html/** r, diff --git a/etc/apparmor.d/abstractions/winbind b/etc/apparmor.d/abstractions/winbind new file mode 100644 index 0000000..e982889 --- /dev/null +++ b/etc/apparmor.d/abstractions/winbind @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # pam_winbindd + /tmp/.winbindd/pipe rw, + /var/{lib,run}/samba/winbindd_privileged/pipe rw, + /etc/samba/smb.conf r, + /etc/samba/dhcp.conf r, + /usr/lib*/samba/valid.dat r, + /usr/lib*/samba/upcase.dat r, + /usr/lib*/samba/lowcase.dat r, + /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + diff --git a/etc/apparmor.d/abstractions/wutmp b/etc/apparmor.d/abstractions/wutmp new file mode 100644 index 0000000..d750955 --- /dev/null +++ b/etc/apparmor.d/abstractions/wutmp @@ -0,0 +1,16 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2009 Novell/SUSE +# Copyright (C) 2009 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # some services update wtmp, utmp, and lastlog with per-user + # connection information + /var/log/lastlog rwk, + /var/log/wtmp wk, + /{,var/}run/utmp rwk, diff --git a/etc/apparmor.d/abstractions/xad b/etc/apparmor.d/abstractions/xad new file mode 100644 index 0000000..54b0f40 --- /dev/null +++ b/etc/apparmor.d/abstractions/xad @@ -0,0 +1,25 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2007 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /opt/novell/xad/lib/ r, + /opt/novell/xad/lib/lib*.so* mr, + /opt/novell/xad/lib/gss/*.so* mr, + /opt/novell/lib/libpthread_ext*.so* mr, + /opt/novell/lib/libccs2.so* mr, + /opt/novell/xad/lib64/ r, + /opt/novell/xad/lib64/lib*.so* mr, + /opt/novell/xad/lib64/gss/*.so* mr, + /opt/novell/lib64/libpthread_ext*.so* mr, + /opt/novell/lib64/libccs2.so* mr, + /etc/opt/novell/xad/krb5.conf r, + /etc/opt/novell/nici.cfg r, + /var/opt/novell/nici/* r, + /var/opt/novell/nici/*/ r, + /var/opt/novell/nici/*/* rw, diff --git a/etc/apparmor.d/abstractions/xdg-desktop b/etc/apparmor.d/abstractions/xdg-desktop new file mode 100644 index 0000000..bc8f6a0 --- /dev/null +++ b/etc/apparmor.d/abstractions/xdg-desktop @@ -0,0 +1,24 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # Entries based on: + # http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html + + owner @{HOME}/.cache/ rw, + + owner @{HOME}/.config/ rw, + + owner @{HOME}/.local/ rw, + owner @{HOME}/.local/share/ rw, + + # fallbacks + /usr/share/ r, + /usr/local/share/ r, diff --git a/etc/apparmor.d/disable/usr.sbin.rsyslogd b/etc/apparmor.d/disable/usr.sbin.rsyslogd new file mode 120000 index 0000000..58ef243 --- /dev/null +++ b/etc/apparmor.d/disable/usr.sbin.rsyslogd @@ -0,0 +1 @@ +/etc/apparmor.d/usr.sbin.rsyslogd \ No newline at end of file diff --git a/etc/apparmor.d/local/README b/etc/apparmor.d/local/README new file mode 100644 index 0000000..a3cf2e4 --- /dev/null +++ b/etc/apparmor.d/local/README @@ -0,0 +1,24 @@ +# This directory is intended to contain profile additions and overrides for +# inclusion by distributed profiles to aid in packaging AppArmor for +# distributions. +# +# The shipped profiles in /etc/apparmor.d can still be modified by an +# administrator and people should modify the shipped profile when making +# large policy changes, rather than trying to make those adjustments here. +# +# For simple access additions or the occasional deny override, adjusting them +# here can prevent the package manager of the distribution from interfering +# with local modifications. As always, new policy should be reviewed to ensure +# it is appropriate for your site. +# +# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has: +# #include +# +# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to +# contain any additional paths to be allowed, such as: +# +# /var/exports/** lrwk, +# +# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't +# be able to allow access to files that are explicitly denied by the shipped +# profile using this mechanism. diff --git a/etc/apparmor.d/local/lsb_release b/etc/apparmor.d/local/lsb_release new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/nvidia_modprobe b/etc/apparmor.d/local/nvidia_modprobe new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/sbin.dhclient b/etc/apparmor.d/local/sbin.dhclient new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/usr.bin.man b/etc/apparmor.d/local/usr.bin.man new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/usr.lib.snapd.snap-confine.real b/etc/apparmor.d/local/usr.lib.snapd.snap-confine.real new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/usr.sbin.rsyslogd b/etc/apparmor.d/local/usr.sbin.rsyslogd new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/local/usr.sbin.tcpdump b/etc/apparmor.d/local/usr.sbin.tcpdump new file mode 100644 index 0000000..e69de29 diff --git a/etc/apparmor.d/lsb_release b/etc/apparmor.d/lsb_release new file mode 100644 index 0000000..5c05ba4 --- /dev/null +++ b/etc/apparmor.d/lsb_release @@ -0,0 +1,50 @@ +# Note: This profile does not specify an attachment path because it is +# intended to be used only via "Px -> lsb_release" exec transitions from +# other profiles. We want to confine the lsb_release(1) utility when it +# is invoked from other confined applications, but not when it is used +# in regular (unconfined) shell scripts or run directly by the user. + +#include + +# Do not attach to /usr/bin/lsb_release by default +profile lsb_release { + #include + #include + + owner @{PROC}/@{pid}/fd/ r, + + /dev/tty rw, + + /usr/bin/lsb_release r, + /usr/bin/python3.[0-9] mr, + + /etc/debian_version r, + /etc/default/apport r, + /etc/dpkg/origins/** r, + /etc/lsb-release r, + /etc/lsb-release.d/ r, + + /{usr/,}bin/bash ixr, + /{usr/,}bin/dash ixr, + /usr/bin/basename ixr, + /usr/bin/dpkg-query ixr, + /usr/bin/getopt ixr, + /usr/bin/sed ixr, + /usr/bin/tr ixr, + + # TODO - many more permissions needed for this to work + deny /usr/bin/apt-cache x, + + /usr/bin/ r, + /usr/include/python*/pyconfig.h r, + /usr/share/distro-info/** r, + /usr/share/dpkg/** r, + /usr/share/terminfo/** r, + /var/lib/dpkg/** r, + + # file_inherit + deny /tmp/gtalkplugin.log w, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/etc/apparmor.d/nvidia_modprobe b/etc/apparmor.d/nvidia_modprobe new file mode 100644 index 0000000..01f714c --- /dev/null +++ b/etc/apparmor.d/nvidia_modprobe @@ -0,0 +1,63 @@ +# vim:syntax=apparmor + +#include + +profile nvidia_modprobe { + #include + + # Capabilities + + capability chown, + capability mknod, + capability setuid, + capability sys_admin, + + # Main executable + + /usr/bin/nvidia-modprobe mr, + + # Other executables + + /usr/bin/kmod Cx -> kmod, + + # System files + + /dev/nvidia-uvm w, + /dev/nvidia-uvm-tools w, + @{sys}/bus/pci/devices/ r, + @{sys}/devices/pci[0-9]*/**/config r, + @{PROC}/devices r, + @{PROC}/modules r, + @{PROC}/sys/kernel/modprobe r, + + # Child profiles + + profile kmod { + #include + + # Capabilities + + capability sys_module, + + # Main executable + + /usr/bin/kmod mrix, + + # Other executables + + /{,usr/}bin/{,ba,da}sh ix, + + # System files + + /etc/modprobe.d/{,*.conf} r, + /etc/nvidia/current/*.conf r, + @{sys}/module/ipmi_devintf/initstate r, + @{sys}/module/ipmi_msghandler/initstate r, + @{sys}/module/nvidia/initstate r, + @{PROC}/cmdline r, + } + + # Site-specific additions and overrides. See local/README for details. + #include +} + diff --git a/etc/apparmor.d/sbin.dhclient b/etc/apparmor.d/sbin.dhclient new file mode 100644 index 0000000..b6e2b9d --- /dev/null +++ b/etc/apparmor.d/sbin.dhclient @@ -0,0 +1,105 @@ +# vim:syntax=apparmor +#include + +/{,usr/}sbin/dhclient flags=(attach_disconnected) { + #include + #include + #include + + capability net_bind_service, + capability net_raw, + capability dac_override, + capability net_admin, + + network packet, + network raw, + + @{PROC}/[0-9]*/net/ r, + @{PROC}/[0-9]*/net/** r, + + /{,usr/}sbin/dhclient mr, + # LP: #1197484 and LP: #1202203 - why is this needed? :( + /{,usr/}bin/bash mr, + + /etc/dhclient.conf r, + /etc/dhcp/ r, + /etc/dhcp/** r, + + /var/lib/dhcp{,3}/dhclient* lrw, + /{,var/}run/dhclient*.pid lrw, + /{,var/}run/dhclient*.lease* lrw, + + # NetworkManager + /{,var/}run/nm*conf r, + /{,var/}run/sendsigs.omit.d/network-manager.dhclient*.pid lrw, + /var/lib/NetworkManager/dhclient*.conf lrw, + /var/lib/NetworkManager/dhclient*.lease* lrw, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + + # connman + /{,var/}run/connman/dhclient*.pid lrw, + /{,var/}run/connman/dhclient*.leases lrw, + + # synce-hal + /usr/share/synce-hal/dhclient.conf r, + + # if there is a custom script, let it run unconfined + /etc/dhcp/dhclient-script Uxr, + + # The dhclient-script shell script sources other shell scripts rather than + # executing them, so we can't just use a separate profile for dhclient-script + # with 'Uxr' on the hook scripts. However, for the long-running dhclient3 + # daemon to run arbitrary code via /sbin/dhclient-script, it would need to be + # able to subvert dhclient-script or write to the hooks.d directories. As + # such, if the dhclient3 daemon is subverted, this effectively limits it to + # only being able to run the hooks scripts. + /{,usr/}sbin/dhclient-script Uxr, + + # Run the ELF executables under their own unrestricted profiles + /usr/lib/NetworkManager/nm-dhcp-client.action Pxrm, + /usr/lib/connman/scripts/dhclient-script Pxrm, + + # Support the new executable helper from NetworkManager. + /usr/lib/NetworkManager/nm-dhcp-helper Pxrm, + signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper, + + # Site-specific additions and overrides. See local/README for details. + #include +} + +/usr/lib/NetworkManager/nm-dhcp-client.action { + #include + #include + /usr/lib/NetworkManager/nm-dhcp-client.action mr, + + /var/lib/NetworkManager/*lease r, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, +} + +/usr/lib/NetworkManager/nm-dhcp-helper { + #include + #include + /usr/lib/NetworkManager/nm-dhcp-helper mr, + + /run/NetworkManager/private-dhcp rw, + signal (send) peer=/sbin/dhclient, + + /var/lib/NetworkManager/*lease r, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, +} + +/usr/lib/connman/scripts/dhclient-script { + #include + #include + /usr/lib/connman/scripts/dhclient-script mr, + network inet dgram, + network inet6 dgram, +} + diff --git a/etc/apparmor.d/tunables/alias b/etc/apparmor.d/tunables/alias new file mode 100644 index 0000000..a0c55c4 --- /dev/null +++ b/etc/apparmor.d/tunables/alias @@ -0,0 +1,16 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# Alias rules can be used to rewrite paths and are done after variable +# resolution. For example, if '/usr' is on removable media: +# alias /usr/ -> /mnt/usr/, +# +# Or if mysql databases are stored in /home: +# alias /var/lib/mysql/ -> /home/mysql/, diff --git a/etc/apparmor.d/tunables/apparmorfs b/etc/apparmor.d/tunables/apparmorfs new file mode 100644 index 0000000..8df8675 --- /dev/null +++ b/etc/apparmor.d/tunables/apparmorfs @@ -0,0 +1,11 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include + +@{apparmorfs}=@{securityfs}/apparmor/ diff --git a/etc/apparmor.d/tunables/dovecot b/etc/apparmor.d/tunables/dovecot new file mode 100644 index 0000000..702da58 --- /dev/null +++ b/etc/apparmor.d/tunables/dovecot @@ -0,0 +1,20 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2013 Christian Boltz +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:ft=apparmor + +# @{DOVECOT_MAILSTORE} is a space-separated list of all directories +# where dovecot is allowed to store and read mails +# +# The default value is quite broad to avoid breaking existing setups. +# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory +# you use, and remove everything else. + +@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/ /var/vmail/ /var/mail/ /var/spool/mail/ + diff --git a/etc/apparmor.d/tunables/global b/etc/apparmor.d/tunables/global new file mode 100644 index 0000000..28d6fc6 --- /dev/null +++ b/etc/apparmor.d/tunables/global @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006-2009 Novell/SUSE +# Copyright (C) 2010-2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# All the tunables definitions that should be available to every profile +# should be included here + +#include +#include +#include +#include +#include +#include +#include diff --git a/etc/apparmor.d/tunables/home b/etc/apparmor.d/tunables/home new file mode 100644 index 0000000..550ccd5 --- /dev/null +++ b/etc/apparmor.d/tunables/home @@ -0,0 +1,25 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006-2009 Novell/SUSE +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{HOME} is a space-separated list of all user home directories. While +# it doesn't refer to a specific home directory (AppArmor doesn't +# enforce discretionary access controls) it can be used as if it did +# refer to a specific home directory +@{HOME}=@{HOMEDIRS}/*/ /root/ + +# @{HOMEDIRS} is a space-separated list of where user home directories +# are stored, for programs that must enumerate all home directories on a +# system. +@{HOMEDIRS}=/home/ + +# Also, include files in tunables/home.d for site-specific adjustments to +# @{HOMEDIRS}. +#include diff --git a/etc/apparmor.d/tunables/home.d/site.local b/etc/apparmor.d/tunables/home.d/site.local new file mode 100644 index 0000000..e6796a0 --- /dev/null +++ b/etc/apparmor.d/tunables/home.d/site.local @@ -0,0 +1,13 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# The following is a space-separated list of where additional user home +# directories are stored, each must have a trailing '/'. Directories added +# here are appended to @{HOMEDIRS}. See tunables/home for details. Eg: +#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/ diff --git a/etc/apparmor.d/tunables/home.d/ubuntu b/etc/apparmor.d/tunables/home.d/ubuntu new file mode 100644 index 0000000..32db092 --- /dev/null +++ b/etc/apparmor.d/tunables/home.d/ubuntu @@ -0,0 +1,7 @@ +# This file is auto-generated. It is recommended you update it using: +# $ sudo dpkg-reconfigure apparmor +# +# The following is a space-separated list of where additional user home +# directories are stored, each must have a trailing '/'. Directories added +# here are appended to @{HOMEDIRS}. See tunables/home for details. +#@{HOMEDIRS}+= diff --git a/etc/apparmor.d/tunables/kernelvars b/etc/apparmor.d/tunables/kernelvars new file mode 100644 index 0000000..65ee266 --- /dev/null +++ b/etc/apparmor.d/tunables/kernelvars @@ -0,0 +1,33 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# This file should contain declarations to kernel vars or variables +# that will become kernel vars at some point + +# until kernel vars are implemented +# and until the parser supports nested groupings like +# @{pid}=[1-9]{[0-9]{[0-9]{[0-9]{[0-9]{[0-9],},},},},} +# use +@{pid}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9]} + +#same pattern as @{pid} for now +@{tid}=@{pid} + +#A pattern for pids that can appear +@{pids}=@{pid} + +# Placeholder for user id until kernel var is implemented to match +# current user of the confined application. +# Values are 0...4,294,967,295 (32-bit unsigned, 10 digits). +@{uid}={[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]} + +#same pattern as @{uid} for now +@{uids}=@{uid} + +# until kernel var is implemented +@{sys}=/sys/ diff --git a/etc/apparmor.d/tunables/multiarch b/etc/apparmor.d/tunables/multiarch new file mode 100644 index 0000000..c54082e --- /dev/null +++ b/etc/apparmor.d/tunables/multiarch @@ -0,0 +1,17 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{multiarch} is the set of patterns matching multi-arch library +# install prefixes. +@{multiarch}=*-linux-gnu* + +# Also, include files in tunables/multiarch.d for site and packaging +# specific adjustments to @{multiarch}. +#include diff --git a/etc/apparmor.d/tunables/multiarch.d/site.local b/etc/apparmor.d/tunables/multiarch.d/site.local new file mode 100644 index 0000000..91877e2 --- /dev/null +++ b/etc/apparmor.d/tunables/multiarch.d/site.local @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2011 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# The following is a space-separated list of where additional multipath +# prefixes are stored, each should not have a trailing '/'. Directories +# added here are appended to @{multiarch}. See tunables/mutliarch for details. Eg: +#@{multiarch}+=*-freebsd* s390-hurd-zomg diff --git a/etc/apparmor.d/tunables/proc b/etc/apparmor.d/tunables/proc new file mode 100644 index 0000000..25a1964 --- /dev/null +++ b/etc/apparmor.d/tunables/proc @@ -0,0 +1,12 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{PROC} is the location where procfs is mounted. +@{PROC}=/proc/ diff --git a/etc/apparmor.d/tunables/securityfs b/etc/apparmor.d/tunables/securityfs new file mode 100644 index 0000000..c572139 --- /dev/null +++ b/etc/apparmor.d/tunables/securityfs @@ -0,0 +1,10 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{securityfs} is the location where securityfs is mounted. +@{securityfs}=@{sys}/kernel/security/ diff --git a/etc/apparmor.d/tunables/share b/etc/apparmor.d/tunables/share new file mode 100644 index 0000000..f41121c --- /dev/null +++ b/etc/apparmor.d/tunables/share @@ -0,0 +1,15 @@ +@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export} + +# System-wide directories with behaviour analogous to /usr/share +# in patterns like the freedesktop.org basedir spec. These are +# owned by root or a system user, appear in XDG_DATA_DIRS, and +# are the parent directory for `applications`, `themes`, +# `dbus-1/services`, etc. +@{system_share_dirs} = /{usr,usr/local,var/lib/@{flatpak_exports_root}}/share + +# Per-user/personal directories with behaviour analogous to +# ~/.local/share in patterns like the freedesktop.org basedir spec. +# These are owned by the user running an application, appear in +# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory +# for the same subdirectories as @{system_share_dirs} +@{user_share_dirs} = @{HOME}/.local{,/share/@{flatpak_exports_root}}/share diff --git a/etc/apparmor.d/tunables/sys b/etc/apparmor.d/tunables/sys new file mode 100644 index 0000000..c5257e3 --- /dev/null +++ b/etc/apparmor.d/tunables/sys @@ -0,0 +1,9 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#This file is DEPRECATED! @{sys} is defined in tunables/kernelvars now. diff --git a/etc/apparmor.d/tunables/xdg-user-dirs b/etc/apparmor.d/tunables/xdg-user-dirs new file mode 100644 index 0000000..fcaf8d4 --- /dev/null +++ b/etc/apparmor.d/tunables/xdg-user-dirs @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# Define the common set of XDG user directories (usually defined in +# /etc/xdg/user-dirs.defaults) +@{XDG_DESKTOP_DIR}="Desktop" +@{XDG_DOWNLOAD_DIR}="Downloads" +@{XDG_TEMPLATES_DIR}="Templates" +@{XDG_PUBLICSHARE_DIR}="Public" +@{XDG_DOCUMENTS_DIR}="Documents" +@{XDG_MUSIC_DIR}="Music" +@{XDG_PICTURES_DIR}="Pictures" +@{XDG_VIDEOS_DIR}="Videos" + +# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments +# to the various XDG directories +#include diff --git a/etc/apparmor.d/tunables/xdg-user-dirs.d/site.local b/etc/apparmor.d/tunables/xdg-user-dirs.d/site.local new file mode 100644 index 0000000..8fcabfa --- /dev/null +++ b/etc/apparmor.d/tunables/xdg-user-dirs.d/site.local @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# The following may be used to add additional entries such as for +# translations. See tunables/xdg-user-dirs for details. Eg: +#@{XDG_MUSIC_DIR}+="Musique" + +#@{XDG_DESKTOP_DIR}+="" +#@{XDG_DOWNLOAD_DIR}+="" +#@{XDG_TEMPLATES_DIR}+="" +#@{XDG_PUBLICSHARE_DIR}+="" +#@{XDG_DOCUMENTS_DIR}+="" +#@{XDG_MUSIC_DIR}+="" +#@{XDG_PICTURES_DIR}+="" +#@{XDG_VIDEOS_DIR}+="" diff --git a/etc/apparmor.d/usr.bin.man b/etc/apparmor.d/usr.bin.man new file mode 100644 index 0000000..b016052 --- /dev/null +++ b/etc/apparmor.d/usr.bin.man @@ -0,0 +1,105 @@ +# vim:syntax=apparmor + +#include + +/usr/bin/man { + #include + + # Use a special profile when man calls anything groff-related. We only + # include the programs that actually parse input data in a non-trivial + # way, not wrappers such as groff and nroff, since the latter would need a + # broader profile. + /usr/bin/eqn rmCx -> &man_groff, + /usr/bin/grap rmCx -> &man_groff, + /usr/bin/pic rmCx -> &man_groff, + /usr/bin/preconv rmCx -> &man_groff, + /usr/bin/refer rmCx -> &man_groff, + /usr/bin/tbl rmCx -> &man_groff, + /usr/bin/troff rmCx -> &man_groff, + /usr/bin/vgrind rmCx -> &man_groff, + + # Similarly, use a special profile when man calls decompressors and other + # simple filters. + /{,usr/}bin/bzip2 rmCx -> &man_filter, + /{,usr/}bin/gzip rmCx -> &man_filter, + /usr/bin/col rmCx -> &man_filter, + /usr/bin/compress rmCx -> &man_filter, + /usr/bin/iconv rmCx -> &man_filter, + /usr/bin/lzip.lzip rmCx -> &man_filter, + /usr/bin/tr rmCx -> &man_filter, + /usr/bin/xz rmCx -> &man_filter, + + # Allow basically anything in terms of file system access, subject to DAC. + # The purpose of this profile isn't to confine man itself (that might be + # nice in the future, but is tricky since it's quite configurable), but to + # confine the processes it calls that parse untrusted data. + /** mrixwlk, + unix, + + capability setuid, + capability setgid, + + signal peer=@{profile_name}, + signal peer=/usr/bin/man//&man_groff, + signal peer=/usr/bin/man//&man_filter, + + # Site-specific additions and overrides. See local/README for details. + #include +} + +profile man_groff { + #include + # Recent kernels revalidate open FDs, and there are often some still + # open on TTYs. This is temporary until man learns to close irrelevant + # open FDs before execve. + #include + # man always runs its groff pipeline with the input file open on stdin, + # so we can skip . + + /usr/bin/eqn rm, + /usr/bin/grap rm, + /usr/bin/pic rm, + /usr/bin/preconv rm, + /usr/bin/refer rm, + /usr/bin/tbl rm, + /usr/bin/troff rm, + /usr/bin/vgrind rm, + + /etc/groff/** r, + /etc/papersize r, + /usr/lib/groff/site-tmac/** r, + /usr/share/groff/** r, + + signal peer=/usr/bin/man, + # @{profile_name} doesn't seem to work here. + signal peer=/usr/bin/man//&man_groff, +} + +profile man_filter { + #include + # Recent kernels revalidate open FDs, and there are often some still + # open on TTYs. This is temporary until man learns to close irrelevant + # open FDs before execve. + #include + + /{,usr/}bin/bzip2 rm, + /{,usr/}bin/gzip rm, + /usr/bin/col rm, + /usr/bin/compress rm, + /usr/bin/iconv rm, + /usr/bin/lzip.lzip rm, + /usr/bin/tr rm, + /usr/bin/xz rm, + + # Manual pages can be more or less anywhere, especially with "man -l", and + # there's no harm in allowing wide read access here since the worst it can + # do is feed data to the invoking man process. + /** r, + + # Allow writing cat pages. + /var/cache/man/** w, + + signal peer=/usr/bin/man, + # @{profile_name} doesn't seem to work here. + signal peer=/usr/bin/man//&man_filter, +} diff --git a/etc/apparmor.d/usr.lib.snapd.snap-confine.real b/etc/apparmor.d/usr.lib.snapd.snap-confine.real new file mode 100644 index 0000000..a569e1c --- /dev/null +++ b/etc/apparmor.d/usr.lib.snapd.snap-confine.real @@ -0,0 +1,613 @@ +# Author: Jamie Strandboge +#include + +/usr/lib/snapd/snap-confine (attach_disconnected) { + # Include any additional files that snapd chose to generate. + # - for $HOME on NFS + # - for $HOME on encrypted media + # + # Those are discussed on https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor + # and https://forum.snapcraft.io/t/snaps-and-nfs-home/ + #include "/var/lib/snapd/apparmor/snap-confine" + + # We run privileged, so be fanatical about what we include and don't use + # any abstractions + /etc/ld.so.cache r, + /etc/ld.so.preload r, + + # Do not assume that the interpreter is always named like + # ld-linux-x86_64.so, as on some architectures there can be a version after + # the .so suffix, eg. ld-linux-aarch64.so.1 + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}ld{-*,64}.so* mrix, + # libc, you are funny + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libc{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libpthread{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}librt{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libresolv{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre{,2}{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libmount.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libblkid.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libuuid.so* mr, + # normal libs in order + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libapparmor.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcgmanager.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libdl{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih-dbus.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libdbus-1.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libseccomp.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcap.so* mr, + + /usr/lib/snapd/snap-confine mr, + + # This rule is needed when executing from a "base: core" devmode snap on + # UC18 and newer where the /usr/lib/snapd/snap-confine inside the + # "base: core" mount namespace always comes from the snapd snap, and thus + # we will execute snap-confine via this path, and thus need to be able to + # read this path when executing. It's also necessary on classic where both + # the snapd and the core snap are installed at the same time. + # TODO: remove this rule when we stop supporting executing other snaps from + # inside devmode snaps, ideally even in the short term we would only include + # this rule on core only, and specifically uc18 and newer where we need it + #@VERBATIM_LIBEXECDIR_SNAP_CONFINE@ mr, + + /dev/null rw, + /dev/full rw, + /dev/zero rw, + /dev/random r, + /dev/urandom r, + /dev/pts/[0-9]* rw, + /dev/tty rw, + + # cgroup: devices + capability sys_admin, + capability dac_read_search, + capability dac_override, + /sys/fs/cgroup/ r, + /sys/fs/cgroup/devices/ r, + /sys/fs/cgroup/devices/snap.*/ rw, + /sys/fs/cgroup/devices/snap.*/cgroup.procs w, + /sys/fs/cgroup/devices/snap.*/devices.{allow,deny} w, + + # cgroup: freezer + # Allow creating per-snap cgroup freezers and adding snap command (task) + # invocations to the freezer. This allows for reliably enumerating all + # running processes for the snap. In addition, allow enumerating processes + # in the cgroup to determine if it is occupied. + /sys/fs/cgroup/freezer/ r, + /sys/fs/cgroup/freezer/snap.*/ w, + /sys/fs/cgroup/freezer/snap.*/cgroup.procs rw, + /sys/fs/cgroup/ r, + /sys/fs/cgroup/** r, + + # cgroup: reading own cgroup + @{PROC}/@{pid}/cgroup r, + + # cgroup: manage bpf map for device cgroup + /sys/fs/bpf/ r, + /sys/fs/bpf/snap/ rw, + /sys/fs/bpf/snap/* rw, + # s-c may need to raise the memlock limit + capability sys_resource, + + # querying udev + /etc/udev/udev.conf r, + /sys/**/uevent r, + /run/udev/** rw, + /{,usr/}bin/tr ixr, + /usr/lib/locale/** r, + /usr/lib/@{multiarch}/gconv/gconv-modules r, + /usr/lib/@{multiarch}/gconv/gconv-modules.cache r, + + # priv dropping + capability setuid, + capability setgid, + + # changing profile + @{PROC}/[0-9]*/attr/{,apparmor/}exec w, + # Reading current profile + @{PROC}/[0-9]*/attr/{,apparmor/}current r, + # Reading available filesystems + @{PROC}/filesystems r, + + # To find where apparmor is mounted + @{PROC}/[0-9]*/mounts r, + # To find if apparmor is enabled + /sys/module/apparmor/parameters/enabled r, + + # Don't allow changing profile to unconfined or profiles that start with + # '/'. Use 'unsafe' to support snap-exec on armhf and its reliance on + # the environment for determining the capabilities of the architecture. + # 'unsafe' is ok here because the kernel will have already cleared the + # environment as part of launching snap-confine with CAP_SYS_ADMIN. This + # does leave directories as configured by ld.so.preload as well as + # LD_PRELOAD to be set to a library which is in a directory configured by + # ld.so.conf, but access to those locations is mediated by this profile + # (which requires rules for specific locations). + change_profile unsafe /** -> [^u/]**, + change_profile unsafe /** -> u[^n]**, + change_profile unsafe /** -> un[^c]**, + change_profile unsafe /** -> unc[^o]**, + change_profile unsafe /** -> unco[^n]**, + change_profile unsafe /** -> uncon[^f]**, + change_profile unsafe /** -> unconf[^i]**, + change_profile unsafe /** -> unconfi[^n]**, + change_profile unsafe /** -> unconfin[^e]**, + change_profile unsafe /** -> unconfine[^d]**, + change_profile unsafe /** -> unconfined?**, + + # allow changing to a few not caught above + change_profile unsafe /** -> {u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}, + + # LP: #1446794 - when this bug is fixed, change the above to: + # deny change_profile unsafe /** -> {unconfined,/**}, + # change_profile unsafe /** -> **, + + # reading seccomp filters + /{tmp/snap.rootfs_*/,}var/lib/snapd/seccomp/bpf/*.bin r, + + # LP: #1668659 and parallel instaces of classic snaps + mount options=(rw rbind) /snap/ -> /snap/, + mount options=(rw rshared) -> /snap/, + mount options=(rw rbind) /var/lib/snapd/snap/ -> /var/lib/snapd/snap/, + mount options=(rw rshared) -> /var/lib/snapd/snap/, + + # boostrapping the mount namespace + mount options=(rw rshared) -> /, + mount options=(rw bind) /tmp/snap.rootfs_*/ -> /tmp/snap.rootfs_*/, + mount options=(rw unbindable) -> /tmp/snap.rootfs_*/, + # the next line is for classic system + mount options=(rw rbind) /snap/*/*/ -> /tmp/snap.rootfs_*/, + # the next line is for core system + mount options=(rw rbind) / -> /tmp/snap.rootfs_*/, + # all of the constructed rootfs is a rslave + mount options=(rw rslave) -> /tmp/snap.rootfs_*/, + # bidirectional mounts (for both classic and core) + # NOTE: this doesn't capture the MERGED_USR configuration option so that + # when a distro with merged /usr and / that uses apparmor shows up it + # should be handled here. + /{,run/}media/ w, + mount options=(rw rbind) /{,run/}media/ -> /tmp/snap.rootfs_*/{,run/}media/, + /run/netns/ w, + mount options=(rw rbind) /run/netns/ -> /tmp/snap.rootfs_*/run/netns/, + # unidirectional mounts (only for classic system) + mount options=(rw rbind) /dev/ -> /tmp/snap.rootfs_*/dev/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/dev/, + + mount options=(rw rbind) /etc/ -> /tmp/snap.rootfs_*/etc/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/etc/, + + mount options=(rw rbind) /home/ -> /tmp/snap.rootfs_*/home/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/home/, + + mount options=(rw rbind) /root/ -> /tmp/snap.rootfs_*/root/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/root/, + + mount options=(rw rbind) /proc/ -> /tmp/snap.rootfs_*/proc/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/proc/, + + mount options=(rw rbind) /sys/ -> /tmp/snap.rootfs_*/sys/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/sys/, + + mount options=(rw rbind) /tmp/ -> /tmp/snap.rootfs_*/tmp/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/tmp/, + + mount options=(rw rbind) /var/lib/dhcp/ -> /tmp/snap.rootfs_*/var/lib/dhcp/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/dhcp/, + + mount options=(rw rbind) /var/lib/snapd/ -> /tmp/snap.rootfs_*/var/lib/snapd/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/snapd/, + + mount options=(rw rbind) /var/snap/ -> /tmp/snap.rootfs_*/var/snap/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/snap/, + + mount options=(rw rbind) /var/tmp/ -> /tmp/snap.rootfs_*/var/tmp/, + # /var/volatile is the default volatile location on Yocto/Poky, typically used with read-only rootfs setups + mount options=(rw rbind) /var/volatile/tmp/ -> /tmp/snap.rootfs_*/var/tmp/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/tmp/, + + mount options=(rw rbind) /run/ -> /tmp/snap.rootfs_*/run/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/run/, + + mount options=(rw rbind) /var/lib/extrausers/ -> /tmp/snap.rootfs_*/var/lib/extrausers/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/extrausers/, + + mount options=(rw rbind) {,/usr}/lib{,32,64,x32}/modules/ -> /tmp/snap.rootfs_*{,/usr}/lib/modules/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*{,/usr}/lib/modules/, + + mount options=(rw rbind) {,/usr}/lib{,32,64,x32}/firmware/ -> /tmp/snap.rootfs_*{,/usr}/lib/firmware/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*{,/usr}/lib/firmware/, + + mount options=(rw rbind) /var/log/ -> /tmp/snap.rootfs_*/var/log/, + # /var/volatile is the default volatile location on Yocto/Poky, typically used with read-only rootfs setups + mount options=(rw rbind) /var/volatile/log/ -> /tmp/snap.rootfs_*/var/log/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/log/, + + mount options=(rw rbind) /usr/src/ -> /tmp/snap.rootfs_*/usr/src/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/usr/src/, + + mount options=(rw rbind) /mnt/ -> /tmp/snap.rootfs_*/mnt/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/mnt/, + + # allow making host snap-exec available inside base snaps + mount options=(rw bind) /usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/, + mount options=(rw slave) -> /tmp/snap.rootfs_*/usr/lib/snapd/, + + # allow making re-execed host snap-exec available inside base snaps + mount options=(ro bind) /snap/core/*/usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/, + # allow making snapd snap tools available inside base snaps + mount options=(ro bind) /snap/snapd/*/usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/, + + mount options=(rw bind) /usr/bin/snapctl -> /tmp/snap.rootfs_*/usr/bin/snapctl, + mount options=(rw slave) -> /tmp/snap.rootfs_*/usr/bin/snapctl, + + # /etc/alternatives (classic and normal mode) + mount options=(rw bind) /snap/*/*/etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/, + mount options=(rw bind) /snap/*/*/etc/ssl/ -> /tmp/snap.rootfs_*/etc/ssl/, + mount options=(rw bind) /snap/*/*/etc/nsswitch.conf -> /tmp/snap.rootfs_*/etc/nsswitch.conf, + mount options=(rw bind) /snap/*/*/etc/apparmor/ -> /tmp/snap.rootfs_*/etc/apparmor/, + mount options=(rw bind) /snap/*/*/etc/apparmor.d/ -> /tmp/snap.rootfs_*/etc/apparmor.d/, + + # /etc/alternatives (core/legacy mode) + mount options=(rw bind) /etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/, + + # making all those directories slave shared. + mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/alternatives/, + mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/ssl/, + mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/nsswitch.conf, + mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/apparmor/, + mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/apparmor.d/, + + # the /snap directory + mount options=(rw rbind) /snap/ -> /tmp/snap.rootfs_*/snap/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/snap/, + # pivot_root preparation and execution + mount options=(rw bind) /tmp/snap.rootfs_*/var/lib/snapd/hostfs/ -> /tmp/snap.rootfs_*/var/lib/snapd/hostfs/, + mount options=(rw private) -> /tmp/snap.rootfs_*/var/lib/snapd/hostfs/, + + # pivot_root mediation in AppArmor is not complete. See LP: #1791711. + # However, we can mediate the new_root and put_old to be what we expect, + # and then deny directory creation within old_root to prevent trivial + # pivoting into a whitelisted path. + pivot_root oldroot=/tmp/snap.rootfs_*/var/lib/snapd/hostfs/ /tmp/snap.rootfs_*/, + # Explicitly deny creating the old_root directory in case it is + # inadvertently added somewhere else. While this doesn't resolve + # LP: #1791711, it provides some hardening. + audit deny /tmp/snap.rootfs_*/{var/,var/lib/,var/lib/snapd/,var/lib/snapd/hostfs/} w, + + # cleanup + umount /var/lib/snapd/hostfs/tmp/snap.rootfs_*/, + umount /var/lib/snapd/hostfs/sys/, + umount /var/lib/snapd/hostfs/dev/, + umount /var/lib/snapd/hostfs/proc/, + mount options=(rw rslave) -> /var/lib/snapd/hostfs/, + + # Hide /writable from view of snaps. + mount options=(rprivate) -> /{,var/lib/snapd/hostfs/}writable/, + umount /{,var/lib/snapd/hostfs/}writable/, + + # set up user mount namespace + mount options=(rslave) -> /, + + # set up mount namespace for parallel instances of classic snaps + mount options=(rw rbind) /snap/{,*/} -> /snap/{,*/}, + mount options=(rslave) -> /snap/, + mount options=(rslave) -> /var/snap/, + mount options=(rw rbind) /var/snap/{,*/} -> /var/snap/{,*/}, + mount options=(rw rshared) -> /var/snap/, + + # Allow reading the os-release file (possibly a symlink to /usr/lib). + /{etc/,usr/lib/}os-release r, + + # Allow creating /var/lib/snapd/hostfs, if missing + /var/lib/snapd/hostfs/ rw, + + # set up snap-specific private /tmp dir + capability chown, + /tmp/ rw, + /tmp/snap.*/ rw, + /tmp/snap.*/tmp/ rw, + mount options=(rw private) -> /tmp/, + mount options=(rw bind) /tmp/snap.*/tmp/ -> /tmp/, + mount fstype=devpts options=(rw) devpts -> /dev/pts/, + mount options=(rw bind) /dev/pts/ptmx -> /dev/ptmx, # for bind mounting + mount options=(rw bind) /dev/pts/ptmx -> /dev/pts/ptmx, # for bind mounting under LXD + # Workaround for LP: #1584456 on older kernels that mistakenly think + # /dev/pts/ptmx needs a trailing '/' + mount options=(rw bind) /dev/pts/ptmx/ -> /dev/ptmx/, + mount options=(rw bind) /dev/pts/ptmx/ -> /dev/pts/ptmx/, + + # for running snaps on classic + /snap/ r, + /snap/** r, + /snap/ r, + /snap/** r, + + # NOTE: at this stage the /snap directory is stable as we have called + # pivot_root already. + + # nvidia handling, glob needs /usr/** and the launcher must be + # able to bind mount the nvidia dir + /sys/module/nvidia/version r, + /sys/**/drivers/nvidia{,_*}/* r, + /sys/**/nvidia*/uevent r, + /sys/module/nvidia{,_*}/* r, + /dev/nvidia[0-9]* r, + /dev/nvidiactl r, + /dev/nvidia-uvm r, + /usr/** r, + mount options=(rw bind) /usr/lib{,32}/nvidia-*/ -> /{tmp/snap.rootfs_*/,}var/lib/snapd/lib/gl{,32}/, + mount options=(rw bind) /usr/lib{,32}/nvidia-*/ -> /{tmp/snap.rootfs_*/,}var/lib/snapd/lib/gl{,32}/, + /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/{,*} w, + mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/, + mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/, + + # Vulkan support + /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/{,*} w, + mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/, + mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/, + + # GLVND EGL vendor + /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/{,*} w, + mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/, + mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/, + + # create gl dirs as needed + /tmp/snap.rootfs_*/ r, + /tmp/snap.rootfs_*/var/ r, + /tmp/snap.rootfs_*/var/lib/ r, + /tmp/snap.rootfs_*/var/lib/snapd/ r, + /tmp/snap.rootfs_*/var/lib/snapd/lib/ r, + /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/ r, + /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/** rw, + /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/ r, + /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/** rw, + /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/ r, + /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/** rw, + + # for chroot on steroids, we use pivot_root as a better chroot that makes + # apparmor rules behave the same on classic and outside of classic. + + # for creating the user data directories: ~/snap, ~/snap/ and + # ~/snap// + / r, + @{HOMEDIRS}/ r, + # These should both have 'owner' match but due to LP: #1466234, we can't + # yet + @{HOME}/ r, + @{HOME}/snap/{,*/,*/*/} rw, + + # experimental + @{HOME}/.snap/ rw, + @{HOME}/.snap/data/{,*/,*/*/} rw, + + # Special case for *classic* snaps that are used by users with existing dirs + # in /var/lib/. Like jenkins, postgresql, mysql, puppet, ... + # (see https://forum.snapcraft.io/t/9717) + # TODO: this can be removed once we support home-dirs outside of /home + # better + /var/ r, + /var/lib/ r, + # These should both have 'owner' match but due to LP: #1466234, we can't + # yet + /var/lib/*/ r, + /var/lib/*/snap/{,*/,*/*/} rw, + + # for creating the user shared memory directories + /{dev,run}/{,shm/} r, + # This should both have 'owner' match but due to LP: #1466234, we can't yet + /{dev,run}/shm/{,*/,*/*/} rw, + + # for creating the user XDG_RUNTIME_DIR: /run/user, /run/user/UID and + # /run/user/UID/ + /run/user/{,[0-9]*/,[0-9]*/*/} rw, + + # Workaround https://launchpad.net/bugs/359338 until upstream handles + # stacked filesystems generally. + # encrypted ~/.Private and old-style encrypted $HOME + @{HOME}/.Private/ r, + @{HOME}/.Private/** mrwlk, + # new-style encrypted $HOME + @{HOMEDIRS}/.ecryptfs/*/.Private/ r, + @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk, + + # Allow snap-confine to move to the void, creating it if necessary. + /var/lib/snapd/void/ rw, + + # Allow snap-confine to read snap contexts + /var/lib/snapd/context/snap.* r, + + # Allow snap-confine to unmount stale mount namespaces. + umount /run/snapd/ns/*.mnt, + /run/snapd/ns/snap.*.fstab w, + # Allow snap-confine to read and write mount namespace information files. + /run/snapd/ns/snap.*.info rw, + # Required to correctly unmount bound mount namespace. + # See LP: #1735459 for details. + umount /, + + # support for locking + /run/snapd/lock/ rw, + /run/snapd/lock/*.lock rwk, + + # support for the mount namespace sharing + capability sys_ptrace, + # allow snap-confine to read /proc/1/ns/mnt + ptrace read peer=unconfined, + # https://forum.snapcraft.io/t/custom-kernel-error-on-readlinkat-in-mount-namespace/6097/21 + ptrace trace peer=unconfined, + + mount options=(rw rbind) /run/snapd/ns/ -> /run/snapd/ns/, + mount options=(private) -> /run/snapd/ns/, + / rw, + /run/ rw, + /run/snapd/ rw, + /run/snapd/ns/ rw, + /run/snapd/ns/*.lock rwk, + /run/snapd/ns/*.mnt rw, + ptrace (read, readby, tracedby) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper, + @{PROC}/*/mountinfo r, + capability sys_chroot, + capability sys_admin, + signal (send, receive) set=(abrt) peer=/usr/lib/snapd/snap-confine, + signal (send) set=(int) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper, + signal (send, receive) set=(int, alrm, exists) peer=/usr/lib/snapd/snap-confine, + signal (receive) set=(exists) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper, + + # workaround for linux 4.13/upstream, see + # https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813/3 + ptrace (trace, tracedby) peer=/usr/lib/snapd/snap-confine, + + # Allow reading snap cookies. + /var/lib/snapd/cookie/snap.* r, + + # For aa_change_hat() to go into ^mount-namespace-capture-helper + @{PROC}/[0-9]*/attr/{,apparmor/}current w, + + # As a special exception allow snap-confine to write to anything in /var/lib. + # This code should be changed to allow delegation so that snap-confine can + # inherit any file descriptor and pass it to the invoked application but + # this is not possible in apparmor yet. + # See https://bugs.launchpad.net/snapd/+bug/1815869 + /var/lib/** rw, + + ^mount-namespace-capture-helper (attach_disconnected) { + # We run privileged, so be fanatical about what we include and don't use + # any abstractions + /etc/ld.so.cache r, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}ld{-*,64}.so* mrix, + # libc, you are funny + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libc{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libpthread{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}librt{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libresolv{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libmount.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libblkid.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libuuid.so* mr, + # normal libs in order + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libapparmor.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcgmanager.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libdl{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih-dbus.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libdbus-1.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libseccomp.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcap.so* mr, + + /usr/lib/snapd/snap-confine mr, + + /dev/null rw, + /dev/full rw, + /dev/zero rw, + /dev/random r, + /dev/urandom r, + + capability sys_ptrace, + capability sys_admin, + # This allows us to read and bind mount the namespace file + / r, + @{PROC}/ r, + @{PROC}/*/ r, + @{PROC}/*/ns/ r, + @{PROC}/*/ns/mnt r, + /run/ r, + /run/snapd/ r, + /run/snapd/ns/ r, + /run/snapd/ns/*.mnt rw, + # NOTE: the source name is / even though we map /proc/123/ns/mnt + mount options=(rw bind) / -> /run/snapd/ns/*.mnt, + # This is the SIGALRM that we send and receive if a timeout expires + signal (send, receive) set=(alrm) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper, + # Those two rules are exactly the same but we don't know if the parent process is still alive + # and hence has the appropriate label or is already dead and hence has no label. + signal (send) set=(exists) peer=/usr/lib/snapd/snap-confine, + signal (send) set=(exists) peer=unconfined, + # This is so that we can abort + signal (send, receive) set=(abrt) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper, + # This is the signal we get if snap-confine dies (we subscribe to it with prctl) + signal (receive) set=(int) peer=/usr/lib/snapd/snap-confine, + # This allows snap-confine to be killed from the outside. + signal (receive) peer=unconfined, + # This allows snap-confine to wait for us + ptrace (read, trace, tracedby) peer=/usr/lib/snapd/snap-confine, + } + + # Allow snap-confine to be killed + signal (receive) peer=unconfined, + + # Allow switching to snap-update-ns with a per-snap profile. + change_profile -> snap-update-ns.*, + + # Allow executing snap-update-ns when... + + # ...snap-confine is, conceptually, re-executing and uses snap-update-ns + # from the distribution package. This is also the location used when using + # the core/base snap on all-snap systems. The variants here represent + # various locations of libexecdir across distributions. + /usr/lib{,exec,64}/snapd/snap-update-ns r, + + # ...snap-confine is not, conceptually, re-executing and uses + # snap-update-ns from the distribution package but we are already inside + # the constructed mount namespace so we must traverse "hostfs". The + # variants here represent various locations of libexecdir across + # distributions. + /var/lib/snapd/hostfs/usr/lib{,exec,64}/snapd/snap-update-ns r, + + # ..snap-confine is, conceptually, re-executing and uses snap-update-ns + # from the core or snapd snaps. Note that the location of the actual snap + # varies from distribution to distribution. The variants here represent + # different locations of snap mount directory across distributions. + /{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-update-ns r, + + # ...snap-confine is, conceptually, re-executing and uses snap-update-ns + # from the core snap or snapd snap, but we are already inside the + # constructed mount namespace. Here the apparmor kernel module + # re-constructs the path to snap-update-ns using the "hostfs" mount entry + # rather than the more "natural" /snap mount entry but we have no control + # over that. This is reported as (LP: #1716339). The variants here + # represent different locations of snap mount directory across + # distributions. + /var/lib/snapd/hostfs/{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-update-ns r, + + # Allow executing snap-discard-ns, just like the set for snap-update-ns + # above but with the key difference that snap-discard-ns does not + # have a dedicated profile so we need to inherit snap-confine's profile. + + /usr/lib{,exec,64}/snapd/snap-discard-ns rix, + /var/lib/snapd/hostfs/usr/lib{,exec,64}/snapd/snap-discard-ns rix, + /{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-discard-ns rix, + /var/lib/snapd/hostfs/{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-discard-ns rix, + + # Allow mounting /var/lib/jenkins from the host into the snap. + mount options=(rw rbind) /var/lib/jenkins/ -> /tmp/snap.rootfs_*/var/lib/jenkins/, + mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/jenkins/, + + # Suppress noisy file_inherit denials (LP: #1850552) until LP: #1849753 is + # fixed. + deny /dev/shm/.org.chromium.Chromium.* rw, + + # While snap-confine itself doesn't require unix rules and therefore all + # unix rules are implicitly denied, adding an explicit deny for unix to + # silence noisy denials breaks nested lxd. Until the cause is determined, + # do not use an explicit deny for unix. (LP: #1855355) + #deny unix, + + # Explicitly deny these accesses which show up on Arch to silence the + # denials for this unneeded access. + deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_files-[0-9]*.so* mr, + deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_mymachines.[0-9]*.so* mr, + deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_systemd.[0-9]*.so* mr, + deny /etc/nsswitch.conf r, + deny /etc/passwd r, +} diff --git a/etc/apparmor.d/usr.sbin.rsyslogd b/etc/apparmor.d/usr.sbin.rsyslogd new file mode 100644 index 0000000..3e74588 --- /dev/null +++ b/etc/apparmor.d/usr.sbin.rsyslogd @@ -0,0 +1,59 @@ +# Last Modified: Sun Sep 25 08:58:35 2011 +#include + +# Debugging the syslogger can be difficult if it can't write to the file +# that the kernel is logging denials to. In these cases, you can do the +# following: +# watch -n 1 'dmesg | tail -5' + +/usr/sbin/rsyslogd { + #include + #include + + capability sys_tty_config, + capability dac_override, + capability dac_read_search, + capability setuid, + capability setgid, + capability sys_nice, + capability syslog, + + unix (receive) type=dgram, + unix (receive) type=stream, + + # rsyslog configuration + /etc/rsyslog.conf r, + /etc/rsyslog.d/ r, + /etc/rsyslog.d/** r, + /{,var/}run/rsyslogd.pid{,.tmp} rwk, + /var/spool/rsyslog/ r, + /var/spool/rsyslog/** rwk, + + /usr/sbin/rsyslogd mr, + /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr, + + /dev/tty* rw, + /dev/xconsole rw, + @{PROC}/kmsg r, + + /dev/log rwl, + /{,var/}run/utmp rk, + /var/lib/*/dev/log rwl, + /var/spool/postfix/dev/log rwl, + /{,var/}run/systemd/notify w, + + # 'r' is needed when using imfile + /var/log/** rw, + + # Add these for mysql support + #/etc/mysql/my.cnf r, + #/{,var/}run/mysqld/mysqld.sock rw, + + # Add thes for postgresql support + ##include + ##include + #/{,var/}run/postgresql/.s.PGSQL.*[0-9] rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/etc/apparmor.d/usr.sbin.tcpdump b/etc/apparmor.d/usr.sbin.tcpdump new file mode 100644 index 0000000..d0a7037 --- /dev/null +++ b/etc/apparmor.d/usr.sbin.tcpdump @@ -0,0 +1,65 @@ +# vim:syntax=apparmor +#include + +/usr/sbin/tcpdump { + #include + #include + #include + + capability net_raw, + capability setuid, + capability setgid, + capability dac_override, + capability chown, + network raw, + network packet, + + # for -D + @{PROC}/bus/usb/ r, + @{PROC}/bus/usb/** r, + + # for finding an interface + /dev/ r, + @{PROC}/[0-9]*/net/dev r, + /sys/bus/usb/devices/ r, + /sys/class/net/ r, + /sys/devices/**/net/** r, + + # for -j + capability net_admin, + + # for tracing USB bus, which libpcap supports + /dev/usbmon* r, + /dev/bus/usb/ r, + /dev/bus/usb/** r, + + # for init_etherarray(), with -e + /etc/ethers r, + + # for USB probing (see libpcap-1.1.x/pcap-usb-linux.c:probe_devices()) + /dev/bus/usb/**/[0-9]* w, + + # for -z + /{usr/,}bin/gzip ixr, + /{usr/,}bin/bzip2 ixr, + + # for -F and -w + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + audit deny @{HOME}/bin/ rw, + audit deny @{HOME}/bin/** mrwkl, + owner @{HOME}/ r, + owner @{HOME}/** rw, + + # for -r, -F and -w + /**.[pP][cC][aA][pP] rw, + + # for convenience with -r (ie, read pcap files from other sources) + /var/log/snort/*log* r, + + /usr/sbin/tcpdump mr, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/etc/apparmor/init/network-interface-security/sbin.dhclient b/etc/apparmor/init/network-interface-security/sbin.dhclient new file mode 120000 index 0000000..ccdcb14 --- /dev/null +++ b/etc/apparmor/init/network-interface-security/sbin.dhclient @@ -0,0 +1 @@ +../../../apparmor.d/sbin.dhclient \ No newline at end of file diff --git a/etc/apparmor/parser.conf b/etc/apparmor/parser.conf new file mode 100644 index 0000000..641cf1d --- /dev/null +++ b/etc/apparmor/parser.conf @@ -0,0 +1,61 @@ +# parser.conf is a global AppArmor config file for the apparmor_parser +# +# It can be used to specify the default options for the parser, which +# can then be overriden by options passed on the command line. +# +# Leading whitespace is ignored and lines that begin with # are treated +# as comments. +# +# Config options are specified one per line using the same format as the +# longform command line options (without the preceding --). +# +# If a value is specified twice the last version to appear is used. + +## Suppress Warnings +#quiet + +## Be verbose +#verbose + +## Set additional include path +#Include /etc/apparmor.d/ +# or +#Include /usr/share/apparmor + + +## Set location of apparmor filesystem +#subdomainfs /sys/kernel/security/apparmor + +## Set match-string to use - for forcing compiler to treat different kernels +## the same +# match-string "pattern=aadfa audit perms=crwxamlk/ user::other" + +## Turn creating/updating of the cache on by default +#write-cache + +## Show cache hits +#show-cache + +## skip cached policy +#skip-cache + +## skip reading cache but allow updating +#skip-read-cache + + +#### Set Optimizaions. Multiple Optimizations can be set, one per line #### +# For supported optimizations see +# apparmor_parser --help=O + +## Turn on equivalence classes +#equiv + +## Turn off expr tree simplification +#Optimize=no-expr-simplify + +## Turn off DFA minimization +#Optimize=no-minimize + +## Adjust compression +#Optimize=compress-small +#Optimize=compress-fast diff --git a/etc/apport/blacklist.d/README.blacklist b/etc/apport/blacklist.d/README.blacklist new file mode 100644 index 0000000..a6adace --- /dev/null +++ b/etc/apport/blacklist.d/README.blacklist @@ -0,0 +1,4 @@ +# Blacklist for apport +# If an executable path appears on any line in any file in +# /etc/apport/blacklist.d/, apport will not generate a crash report +# for it. Matches are exact only at the moment (no globbing etc.). diff --git a/etc/apport/blacklist.d/apport b/etc/apport/blacklist.d/apport new file mode 100644 index 0000000..53b1fa5 --- /dev/null +++ b/etc/apport/blacklist.d/apport @@ -0,0 +1 @@ +/usr/bin/wine-preloader diff --git a/etc/apport/crashdb.conf b/etc/apport/crashdb.conf new file mode 100644 index 0000000..a365fa7 --- /dev/null +++ b/etc/apport/crashdb.conf @@ -0,0 +1,38 @@ +# map crash database names to CrashDatabase implementations and URLs + +default = 'ubuntu' + +def get_oem_project(): + '''Determine OEM project name from Distribution Channel Descriptor + + Return None if it cannot be determined or does not exist. + ''' + try: + dcd = open('/var/lib/ubuntu_dist_channel').read() + if dcd.startswith('canonical-oem-'): + return dcd.split('-')[2] + except IOError: + return None + +databases = { + 'ubuntu': { + 'impl': 'launchpad', + 'bug_pattern_url': 'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml', + 'dupdb_url': 'http://people.canonical.com/~ubuntu-archive/apport-duplicates', + 'distro': 'ubuntu', + 'problem_types': ['Bug', 'Package'], + 'escalation_tag': 'bugpattern-needed', + 'escalated_tag': 'bugpattern-written', + }, + 'canonical-oem': { + 'impl': 'launchpad', + 'bug_pattern_url': 'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml', + 'project': get_oem_project(), + }, + 'debug': { + # for debugging + 'impl': 'memory', + 'bug_pattern_url': '/tmp/bugpatterns.xml', + 'distro': 'debug' + }, +} diff --git a/etc/apt/apt.conf.d/01-vendor-ubuntu b/etc/apt/apt.conf.d/01-vendor-ubuntu new file mode 100644 index 0000000..30d25a7 --- /dev/null +++ b/etc/apt/apt.conf.d/01-vendor-ubuntu @@ -0,0 +1,2 @@ +Acquire::Changelogs::AlwaysOnline "true"; +Acquire::http::User-Agent-Non-Interactive "true"; diff --git a/etc/apt/apt.conf.d/01autoremove b/etc/apt/apt.conf.d/01autoremove new file mode 100644 index 0000000..478c571 --- /dev/null +++ b/etc/apt/apt.conf.d/01autoremove @@ -0,0 +1,41 @@ +APT +{ + NeverAutoRemove + { + "^firmware-linux.*"; + "^linux-firmware$"; + "^linux-image-[a-z0-9]*$"; + "^linux-image-[a-z0-9]*-[a-z0-9]*$"; + }; + + VersionedKernelPackages + { + # kernels + "linux-.*"; + "kfreebsd-.*"; + "gnumach-.*"; + # (out-of-tree) modules + ".*-modules"; + ".*-kernel"; + }; + + Never-MarkAuto-Sections + { + "metapackages"; + "contrib/metapackages"; + "non-free/metapackages"; + "restricted/metapackages"; + "universe/metapackages"; + "multiverse/metapackages"; + }; + + Move-Autobit-Sections + { + "oldlibs"; + "contrib/oldlibs"; + "non-free/oldlibs"; + "restricted/oldlibs"; + "universe/oldlibs"; + "multiverse/oldlibs"; + }; +}; diff --git a/etc/apt/apt.conf.d/01autoremove-postgresql b/etc/apt/apt.conf.d/01autoremove-postgresql new file mode 100644 index 0000000..3f473d1 --- /dev/null +++ b/etc/apt/apt.conf.d/01autoremove-postgresql @@ -0,0 +1,17 @@ +// File installed by postgresql-common. Currently not updated automatically, +// but might be in future releases. +// +// We mark all PostgreSQL packages as NeverAutoRemove because otherwise apt +// would remove the old postgresql-NN package when the "postgresql" meta +// package changes its dependencies to a new version, rendering the old +// database cluster inaccessible. As access to the cluster might depend on +// other modules (like datatypes), we use a pretty wide pattern here. We might +// tighten this to match only actually used PostgreSQL versions in the future. + +APT +{ + NeverAutoRemove + { + "^postgresql-"; + }; +}; diff --git a/etc/apt/apt.conf.d/10periodic b/etc/apt/apt.conf.d/10periodic new file mode 100644 index 0000000..d1922e3 --- /dev/null +++ b/etc/apt/apt.conf.d/10periodic @@ -0,0 +1,3 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "0"; +APT::Periodic::AutocleanInterval "0"; diff --git a/etc/apt/apt.conf.d/15update-stamp b/etc/apt/apt.conf.d/15update-stamp new file mode 100644 index 0000000..14ead83 --- /dev/null +++ b/etc/apt/apt.conf.d/15update-stamp @@ -0,0 +1 @@ +APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; diff --git a/etc/apt/apt.conf.d/20apt-esm-hook.conf b/etc/apt/apt.conf.d/20apt-esm-hook.conf new file mode 100644 index 0000000..0cc6823 --- /dev/null +++ b/etc/apt/apt.conf.d/20apt-esm-hook.conf @@ -0,0 +1,15 @@ +APT::Update::Post-Invoke-Stats { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true"; +}; + +APT::Install::Post-Invoke-Success { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true"; +}; + +APT::Install::Pre-Invoke { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"; +}; + +AptCli::Hooks::Upgrade { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true"; +}; diff --git a/etc/apt/apt.conf.d/20archive b/etc/apt/apt.conf.d/20archive new file mode 100644 index 0000000..a2ad262 --- /dev/null +++ b/etc/apt/apt.conf.d/20archive @@ -0,0 +1,3 @@ +APT::Archives::MaxAge "30"; +APT::Archives::MinAge "2"; +APT::Archives::MaxSize "500"; diff --git a/etc/apt/apt.conf.d/20auto-upgrades b/etc/apt/apt.conf.d/20auto-upgrades new file mode 100644 index 0000000..8d6d7c8 --- /dev/null +++ b/etc/apt/apt.conf.d/20auto-upgrades @@ -0,0 +1,2 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/etc/apt/apt.conf.d/20packagekit b/etc/apt/apt.conf.d/20packagekit new file mode 100644 index 0000000..705cc2f --- /dev/null +++ b/etc/apt/apt.conf.d/20packagekit @@ -0,0 +1,13 @@ +// THIS FILE IS USED TO INFORM PACKAGEKIT +// THAT THE UPDATE-INFO MIGHT HAVE CHANGED + +// Whenever dpkg is called we might have different updates +// i.e. if an user removes a package that had an update +DPkg::Post-Invoke { +"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; +}; + +// When Apt's cache is updated (i.e. apt-cache update) +APT::Update::Post-Invoke-Success { +"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; +}; diff --git a/etc/apt/apt.conf.d/20snapd.conf b/etc/apt/apt.conf.d/20snapd.conf new file mode 100644 index 0000000..11f9721 --- /dev/null +++ b/etc/apt/apt.conf.d/20snapd.conf @@ -0,0 +1 @@ +AptCli::Hooks::Install { "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"; }; diff --git a/etc/apt/apt.conf.d/50command-not-found b/etc/apt/apt.conf.d/50command-not-found new file mode 100644 index 0000000..320662b --- /dev/null +++ b/etc/apt/apt.conf.d/50command-not-found @@ -0,0 +1,16 @@ +## This file is provided by command-not-found(1) to download +## Commands metadata files. + +Acquire::IndexTargets { + # The deb822 metadata files + deb::CNF { + MetaKey "$(COMPONENT)/cnf/Commands-$(NATIVE_ARCHITECTURE)"; + ShortDescription "Commands-$(NATIVE_ARCHITECTURE)"; + Description "$(RELEASE)/$(COMPONENT) $(NATIVE_ARCHITECTURE) c-n-f Metadata"; + }; +}; + +# Refresh AppStream cache when APT's cache is updated (i.e. apt update) +APT::Update::Post-Invoke-Success { + "if /usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null; fi"; +}; diff --git a/etc/apt/apt.conf.d/50unattended-upgrades b/etc/apt/apt.conf.d/50unattended-upgrades new file mode 100644 index 0000000..4e5ff8b --- /dev/null +++ b/etc/apt/apt.conf.d/50unattended-upgrades @@ -0,0 +1,131 @@ +// Automatically upgrade packages from these (origin:archive) pairs +// +// Note that in Ubuntu security updates may pull in new dependencies +// from non-security sources (e.g. chromium). By allowing the release +// pocket these get automatically pulled in. +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}"; + "${distro_id}:${distro_codename}-security"; + // Extended Security Maintenance; doesn't necessarily exist for + // every release and this system may not have it installed, but if + // available, the policy for updates is such that unattended-upgrades + // should also install from here by default. + "${distro_id}ESMApps:${distro_codename}-apps-security"; + "${distro_id}ESM:${distro_codename}-infra-security"; +// "${distro_id}:${distro_codename}-updates"; +// "${distro_id}:${distro_codename}-proposed"; +// "${distro_id}:${distro_codename}-backports"; +}; + +// Python regular expressions, matching packages to exclude from upgrading +Unattended-Upgrade::Package-Blacklist { + // The following matches all packages starting with linux- +// "linux-"; + + // Use $ to explicitely define the end of a package name. Without + // the $, "libc6" would match all of them. +// "libc6$"; +// "libc6-dev$"; +// "libc6-i686$"; + + // Special characters need escaping +// "libstdc\+\+6$"; + + // The following matches packages like xen-system-amd64, xen-utils-4.1, + // xenstore-utils and libxenstore3.0 +// "(lib)?xen(store)?"; + + // For more information about Python regular expressions, see + // https://docs.python.org/3/howto/regex.html +}; + +// This option controls whether the development release of Ubuntu will be +// upgraded automatically. Valid values are "true", "false", and "auto". +Unattended-Upgrade::DevRelease "auto"; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "true"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGTERM. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all updates when the machine is shutting down +// instead of doing it in the background while the machine is running. +// This will (obviously) make shutdown slower. +// Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s. +// This allows more time for unattended-upgrades to shut down gracefully +// or even install a few packages in InstallOnShutdown mode, but is still a +// big step back from the 30 minutes allowed for InstallOnShutdown previously. +// Users enabling InstallOnShutdown mode are advised to increase +// InhibitDelayMaxSec even further, possibly to 30 minutes. +//Unattended-Upgrade::InstallOnShutdown "false"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +//Unattended-Upgrade::Mail ""; + +// Set this value to one of: +// "always", "only-on-error" or "on-change" +// If this is not set, then any legacy MailOnlyOnError (boolean) value +// is used to chose between "only-on-error" and "on-change" +//Unattended-Upgrade::MailReport "on-change"; + +// Remove unused automatically installed kernel-related packages +// (kernel images, kernel headers and kernel version locked tools). +//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; + +// Do automatic removal of newly unused dependencies after the upgrade +//Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; + +// Do automatic removal of unused packages after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + +// Automatically reboot even if there are users currently logged in +// when Unattended-Upgrade::Automatic-Reboot is set to true +//Unattended-Upgrade::Automatic-Reboot-WithUsers "true"; + +// If automatic reboot is enabled and needed, reboot at the specific +// time instead of immediately +// Default: "now" +//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; + +// Enable logging to syslog. Default is False +// Unattended-Upgrade::SyslogEnable "false"; + +// Specify syslog facility. Default is daemon +// Unattended-Upgrade::SyslogFacility "daemon"; + +// Download and install upgrades only on AC power +// (i.e. skip or gracefully stop updates on battery) +// Unattended-Upgrade::OnlyOnACPower "true"; + +// Download and install upgrades only on non-metered connection +// (i.e. skip or gracefully stop updates on a metered connection) +// Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true"; + +// Verbose logging +// Unattended-Upgrade::Verbose "false"; + +// Print debugging information both in unattended-upgrades and +// in unattended-upgrade-shutdown +// Unattended-Upgrade::Debug "false"; + +// Allow package downgrade if Pin-Priority exceeds 1000 +// Unattended-Upgrade::Allow-downgrade "false"; diff --git a/etc/apt/apt.conf.d/70debconf b/etc/apt/apt.conf.d/70debconf new file mode 100644 index 0000000..0c8b4ca --- /dev/null +++ b/etc/apt/apt.conf.d/70debconf @@ -0,0 +1,3 @@ +// Pre-configure all packages with debconf before they are installed. +// If you don't like it, comment it out. +DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";}; diff --git a/etc/apt/apt.conf.d/99update-notifier b/etc/apt/apt.conf.d/99update-notifier new file mode 100644 index 0000000..21acb0c --- /dev/null +++ b/etc/apt/apt.conf.d/99update-notifier @@ -0,0 +1,2 @@ +DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";}; +APT::Update::Post-Invoke-Success {"/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";}; diff --git a/etc/apt/sources.list b/etc/apt/sources.list new file mode 100644 index 0000000..5b5b3d2 --- /dev/null +++ b/etc/apt/sources.list @@ -0,0 +1,49 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://us.archive.ubuntu.com/ubuntu focal main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://us.archive.ubuntu.com/ubuntu focal-updates main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://us.archive.ubuntu.com/ubuntu focal universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal universe +deb http://us.archive.ubuntu.com/ubuntu focal-updates universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://us.archive.ubuntu.com/ubuntu focal multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal multiverse +deb http://us.archive.ubuntu.com/ubuntu focal-updates multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu focal partner +# deb-src http://archive.canonical.com/ubuntu focal partner + +deb http://us.archive.ubuntu.com/ubuntu focal-security main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security main restricted +deb http://us.archive.ubuntu.com/ubuntu focal-security universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security universe +deb http://us.archive.ubuntu.com/ubuntu focal-security multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security multiverse diff --git a/etc/apt/sources.list.curtin.old b/etc/apt/sources.list.curtin.old new file mode 100644 index 0000000..6898cca --- /dev/null +++ b/etc/apt/sources.list.curtin.old @@ -0,0 +1,49 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://archive.ubuntu.com/ubuntu/ focal main restricted +# deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted +# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://archive.ubuntu.com/ubuntu/ focal universe +# deb-src http://archive.ubuntu.com/ubuntu/ focal universe +deb http://archive.ubuntu.com/ubuntu/ focal-updates universe +# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://archive.ubuntu.com/ubuntu/ focal multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ focal multiverse +deb http://archive.ubuntu.com/ubuntu/ focal-updates multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu focal partner +# deb-src http://archive.canonical.com/ubuntu focal partner + +deb http://security.ubuntu.com/ubuntu/ focal-security main restricted +# deb-src http://security.ubuntu.com/ubuntu/ focal-security main restricted +deb http://security.ubuntu.com/ubuntu/ focal-security universe +# deb-src http://security.ubuntu.com/ubuntu/ focal-security universe +deb http://security.ubuntu.com/ubuntu/ focal-security multiverse +# deb-src http://security.ubuntu.com/ubuntu/ focal-security multiverse diff --git a/etc/apt/sources.list.d/git-core-ubuntu-ppa-focal.list b/etc/apt/sources.list.d/git-core-ubuntu-ppa-focal.list new file mode 100644 index 0000000..df2aa70 --- /dev/null +++ b/etc/apt/sources.list.d/git-core-ubuntu-ppa-focal.list @@ -0,0 +1,2 @@ +deb http://ppa.launchpad.net/git-core/ppa/ubuntu focal main +# deb-src http://ppa.launchpad.net/git-core/ppa/ubuntu focal main diff --git a/etc/apt/sources.list.save b/etc/apt/sources.list.save new file mode 100644 index 0000000..5b5b3d2 --- /dev/null +++ b/etc/apt/sources.list.save @@ -0,0 +1,49 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://us.archive.ubuntu.com/ubuntu focal main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://us.archive.ubuntu.com/ubuntu focal-updates main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://us.archive.ubuntu.com/ubuntu focal universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal universe +deb http://us.archive.ubuntu.com/ubuntu focal-updates universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://us.archive.ubuntu.com/ubuntu focal multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal multiverse +deb http://us.archive.ubuntu.com/ubuntu focal-updates multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu focal partner +# deb-src http://archive.canonical.com/ubuntu focal partner + +deb http://us.archive.ubuntu.com/ubuntu focal-security main restricted +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security main restricted +deb http://us.archive.ubuntu.com/ubuntu focal-security universe +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security universe +deb http://us.archive.ubuntu.com/ubuntu focal-security multiverse +# deb-src http://us.archive.ubuntu.com/ubuntu focal-security multiverse diff --git a/etc/apt/trusted.gpg.d/git-core_ubuntu_ppa.gpg b/etc/apt/trusted.gpg.d/git-core_ubuntu_ppa.gpg new file mode 100644 index 0000000..ff66e3d Binary files /dev/null and b/etc/apt/trusted.gpg.d/git-core_ubuntu_ppa.gpg differ diff --git a/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg b/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg new file mode 100644 index 0000000..7752314 Binary files /dev/null and b/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg differ diff --git a/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg b/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg new file mode 100644 index 0000000..63271f9 Binary files /dev/null and b/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg differ diff --git a/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg b/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg new file mode 100644 index 0000000..1cc9f3f Binary files /dev/null and b/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg differ diff --git a/etc/at.deny b/etc/at.deny new file mode 100644 index 0000000..0d5a382 --- /dev/null +++ b/etc/at.deny @@ -0,0 +1,24 @@ +alias +backup +bin +daemon +ftp +games +gnats +guest +irc +lp +mail +man +nobody +operator +proxy +qmaild +qmaill +qmailp +qmailq +qmailr +qmails +sync +sys +www-data diff --git a/etc/bash.bashrc b/etc/bash.bashrc new file mode 100644 index 0000000..ec92e54 --- /dev/null +++ b/etc/bash.bashrc @@ -0,0 +1,71 @@ +# System-wide .bashrc file for interactive bash(1) shells. + +# To enable the settings / commands in this file for login shells as well, +# this file has to be sourced in /etc/profile. + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, overwrite the one in /etc/profile) +# but only if not SUDOing and have SUDO_PS1 set; then assume smart user. +if ! [ -n "${SUDO_USER}" -a -n "${SUDO_PS1}" ]; then + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi + +# Commented out, don't overwrite xterm -T "title" -n "icontitle" by default. +# If this is an xterm set the title to user@host:dir +#case "$TERM" in +#xterm*|rxvt*) +# PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"' +# ;; +#*) +# ;; +#esac + +# enable bash completion in interactive shells +#if ! shopt -oq posix; then +# if [ -f /usr/share/bash-completion/bash_completion ]; then +# . /usr/share/bash-completion/bash_completion +# elif [ -f /etc/bash_completion ]; then +# . /etc/bash_completion +# fi +#fi + +# sudo hint +if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then + case " $(groups) " in *\ admin\ *|*\ sudo\ *) + if [ -x /usr/bin/sudo ]; then + cat <<-EOF + To run a command as administrator (user "root"), use "sudo ". + See "man sudo_root" for details. + + EOF + fi + esac +fi + +# if the command-not-found package is installed, use it +if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then + function command_not_found_handle { + # check because c-n-f could've been removed in the meantime + if [ -x /usr/lib/command-not-found ]; then + /usr/lib/command-not-found -- "$1" + return $? + elif [ -x /usr/share/command-not-found/command-not-found ]; then + /usr/share/command-not-found/command-not-found -- "$1" + return $? + else + printf "%s: command not found\n" "$1" >&2 + return 127 + fi + } +fi diff --git a/etc/bash_completion b/etc/bash_completion new file mode 100644 index 0000000..41ffe59 --- /dev/null +++ b/etc/bash_completion @@ -0,0 +1 @@ +. /usr/share/bash-completion/bash_completion diff --git a/etc/bash_completion.d/apport_completion b/etc/bash_completion.d/apport_completion new file mode 100644 index 0000000..13b02da --- /dev/null +++ b/etc/bash_completion.d/apport_completion @@ -0,0 +1,268 @@ +# +# Apport bash-completion +# +############################################################################### + +# get available symptoms +_apport_symptoms () +{ + local syms + if [ -r /usr/share/apport/symptoms ]; then + for FILE in $(ls /usr/share/apport/symptoms); do + # hide utility files and symptoms that don't have a run() function + if [[ ! "$FILE" =~ ^_.* && -n $(egrep "^def run\s*\(.*\):" /usr/share/apport/symptoms/$FILE) ]]; then + syms="$syms ${FILE%.py}" + fi + done + fi + echo $syms + +} + +# completion when used without parameters +_apport_parameterless () +{ + local param + # parameter-less completion + # param= COMMAND parameters + # package names + # PIDs + # Symptoms + # any file + param="$dashoptions \ + $( apt-cache pkgnames $cur 2> /dev/null ) \ + $( command ps axo pid | sed 1d ) \ + $( _apport_symptoms ) \ + $( compgen -G "${cur}*" )" + COMPREPLY=( $( compgen -W "$param" -- $cur) ) + +} + +# apport-bug ubuntu-bug completion +_apport-bug () +{ + local cur dashoptions prev param + + COMPREPLY=() + cur=`_get_cword` + prev=${COMP_WORDS[COMP_CWORD-1]} + + + # available options + dashoptions='-h --help --save -v --version --tag -w --window' + + case "$prev" in + ubuntu-bug | apport-bug) + case "$cur" in + -*) + # parameter completion + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + + ;; + *) + # no parameter given + _apport_parameterless + + ;; + esac + + ;; + --save) + COMPREPLY=( $( compgen -o default -G "$cur*" ) ) + + ;; + -w | --window) + dashoptions="--save --tag" + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + ;; + -h | --help | -v | --version | --tag) + # standalone parameters + return 0 + + ;; + *) + # --save and --window make only sense once + dashoptions="--tag" + if ! [[ "${COMP_WORDS[*]}" =~ .*--save.* ]]; then + dashoptions="--save $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--window.* || "${COMP_WORDS[*]}" =~ .*\ -w\ .* ]]; then + dashoptions="-w --window $dashoptions" + fi + + case "$cur" in + -*) + # parameter completion + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + + ;; + *) + _apport_parameterless + + ;; + esac + + ;; + esac +} + +# apport-cli completion +_apport-cli () +{ + local cur dashoptions prev param + + COMPREPLY=() + cur=`_get_cword` + prev=${COMP_WORDS[COMP_CWORD-1]} + + + # available options + dashoptions='-h --help -f --file-bug -u --update-bug -s --symptom \ + -c --crash-file --save -v --version --tag -w --window' + + case "$prev" in + apport-cli) + case "$cur" in + -*) + # parameter completion + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + + ;; + *) + # no parameter given + _apport_parameterless + + ;; + esac + + ;; + -f | --file-bug) + param="-P --pid -p --package -s --symptom" + COMPREPLY=( $( compgen -W "$param $(_apport_symptoms)" -- $cur) ) + + ;; + -s | --symptom) + COMPREPLY=( $( compgen -W "$(_apport_symptoms)" -- $cur) ) + + ;; + --save) + COMPREPLY=( $( compgen -o default -G "$cur*" ) ) + + ;; + -c | --crash-file) + # only show *.apport *.crash files + COMPREPLY=( $( compgen -G "${cur}*.apport" + compgen -G "${cur}*.crash" ) ) + + ;; + -w | --window) + dashoptions="--save --tag" + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + ;; + -h | --help | -v | --version | --tag) + # standalone parameters + return 0 + + ;; + *) + dashoptions='--tag' + + # most parameters only make sense once + if ! [[ "${COMP_WORDS[*]}" =~ .*--save.* ]]; then + dashoptions="--save $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--window.* || "${COMP_WORDS[*]}" =~ .*\ -w\ .* ]]; then + dashoptions="-w --window $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--symptom.* || "${COMP_WORDS[*]}" =~ .*\ -s\ .* ]]; then + dashoptions="-s --symptom $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--update.* || "${COMP_WORDS[*]}" =~ .*\ -u\ .* ]]; then + dashoptions="-u --update $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--file-bug.* || "${COMP_WORDS[*]}" =~ .*\ -f\ .* ]]; then + dashoptions="-f --file-bug $dashoptions" + fi + if ! [[ "${COMP_WORDS[*]}" =~ .*--crash-file.* || "${COMP_WORDS[*]}" =~ .*\ -c\ .* ]]; then + dashoptions="-c --crash-file $dashoptions" + fi + + # use same completion as if no parameter is given + case "$cur" in + -*) + # parameter completion + COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) ) + + ;; + *) + _apport_parameterless + + ;; + esac + + ;; + esac +} + +# apport-unpack completion +_apport-unpack () +{ + local cur prev + + COMPREPLY=() + cur=`_get_cword` + prev=${COMP_WORDS[COMP_CWORD-1]} + + case "$prev" in + apport-unpack) + # only show *.apport *.crash files + COMPREPLY=( $( compgen -G "${cur}*.apport" + compgen -G "${cur}*.crash" ) ) + + ;; + esac +} + +# apport-collect completion +_apport-collect () +{ + local cur prev + + COMPREPLY=() + cur=`_get_cword` + prev=${COMP_WORDS[COMP_CWORD-1]} + + case "$prev" in + apport-collect) + COMPREPLY=( $( compgen -W "-p --package --tag" -- $cur) ) + + ;; + -p | --package) + # list package names + COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) ) + + ;; + --tag) + # standalone parameter + return 0 + ;; + *) + # only complete -p/--package once + if [[ "${COMP_WORDS[*]}" =~ .*\ -p.* || "${COMP_WORDS[*]}" =~ .*--package.* ]]; then + COMPREPLY=( $( compgen -W "--tag" -- $cur) ) + else + COMPREPLY=( $( compgen -W "-p --package --tag" -- $cur) ) + fi + + ;; + esac +} + +# bind completion to apport commands +complete -F _apport-bug -o filenames -o dirnames ubuntu-bug +complete -F _apport-bug -o filenames -o dirnames apport-bug +complete -F _apport-cli -o filenames -o dirnames apport-cli +complete -F _apport-unpack -o filenames -o dirnames apport-unpack +complete -F _apport-collect apport-collect + +# vi: syntax=bash diff --git a/etc/bash_completion.d/git-prompt b/etc/bash_completion.d/git-prompt new file mode 100644 index 0000000..8b5852a --- /dev/null +++ b/etc/bash_completion.d/git-prompt @@ -0,0 +1,11 @@ +# In git versions < 1.7.12, this shell library was part of the +# git completion script. +# +# Some users rely on the __git_ps1 function becoming available +# when bash-completion is loaded. Continue to load this library +# at bash-completion startup for now, to ease the transition to a +# world order where the prompt function is requested separately. +# +if [[ -e /usr/lib/git-core/git-sh-prompt ]]; then + . /usr/lib/git-core/git-sh-prompt +fi diff --git a/etc/bash_completion.d/python-argcomplete b/etc/bash_completion.d/python-argcomplete new file mode 100644 index 0000000..86e7815 --- /dev/null +++ b/etc/bash_completion.d/python-argcomplete @@ -0,0 +1,106 @@ +# Copyright 2012-2021, Andrey Kislyuk and argcomplete contributors. +# Licensed under the Apache License. See https://github.com/kislyuk/argcomplete for more info. + +# Copy of __expand_tilde_by_ref from bash-completion +__python_argcomplete_expand_tilde_by_ref () { + if [ "${!1:0:1}" = "~" ]; then + if [ "${!1}" != "${!1//\/}" ]; then + eval $1="${!1/%\/*}"/'${!1#*/}'; + else + eval $1="${!1}"; + fi; + fi +} + +# Run something, muting output or redirecting it to the debug stream +# depending on the value of _ARC_DEBUG. +# If ARGCOMPLETE_USE_TEMPFILES is set, use tempfiles for IPC. +__python_argcomplete_run() { + if [[ -z "${ARGCOMPLETE_USE_TEMPFILES-}" ]]; then + __python_argcomplete_run_inner "$@" + return + fi + local tmpfile="$(mktemp)" + _ARGCOMPLETE_STDOUT_FILENAME="$tmpfile" __python_argcomplete_run_inner "$@" + local code=$? + cat "$tmpfile" + rm "$tmpfile" + return $code +} + +__python_argcomplete_run_inner() { + if [[ -z "${_ARC_DEBUG-}" ]]; then + "$@" 8>&1 9>&2 1>/dev/null 2>&1 + else + "$@" 8>&1 9>&2 1>&9 2>&1 + fi +} + +# Scan the beginning of an executable file ($1) for a regexp ($2). By default, +# scan for the magic string indicating that the executable supports the +# argcomplete completion protocol. By default, scan the first kilobyte; +# if $3 is set to -n, scan until the first line break up to a kilobyte. +__python_argcomplete_scan_head() { + read -s -r ${3:--N} 1024 < "$1" + [[ "$REPLY" =~ ${2:-PYTHON_ARGCOMPLETE_OK} ]] +} + +__python_argcomplete_scan_head_noerr() { + __python_argcomplete_scan_head "$@" 2>/dev/null +} + +_python_argcomplete_global() { + local executable=$1 + __python_argcomplete_expand_tilde_by_ref executable + + local ARGCOMPLETE=0 + if [[ "$executable" == python* ]] || [[ "$executable" == pypy* ]]; then + if [[ "${COMP_WORDS[1]}" == -m ]]; then + if __python_argcomplete_run "$executable" -m argcomplete._check_module "${COMP_WORDS[2]}"; then + ARGCOMPLETE=3 + else + return + fi + elif [[ -f "${COMP_WORDS[1]}" ]] && __python_argcomplete_scan_head_noerr "${COMP_WORDS[1]}"; then + local ARGCOMPLETE=2 + else + return + fi + elif type -P "$executable" >/dev/null 2>&1; then + local SCRIPT_NAME=$(type -P "$executable") + if (type -t pyenv && [[ "$SCRIPT_NAME" = $(pyenv root)/shims/* ]]) >/dev/null 2>&1; then + local SCRIPT_NAME=$(pyenv which "$executable") + fi + if __python_argcomplete_scan_head_noerr "$SCRIPT_NAME"; then + local ARGCOMPLETE=1 + elif __python_argcomplete_scan_head_noerr "$SCRIPT_NAME" '^#!(.*)$' -n && [[ "${BASH_REMATCH[1]}" =~ ^.*(python|pypy)[0-9\.]*$ ]]; then + local interpreter="$BASH_REMATCH" + if (__python_argcomplete_scan_head_noerr "$SCRIPT_NAME" "(PBR Generated)|(EASY-INSTALL-(SCRIPT|ENTRY-SCRIPT|DEV-SCRIPT))" \ + && "$interpreter" "$(type -P python-argcomplete-check-easy-install-script)" "$SCRIPT_NAME") >/dev/null 2>&1; then + local ARGCOMPLETE=1 + elif __python_argcomplete_run "$interpreter" -m argcomplete._check_console_script "$SCRIPT_NAME"; then + local ARGCOMPLETE=1 + fi + fi + fi + + if [[ $ARGCOMPLETE != 0 ]]; then + local IFS=$(echo -e '\v') + COMPREPLY=( $(_ARGCOMPLETE_IFS="$IFS" \ + COMP_LINE="$COMP_LINE" \ + COMP_POINT="$COMP_POINT" \ + COMP_TYPE="$COMP_TYPE" \ + _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS" \ + _ARGCOMPLETE=$ARGCOMPLETE \ + _ARGCOMPLETE_SUPPRESS_SPACE=1 \ + __python_argcomplete_run "$executable" "${COMP_WORDS[@]:1:ARGCOMPLETE-1}") ) + if [[ $? != 0 ]]; then + unset COMPREPLY + elif [[ "${COMPREPLY-}" =~ [=/:]$ ]]; then + compopt -o nospace + fi + else + type -t _completion_loader | grep -q 'function' && _completion_loader "$@" + fi +} +complete -o default -o bashdefault -D -F _python_argcomplete_global diff --git a/etc/bindresvport.blacklist b/etc/bindresvport.blacklist new file mode 100644 index 0000000..1dc056e --- /dev/null +++ b/etc/bindresvport.blacklist @@ -0,0 +1,15 @@ +# +# This file contains a list of port numbers between 600 and 1024, +# which should not be used by bindresvport. bindresvport is mostly +# called by RPC services. This mostly solves the problem, that a +# RPC service uses a well known port of another service. +# +631 # cups +636 # ldaps +655 # tinc +774 # rpasswd +783 # spamd +873 # rsync +921 # lwresd +993 # imaps +995 # pops diff --git a/etc/byobu/backend b/etc/byobu/backend new file mode 100644 index 0000000..d71e61c --- /dev/null +++ b/etc/byobu/backend @@ -0,0 +1,4 @@ +# BYOBU_BACKEND can currently be "screen" or "tmux" +# Override this on a per-user basis by editing "$BYOBU_CONFIG_DIR/backend" +# or by launching either "byobu-screen" or "byobu-tmux" instead of "byobu". +BYOBU_BACKEND="tmux" diff --git a/etc/byobu/socketdir b/etc/byobu/socketdir new file mode 100644 index 0000000..05ab041 --- /dev/null +++ b/etc/byobu/socketdir @@ -0,0 +1,11 @@ +# Set the location of the socket directory that byobu will use. +# On Debian/Ubuntu systems, this is in /var/run/screen, but on +# other distros, it might be elsewhere, such as /tmp/screens +# depending on your compilation. +# +# This file will be sourced by both shell scripts and python code, +# so please ensure that: +# * the variable name is SOCKETDIR +# * there is no space around the "=" +# * and that the path value is quoted +SOCKETDIR="/var/run/screen" diff --git a/etc/ca-certificates.conf b/etc/ca-certificates.conf new file mode 100644 index 0000000..b31cfb2 --- /dev/null +++ b/etc/ca-certificates.conf @@ -0,0 +1,167 @@ +# This file lists certificates that you wish to use or to ignore to be +# installed in /etc/ssl/certs. +# update-ca-certificates(8) will update /etc/ssl/certs by reading this file. +# +# This is autogenerated by dpkg-reconfigure ca-certificates. +# Certificates should be installed under /usr/share/ca-certificates +# and files with extension '.crt' is recognized as available certs. +# +# line begins with # is comment. +# line begins with ! is certificate filename to be deselected. +# +mozilla/ACCVRAIZ1.crt +mozilla/AC_RAIZ_FNMT-RCM.crt +mozilla/Actalis_Authentication_Root_CA.crt +!mozilla/AddTrust_External_Root.crt +mozilla/AffirmTrust_Commercial.crt +mozilla/AffirmTrust_Networking.crt +mozilla/AffirmTrust_Premium.crt +mozilla/AffirmTrust_Premium_ECC.crt +mozilla/Amazon_Root_CA_1.crt +mozilla/Amazon_Root_CA_2.crt +mozilla/Amazon_Root_CA_3.crt +mozilla/Amazon_Root_CA_4.crt +mozilla/Atos_TrustedRoot_2011.crt +mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt +mozilla/Baltimore_CyberTrust_Root.crt +mozilla/Buypass_Class_2_Root_CA.crt +mozilla/Buypass_Class_3_Root_CA.crt +mozilla/CA_Disig_Root_R2.crt +mozilla/CFCA_EV_ROOT.crt +mozilla/COMODO_Certification_Authority.crt +mozilla/COMODO_ECC_Certification_Authority.crt +mozilla/COMODO_RSA_Certification_Authority.crt +mozilla/Certigna.crt +!mozilla/Certinomis_-_Root_CA.crt +!mozilla/Certplus_Class_2_Primary_CA.crt +mozilla/Certum_Trusted_Network_CA.crt +mozilla/Certum_Trusted_Network_CA_2.crt +!mozilla/Chambers_of_Commerce_Root_-_2008.crt +mozilla/Comodo_AAA_Services_root.crt +mozilla/Cybertrust_Global_Root.crt +mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt +mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt +!mozilla/DST_Root_CA_X3.crt +!mozilla/Deutsche_Telekom_Root_CA_2.crt +mozilla/DigiCert_Assured_ID_Root_CA.crt +mozilla/DigiCert_Assured_ID_Root_G2.crt +mozilla/DigiCert_Assured_ID_Root_G3.crt +mozilla/DigiCert_Global_Root_CA.crt +mozilla/DigiCert_Global_Root_G2.crt +mozilla/DigiCert_Global_Root_G3.crt +mozilla/DigiCert_High_Assurance_EV_Root_CA.crt +mozilla/DigiCert_Trusted_Root_G4.crt +mozilla/E-Tugra_Certification_Authority.crt +mozilla/EC-ACC.crt +!mozilla/EE_Certification_Centre_Root_CA.crt +mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt +mozilla/Entrust_Root_Certification_Authority.crt +mozilla/Entrust_Root_Certification_Authority_-_EC1.crt +mozilla/Entrust_Root_Certification_Authority_-_G2.crt +mozilla/GDCA_TrustAUTH_R5_ROOT.crt +!mozilla/GeoTrust_Global_CA.crt +!mozilla/GeoTrust_Primary_Certification_Authority.crt +!mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt +!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt +!mozilla/GeoTrust_Universal_CA.crt +!mozilla/GeoTrust_Universal_CA_2.crt +mozilla/GlobalSign_ECC_Root_CA_-_R4.crt +mozilla/GlobalSign_ECC_Root_CA_-_R5.crt +mozilla/GlobalSign_Root_CA.crt +mozilla/GlobalSign_Root_CA_-_R2.crt +mozilla/GlobalSign_Root_CA_-_R3.crt +mozilla/GlobalSign_Root_CA_-_R6.crt +!mozilla/Global_Chambersign_Root_-_2008.crt +mozilla/Go_Daddy_Class_2_CA.crt +mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt +mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt +mozilla/Hongkong_Post_Root_CA_1.crt +mozilla/ISRG_Root_X1.crt +mozilla/IdenTrust_Commercial_Root_CA_1.crt +mozilla/IdenTrust_Public_Sector_Root_CA_1.crt +mozilla/Izenpe.com.crt +!mozilla/LuxTrust_Global_Root_2.crt +mozilla/Microsec_e-Szigno_Root_CA_2009.crt +mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt +mozilla/Network_Solutions_Certificate_Authority.crt +!mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt +mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt +mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt +!mozilla/QuoVadis_Root_CA.crt +mozilla/QuoVadis_Root_CA_1_G3.crt +mozilla/QuoVadis_Root_CA_2.crt +mozilla/QuoVadis_Root_CA_2_G3.crt +mozilla/QuoVadis_Root_CA_3.crt +mozilla/QuoVadis_Root_CA_3_G3.crt +mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt +mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt +mozilla/SSL.com_Root_Certification_Authority_ECC.crt +mozilla/SSL.com_Root_Certification_Authority_RSA.crt +mozilla/SZAFIR_ROOT_CA2.crt +mozilla/SecureSign_RootCA11.crt +mozilla/SecureTrust_CA.crt +mozilla/Secure_Global_CA.crt +mozilla/Security_Communication_RootCA2.crt +mozilla/Security_Communication_Root_CA.crt +!mozilla/Sonera_Class_2_Root_CA.crt +mozilla/Staat_der_Nederlanden_EV_Root_CA.crt +!mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt +!mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt +mozilla/Starfield_Class_2_CA.crt +mozilla/Starfield_Root_Certificate_Authority_-_G2.crt +mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt +mozilla/SwissSign_Gold_CA_-_G2.crt +mozilla/SwissSign_Silver_CA_-_G2.crt +mozilla/T-TeleSec_GlobalRoot_Class_2.crt +mozilla/T-TeleSec_GlobalRoot_Class_3.crt +mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt +mozilla/TWCA_Global_Root_CA.crt +mozilla/TWCA_Root_Certification_Authority.crt +!mozilla/Taiwan_GRCA.crt +mozilla/TeliaSonera_Root_CA_v1.crt +mozilla/TrustCor_ECA-1.crt +mozilla/TrustCor_RootCert_CA-1.crt +mozilla/TrustCor_RootCert_CA-2.crt +!mozilla/Trustis_FPS_Root_CA.crt +mozilla/USERTrust_ECC_Certification_Authority.crt +mozilla/USERTrust_RSA_Certification_Authority.crt +!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt +!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt +!mozilla/VeriSign_Universal_Root_Certification_Authority.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt +mozilla/XRamp_Global_CA_Root.crt +mozilla/certSIGN_ROOT_CA.crt +mozilla/ePKI_Root_Certification_Authority.crt +!mozilla/thawte_Primary_Root_CA.crt +!mozilla/thawte_Primary_Root_CA_-_G2.crt +!mozilla/thawte_Primary_Root_CA_-_G3.crt +mozilla/Certigna_Root_CA.crt +mozilla/Entrust_Root_Certification_Authority_-_G4.crt +mozilla/GTS_Root_R1.crt +mozilla/GTS_Root_R2.crt +mozilla/GTS_Root_R3.crt +mozilla/GTS_Root_R4.crt +mozilla/Hongkong_Post_Root_CA_3.crt +mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt +mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt +mozilla/NAVER_Global_Root_Certification_Authority.crt +mozilla/Trustwave_Global_Certification_Authority.crt +mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt +mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt +mozilla/UCA_Extended_Validation_Root.crt +mozilla/UCA_Global_G2_Root.crt +mozilla/certSIGN_Root_CA_G2.crt +mozilla/e-Szigno_Root_CA_2017.crt +mozilla/emSign_ECC_Root_CA_-_C3.crt +mozilla/emSign_ECC_Root_CA_-_G3.crt +mozilla/emSign_Root_CA_-_C1.crt +mozilla/emSign_Root_CA_-_G1.crt +mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt +mozilla/ANF_Secure_Server_Root_CA.crt +mozilla/Certum_EC-384_CA.crt +mozilla/Certum_Trusted_Root_CA.crt +mozilla/GlobalSign_Root_E46.crt +mozilla/GlobalSign_Root_R46.crt +mozilla/GLOBALTRUST_2020.crt diff --git a/etc/ca-certificates.conf.dpkg-old b/etc/ca-certificates.conf.dpkg-old new file mode 100644 index 0000000..3aad53e --- /dev/null +++ b/etc/ca-certificates.conf.dpkg-old @@ -0,0 +1,160 @@ +# This file lists certificates that you wish to use or to ignore to be +# installed in /etc/ssl/certs. +# update-ca-certificates(8) will update /etc/ssl/certs by reading this file. +# +# This is autogenerated by dpkg-reconfigure ca-certificates. +# Certificates should be installed under /usr/share/ca-certificates +# and files with extension '.crt' is recognized as available certs. +# +# line begins with # is comment. +# line begins with ! is certificate filename to be deselected. +# +mozilla/ACCVRAIZ1.crt +mozilla/AC_RAIZ_FNMT-RCM.crt +mozilla/Actalis_Authentication_Root_CA.crt +!mozilla/AddTrust_External_Root.crt +mozilla/AffirmTrust_Commercial.crt +mozilla/AffirmTrust_Networking.crt +mozilla/AffirmTrust_Premium.crt +mozilla/AffirmTrust_Premium_ECC.crt +mozilla/Amazon_Root_CA_1.crt +mozilla/Amazon_Root_CA_2.crt +mozilla/Amazon_Root_CA_3.crt +mozilla/Amazon_Root_CA_4.crt +mozilla/Atos_TrustedRoot_2011.crt +mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt +mozilla/Baltimore_CyberTrust_Root.crt +mozilla/Buypass_Class_2_Root_CA.crt +mozilla/Buypass_Class_3_Root_CA.crt +mozilla/CA_Disig_Root_R2.crt +mozilla/CFCA_EV_ROOT.crt +mozilla/COMODO_Certification_Authority.crt +mozilla/COMODO_ECC_Certification_Authority.crt +mozilla/COMODO_RSA_Certification_Authority.crt +mozilla/Certigna.crt +!mozilla/Certinomis_-_Root_CA.crt +!mozilla/Certplus_Class_2_Primary_CA.crt +mozilla/Certum_Trusted_Network_CA.crt +mozilla/Certum_Trusted_Network_CA_2.crt +mozilla/Chambers_of_Commerce_Root_-_2008.crt +mozilla/Comodo_AAA_Services_root.crt +mozilla/Cybertrust_Global_Root.crt +mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt +mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt +!mozilla/DST_Root_CA_X3.crt +!mozilla/Deutsche_Telekom_Root_CA_2.crt +mozilla/DigiCert_Assured_ID_Root_CA.crt +mozilla/DigiCert_Assured_ID_Root_G2.crt +mozilla/DigiCert_Assured_ID_Root_G3.crt +mozilla/DigiCert_Global_Root_CA.crt +mozilla/DigiCert_Global_Root_G2.crt +mozilla/DigiCert_Global_Root_G3.crt +mozilla/DigiCert_High_Assurance_EV_Root_CA.crt +mozilla/DigiCert_Trusted_Root_G4.crt +mozilla/E-Tugra_Certification_Authority.crt +mozilla/EC-ACC.crt +!mozilla/EE_Certification_Centre_Root_CA.crt +mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt +mozilla/Entrust_Root_Certification_Authority.crt +mozilla/Entrust_Root_Certification_Authority_-_EC1.crt +mozilla/Entrust_Root_Certification_Authority_-_G2.crt +mozilla/GDCA_TrustAUTH_R5_ROOT.crt +!mozilla/GeoTrust_Global_CA.crt +!mozilla/GeoTrust_Primary_Certification_Authority.crt +mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt +!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt +!mozilla/GeoTrust_Universal_CA.crt +!mozilla/GeoTrust_Universal_CA_2.crt +mozilla/GlobalSign_ECC_Root_CA_-_R4.crt +mozilla/GlobalSign_ECC_Root_CA_-_R5.crt +mozilla/GlobalSign_Root_CA.crt +mozilla/GlobalSign_Root_CA_-_R2.crt +mozilla/GlobalSign_Root_CA_-_R3.crt +mozilla/GlobalSign_Root_CA_-_R6.crt +mozilla/Global_Chambersign_Root_-_2008.crt +mozilla/Go_Daddy_Class_2_CA.crt +mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt +mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt +mozilla/Hongkong_Post_Root_CA_1.crt +mozilla/ISRG_Root_X1.crt +mozilla/IdenTrust_Commercial_Root_CA_1.crt +mozilla/IdenTrust_Public_Sector_Root_CA_1.crt +mozilla/Izenpe.com.crt +!mozilla/LuxTrust_Global_Root_2.crt +mozilla/Microsec_e-Szigno_Root_CA_2009.crt +mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt +mozilla/Network_Solutions_Certificate_Authority.crt +!mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt +mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt +mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt +mozilla/QuoVadis_Root_CA.crt +mozilla/QuoVadis_Root_CA_1_G3.crt +mozilla/QuoVadis_Root_CA_2.crt +mozilla/QuoVadis_Root_CA_2_G3.crt +mozilla/QuoVadis_Root_CA_3.crt +mozilla/QuoVadis_Root_CA_3_G3.crt +mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt +mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt +mozilla/SSL.com_Root_Certification_Authority_ECC.crt +mozilla/SSL.com_Root_Certification_Authority_RSA.crt +mozilla/SZAFIR_ROOT_CA2.crt +mozilla/SecureSign_RootCA11.crt +mozilla/SecureTrust_CA.crt +mozilla/Secure_Global_CA.crt +mozilla/Security_Communication_RootCA2.crt +mozilla/Security_Communication_Root_CA.crt +mozilla/Sonera_Class_2_Root_CA.crt +mozilla/Staat_der_Nederlanden_EV_Root_CA.crt +!mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt +mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt +mozilla/Starfield_Class_2_CA.crt +mozilla/Starfield_Root_Certificate_Authority_-_G2.crt +mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt +mozilla/SwissSign_Gold_CA_-_G2.crt +mozilla/SwissSign_Silver_CA_-_G2.crt +mozilla/T-TeleSec_GlobalRoot_Class_2.crt +mozilla/T-TeleSec_GlobalRoot_Class_3.crt +mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt +mozilla/TWCA_Global_Root_CA.crt +mozilla/TWCA_Root_Certification_Authority.crt +!mozilla/Taiwan_GRCA.crt +mozilla/TeliaSonera_Root_CA_v1.crt +mozilla/TrustCor_ECA-1.crt +mozilla/TrustCor_RootCert_CA-1.crt +mozilla/TrustCor_RootCert_CA-2.crt +mozilla/Trustis_FPS_Root_CA.crt +mozilla/USERTrust_ECC_Certification_Authority.crt +mozilla/USERTrust_RSA_Certification_Authority.crt +!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt +!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt +mozilla/VeriSign_Universal_Root_Certification_Authority.crt +!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt +mozilla/XRamp_Global_CA_Root.crt +mozilla/certSIGN_ROOT_CA.crt +mozilla/ePKI_Root_Certification_Authority.crt +!mozilla/thawte_Primary_Root_CA.crt +!mozilla/thawte_Primary_Root_CA_-_G2.crt +!mozilla/thawte_Primary_Root_CA_-_G3.crt +mozilla/Certigna_Root_CA.crt +mozilla/Entrust_Root_Certification_Authority_-_G4.crt +mozilla/GTS_Root_R1.crt +mozilla/GTS_Root_R2.crt +mozilla/GTS_Root_R3.crt +mozilla/GTS_Root_R4.crt +mozilla/Hongkong_Post_Root_CA_3.crt +mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt +mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt +mozilla/NAVER_Global_Root_Certification_Authority.crt +mozilla/Trustwave_Global_Certification_Authority.crt +mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt +mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt +mozilla/UCA_Extended_Validation_Root.crt +mozilla/UCA_Global_G2_Root.crt +mozilla/certSIGN_Root_CA_G2.crt +mozilla/e-Szigno_Root_CA_2017.crt +mozilla/emSign_ECC_Root_CA_-_C3.crt +mozilla/emSign_ECC_Root_CA_-_G3.crt +mozilla/emSign_Root_CA_-_C1.crt +mozilla/emSign_Root_CA_-_G1.crt diff --git a/etc/calendar/default b/etc/calendar/default new file mode 100644 index 0000000..fa52180 --- /dev/null +++ b/etc/calendar/default @@ -0,0 +1,15 @@ +/* This is the system-wide default calendar file, used if calendar(1) + * is invoked by a user without a ~/calendar or ~/.calendar/calendar file. + * It may be edited or even deleted to reflect local policy. + * + * In the standard setup, we simply include the default calendar + * definitions from /usr/share/calendar/calendar.all. If you want + * only some of those definitions, copy calendar.all to /etc/calendar + * and edit it there. That way, your changes will be kept next time + * you upgrade. + * + * The search path for include files is: + * /etc/calendar + * /usr/share/calendar + */ +#include "calendar.all" diff --git a/etc/cloud/cloud.cfg b/etc/cloud/cloud.cfg new file mode 100644 index 0000000..493363a --- /dev/null +++ b/etc/cloud/cloud.cfg @@ -0,0 +1,137 @@ +# The top level settings are used as module +# and system configuration. +# A set of users which may be applied and/or used by various modules +# when a 'default' entry is found it will reference the 'default_user' +# from the distro configuration specified below +users: + - default + + +# If this is set, 'root' will not be able to ssh in and they +# will get a message to login instead as the default $user +disable_root: true + +# This will cause the set+update hostname module to not operate (if true) +preserve_hostname: false + +# If you use datasource_list array, keep array items in a single line. +# If you use multi line array, ds-identify script won't read array items. +# Example datasource config +# datasource: +# Ec2: +# metadata_urls: [ 'blah.com' ] +# timeout: 5 # (defaults to 50 seconds) +# max_wait: 10 # (defaults to 120 seconds) + + + + +# The modules that run in the 'init' stage +cloud_init_modules: + - migrator + - seed_random + - bootcmd + - write-files + - growpart + - resizefs + - disk_setup + - mounts + - set_hostname + - update_hostname + - update_etc_hosts + - ca-certs + - rsyslog + - users-groups + - ssh + +# The modules that run in the 'config' stage +cloud_config_modules: + - snap + - ssh-import-id + - keyboard + - locale + - set-passwords + - grub-dpkg + - apt-pipelining + - apt-configure + - ubuntu-advantage + - ntp + - timezone + - disable-ec2-metadata + - runcmd + - byobu + +# The modules that run in the 'final' stage +cloud_final_modules: + - package-update-upgrade-install + - fan + - landscape + - lxd + - ubuntu-drivers + - write-files-deferred + - puppet + - chef + - mcollective + - salt-minion + - reset_rmc + - refresh_rmc_and_interface + - rightscale_userdata + - scripts-vendor + - scripts-per-once + - scripts-per-boot + - scripts-per-instance + - scripts-user + - ssh-authkey-fingerprints + - keys-to-console + - install-hotplug + - phone-home + - final-message + - power-state-change + +# System and/or distro specific settings +# (not accessible to handlers/transforms) +system_info: + # This will affect which distro class gets used + distro: ubuntu + # Default user name + that default users groups (if added/used) + default_user: + name: ubuntu + lock_passwd: True + gecos: Ubuntu + groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, video] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/bash + network: + renderers: ['netplan', 'eni', 'sysconfig'] + # Automatically discover the best ntp_client + ntp_client: auto + # Other config here will be given to the distro class and/or path classes + paths: + cloud_dir: /var/lib/cloud/ + templates_dir: /etc/cloud/templates/ + package_mirrors: + - arches: [i386, amd64] + failsafe: + primary: http://archive.ubuntu.com/ubuntu + security: http://security.ubuntu.com/ubuntu + search: + primary: + - http://%(ec2_region)s.ec2.archive.ubuntu.com/ubuntu/ + - http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/ + - http://%(region)s.clouds.archive.ubuntu.com/ubuntu/ + security: [] + - arches: [arm64, armel, armhf] + failsafe: + primary: http://ports.ubuntu.com/ubuntu-ports + security: http://ports.ubuntu.com/ubuntu-ports + search: + primary: + - http://%(ec2_region)s.ec2.ports.ubuntu.com/ubuntu-ports/ + - http://%(availability_zone)s.clouds.ports.ubuntu.com/ubuntu-ports/ + - http://%(region)s.clouds.ports.ubuntu.com/ubuntu-ports/ + security: [] + - arches: [default] + failsafe: + primary: http://ports.ubuntu.com/ubuntu-ports + security: http://ports.ubuntu.com/ubuntu-ports + ssh_svcname: ssh diff --git a/etc/cloud/cloud.cfg.d/05_logging.cfg b/etc/cloud/cloud.cfg.d/05_logging.cfg new file mode 100644 index 0000000..bf917a9 --- /dev/null +++ b/etc/cloud/cloud.cfg.d/05_logging.cfg @@ -0,0 +1,71 @@ +## This yaml formated config file handles setting +## logger information. The values that are necessary to be set +## are seen at the bottom. The top '_log' are only used to remove +## redundency in a syslog and fallback-to-file case. +## +## The 'log_cfgs' entry defines a list of logger configs +## Each entry in the list is tried, and the first one that +## works is used. If a log_cfg list entry is an array, it will +## be joined with '\n'. +_log: + - &log_base | + [loggers] + keys=root,cloudinit + + [handlers] + keys=consoleHandler,cloudLogHandler + + [formatters] + keys=simpleFormatter,arg0Formatter + + [logger_root] + level=DEBUG + handlers=consoleHandler,cloudLogHandler + + [logger_cloudinit] + level=DEBUG + qualname=cloudinit + handlers= + propagate=1 + + [handler_consoleHandler] + class=StreamHandler + level=WARNING + formatter=arg0Formatter + args=(sys.stderr,) + + [formatter_arg0Formatter] + format=%(asctime)s - %(filename)s[%(levelname)s]: %(message)s + + [formatter_simpleFormatter] + format=[CLOUDINIT] %(filename)s[%(levelname)s]: %(message)s + - &log_file | + [handler_cloudLogHandler] + class=FileHandler + level=DEBUG + formatter=arg0Formatter + args=('/var/log/cloud-init.log', 'a', 'UTF-8') + - &log_syslog | + [handler_cloudLogHandler] + class=handlers.SysLogHandler + level=DEBUG + formatter=simpleFormatter + args=("/dev/log", handlers.SysLogHandler.LOG_USER) + +log_cfgs: +# Array entries in this list will be joined into a string +# that defines the configuration. +# +# If you want logs to go to syslog, uncomment the following line. +# - [ *log_base, *log_syslog ] +# +# The default behavior is to just log to a file. +# This mechanism that does not depend on a system service to operate. + - [ *log_base, *log_file ] +# A file path can also be used. +# - /etc/log.conf + +# This tells cloud-init to redirect its stdout and stderr to +# 'tee -a /var/log/cloud-init-output.log' so the user can see output +# there without needing to look on the console. +output: {all: '| tee -a /var/log/cloud-init-output.log'} diff --git a/etc/cloud/cloud.cfg.d/90_dpkg.cfg b/etc/cloud/cloud.cfg.d/90_dpkg.cfg new file mode 100644 index 0000000..ae84c2a --- /dev/null +++ b/etc/cloud/cloud.cfg.d/90_dpkg.cfg @@ -0,0 +1,2 @@ +# to update this file, run dpkg-reconfigure cloud-init +datasource_list: [ NoCloud, ConfigDrive, OpenNebula, DigitalOcean, Azure, AltCloud, OVF, MAAS, GCE, OpenStack, CloudSigma, SmartOS, Bigstep, Scaleway, AliYun, Ec2, CloudStack, Hetzner, IBMCloud, Oracle, Exoscale, RbxCloud, None ] diff --git a/etc/cloud/cloud.cfg.d/99-installer.cfg b/etc/cloud/cloud.cfg.d/99-installer.cfg new file mode 100644 index 0000000..b5d374f --- /dev/null +++ b/etc/cloud/cloud.cfg.d/99-installer.cfg @@ -0,0 +1,9 @@ +datasource: + None: + metadata: {instance-id: 0c9fadfa-d9b5-4803-b80f-e43373b8f08f} + userdata_raw: "#cloud-config\ngrowpart: {mode: 'off'}\nlocale: en_US.UTF-8\npreserve_hostname:\ + \ true\nresize_rootfs: false\nssh_pwauth: true\nusers:\n- gecos: gamesguru\n\ + \ groups: [adm, cdrom, dip, plugdev, lxd, sudo]\n lock_passwd: false\n name:\ + \ gamesguru\n passwd: $6$Q39uw97PX6PbbANJ$6zAMBK4YnOA0C2L3OvtDhdhRfL5JvNuYiADqTLH2cvkjgY639XTCKsprNN1TidRyaxfVbQOnLeui/6ozUcFiN1\n\ + \ shell: /bin/bash\n" +datasource_list: [None] diff --git a/etc/cloud/cloud.cfg.d/README b/etc/cloud/cloud.cfg.d/README new file mode 100644 index 0000000..036b80b --- /dev/null +++ b/etc/cloud/cloud.cfg.d/README @@ -0,0 +1,3 @@ +# All files with the '.cfg' extension in this directory will be read by +# cloud-init. They are read in lexical order. Later files overwrite values in +# earlier files. diff --git a/etc/cloud/cloud.cfg.d/curtin-preserve-sources.cfg b/etc/cloud/cloud.cfg.d/curtin-preserve-sources.cfg new file mode 100644 index 0000000..ee294f4 --- /dev/null +++ b/etc/cloud/cloud.cfg.d/curtin-preserve-sources.cfg @@ -0,0 +1,2 @@ +apt: + preserve_sources_list: true diff --git a/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg b/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg new file mode 100644 index 0000000..f144451 --- /dev/null +++ b/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg @@ -0,0 +1 @@ +network: {config: disabled} diff --git a/etc/cloud/ds-identify.cfg b/etc/cloud/ds-identify.cfg new file mode 100644 index 0000000..a1ecd2c --- /dev/null +++ b/etc/cloud/ds-identify.cfg @@ -0,0 +1 @@ +policy: enabled diff --git a/etc/cloud/templates/chef_client.rb.tmpl b/etc/cloud/templates/chef_client.rb.tmpl new file mode 100644 index 0000000..b9d5817 --- /dev/null +++ b/etc/cloud/templates/chef_client.rb.tmpl @@ -0,0 +1,64 @@ +## template:jinja +{# +This file is only utilized if the module 'cc_chef' is enabled in +cloud-config. Specifically, in order to enable it +you need to add the following to config: + chef: + validation_key: XYZ + validation_cert: XYZ + validation_name: XYZ + server_url: XYZ +-#} +{{generated_by}} +{# +The reason these are not in quotes is because they are ruby +symbols that will be placed inside here, and not actual strings... +#} +{% if chef_license %} +chef_license "{{chef_license}}" +{% endif%} +{% if log_level %} +log_level {{log_level}} +{% endif %} +{% if ssl_verify_mode %} +ssl_verify_mode {{ssl_verify_mode}} +{% endif %} +{% if log_location %} +log_location "{{log_location}}" +{% endif %} +{% if validation_name %} +validation_client_name "{{validation_name}}" +{% endif %} +{% if validation_cert %} +validation_key "{{validation_key}}" +{% endif %} +{% if client_key %} +client_key "{{client_key}}" +{% endif %} +{% if server_url %} +chef_server_url "{{server_url}}" +{% endif %} +{% if environment %} +environment "{{environment}}" +{% endif %} +{% if node_name %} +node_name "{{node_name}}" +{% endif %} +{% if json_attribs %} +json_attribs "{{json_attribs}}" +{% endif %} +{% if file_cache_path %} +file_cache_path "{{file_cache_path}}" +{% endif %} +{% if file_backup_path %} +file_backup_path "{{file_backup_path}}" +{% endif %} +{% if pid_file %} +pid_file "{{pid_file}}" +{% endif %} +{% if show_time %} +Chef::Log::Formatter.show_time = true +{% endif %} +{% if encrypted_data_bag_secret %} +encrypted_data_bag_secret "{{encrypted_data_bag_secret}}" +{% endif %} diff --git a/etc/cloud/templates/chrony.conf.alpine.tmpl b/etc/cloud/templates/chrony.conf.alpine.tmpl new file mode 100644 index 0000000..45efc18 --- /dev/null +++ b/etc/cloud/templates/chrony.conf.alpine.tmpl @@ -0,0 +1,38 @@ +## template:jinja +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# This directive specifies the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specifies the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/etc/cloud/templates/chrony.conf.debian.tmpl b/etc/cloud/templates/chrony.conf.debian.tmpl new file mode 100644 index 0000000..661bf04 --- /dev/null +++ b/etc/cloud/templates/chrony.conf.debian.tmpl @@ -0,0 +1,39 @@ +## template:jinja +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + diff --git a/etc/cloud/templates/chrony.conf.fedora.tmpl b/etc/cloud/templates/chrony.conf.fedora.tmpl new file mode 100644 index 0000000..8551f79 --- /dev/null +++ b/etc/cloud/templates/chrony.conf.fedora.tmpl @@ -0,0 +1,48 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/etc/cloud/templates/chrony.conf.opensuse.tmpl b/etc/cloud/templates/chrony.conf.opensuse.tmpl new file mode 100644 index 0000000..a3d3e0e --- /dev/null +++ b/etc/cloud/templates/chrony.conf.opensuse.tmpl @@ -0,0 +1,38 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Allow NTP client access from local network. +#allow 192.168/16 + +# Serve time even if not synchronized to any NTP server. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/etc/cloud/templates/chrony.conf.photon.tmpl b/etc/cloud/templates/chrony.conf.photon.tmpl new file mode 100644 index 0000000..8551f79 --- /dev/null +++ b/etc/cloud/templates/chrony.conf.photon.tmpl @@ -0,0 +1,48 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/etc/cloud/templates/chrony.conf.rhel.tmpl b/etc/cloud/templates/chrony.conf.rhel.tmpl new file mode 100644 index 0000000..5b3542e --- /dev/null +++ b/etc/cloud/templates/chrony.conf.rhel.tmpl @@ -0,0 +1,45 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/etc/cloud/templates/chrony.conf.sles.tmpl b/etc/cloud/templates/chrony.conf.sles.tmpl new file mode 100644 index 0000000..a3d3e0e --- /dev/null +++ b/etc/cloud/templates/chrony.conf.sles.tmpl @@ -0,0 +1,38 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Allow NTP client access from local network. +#allow 192.168/16 + +# Serve time even if not synchronized to any NTP server. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/etc/cloud/templates/chrony.conf.ubuntu.tmpl b/etc/cloud/templates/chrony.conf.ubuntu.tmpl new file mode 100644 index 0000000..50a6f51 --- /dev/null +++ b/etc/cloud/templates/chrony.conf.ubuntu.tmpl @@ -0,0 +1,42 @@ +## template:jinja +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. + +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board +# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for +# more information. +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/etc/cloud/templates/hosts.alpine.tmpl b/etc/cloud/templates/hosts.alpine.tmpl new file mode 100644 index 0000000..98ae55e --- /dev/null +++ b/etc/cloud/templates/hosts.alpine.tmpl @@ -0,0 +1,25 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.alpine.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.alpine.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +# The following lines are desirable for IPv4 capable hosts +127.0.1.1 {{hostname}} {{fqdn}} +127.0.0.1 localhost localhost.localdomain +127.0.0.1 localhost4 localhost4.localdomain4 + +# The following lines are desirable for IPv6 capable hosts +::1 {{hostname}} {{fqdn}} +::1 localhost6 localhost6.localdomain6 + +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/etc/cloud/templates/hosts.arch.tmpl b/etc/cloud/templates/hosts.arch.tmpl new file mode 100644 index 0000000..b80ba61 --- /dev/null +++ b/etc/cloud/templates/hosts.arch.tmpl @@ -0,0 +1,23 @@ +## template:jinja +{# +This file (/etc/cloud/templates/hosts.arch.tmpl) is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.arch.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +{# The value '{{hostname}}' will be replaced with the local-hostname -#} +127.0.1.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/etc/cloud/templates/hosts.debian.tmpl b/etc/cloud/templates/hosts.debian.tmpl new file mode 100644 index 0000000..afeccf9 --- /dev/null +++ b/etc/cloud/templates/hosts.debian.tmpl @@ -0,0 +1,23 @@ +## template:jinja +{# +This file (/etc/cloud/templates/hosts.debian.tmpl) is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +{# The value '{{hostname}}' will be replaced with the local-hostname -#} +127.0.1.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/etc/cloud/templates/hosts.freebsd.tmpl b/etc/cloud/templates/hosts.freebsd.tmpl new file mode 100644 index 0000000..5cd5d3b --- /dev/null +++ b/etc/cloud/templates/hosts.freebsd.tmpl @@ -0,0 +1,23 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.freebsd.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.freebsd.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data + +# The following lines are desirable for IPv6 capable hosts +::1 {{fqdn}} {{hostname}} +::1 localhost.localdomain localhost +::1 localhost6.localdomain6 localhost6 + +# The following lines are desirable for IPv4 capable hosts +127.0.0.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost4.localdomain4 localhost4 diff --git a/etc/cloud/templates/hosts.gentoo.tmpl b/etc/cloud/templates/hosts.gentoo.tmpl new file mode 100644 index 0000000..cc5e6f0 --- /dev/null +++ b/etc/cloud/templates/hosts.gentoo.tmpl @@ -0,0 +1,23 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.gentoo.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.gentoo.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +# The following lines are desirable for IPv4 capable hosts +127.0.0.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost4.localdomain4 localhost4 + +# The following lines are desirable for IPv6 capable hosts +::1 {{fqdn}} {{hostname}} +::1 localhost.localdomain localhost +::1 localhost6.localdomain6 localhost6 diff --git a/etc/cloud/templates/hosts.photon.tmpl b/etc/cloud/templates/hosts.photon.tmpl new file mode 100644 index 0000000..0fd6f72 --- /dev/null +++ b/etc/cloud/templates/hosts.photon.tmpl @@ -0,0 +1,22 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.photon.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.photon.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +# The following lines are desirable for IPv4 capable hosts +127.0.0.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost4.localdomain4 localhost4 + +# The following lines are desirable for IPv6 capable hosts +::1 {{fqdn}} {{hostname}} +::1 localhost6.localdomain6 localhost6 diff --git a/etc/cloud/templates/hosts.redhat.tmpl b/etc/cloud/templates/hosts.redhat.tmpl new file mode 100644 index 0000000..bc5da32 --- /dev/null +++ b/etc/cloud/templates/hosts.redhat.tmpl @@ -0,0 +1,24 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.redhat.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.redhat.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +# The following lines are desirable for IPv4 capable hosts +127.0.0.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost4.localdomain4 localhost4 + +# The following lines are desirable for IPv6 capable hosts +::1 {{fqdn}} {{hostname}} +::1 localhost.localdomain localhost +::1 localhost6.localdomain6 localhost6 + diff --git a/etc/cloud/templates/hosts.suse.tmpl b/etc/cloud/templates/hosts.suse.tmpl new file mode 100644 index 0000000..5d7953f --- /dev/null +++ b/etc/cloud/templates/hosts.suse.tmpl @@ -0,0 +1,32 @@ +## template:jinja +{# +This file /etc/cloud/templates/hosts.suse.tmpl is only utilized +if enabled in cloud-config. Specifically, in order to enable it +you need to add the following to config: + manage_etc_hosts: True +-#} +# Your system has configured 'manage_etc_hosts' as True. +# As a result, if you wish for changes to this file to persist +# then you will need to either +# a.) make changes to the master file in /etc/cloud/templates/hosts.suse.tmpl +# b.) change or remove the value of 'manage_etc_hosts' in +# /etc/cloud/cloud.cfg or cloud-config from user-data +# +# The following lines are desirable for IPv4 capable hosts +127.0.1.1 {{fqdn}} {{hostname}} +127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost4.localdomain4 localhost4 + +# The following lines are desirable for IPv6 capable hosts +::1 {{fqdn}} {{hostname}} +::1 localhost.localdomain localhost +::1 localhost6.localdomain6 localhost6 +::1 localhost ipv6-localhost ipv6-loopback + + +fe00::0 ipv6-localnet +ff00::0 ipv6-mcastprefix +ff02::1 ipv6-allnodes +ff02::2 ipv6-allrouters +ff02::3 ipv6-allhosts + diff --git a/etc/cloud/templates/ntp.conf.alpine.tmpl b/etc/cloud/templates/ntp.conf.alpine.tmpl new file mode 100644 index 0000000..59ca8fc --- /dev/null +++ b/etc/cloud/templates/ntp.conf.alpine.tmpl @@ -0,0 +1,10 @@ +## template:jinja +# /etc/ntp.conf +# +# Configuration for Busybox ntpd - it only supports "server" lines. + +{% if servers %}# Servers +{% endif %} +{% for server in servers -%} +server {{server}} +{% endfor %} diff --git a/etc/cloud/templates/ntp.conf.debian.tmpl b/etc/cloud/templates/ntp.conf.debian.tmpl new file mode 100644 index 0000000..affe983 --- /dev/null +++ b/etc/cloud/templates/ntp.conf.debian.tmpl @@ -0,0 +1,64 @@ +## template:jinja + +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will +# pick a different set every time it starts up. Please consider joining the +# pool: +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Needed for adding pool entries +restrict source notrap nomodify noquery + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/etc/cloud/templates/ntp.conf.fedora.tmpl b/etc/cloud/templates/ntp.conf.fedora.tmpl new file mode 100644 index 0000000..af7b1b0 --- /dev/null +++ b/etc/cloud/templates/ntp.conf.fedora.tmpl @@ -0,0 +1,66 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats + +# Disable the monitoring facility to prevent amplification attacks using ntpdc +# monlist command when default restrict does not include the noquery flag. See +# CVE-2013-5211 for more details. +# Note: Monitoring will not be disabled with the limited restriction flag. +disable monitor diff --git a/etc/cloud/templates/ntp.conf.opensuse.tmpl b/etc/cloud/templates/ntp.conf.opensuse.tmpl new file mode 100644 index 0000000..f3ab565 --- /dev/null +++ b/etc/cloud/templates/ntp.conf.opensuse.tmpl @@ -0,0 +1,88 @@ +## template:jinja + +## +## Radio and modem clocks by convention have addresses in the +## form 127.127.t.u, where t is the clock type and u is a unit +## number in the range 0-3. +## +## Most of these clocks require support in the form of a +## serial port or special bus peripheral. The particular +## device is normally specified by adding a soft link +## /dev/device-u to the particular hardware device involved, +## where u correspond to the unit number above. +## +## Generic DCF77 clock on serial port (Conrad DCF77) +## Address: 127.127.8.u +## Serial Port: /dev/refclock-u +## +## (create soft link /dev/refclock-0 to the particular ttyS?) +## +# server 127.127.8.0 mode 5 prefer + +## +## Undisciplined Local Clock. This is a fake driver intended for backup +## and when no outside source of synchronized time is available. +## +# server 127.127.1.0 # local clock (LCL) +# fudge 127.127.1.0 stratum 10 # LCL is unsynchronized + +## +## Add external Servers using +## # rcntpd addserver +## The servers will only be added to the currently running instance, not +## to /etc/ntp.conf. +## +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default notrap nomodify nopeer noquery +restrict -6 default notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + +## +## Miscellaneous stuff +## + +driftfile /var/lib/ntp/drift/ntp.drift # path for drift file + +logfile /var/log/ntp # alternate log file +# logconfig =syncstatus + sysevents +# logconfig =all + +# statsdir /tmp/ # directory for statistics files +# filegen peerstats file peerstats type day enable +# filegen loopstats file loopstats type day enable +# filegen clockstats file clockstats type day enable + +# +# Authentication stuff +# +keys /etc/ntp.keys # path for keys file +trustedkey 1 # define trusted keys +requestkey 1 # key (7) for accessing server variables +controlkey 1 # key (6) for accessing server variables + diff --git a/etc/cloud/templates/ntp.conf.photon.tmpl b/etc/cloud/templates/ntp.conf.photon.tmpl new file mode 100644 index 0000000..4d4910d --- /dev/null +++ b/etc/cloud/templates/ntp.conf.photon.tmpl @@ -0,0 +1,61 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/etc/cloud/templates/ntp.conf.rhel.tmpl b/etc/cloud/templates/ntp.conf.rhel.tmpl new file mode 100644 index 0000000..62b4776 --- /dev/null +++ b/etc/cloud/templates/ntp.conf.rhel.tmpl @@ -0,0 +1,61 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/etc/cloud/templates/ntp.conf.sles.tmpl b/etc/cloud/templates/ntp.conf.sles.tmpl new file mode 100644 index 0000000..f3ab565 --- /dev/null +++ b/etc/cloud/templates/ntp.conf.sles.tmpl @@ -0,0 +1,88 @@ +## template:jinja + +## +## Radio and modem clocks by convention have addresses in the +## form 127.127.t.u, where t is the clock type and u is a unit +## number in the range 0-3. +## +## Most of these clocks require support in the form of a +## serial port or special bus peripheral. The particular +## device is normally specified by adding a soft link +## /dev/device-u to the particular hardware device involved, +## where u correspond to the unit number above. +## +## Generic DCF77 clock on serial port (Conrad DCF77) +## Address: 127.127.8.u +## Serial Port: /dev/refclock-u +## +## (create soft link /dev/refclock-0 to the particular ttyS?) +## +# server 127.127.8.0 mode 5 prefer + +## +## Undisciplined Local Clock. This is a fake driver intended for backup +## and when no outside source of synchronized time is available. +## +# server 127.127.1.0 # local clock (LCL) +# fudge 127.127.1.0 stratum 10 # LCL is unsynchronized + +## +## Add external Servers using +## # rcntpd addserver +## The servers will only be added to the currently running instance, not +## to /etc/ntp.conf. +## +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default notrap nomodify nopeer noquery +restrict -6 default notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + +## +## Miscellaneous stuff +## + +driftfile /var/lib/ntp/drift/ntp.drift # path for drift file + +logfile /var/log/ntp # alternate log file +# logconfig =syncstatus + sysevents +# logconfig =all + +# statsdir /tmp/ # directory for statistics files +# filegen peerstats file peerstats type day enable +# filegen loopstats file loopstats type day enable +# filegen clockstats file clockstats type day enable + +# +# Authentication stuff +# +keys /etc/ntp.keys # path for keys file +trustedkey 1 # define trusted keys +requestkey 1 # key (7) for accessing server variables +controlkey 1 # key (6) for accessing server variables + diff --git a/etc/cloud/templates/ntp.conf.ubuntu.tmpl b/etc/cloud/templates/ntp.conf.ubuntu.tmpl new file mode 100644 index 0000000..862a4fb --- /dev/null +++ b/etc/cloud/templates/ntp.conf.ubuntu.tmpl @@ -0,0 +1,75 @@ +## template:jinja + +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +# Specify one or more NTP servers. + +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board +# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for +# more information. +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Use Ubuntu's ntp server as a fallback. +# pool ntp.ubuntu.com + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Needed for adding pool entries +restrict source notrap nomodify noquery + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient + +#Changes recquired to use pps synchonisation as explained in documentation: +#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918 + +#server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS +#fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware + +#server 127.127.22.1 # ATOM(PPS) +#fudge 127.127.22.1 flag3 1 # enable PPS API + diff --git a/etc/cloud/templates/resolv.conf.tmpl b/etc/cloud/templates/resolv.conf.tmpl new file mode 100644 index 0000000..72a37bf --- /dev/null +++ b/etc/cloud/templates/resolv.conf.tmpl @@ -0,0 +1,38 @@ +## template:jinja +# Your system has been configured with 'manage-resolv-conf' set to true. +# As a result, cloud-init has written this file with configuration data +# that it has been provided. Cloud-init, by default, will write this file +# a single time (PER_ONCE). +# +{% if nameservers is defined %} +{% for server in nameservers %} +nameserver {{server}} +{% endfor %} + +{% endif -%} +{% if searchdomains is defined %} +search {% for search in searchdomains %}{{search}} {% endfor %} + +{% endif %} +{% if domain is defined %} +domain {{domain}} +{% endif %} +{% if sortlist is defined %} + +sortlist {% for sort in sortlist %}{{sort}} {% endfor %} +{% endif %} +{# + Flags and options are required to be on the + same line preceded by "options" keyword +#} +{% if options or flags %} + +options +{%- for flag in flags %} + {{flag-}} +{% endfor %} + +{%- for key, value in options.items()|sort %} + {{key}}:{{value-}} +{% endfor %} +{% endif %} diff --git a/etc/cloud/templates/sources.list.debian.tmpl b/etc/cloud/templates/sources.list.debian.tmpl new file mode 100644 index 0000000..e8a7c01 --- /dev/null +++ b/etc/cloud/templates/sources.list.debian.tmpl @@ -0,0 +1,30 @@ +## template:jinja +## Note, this file is written by cloud-init on first boot of an instance +## modifications made here will not survive a re-bundle. +## if you wish to make changes you can: +## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg +## or do the same in user-data +## b.) add sources in /etc/apt/sources.list.d +## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl +### + +# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html +# for how to upgrade to newer versions of the distribution. +deb {{mirror}} {{codename}} main +deb-src {{mirror}} {{codename}} main + +## Major bug fix updates produced after the final release of the +## distribution. +deb {{security}} {{codename}}{% if codename in ('buster', 'stretch') %}/updates{% else %}-security{% endif %} main +deb-src {{security}} {{codename}}{% if codename in ('buster', 'stretch') %}/updates{% else %}-security{% endif %} main +deb {{mirror}} {{codename}}-updates main +deb-src {{mirror}} {{codename}}-updates main + +## Uncomment the following two lines to add software from the 'backports' +## repository. +## +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +deb {{mirror}} {{codename}}-backports main +deb-src {{mirror}} {{codename}}-backports main diff --git a/etc/cloud/templates/sources.list.ubuntu.tmpl b/etc/cloud/templates/sources.list.ubuntu.tmpl new file mode 100644 index 0000000..edb92f1 --- /dev/null +++ b/etc/cloud/templates/sources.list.ubuntu.tmpl @@ -0,0 +1,58 @@ +## template:jinja +## Note, this file is written by cloud-init on first boot of an instance +## modifications made here will not survive a re-bundle. +## if you wish to make changes you can: +## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg +## or do the same in user-data +## b.) add sources in /etc/apt/sources.list.d +## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl + +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb {{mirror}} {{codename}} main restricted +# deb-src {{mirror}} {{codename}} main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb {{mirror}} {{codename}}-updates main restricted +# deb-src {{mirror}} {{codename}}-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb {{mirror}} {{codename}} universe +# deb-src {{mirror}} {{codename}} universe +deb {{mirror}} {{codename}}-updates universe +# deb-src {{mirror}} {{codename}}-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb {{mirror}} {{codename}} multiverse +# deb-src {{mirror}} {{codename}} multiverse +deb {{mirror}} {{codename}}-updates multiverse +# deb-src {{mirror}} {{codename}}-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb {{mirror}} {{codename}}-backports main restricted universe multiverse +# deb-src {{mirror}} {{codename}}-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu {{codename}} partner +# deb-src http://archive.canonical.com/ubuntu {{codename}} partner + +deb {{security}} {{codename}}-security main restricted +# deb-src {{security}} {{codename}}-security main restricted +deb {{security}} {{codename}}-security universe +# deb-src {{security}} {{codename}}-security universe +deb {{security}} {{codename}}-security multiverse +# deb-src {{security}} {{codename}}-security multiverse diff --git a/etc/cloud/templates/systemd.resolved.conf.tmpl b/etc/cloud/templates/systemd.resolved.conf.tmpl new file mode 100644 index 0000000..fca50d3 --- /dev/null +++ b/etc/cloud/templates/systemd.resolved.conf.tmpl @@ -0,0 +1,15 @@ +## template:jinja +# Your system has been configured with 'manage-resolv-conf' set to true. +# As a result, cloud-init has written this file with configuration data +# that it has been provided. Cloud-init, by default, will write this file +# a single time (PER_ONCE). +# +[Resolve] +LLMNR=false +{% if nameservers is defined %} +DNS={% for server in nameservers %}{{server}} {% endfor %} +{% endif %} + +{% if searchdomains is defined %} +Domains={% for search in searchdomains %}{{search}} {% endfor %} +{% endif %} diff --git a/etc/cloud/templates/timesyncd.conf.tmpl b/etc/cloud/templates/timesyncd.conf.tmpl new file mode 100644 index 0000000..6b98301 --- /dev/null +++ b/etc/cloud/templates/timesyncd.conf.tmpl @@ -0,0 +1,8 @@ +## template:jinja +# cloud-init generated file +# See timesyncd.conf(5) for details. + +[Time] +{% if servers or pools -%} +NTP={% for host in servers|list + pools|list %}{{ host }} {% endfor -%} +{% endif -%} diff --git a/etc/console-setup/ISO-8859-1.acm b/etc/console-setup/ISO-8859-1.acm new file mode 100644 index 0000000..1393bc8 --- /dev/null +++ b/etc/console-setup/ISO-8859-1.acm @@ -0,0 +1,135 @@ +# generated from UTF-tmpl.8bit.in by: +# { +# while read a b; do +# echo -e $a \'\\echo "8o16i${b#U+}pq" | dc\'; +# done +# } /dev/null 2>/dev/null; then + for i in /dev/vcs[0-9]*; do + { : + setfont '/usr/share/consolefonts/Uni2-Fixed16.psf.gz' + } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs} + done +fi + +mkdir -p /run/console-setup +> /run/console-setup/font-loaded +for i in /dev/vcs[0-9]*; do + { : +printf '\033%%G' + } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs} +done diff --git a/etc/console-setup/cached_setup_keyboard.sh b/etc/console-setup/cached_setup_keyboard.sh new file mode 100755 index 0000000..30b46c1 --- /dev/null +++ b/etc/console-setup/cached_setup_keyboard.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +if [ -f /run/console-setup/keymap_loaded ]; then + rm /run/console-setup/keymap_loaded + exit 0 +fi +kbd_mode '-u' < '/dev/tty1' +kbd_mode '-u' < '/dev/tty2' +kbd_mode '-u' < '/dev/tty3' +kbd_mode '-u' < '/dev/tty4' +kbd_mode '-u' < '/dev/tty5' +kbd_mode '-u' < '/dev/tty6' +loadkeys '/etc/console-setup/cached_UTF-8_del.kmap.gz' > '/dev/null' diff --git a/etc/console-setup/cached_setup_terminal.sh b/etc/console-setup/cached_setup_terminal.sh new file mode 100755 index 0000000..494e363 --- /dev/null +++ b/etc/console-setup/cached_setup_terminal.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +{ : +printf '\033%%G' +} < /dev/tty${1#vcs} > /dev/tty${1#vcs} diff --git a/etc/console-setup/compose.ARMSCII-8.inc b/etc/console-setup/compose.ARMSCII-8.inc new file mode 100644 index 0000000..ca8d3c9 --- /dev/null +++ b/etc/console-setup/compose.ARMSCII-8.inc @@ -0,0 +1 @@ +# Compose sequences for ARMSCII-8 diff --git a/etc/console-setup/compose.CP1251.inc b/etc/console-setup/compose.CP1251.inc new file mode 100644 index 0000000..4fb90da --- /dev/null +++ b/etc/console-setup/compose.CP1251.inc @@ -0,0 +1 @@ +# Compose sequences for CP1251 diff --git a/etc/console-setup/compose.CP1255.inc b/etc/console-setup/compose.CP1255.inc new file mode 100644 index 0000000..93e6a7b --- /dev/null +++ b/etc/console-setup/compose.CP1255.inc @@ -0,0 +1 @@ +# Compose sequences for CP1255 diff --git a/etc/console-setup/compose.CP1256.inc b/etc/console-setup/compose.CP1256.inc new file mode 100644 index 0000000..a792b8c --- /dev/null +++ b/etc/console-setup/compose.CP1256.inc @@ -0,0 +1 @@ +# Compose sequences for CP1256 diff --git a/etc/console-setup/compose.GEORGIAN-ACADEMY.inc b/etc/console-setup/compose.GEORGIAN-ACADEMY.inc new file mode 100644 index 0000000..33869fd --- /dev/null +++ b/etc/console-setup/compose.GEORGIAN-ACADEMY.inc @@ -0,0 +1 @@ +# Compose sequences for GEORGIAN-ACADEMY diff --git a/etc/console-setup/compose.GEORGIAN-PS.inc b/etc/console-setup/compose.GEORGIAN-PS.inc new file mode 100644 index 0000000..a4d20c4 --- /dev/null +++ b/etc/console-setup/compose.GEORGIAN-PS.inc @@ -0,0 +1 @@ +# Compose sequences for GEORGIAN-PS diff --git a/etc/console-setup/compose.IBM1133.inc b/etc/console-setup/compose.IBM1133.inc new file mode 100644 index 0000000..9369645 --- /dev/null +++ b/etc/console-setup/compose.IBM1133.inc @@ -0,0 +1 @@ +# Compose sequences for IBM1133 diff --git a/etc/console-setup/compose.ISIRI-3342.inc b/etc/console-setup/compose.ISIRI-3342.inc new file mode 100644 index 0000000..242f739 --- /dev/null +++ b/etc/console-setup/compose.ISIRI-3342.inc @@ -0,0 +1 @@ +# Compose sequences for ISIRI-3342 diff --git a/etc/console-setup/compose.ISO-8859-1.inc b/etc/console-setup/compose.ISO-8859-1.inc new file mode 100644 index 0000000..a285ddf --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-1.inc @@ -0,0 +1,155 @@ +# Compose sequences for ISO-8859-1 +compose '!' '!' to '¡' +compose '!' '^' to '¦' +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'I' to 'Ï' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'i' to 'ï' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '"' 'y' to 'ÿ' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'c' to '©' +compose '(' 'r' to '®' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose '+' '+' to '#' +compose '+' '-' to '±' +compose ',' ',' to '¸' +compose ',' '-' to '¬' +compose ',' 'C' to 'Ç' +compose ',' 'c' to 'ç' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '+' to '±' +compose '-' ',' to '¬' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'Ã' +compose '-' 'D' to 'Ð' +compose '-' 'N' to 'Ñ' +compose '-' 'O' to 'Õ' +compose '-' '^' to '¯' +compose '-' 'a' to 'ã' +compose '-' 'd' to 'ð' +compose '-' 'l' to '£' +compose '-' 'n' to 'ñ' +compose '-' 'o' to 'õ' +compose '-' 'y' to '¥' +compose '.' '.' to '·' +compose '.' '^' to '·' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' 'O' to 'Ø' +compose '/' '^' to '|' +compose '/' 'c' to '¢' +compose '/' 'o' to 'ø' +compose '/' 'u' to 'µ' +compose '1' '2' to '½' +compose '1' '4' to '¼' +compose '3' '4' to '¾' +compose ':' '-' to '÷' +compose '<' '/' to '\\' +compose '<' '<' to '«' +compose '=' 'l' to '£' +compose '=' 'y' to '¥' +compose '>' '>' to '»' +compose '>' 'A' to 'Â' +compose '>' 'E' to 'Ê' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'e' to 'ê' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose '>' 'u' to 'û' +compose '?' '?' to '¿' +compose 'A' 'E' to 'Æ' +compose 'A' 'O' to 'Å' +compose 'T' 'H' to 'Þ' +compose '\'' 'A' to 'Á' +compose '\'' 'C' to 'Ç' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'O' to 'Ó' +compose '\'' 'U' to 'Ú' +compose '\'' 'Y' to 'Ý' +compose '\'' '\'' to '´' +compose '\'' 'a' to 'á' +compose '\'' 'c' to 'ç' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'o' to 'ó' +compose '\'' 'u' to 'ú' +compose '\'' 'y' to 'ý' +compose '^' '!' to '¦' +compose '^' '-' to '¯' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '1' to '¹' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose '^' 'A' to 'Â' +compose '^' 'E' to 'Ê' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'U' to 'Û' +compose '^' '_' to '¯' +compose '^' 'a' to 'â' +compose '^' 'e' to 'ê' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose '^' 'u' to 'û' +compose '_' '^' to '¯' +compose '_' '_' to '¯' +compose '_' 'a' to 'ª' +compose '_' 'o' to 'º' +compose '`' 'A' to 'À' +compose '`' 'E' to 'È' +compose '`' 'I' to 'Ì' +compose '`' 'O' to 'Ò' +compose '`' 'U' to 'Ù' +compose '`' 'a' to 'à' +compose '`' 'e' to 'è' +compose '`' 'i' to 'ì' +compose '`' 'o' to 'ò' +compose '`' 'u' to 'ù' +compose 'a' 'e' to 'æ' +compose 'a' 'o' to 'å' +compose 'a' 't' to '@' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'o' 'c' to '©' +compose 'o' 'x' to '¤' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' '1' to '¹' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 't' 'h' to 'þ' +compose 'v' 'b' to '¦' +compose 'v' 'l' to '|' +compose 'x' '0' to '¤' +compose 'x' 'o' to '¤' +compose '|' 'c' to '¢' +compose '|' '|' to '¦' +compose '~' 'A' to 'Ã' +compose '~' 'N' to 'Ñ' +compose '~' 'O' to 'Õ' +compose '~' 'a' to 'ã' +compose '~' 'n' to 'ñ' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.ISO-8859-10.inc b/etc/console-setup/compose.ISO-8859-10.inc new file mode 100644 index 0000000..7ca7b10 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-10.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-10 diff --git a/etc/console-setup/compose.ISO-8859-11.inc b/etc/console-setup/compose.ISO-8859-11.inc new file mode 100644 index 0000000..add3f6a --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-11.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-11 diff --git a/etc/console-setup/compose.ISO-8859-13.inc b/etc/console-setup/compose.ISO-8859-13.inc new file mode 100644 index 0000000..5b45a26 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-13.inc @@ -0,0 +1,161 @@ +# Compose sequences for ISO-8859-13 +compose '!' '^' to '¦' +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' '<' to '´' +compose '"' '>' to '¡' +compose '"' 'A' to 'Ä' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'a' to 'ä' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'c' to '©' +compose '(' 'r' to '®' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose '+' '+' to '#' +compose '+' '-' to '±' +compose ',' '-' to '¬' +compose ',' '>' to '¥' +compose ',' 'A' to 'À' +compose ',' 'E' to 'Æ' +compose ',' 'G' to 'Ì' +compose ',' 'I' to 'Á' +compose ',' 'K' to 'Í' +compose ',' 'L' to 'Ï' +compose ',' 'N' to 'Ò' +compose ',' 'R' to 'ª' +compose ',' 'U' to 'Ø' +compose ',' 'a' to 'à' +compose ',' 'e' to 'æ' +compose ',' 'g' to 'ì' +compose ',' 'i' to 'á' +compose ',' 'k' to 'í' +compose ',' 'l' to 'ï' +compose ',' 'n' to 'ò' +compose ',' 'r' to 'º' +compose ',' 'u' to 'ø' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '+' to '±' +compose '-' ',' to '¬' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'Â' +compose '-' 'E' to 'Ç' +compose '-' 'I' to 'Î' +compose '-' 'L' to 'Ù' +compose '-' 'O' to 'Ô' +compose '-' 'U' to 'Û' +compose '-' 'a' to 'â' +compose '-' 'e' to 'ç' +compose '-' 'i' to 'î' +compose '-' 'l' to 'ù' +compose '-' 'o' to 'ô' +compose '-' 'u' to 'û' +compose '.' '.' to '·' +compose '.' 'A' to 'Å' +compose '.' 'E' to 'Ë' +compose '.' 'Z' to 'Ý' +compose '.' '^' to '·' +compose '.' 'a' to 'å' +compose '.' 'e' to 'ë' +compose '.' 'z' to 'ý' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' 'L' to 'Ù' +compose '/' 'O' to '¨' +compose '/' '^' to '|' +compose '/' 'c' to '¢' +compose '/' 'l' to 'ù' +compose '/' 'o' to '¸' +compose '/' 'u' to 'µ' +compose '1' '2' to '½' +compose '1' '4' to '¼' +compose '3' '4' to '¾' +compose ':' '-' to '÷' +compose ';' 'A' to 'À' +compose ';' 'E' to 'Æ' +compose ';' 'I' to 'Á' +compose ';' 'U' to 'Ø' +compose ';' 'a' to 'à' +compose ';' 'e' to 'æ' +compose ';' 'i' to 'á' +compose ';' 'u' to 'ø' +compose '<' '"' to '´' +compose '<' '/' to '\\' +compose '<' '<' to '«' +compose '<' 'C' to 'È' +compose '<' 'S' to 'Ð' +compose '<' 'Z' to 'Þ' +compose '<' '\'' to '`' +compose '<' 'c' to 'è' +compose '<' 's' to 'ð' +compose '<' 'z' to 'þ' +compose '=' 'l' to '£' +compose '>' '"' to '¡' +compose '>' ',' to '¥' +compose '>' '>' to '»' +compose '>' '\'' to 'ÿ' +compose '?' '?' to '¿' +compose 'A' 'E' to '¯' +compose 'A' 'O' to 'Å' +compose '\'' '<' to '`' +compose '\'' '>' to 'ÿ' +compose '\'' 'C' to 'Ã' +compose '\'' 'E' to 'É' +compose '\'' 'N' to 'Ñ' +compose '\'' 'O' to 'Ó' +compose '\'' 'S' to 'Ú' +compose '\'' 'Z' to 'Ê' +compose '\'' '\'' to 'ÿ' +compose '\'' 'c' to 'ã' +compose '\'' 'e' to 'é' +compose '\'' 'n' to 'ñ' +compose '\'' 'o' to 'ó' +compose '\'' 's' to 'ú' +compose '\'' 'z' to 'ê' +compose '^' '!' to '¦' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '1' to '¹' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose '_' 'A' to 'Â' +compose '_' 'E' to 'Ç' +compose '_' 'I' to 'Î' +compose '_' 'O' to 'Ô' +compose '_' 'U' to 'Û' +compose '_' 'a' to 'â' +compose '_' 'e' to 'ç' +compose '_' 'i' to 'î' +compose '_' 'o' to 'ô' +compose '_' 'u' to 'û' +compose 'a' 'e' to '¿' +compose 'a' 'o' to 'å' +compose 'a' 't' to '@' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'm' 'u' to 'µ' +compose 'o' 'c' to '©' +compose 'o' 'x' to '¤' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' '1' to '¹' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 'v' 'b' to '¦' +compose 'x' '0' to '¤' +compose 'x' 'o' to '¤' +compose '|' 'c' to '¢' +compose '|' '|' to '¦' +compose '~' 'O' to 'Õ' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.ISO-8859-14.inc b/etc/console-setup/compose.ISO-8859-14.inc new file mode 100644 index 0000000..e2835df --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-14.inc @@ -0,0 +1,130 @@ +# Compose sequences for ISO-8859-14 +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'I' to 'Ï' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'W' to '½' +compose '"' 'Y' to '¯' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'i' to 'ï' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '"' 'w' to '¾' +compose '"' 'y' to 'ÿ' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose '+' '+' to '#' +compose ',' 'C' to 'Ç' +compose ',' 'c' to 'ç' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '-' to '­' +compose '-' 'A' to 'Ã' +compose '-' 'N' to 'Ñ' +compose '-' 'O' to 'Õ' +compose '-' 'a' to 'ã' +compose '-' 'l' to '£' +compose '-' 'n' to 'ñ' +compose '-' 'o' to 'õ' +compose '.' 'B' to '¡' +compose '.' 'D' to '¦' +compose '.' 'F' to '°' +compose '.' 'G' to '²' +compose '.' 'M' to '´' +compose '.' 'P' to '·' +compose '.' 'S' to '»' +compose '.' 'T' to '×' +compose '.' 'b' to '¢' +compose '.' 'c' to '¥' +compose '.' 'd' to '«' +compose '.' 'f' to '±' +compose '.' 'g' to '³' +compose '.' 'm' to 'µ' +compose '.' 'p' to '¹' +compose '.' 's' to '¿' +compose '.' 't' to '÷' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' 'O' to 'Ø' +compose '/' '^' to '|' +compose '/' 'o' to 'ø' +compose '<' '/' to '\\' +compose '=' 'l' to '£' +compose '>' 'A' to 'Â' +compose '>' 'E' to 'Ê' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'e' to 'ê' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose '>' 'u' to 'û' +compose 'A' 'E' to 'Æ' +compose '\'' 'A' to 'Á' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'O' to 'Ó' +compose '\'' 'U' to 'Ú' +compose '\'' 'W' to 'ª' +compose '\'' 'Y' to 'Ý' +compose '\'' 'a' to 'á' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'o' to 'ó' +compose '\'' 'u' to 'ú' +compose '\'' 'w' to 'º' +compose '\'' 'y' to 'ý' +compose '^' '/' to '|' +compose '^' 'A' to 'Â' +compose '^' 'E' to 'Ê' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'U' to 'Û' +compose '^' 'W' to 'Ð' +compose '^' 'Y' to 'Þ' +compose '^' 'a' to 'â' +compose '^' 'e' to 'ê' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose '^' 'u' to 'û' +compose '^' 'w' to 'ð' +compose '^' 'y' to 'þ' +compose '`' 'A' to 'À' +compose '`' 'E' to 'È' +compose '`' 'I' to 'Ì' +compose '`' 'O' to 'Ò' +compose '`' 'U' to 'Ù' +compose '`' 'W' to '¨' +compose '`' 'Y' to '¬' +compose '`' 'a' to 'à' +compose '`' 'e' to 'è' +compose '`' 'i' to 'ì' +compose '`' 'o' to 'ò' +compose '`' 'u' to 'ù' +compose '`' 'w' to '¸' +compose '`' 'y' to '¼' +compose 'a' 'e' to 'æ' +compose 'a' 't' to '@' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'o' 'c' to '©' +compose 'r' '0' to '®' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' 'o' to '§' +compose 'v' 'l' to '|' +compose '~' 'A' to 'Ã' +compose '~' 'N' to 'Ñ' +compose '~' 'O' to 'Õ' +compose '~' 'a' to 'ã' +compose '~' 'n' to 'ñ' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.ISO-8859-15.inc b/etc/console-setup/compose.ISO-8859-15.inc new file mode 100644 index 0000000..79c92ed --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-15.inc @@ -0,0 +1,153 @@ +# Compose sequences for ISO-8859-15 +compose '!' '!' to '¡' +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' '"' to '"' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'I' to 'Ï' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'Y' to '¾' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'i' to 'ï' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '"' 'y' to 'ÿ' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'c' to '©' +compose '(' 'r' to '®' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose '+' '+' to '#' +compose '+' '-' to '±' +compose ',' '-' to '¬' +compose ',' 'C' to 'Ç' +compose ',' 'c' to 'ç' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '+' to '±' +compose '-' ',' to '¬' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'Ã' +compose '-' 'D' to 'Ð' +compose '-' 'N' to 'Ñ' +compose '-' 'O' to 'Õ' +compose '-' '^' to '¯' +compose '-' 'a' to 'ã' +compose '-' 'd' to 'ð' +compose '-' 'l' to '£' +compose '-' 'n' to 'ñ' +compose '-' 'o' to 'õ' +compose '-' 'y' to '¥' +compose '.' '.' to '·' +compose '.' '^' to '·' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' 'O' to 'Ø' +compose '/' '^' to '|' +compose '/' 'c' to '¢' +compose '/' 'o' to 'ø' +compose '/' 'u' to 'µ' +compose ':' '-' to '÷' +compose '<' '/' to '\\' +compose '<' '<' to '«' +compose '<' 'S' to '¦' +compose '<' 'Z' to '´' +compose '<' 's' to '¨' +compose '<' 'z' to '¸' +compose '=' 'c' to '¤' +compose '=' 'l' to '£' +compose '=' 'y' to '¥' +compose '>' '>' to '»' +compose '>' 'A' to 'Â' +compose '>' 'E' to 'Ê' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'e' to 'ê' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose '>' 'u' to 'û' +compose '?' '?' to '¿' +compose 'A' 'E' to 'Æ' +compose 'A' 'O' to 'Å' +compose 'O' 'E' to '¼' +compose 'T' 'H' to 'Þ' +compose '\'' 'A' to 'Á' +compose '\'' 'C' to 'Ç' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'O' to 'Ó' +compose '\'' 'U' to 'Ú' +compose '\'' 'Y' to 'Ý' +compose '\'' '\'' to '\'' +compose '\'' 'a' to 'á' +compose '\'' 'c' to 'ç' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'o' to 'ó' +compose '\'' 'u' to 'ú' +compose '\'' 'y' to 'ý' +compose '^' '-' to '¯' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '1' to '¹' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose '^' 'A' to 'Â' +compose '^' 'E' to 'Ê' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'U' to 'Û' +compose '^' '_' to '¯' +compose '^' 'a' to 'â' +compose '^' 'e' to 'ê' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose '^' 'u' to 'û' +compose '_' '^' to '¯' +compose '_' '_' to '¯' +compose '_' 'a' to 'ª' +compose '_' 'o' to 'º' +compose '`' 'A' to 'À' +compose '`' 'E' to 'È' +compose '`' 'I' to 'Ì' +compose '`' 'O' to 'Ò' +compose '`' 'U' to 'Ù' +compose '`' 'a' to 'à' +compose '`' 'e' to 'è' +compose '`' 'i' to 'ì' +compose '`' 'o' to 'ò' +compose '`' 'u' to 'ù' +compose 'a' 'e' to 'æ' +compose 'a' 'o' to 'å' +compose 'a' 't' to '@' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'e' '=' to '¤' +compose 'o' 'c' to '©' +compose 'o' 'e' to '½' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' '1' to '¹' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 't' 'h' to 'þ' +compose 'v' 'l' to '|' +compose '|' 'c' to '¢' +compose '~' 'A' to 'Ã' +compose '~' 'N' to 'Ñ' +compose '~' 'O' to 'Õ' +compose '~' 'a' to 'ã' +compose '~' 'n' to 'ñ' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.ISO-8859-16.inc b/etc/console-setup/compose.ISO-8859-16.inc new file mode 100644 index 0000000..96c38ae --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-16.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-16 diff --git a/etc/console-setup/compose.ISO-8859-2.inc b/etc/console-setup/compose.ISO-8859-2.inc new file mode 100644 index 0000000..6692ee3 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-2.inc @@ -0,0 +1,124 @@ +# Compose sequences for ISO-8859-2 +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '*' 'U' to 'Ù' +compose '*' 'u' to 'ù' +compose '+' '+' to '#' +compose ',' ',' to '¸' +compose ',' 'A' to '¡' +compose ',' 'C' to 'Ç' +compose ',' 'E' to 'Ê' +compose ',' 'S' to 'ª' +compose ',' 'T' to 'Þ' +compose ',' 'a' to '±' +compose ',' 'c' to 'ç' +compose ',' 'e' to 'ê' +compose ',' 's' to 'º' +compose ',' 't' to 'þ' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'D' to 'Ð' +compose '-' 'd' to 'ð' +compose '.' '.' to 'ÿ' +compose '.' 'C' to 'Å' +compose '.' 'E' to 'Ì' +compose '.' 'I' to '©' +compose '.' 'U' to 'Ù' +compose '.' 'Z' to '¯' +compose '.' 'c' to 'å' +compose '.' 'e' to 'ì' +compose '.' 'i' to '¹' +compose '.' 'u' to 'ù' +compose '.' 'z' to '¿' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' '^' to '|' +compose ':' '-' to '÷' +compose '<' '/' to '\\' +compose '<' '<' to '·' +compose '<' 'C' to 'È' +compose '<' 'D' to 'Ï' +compose '<' 'E' to 'Ì' +compose '<' 'L' to '¥' +compose '<' 'N' to 'Ò' +compose '<' 'R' to 'Ø' +compose '<' 'S' to '©' +compose '<' 'T' to '«' +compose '<' 'Z' to '®' +compose '<' 'c' to 'è' +compose '<' 'd' to 'ï' +compose '<' 'e' to 'ì' +compose '<' 'l' to 'µ' +compose '<' 'n' to 'ò' +compose '<' 'r' to 'ø' +compose '<' 's' to '¹' +compose '<' 't' to '»' +compose '<' 'z' to '¾' +compose '>' 'A' to 'Â' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'a' to 'â' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose 'A' 'U' to 'Ã' +compose 'L' '-' to '£' +compose 'O' 'E' to '¼' +compose 'Z' '.' to '¯' +compose '\'' 'A' to 'Á' +compose '\'' 'C' to 'Æ' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'L' to 'Å' +compose '\'' 'N' to 'Ñ' +compose '\'' 'O' to 'Ó' +compose '\'' 'R' to 'À' +compose '\'' 'S' to '¦' +compose '\'' 'U' to 'Ú' +compose '\'' 'Y' to 'Ý' +compose '\'' 'Z' to '¬' +compose '\'' '\'' to '½' +compose '\'' 'a' to 'á' +compose '\'' 'c' to 'æ' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'l' to 'å' +compose '\'' 'n' to 'ñ' +compose '\'' 'o' to 'ó' +compose '\'' 'r' to 'à' +compose '\'' 's' to '¶' +compose '\'' 'u' to 'ú' +compose '\'' 'y' to 'ý' +compose '\'' 'z' to '¼' +compose '^' '/' to '|' +compose '^' 'A' to 'Â' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'a' to 'â' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose 'a' 'U' to 'ã' +compose 'l' '-' to '³' +compose 'o' 'e' to '½' +compose 'o' 'x' to '¤' +compose 's' '0' to '§' +compose 's' 'o' to '§' +compose 'v' 'l' to '|' +compose 'x' '0' to '¤' +compose 'x' 'o' to '¤' +compose 'z' '.' to '¿' diff --git a/etc/console-setup/compose.ISO-8859-3.inc b/etc/console-setup/compose.ISO-8859-3.inc new file mode 100644 index 0000000..7e50b6c --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-3.inc @@ -0,0 +1,146 @@ +# Compose sequences for ISO-8859-3 +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'I' to 'Ï' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'Y' to '¾' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'i' to 'ï' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '"' 'y' to 'ÿ' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'G' to '«' +compose '(' 'U' to 'Ý' +compose '(' 'g' to '»' +compose '(' 'r' to '®' +compose '(' 'u' to 'ý' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '+' '+' to '#' +compose ',' ',' to '¸' +compose ',' 'C' to 'Ç' +compose ',' 'S' to 'ª' +compose ',' 'c' to 'ç' +compose ',' 's' to 'º' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'Ã' +compose '-' 'D' to 'Ð' +compose '-' 'H' to '¡' +compose '-' 'O' to 'Õ' +compose '-' 'a' to 'ã' +compose '-' 'd' to 'ð' +compose '-' 'h' to '±' +compose '-' 'l' to '£' +compose '-' 'o' to 'õ' +compose '-' 'y' to '¥' +compose '.' '.' to '·' +compose '.' 'C' to 'Å' +compose '.' 'G' to 'Õ' +compose '.' 'I' to '©' +compose '.' 'Z' to '¯' +compose '.' '^' to '·' +compose '.' 'c' to 'å' +compose '.' 'g' to 'õ' +compose '.' 'i' to '¹' +compose '.' 'z' to '¿' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' '^' to '|' +compose '/' 'u' to 'µ' +compose ':' '-' to '÷' +compose '<' '/' to '\\' +compose '=' 'c' to '¤' +compose '=' 'e' to '¤' +compose '=' 'l' to '£' +compose '=' 'y' to '¥' +compose '>' 'A' to 'Â' +compose '>' 'C' to 'Æ' +compose '>' 'E' to 'Ê' +compose '>' 'G' to 'Ø' +compose '>' 'H' to '¦' +compose '>' 'I' to 'Î' +compose '>' 'J' to '¬' +compose '>' 'O' to 'Ô' +compose '>' 'S' to 'Þ' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'c' to 'æ' +compose '>' 'e' to 'ê' +compose '>' 'g' to 'ø' +compose '>' 'h' to '¶' +compose '>' 'i' to 'î' +compose '>' 'j' to '¼' +compose '>' 'o' to 'ô' +compose '>' 's' to 'þ' +compose '>' 'u' to 'û' +compose 'G' 'U' to '«' +compose '\'' 'A' to 'Á' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'O' to 'Ó' +compose '\'' 'U' to 'Ú' +compose '\'' 'Y' to 'Ý' +compose '\'' '\'' to '´' +compose '\'' 'a' to 'á' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'o' to 'ó' +compose '\'' 'u' to 'ú' +compose '\'' 'y' to 'ý' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose '^' 'A' to 'Â' +compose '^' 'C' to 'Æ' +compose '^' 'E' to 'Ê' +compose '^' 'G' to 'Ø' +compose '^' 'H' to '¦' +compose '^' 'I' to 'Î' +compose '^' 'J' to '¬' +compose '^' 'O' to 'Ô' +compose '^' 'S' to 'Þ' +compose '^' 'U' to 'Û' +compose '^' 'a' to 'â' +compose '^' 'c' to 'æ' +compose '^' 'e' to 'ê' +compose '^' 'g' to 'ø' +compose '^' 'h' to '¶' +compose '^' 'i' to 'î' +compose '^' 'j' to '¼' +compose '^' 'o' to 'ô' +compose '^' 's' to 'þ' +compose '^' 'u' to 'û' +compose '`' 'A' to 'À' +compose '`' 'E' to 'È' +compose '`' 'I' to 'Ì' +compose '`' 'O' to 'Ò' +compose '`' 'U' to 'Ù' +compose '`' 'a' to 'à' +compose '`' 'e' to 'è' +compose '`' 'i' to 'ì' +compose '`' 'o' to 'ò' +compose '`' 'u' to 'ù' +compose 'g' 'U' to '»' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 'u' 'u' to 'ý' +compose 'v' 'l' to '|' +compose '~' 'A' to 'Ã' +compose '~' 'O' to 'Õ' +compose '~' 'a' to 'ã' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.ISO-8859-4.inc b/etc/console-setup/compose.ISO-8859-4.inc new file mode 100644 index 0000000..4598a22 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-4.inc @@ -0,0 +1,121 @@ +# Compose sequences for ISO-8859-4 +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '*' '0' to '°' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose ',' ',' to '¸' +compose ',' 'A' to '¡' +compose ',' 'E' to 'Ê' +compose ',' 'G' to '«' +compose ',' 'I' to 'Ç' +compose ',' 'K' to 'Ó' +compose ',' 'L' to '¦' +compose ',' 'N' to 'Ñ' +compose ',' 'R' to '£' +compose ',' 'U' to 'Ù' +compose ',' 'a' to '±' +compose ',' 'e' to 'ê' +compose ',' 'g' to '»' +compose ',' 'i' to 'ç' +compose ',' 'k' to 'ó' +compose ',' 'l' to '¶' +compose ',' 'n' to 'ñ' +compose ',' 'r' to '³' +compose ',' 'u' to 'ù' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'À' +compose '-' 'D' to 'Ð' +compose '-' 'E' to 'ª' +compose '-' 'I' to 'Ï' +compose '-' 'O' to 'Ò' +compose '-' 'U' to 'Þ' +compose '-' '^' to '¯' +compose '-' 'a' to 'à' +compose '-' 'd' to 'ð' +compose '-' 'e' to 'º' +compose '-' 'i' to 'ï' +compose '-' 'o' to 'ò' +compose '-' 'u' to 'þ' +compose '.' '.' to 'ÿ' +compose '.' 'E' to 'Ì' +compose '.' 'e' to 'ì' +compose '/' 'O' to 'Ø' +compose '/' 'T' to '¬' +compose '/' 'o' to 'ø' +compose '/' 't' to '¼' +compose ':' '-' to '÷' +compose '<' '<' to '·' +compose '<' 'C' to 'È' +compose '<' 'S' to '©' +compose '<' 'Z' to '®' +compose '<' 'c' to 'è' +compose '<' 's' to '¹' +compose '<' 'z' to '¾' +compose '>' 'A' to 'Â' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose '>' 'u' to 'û' +compose 'A' 'E' to 'Æ' +compose 'N' 'G' to '½' +compose 'T' '-' to '¬' +compose '\'' 'A' to 'Á' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'U' to 'Ú' +compose '\'' '\'' to '´' +compose '\'' 'a' to 'á' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'u' to 'ú' +compose '^' '-' to '¯' +compose '^' 'A' to 'Â' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'U' to 'Û' +compose '^' '_' to '¯' +compose '^' 'a' to 'â' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose '^' 'u' to 'û' +compose '_' 'A' to 'À' +compose '_' 'E' to 'ª' +compose '_' 'I' to 'Ï' +compose '_' 'O' to 'Ò' +compose '_' 'U' to 'Þ' +compose '_' '^' to '¯' +compose '_' '_' to '¯' +compose '_' 'a' to 'à' +compose '_' 'e' to 'º' +compose '_' 'i' to 'ï' +compose '_' 'o' to 'ò' +compose '_' 'u' to 'þ' +compose 'a' 'e' to 'æ' +compose 'n' 'g' to '¿' +compose 'o' 'x' to '¤' +compose 's' '0' to '§' +compose 's' 'o' to '§' +compose 't' '-' to '¼' +compose 'x' '0' to '¤' +compose 'x' 'o' to '¤' +compose '~' 'A' to 'Ã' +compose '~' 'I' to '¥' +compose '~' 'O' to 'Õ' +compose '~' 'U' to 'Ý' +compose '~' 'a' to 'ã' +compose '~' 'i' to 'µ' +compose '~' 'o' to 'õ' +compose '~' 'u' to 'ý' diff --git a/etc/console-setup/compose.ISO-8859-5.inc b/etc/console-setup/compose.ISO-8859-5.inc new file mode 100644 index 0000000..90c4f07 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-5.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-5 diff --git a/etc/console-setup/compose.ISO-8859-6.inc b/etc/console-setup/compose.ISO-8859-6.inc new file mode 100644 index 0000000..1a4f93f --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-6.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-6 diff --git a/etc/console-setup/compose.ISO-8859-7.inc b/etc/console-setup/compose.ISO-8859-7.inc new file mode 100644 index 0000000..1aa936a --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-7.inc @@ -0,0 +1,52 @@ +# Compose sequences for ISO-8859-7 +compose '!' '^' to '¦' +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'c' to '©' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '+' '+' to '#' +compose '+' '-' to '±' +compose ',' '-' to '¬' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '+' to '±' +compose '-' ',' to '¬' +compose '-' '-' to '­' +compose '-' 'l' to '£' +compose '.' '.' to '·' +compose '.' '^' to '·' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' '^' to '|' +compose '1' '2' to '½' +compose '<' '/' to '\\' +compose '<' '<' to '«' +compose '<' '\'' to '¡' +compose '=' 'l' to '£' +compose '>' '>' to '»' +compose '>' '\'' to '¢' +compose '\'' '<' to '¡' +compose '\'' '>' to '¢' +compose '\'' '\'' to '´' +compose '^' '!' to '¦' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose 'a' 't' to '@' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'o' 'c' to '©' +compose 's' '0' to '§' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 'v' 'b' to '¦' +compose 'v' 'l' to '|' +compose '|' '|' to '¦' +compose '~' '~' to '¯' diff --git a/etc/console-setup/compose.ISO-8859-8.inc b/etc/console-setup/compose.ISO-8859-8.inc new file mode 100644 index 0000000..1fbb453 --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-8.inc @@ -0,0 +1 @@ +# Compose sequences for ISO-8859-8 diff --git a/etc/console-setup/compose.ISO-8859-9.inc b/etc/console-setup/compose.ISO-8859-9.inc new file mode 100644 index 0000000..e642e1b --- /dev/null +++ b/etc/console-setup/compose.ISO-8859-9.inc @@ -0,0 +1,156 @@ +# Compose sequences for ISO-8859-9 +compose '!' '!' to '¡' +compose '!' 'p' to '¶' +compose '!' 's' to '§' +compose '"' '"' to '¨' +compose '"' 'A' to 'Ä' +compose '"' 'E' to 'Ë' +compose '"' 'I' to 'Ï' +compose '"' 'O' to 'Ö' +compose '"' 'U' to 'Ü' +compose '"' 'Y' to '¾' +compose '"' 'a' to 'ä' +compose '"' 'e' to 'ë' +compose '"' 'i' to 'ï' +compose '"' 'o' to 'ö' +compose '"' 'u' to 'ü' +compose '"' 'y' to 'ÿ' +compose '(' '(' to '[' +compose '(' '-' to '{' +compose '(' 'G' to 'Ð' +compose '(' 'c' to '©' +compose '(' 'g' to 'ð' +compose '(' 'r' to '®' +compose ')' ')' to ']' +compose ')' '-' to '}' +compose '*' '0' to '°' +compose '*' 'A' to 'Å' +compose '*' 'a' to 'å' +compose '+' '+' to '#' +compose '+' '-' to '±' +compose ',' ',' to '¸' +compose ',' '-' to '¬' +compose ',' 'C' to 'Ç' +compose ',' 'S' to 'Þ' +compose ',' 'c' to 'ç' +compose ',' 's' to 'þ' +compose '-' '(' to '{' +compose '-' ')' to '}' +compose '-' '+' to '±' +compose '-' ',' to '¬' +compose '-' '-' to '­' +compose '-' ':' to '÷' +compose '-' 'A' to 'Ã' +compose '-' 'D' to 'Ð' +compose '-' 'N' to 'Ñ' +compose '-' 'O' to 'Õ' +compose '-' '^' to '¯' +compose '-' 'a' to 'ã' +compose '-' 'd' to 'ð' +compose '-' 'l' to '£' +compose '-' 'n' to 'ñ' +compose '-' 'o' to 'õ' +compose '-' 'y' to '¥' +compose '.' '.' to '·' +compose '.' 'I' to 'Ý' +compose '.' '^' to '·' +compose '.' 'i' to 'ý' +compose '/' '/' to '\\' +compose '/' '<' to '\\' +compose '/' 'O' to 'Ø' +compose '/' '^' to '|' +compose '/' 'c' to '¢' +compose '/' 'o' to 'ø' +compose '/' 'u' to 'µ' +compose ':' '-' to '÷' +compose '<' '/' to '\\' +compose '<' '<' to '«' +compose '<' 'Z' to '´' +compose '<' 'z' to '¸' +compose '=' 'c' to '¤' +compose '=' 'e' to '¤' +compose '=' 'l' to '£' +compose '=' 'y' to '¥' +compose '>' '>' to '»' +compose '>' 'A' to 'Â' +compose '>' 'E' to 'Ê' +compose '>' 'I' to 'Î' +compose '>' 'O' to 'Ô' +compose '>' 'U' to 'Û' +compose '>' 'a' to 'â' +compose '>' 'e' to 'ê' +compose '>' 'i' to 'î' +compose '>' 'o' to 'ô' +compose '>' 'u' to 'û' +compose '?' '?' to '¿' +compose 'A' 'E' to 'Æ' +compose 'G' 'U' to 'Ð' +compose 'T' 'H' to 'Þ' +compose '\'' 'A' to 'Á' +compose '\'' 'E' to 'É' +compose '\'' 'I' to 'Í' +compose '\'' 'O' to 'Ó' +compose '\'' 'U' to 'Ú' +compose '\'' 'Y' to 'Ý' +compose '\'' '\'' to '´' +compose '\'' 'a' to 'á' +compose '\'' 'e' to 'é' +compose '\'' 'i' to 'í' +compose '\'' 'o' to 'ó' +compose '\'' 'u' to 'ú' +compose '\'' 'y' to 'ý' +compose '^' '-' to '¯' +compose '^' '.' to '·' +compose '^' '/' to '|' +compose '^' '0' to '°' +compose '^' '1' to '¹' +compose '^' '2' to '²' +compose '^' '3' to '³' +compose '^' 'A' to 'Â' +compose '^' 'E' to 'Ê' +compose '^' 'I' to 'Î' +compose '^' 'O' to 'Ô' +compose '^' 'U' to 'Û' +compose '^' '_' to '¯' +compose '^' 'a' to 'â' +compose '^' 'e' to 'ê' +compose '^' 'i' to 'î' +compose '^' 'o' to 'ô' +compose '^' 'u' to 'û' +compose '_' '^' to '¯' +compose '_' '_' to '¯' +compose '_' 'a' to 'ª' +compose '_' 'o' to 'º' +compose '`' 'A' to 'À' +compose '`' 'E' to 'È' +compose '`' 'I' to 'Ì' +compose '`' 'O' to 'Ò' +compose '`' 'U' to 'Ù' +compose '`' 'a' to 'à' +compose '`' 'e' to 'è' +compose '`' 'i' to 'ì' +compose '`' 'o' to 'ò' +compose '`' 'u' to 'ù' +compose 'a' 'e' to 'æ' +compose 'c' '0' to '©' +compose 'c' 'o' to '©' +compose 'g' 'U' to 'ð' +compose 'o' 'c' to '©' +compose 'o' 'e' to '¼' +compose 'r' 'o' to '®' +compose 's' '0' to '§' +compose 's' '1' to '¹' +compose 's' '2' to '²' +compose 's' '3' to '³' +compose 's' 'o' to '§' +compose 't' 'h' to 'þ' +compose 'v' 'Z' to '´' +compose 'v' 'l' to '|' +compose 'v' 'z' to '¸' +compose '|' 'c' to '¢' +compose '~' 'A' to 'Ã' +compose '~' 'N' to 'Ñ' +compose '~' 'O' to 'Õ' +compose '~' 'a' to 'ã' +compose '~' 'n' to 'ñ' +compose '~' 'o' to 'õ' diff --git a/etc/console-setup/compose.KOI8-R.inc b/etc/console-setup/compose.KOI8-R.inc new file mode 100644 index 0000000..da0c7ae --- /dev/null +++ b/etc/console-setup/compose.KOI8-R.inc @@ -0,0 +1 @@ +# Compose sequences for KOI8-R diff --git a/etc/console-setup/compose.KOI8-U.inc b/etc/console-setup/compose.KOI8-U.inc new file mode 100644 index 0000000..38e9127 --- /dev/null +++ b/etc/console-setup/compose.KOI8-U.inc @@ -0,0 +1 @@ +# Compose sequences for KOI8-U diff --git a/etc/console-setup/compose.TIS-620.inc b/etc/console-setup/compose.TIS-620.inc new file mode 100644 index 0000000..4b229cc --- /dev/null +++ b/etc/console-setup/compose.TIS-620.inc @@ -0,0 +1 @@ +# Compose sequences for TIS-620 diff --git a/etc/console-setup/compose.VISCII.inc b/etc/console-setup/compose.VISCII.inc new file mode 100644 index 0000000..b9576ab --- /dev/null +++ b/etc/console-setup/compose.VISCII.inc @@ -0,0 +1 @@ +# Compose sequences for VISCII diff --git a/etc/console-setup/remap.inc b/etc/console-setup/remap.inc new file mode 100644 index 0000000..a5475c6 --- /dev/null +++ b/etc/console-setup/remap.inc @@ -0,0 +1,32 @@ +# The content of this file will be appended to the keyboard layout. +# The following is an example how to make Alt+j switch to to the next +# console and Alt+k switch to the previous console. + +# Uncomment the following lines for Linux. Notice that everything is +# replicated for all possible values of the modifiers shiftl, shiftr +# and ctrll (shiftl and shiftr are used for groups 1..4 of XKB and +# ctrll is used to fix the broken CapsLock when Linux console is in +# Unicode mode). + +# alt keycode 36 = Incr_Console +# shiftl alt keycode 36 = Incr_Console +# shiftr alt keycode 36 = Incr_Console +# shiftr shiftl alt keycode 36 = Incr_Console +# ctrll alt keycode 36 = Incr_Console +# ctrll shiftl alt keycode 36 = Incr_Console +# ctrll shiftr alt keycode 36 = Incr_Console +# ctrll shiftr shiftl alt keycode 36 = Incr_Console +# +# alt keycode 37 = Decr_Console +# shiftl alt keycode 37 = Decr_Console +# shiftr alt keycode 37 = Decr_Console +# shiftr shiftl alt keycode 37 = Decr_Console +# ctrll alt keycode 37 = Decr_Console +# ctrll shiftl alt keycode 37 = Decr_Console +# ctrll shiftr alt keycode 37 = Decr_Console +# ctrll shiftr shiftl alt keycode 37 = Decr_Console + +# For the same result on FreeBSD uncomment the following lines: + +# 036 'j' 'J' nl nl nscr nscr nl nl C +# 037 'k' 'K' vt vt pscr pscr nl nl C diff --git a/etc/console-setup/vtrgb b/etc/console-setup/vtrgb new file mode 100644 index 0000000..6771d00 --- /dev/null +++ b/etc/console-setup/vtrgb @@ -0,0 +1,3 @@ +1,222,57,255,0,118,44,204,128,255,0,255,0,255,0,255 +1,56,181,199,111,38,181,204,128,0,255,255,0,0,255,255 +1,43,74,6,184,113,233,204,128,0,0,0,255,255,255,255 diff --git a/etc/console-setup/vtrgb.vga b/etc/console-setup/vtrgb.vga new file mode 100644 index 0000000..5cbede2 --- /dev/null +++ b/etc/console-setup/vtrgb.vga @@ -0,0 +1,3 @@ +0,170,0,170,0,170,0,170,85,255,85,255,85,255,85,255 +0,0,170,85,0,0,170,170,85,85,255,255,85,85,255,255 +0,0,0,0,170,170,170,170,85,85,85,85,255,255,255,255 diff --git a/etc/cron.d/.placeholder b/etc/cron.d/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc/cron.d/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc/cron.d/certbot b/etc/cron.d/certbot new file mode 100644 index 0000000..e38dbb9 --- /dev/null +++ b/etc/cron.d/certbot @@ -0,0 +1,17 @@ +# /etc/cron.d/certbot: crontab entries for the certbot package +# +# Upstream recommends attempting renewal twice a day +# +# Eventually, this will be an opportunity to validate certificates +# haven't been revoked, etc. Renewal will only occur if expiration +# is within 30 days. +# +# Important Note! This cronjob will NOT be executed if you are +# running systemd as your init system. If you are running systemd, +# the cronjob.timer function takes precedence over this cronjob. For +# more details, see the systemd.timer manpage, or use systemctl show +# certbot.timer. +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew diff --git a/etc/cron.d/e2scrub_all b/etc/cron.d/e2scrub_all new file mode 100644 index 0000000..711b0b2 --- /dev/null +++ b/etc/cron.d/e2scrub_all @@ -0,0 +1,2 @@ +30 3 * * 0 root test -e /run/systemd/system || SERVICE_MODE=1 /usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron +10 3 * * * root test -e /run/systemd/system || SERVICE_MODE=1 /sbin/e2scrub_all -A -r diff --git a/etc/cron.d/popularity-contest b/etc/cron.d/popularity-contest new file mode 100644 index 0000000..8050b50 --- /dev/null +++ b/etc/cron.d/popularity-contest @@ -0,0 +1,3 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +47 3 * * * root test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond diff --git a/etc/cron.d/sysstat b/etc/cron.d/sysstat new file mode 100644 index 0000000..66325ce --- /dev/null +++ b/etc/cron.d/sysstat @@ -0,0 +1,9 @@ +# The first element of the path is a directory where the debian-sa1 +# script is located +PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin + +# Activity reports every 10 minutes everyday +5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 + +# Additional run at 23:59 to rotate the statistics file +59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/etc/cron.daily/.placeholder b/etc/cron.daily/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc/cron.daily/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc/cron.daily/apport b/etc/cron.daily/apport new file mode 100755 index 0000000..7811ac0 --- /dev/null +++ b/etc/cron.daily/apport @@ -0,0 +1,5 @@ +#!/bin/sh -e +# clean all crash reports which are older than a week. +[ -d /var/crash ] || exit 0 +find /var/crash/. ! -name . -prune -type f \( \( -size 0 -a \! -name '*.upload*' -a \! -name '*.drkonqi*' \) -o -mtime +7 \) -exec rm -f -- '{}' \; +find /var/crash/. ! -name . -prune -type d -regextype posix-extended -regex '.*/[0-9]{12}$' \( -mtime +7 \) -exec rm -Rf -- '{}' \; diff --git a/etc/cron.daily/apt-compat b/etc/cron.daily/apt-compat new file mode 100755 index 0000000..b0b5537 --- /dev/null +++ b/etc/cron.daily/apt-compat @@ -0,0 +1,55 @@ +#!/bin/sh + +set -e + +# Systemd systems use a systemd timer unit which is preferable to +# run. We want to randomize the apt update and unattended-upgrade +# runs as much as possible to avoid hitting the mirrors all at the +# same time. The systemd time is better at this than the fixed +# cron.daily time +if [ -d /run/systemd/system ]; then + exit 0 +fi + +check_power() +{ + # laptop check, on_ac_power returns: + # 0 (true) System is on main power + # 1 (false) System is not on main power + # 255 (false) Power status could not be determined + # Desktop systems always return 255 it seems + if which on_ac_power >/dev/null 2>&1; then + if on_ac_power; then + : + elif [ $? -eq 1 ]; then + return 1 + fi + fi + return 0 +} + +# sleep for a random interval of time (default 30min) +# (some code taken from cron-apt, thanks) +random_sleep() +{ + RandomSleep=1800 + eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep) + if [ $RandomSleep -eq 0 ]; then + return + fi + if [ -z "$RANDOM" ] ; then + # A fix for shells that do not have this bash feature. + RANDOM=$(( $(dd if=/dev/urandom bs=2 count=1 2> /dev/null | cksum | cut -d' ' -f1) % 32767 )) + fi + TIME=$(($RANDOM % $RandomSleep)) + sleep $TIME +} + +# delay the job execution by a random amount of time +random_sleep + +# ensure we don't do this on battery +check_power || exit 0 + +# run daily job +exec /usr/lib/apt/apt.systemd.daily diff --git a/etc/cron.daily/bsdmainutils b/etc/cron.daily/bsdmainutils new file mode 100755 index 0000000..e65cbd3 --- /dev/null +++ b/etc/cron.daily/bsdmainutils @@ -0,0 +1,16 @@ +#!/bin/sh +# /etc/cron.daily/calendar: BSD mainutils calendar daily maintenance script +# Written by Austin Donnelly + +. /etc/default/bsdmainutils + +[ x$RUN_DAILY = xtrue ] || exit 0 + +[ -x /usr/sbin/sendmail ] || exit 0 + +if [ ! -x /usr/bin/cpp ]; then + echo "The cpp package is needed to run calendar." + exit 1 +fi + +/usr/bin/calendar -a diff --git a/etc/cron.daily/dpkg b/etc/cron.daily/dpkg new file mode 100755 index 0000000..62da817 --- /dev/null +++ b/etc/cron.daily/dpkg @@ -0,0 +1,36 @@ +#!/bin/sh + +dbdir=/var/lib/dpkg + +# Backup the 7 last versions of dpkg databases containing user data. +if cd /var/backups ; then + # We backup all relevant database files if any has changed, so that + # the rotation number always contains an internally consistent set. + dbchanged=no + dbfiles="arch status diversions statoverride" + for db in $dbfiles ; do + if ! cmp -s "dpkg.${db}.0" "$dbdir/$db"; then + dbchanged=yes + break; + fi + done + if [ "$dbchanged" = "yes" ] ; then + for db in $dbfiles ; do + [ -e "$dbdir/$db" ] || continue + cp -p "$dbdir/$db" "dpkg.$db" + savelog -c 7 "dpkg.$db" >/dev/null + done + fi + + # The alternatives database is independent from the dpkg database. + dbalt=alternatives + + # XXX: Ideally we'd use --warning=none instead of discarding stderr, but + # as of GNU tar 1.27.1, it does not seem to work reliably (see #749307). + if ! test -e ${dbalt}.tar.0 || + ! tar -df ${dbalt}.tar.0 -C $dbdir $dbalt >/dev/null 2>&1 ; + then + tar -cf ${dbalt}.tar -C $dbdir $dbalt >/dev/null 2>&1 + savelog -c 7 ${dbalt}.tar >/dev/null + fi +fi diff --git a/etc/cron.daily/logrotate b/etc/cron.daily/logrotate new file mode 100755 index 0000000..1ac1570 --- /dev/null +++ b/etc/cron.daily/logrotate @@ -0,0 +1,18 @@ +#!/bin/sh + +# skip in favour of systemd timer +if [ -d /run/systemd/system ]; then + exit 0 +fi + +# this cronjob persists removals (but not purges) +if [ ! -x /usr/sbin/logrotate ]; then + exit 0 +fi + +/usr/sbin/logrotate /etc/logrotate.conf +EXITVALUE=$? +if [ $EXITVALUE != 0 ]; then + /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" +fi +exit $EXITVALUE diff --git a/etc/cron.daily/man-db b/etc/cron.daily/man-db new file mode 100755 index 0000000..1342bc6 --- /dev/null +++ b/etc/cron.daily/man-db @@ -0,0 +1,43 @@ +#!/bin/sh +# +# man-db cron daily + +set -e + +if [ -d /run/systemd/system ]; then + # Skip in favour of systemd timer. + exit 0 +fi + +iosched_idle= +# Don't try to change I/O priority in a vserver or OpenVZ. +if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \ + ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then + iosched_idle='--iosched idle' +fi + +if ! [ -d /var/cache/man ]; then + # Recover from deletion, per FHS. + install -d -o man -g man -m 0755 /var/cache/man +fi + +# expunge old catman pages which have not been read in a week +if [ -d /var/cache/man ]; then + cd / + start-stop-daemon --start --pidfile /dev/null --startas /bin/sh \ + --oknodo --chuid man $iosched_idle -- -c \ + "find /var/cache/man -type f -name '*.gz' -atime +6 -print0 | \ + xargs -r0 rm -f" +fi + +# regenerate man database +if [ -x /usr/bin/mandb ]; then + # --pidfile /dev/null so it always starts; mandb isn't really a daemon, + # but we want to start it like one. + start-stop-daemon --start --pidfile /dev/null \ + --startas /usr/bin/mandb --oknodo --chuid man \ + $iosched_idle \ + -- --no-purge --quiet +fi + +exit 0 diff --git a/etc/cron.daily/popularity-contest b/etc/cron.daily/popularity-contest new file mode 100755 index 0000000..7078dde --- /dev/null +++ b/etc/cron.daily/popularity-contest @@ -0,0 +1,185 @@ +#!/bin/sh +set -e + +# don't run if this package is removed but not purged +if [ ! -f /usr/sbin/popularity-contest ]; then + exit 0 +fi + +MODE="$1" + +unset MAILFROM +unset MAILTO +unset MY_HOSTID +unset PARTICIPATE +unset SUBMITURLS +unset USEHTTP +unset USETOR +unset MTAOPS + +TORIFY_PATH=/usr/bin/torify + +torify_enabled() { + # Return 1 to enable torify for HTTP submission, otherwise 0; exit on error + TORSOCKS_PATH=/usr/bin/torsocks + [ -f "$TORIFY_PATH" ] && [ -f "$TORSOCKS_PATH" ] && TOR_AVAILABLE=1 + + case "$USETOR" in + "yes") + if [ -z $TOR_AVAILABLE ]; then + echo "popularity-contest: USETOR is set but torify is not available." 2>&1 + echo "popularity-contest: Please install the tor and torsocks packages." 2>&1 + exit 1 + fi + if [ "yes" != "$USEHTTP" ]; then + echo "popularity-contest: when USETOR is set USEHTTP must be set as well" 2>&1 + exit 1 + fi + return 0 + ;; + "maybe") + [ "yes" = "$USEHTTP" ] && [ ! -z $TOR_AVAILABLE ] && return 0 + return 1 + ;; + "no") + return 1 + ;; + esac +} + +# get configuration information +. /usr/share/popularity-contest/default.conf +. /etc/popularity-contest.conf + +if test -d /etc/popularity-contest.d/; then + for file in `run-parts --list --regex '\.conf$' /etc/popularity-contest.d/`; + do + . $file + done +fi + +# don't run if MAILTO address is blank, and not configured to use HTTP POST! +if [ -z "$MAILTO" ] && [ "yes" != "$USEHTTP" ]; then exit 0; fi + +# don't run if PARTICIPATE is "no" or unset! +if [ "$PARTICIPATE" = "no" ] || [ -z "$PARTICIPATE" ]; then exit 0; fi + +# enable torify +if torify_enabled; then + TORIFY=$TORIFY_PATH +else + TORIFY='' +fi + + +if [ -n "$HTTP_PROXY" ]; then + export http_proxy="$HTTP_PROXY"; +fi + +POPCONOLD=/var/log/popularity-contest +POPCONNEW=/var/log/popularity-contest.new +POPCON="$POPCONNEW" + +# Only run on the given day, to spread the load on the server a bit +if [ "$DAY" ] && [ "$DAY" != "$(date +%w)" ] ; then + # Ensure that popcon runs at least once in the last week + if [ -f "$POPCONOLD" ] ; then + now=$(date +%s) + lastrun=$(date -r $POPCONOLD +%s) + if [ "$MODE" = "--crond" ]; then + # 6.5 days, in seconds + week=561600 + else + # 7.5 days, in seconds + week=648000 + fi + if [ "$(( $now - $lastrun ))" -le "$week" ]; then + exit 0 + fi + fi +fi + +# keep old logs +cd /var/log +umask 022 +savelog -c 7 popularity-contest >/dev/null + +run_popcon() +{ + runuser -s /bin/sh -c "/usr/sbin/popularity-contest" nobody +} + +do_sendmail() +{ + if [ -n "$MAILFROM" ]; then + sendmail -oi $MTAOPS -f "$MAILFROM" $MAILTO + else + sendmail -oi $MTAOPS $MAILTO + fi +} + +# generate the popularity contest data + +run_popcon > $POPCON + +GPG=/usr/bin/gpg + +if [ "$ENCRYPT" = "yes" ] && ! [ -x "$GPG" ]; then + logger -t popularity-contest "encryption required but gpg is not available." + echo "popularity-contest: encryption required but gpg is not available." 2>&1 + exit 1 +fi + +if [ -x "$GPG" ] && [ "$ENCRYPT" = "maybe" ] || [ "$ENCRYPT" = "yes" ]; then + POPCONGPG="$POPCON.gpg" + rm -f "$POPCONGPG" + GPGHOME=`mktemp -d` + $GPG --batch --no-options --no-default-keyring --trust-model=always \ + --homedir "$GPGHOME" --keyring $KEYRING --quiet \ + --armor -o "$POPCONGPG" -r $POPCONKEY --encrypt "$POPCON" + rm -rf "$GPGHOME" + POPCON="$POPCONGPG" +fi + +SUBMITTED=no + +# try to post the report through http POST +if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then + for URL in $SUBMITURLS ; do + if setsid $TORIFY /usr/share/popularity-contest/popcon-upload \ + -u $URL -f $POPCON -C 2>/dev/null ; then + SUBMITTED=yes + else + logger -t popularity-contest "unable to submit report to $URL." + fi + done +fi + +# try to email the popularity contest data +# skip emailing if USETOR is set + +if [ "$MODE" = "--crond" ] && [ yes != "$SUBMITTED" ] && [ yes != "$USETOR" ] && [ "$MAILTO" ]; then + if [ -x "`which sendmail 2>/dev/null`" ]; then + ( + if [ -n "$MAILFROM" ]; then + echo "From: <$MAILFROM>" + echo "Sender: <$MAILFROM>" + fi + echo "To: $MAILTO" + echo "Subject: popularity-contest submission" + echo "MIME-Version: 1.0" + echo "Content-Type: text/plain" + echo + cat $POPCON + ) | do_sendmail + SUBMITTED=yes + else + logger -t popularity-contest "unable to submit report using sendmail." + fi +fi + +if [ "yes" != "$SUBMITTED" ] ; then + logger -t popularity-contest "unable to submit report." +else + mv $POPCONNEW $POPCONOLD +fi diff --git a/etc/cron.daily/sysstat b/etc/cron.daily/sysstat new file mode 100755 index 0000000..7c7a5df --- /dev/null +++ b/etc/cron.daily/sysstat @@ -0,0 +1,18 @@ +#!/bin/sh +# Generate a daily summary of process accounting. Since this will probably +# get kicked off in the morning, it is run against the previous day data. + +# our configuration file +DEFAULT=/etc/default/sysstat +# default settings, overriden in the above file +ENABLED=false + +[ ! -x /usr/lib/sysstat/sa2 ] && exit 0 + +# read our config +[ -r "$DEFAULT" ] && . "$DEFAULT" + +[ "$ENABLED" = "true" ] || exit 0 + +exec /usr/lib/sysstat/sa2 -A + diff --git a/etc/cron.daily/update-notifier-common b/etc/cron.daily/update-notifier-common new file mode 100755 index 0000000..e90d153 --- /dev/null +++ b/etc/cron.daily/update-notifier-common @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +[ -x /usr/lib/update-notifier/package-data-downloader ] || exit 0 + +# Try to rerun any package data downloads that failed at package install time. +/usr/lib/update-notifier/package-data-downloader diff --git a/etc/cron.hourly/.placeholder b/etc/cron.hourly/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc/cron.hourly/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc/cron.monthly/.placeholder b/etc/cron.monthly/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc/cron.monthly/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc/cron.weekly/.placeholder b/etc/cron.weekly/.placeholder new file mode 100644 index 0000000..76cb8d0 --- /dev/null +++ b/etc/cron.weekly/.placeholder @@ -0,0 +1,2 @@ +# DO NOT EDIT OR REMOVE +# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/etc/cron.weekly/man-db b/etc/cron.weekly/man-db new file mode 100755 index 0000000..6e3ad83 --- /dev/null +++ b/etc/cron.weekly/man-db @@ -0,0 +1,34 @@ +#!/bin/sh +# +# man-db cron weekly + +set -e + +if [ -d /run/systemd/system ]; then + # Skip in favour of systemd timer. + exit 0 +fi + +iosched_idle= +# Don't try to change I/O priority in a vserver or OpenVZ. +if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \ + ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then + iosched_idle='--iosched idle' +fi + +if ! [ -d /var/cache/man ]; then + # Recover from deletion, per FHS. + install -d -o man -g man -m 0755 /var/cache/man +fi + +# regenerate man database +if [ -x /usr/bin/mandb ]; then + # --pidfile /dev/null so it always starts; mandb isn't really a daemon, + # but we want to start it like one. + start-stop-daemon --start --pidfile /dev/null \ + --startas /usr/bin/mandb --oknodo --chuid man \ + $iosched_idle \ + -- --quiet +fi + +exit 0 diff --git a/etc/cron.weekly/update-notifier-common b/etc/cron.weekly/update-notifier-common new file mode 100755 index 0000000..0e87107 --- /dev/null +++ b/etc/cron.weekly/update-notifier-common @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +[ -x /usr/lib/ubuntu-release-upgrader/release-upgrade-motd ] || exit 0 + +sleep_then_check() { + # Sleep for up to an hour to spread the load of checking for updates on + # the Ubuntu infrastructure + sleep $(shuf -i 1-3600 -n 1) + # Check to see whether there is a new version of Ubuntu available + /usr/lib/ubuntu-release-upgrader/release-upgrade-motd +} + +sleep_then_check & diff --git a/etc/crontab b/etc/crontab new file mode 100644 index 0000000..c89cc0b --- /dev/null +++ b/etc/crontab @@ -0,0 +1,22 @@ +# /etc/crontab: system-wide crontab +# Unlike any other crontab you don't have to run the `crontab' +# command to install the new version when you edit this file +# and files in /etc/cron.d. These files also have username fields, +# that none of the other crontabs do. + +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# Example of job definition: +# .---------------- minute (0 - 59) +# | .------------- hour (0 - 23) +# | | .---------- day of month (1 - 31) +# | | | .------- month (1 - 12) OR jan,feb,mar,apr ... +# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat +# | | | | | +# * * * * * user-name command to be executed +17 * * * * root cd / && run-parts --report /etc/cron.hourly +25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) +47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) +52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) +# diff --git a/etc/cryptsetup-initramfs/conf-hook b/etc/cryptsetup-initramfs/conf-hook new file mode 100644 index 0000000..81de87e --- /dev/null +++ b/etc/cryptsetup-initramfs/conf-hook @@ -0,0 +1,28 @@ +# +# Configuration file for the cryptroot initramfs hook. +# + +# +# KEYFILE_PATTERN: ... +# +# The value of this variable is interpreted as a shell pattern. +# Matching key files from the crypttab(5) are included in the initramfs +# image. The associated devices can then be unlocked without manual +# intervention. (For instance if /etc/crypttab lists two key files +# /etc/keys/{root,swap}.key, you can set KEYFILE_PATTERN="/etc/keys/*.key" +# to add them to the initrd.) +# +# If KEYFILE_PATTERN if null or unset (default) then no key file is +# copied to the initramfs image. +# +# Note that the glob(7) is not expanded for crypttab(5) entries with a +# 'keyscript=' option. In that case, the field is not treated as a file +# name but given as argument to the keyscript. +# +# WARNING: If the initramfs image is to include private key material, +# you'll want to create it with a restrictive umask in order to keep +# non-privileged users at bay. For instance, set UMASK=0077 in +# /etc/initramfs-tools/initramfs.conf +# + +#KEYFILE_PATTERN= diff --git a/etc/crypttab b/etc/crypttab new file mode 100644 index 0000000..8320514 --- /dev/null +++ b/etc/crypttab @@ -0,0 +1 @@ +# diff --git a/etc/dbus-1/system.d/com.ubuntu.LanguageSelector.conf b/etc/dbus-1/system.d/com.ubuntu.LanguageSelector.conf new file mode 100644 index 0000000..891d825 --- /dev/null +++ b/etc/dbus-1/system.d/com.ubuntu.LanguageSelector.conf @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + diff --git a/etc/dbus-1/system.d/com.ubuntu.SoftwareProperties.conf b/etc/dbus-1/system.d/com.ubuntu.SoftwareProperties.conf new file mode 100644 index 0000000..a96664f --- /dev/null +++ b/etc/dbus-1/system.d/com.ubuntu.SoftwareProperties.conf @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + diff --git a/etc/dbus-1/system.d/org.freedesktop.Accounts.conf b/etc/dbus-1/system.d/org.freedesktop.Accounts.conf new file mode 100644 index 0000000..95fc616 --- /dev/null +++ b/etc/dbus-1/system.d/org.freedesktop.Accounts.conf @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + diff --git a/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf b/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf new file mode 100644 index 0000000..ab0e9e5 --- /dev/null +++ b/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf @@ -0,0 +1,363 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/etc/dbus-1/system.d/org.freedesktop.PackageKit.conf b/etc/dbus-1/system.d/org.freedesktop.PackageKit.conf new file mode 100644 index 0000000..110df89 --- /dev/null +++ b/etc/dbus-1/system.d/org.freedesktop.PackageKit.conf @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/etc/dbus-1/system.d/org.freedesktop.thermald.conf b/etc/dbus-1/system.d/org.freedesktop.thermald.conf new file mode 100644 index 0000000..ea20f1f --- /dev/null +++ b/etc/dbus-1/system.d/org.freedesktop.thermald.conf @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/etc/debconf.conf b/etc/debconf.conf new file mode 100644 index 0000000..549c1d5 --- /dev/null +++ b/etc/debconf.conf @@ -0,0 +1,83 @@ +# This is the main config file for debconf. It tells debconf where to +# store data. The format of this file is a set of stanzas. Each stanza +# except the first sets up a database for debconf to use. For details, see +# debconf.conf(5) (in the debconf-doc package). +# +# So first things first. This first stanza gives the names of two databases. + +# Debconf will use this database to store the data you enter into it, +# and some other dynamic data. +Config: configdb +# Debconf will use this database to store static template data. +Templates: templatedb + +# World-readable, and accepts everything but passwords. +Name: config +Driver: File +Mode: 644 +Reject-Type: password +Filename: /var/cache/debconf/config.dat + +# Not world readable (the default), and accepts only passwords. +Name: passwords +Driver: File +Mode: 600 +Backup: false +Required: false +Accept-Type: password +Filename: /var/cache/debconf/passwords.dat + +# Set up the configdb database. By default, it consists of a stack of two +# databases, one to hold passwords and one for everything else. +Name: configdb +Driver: Stack +Stack: config, passwords + +# Set up the templatedb database, which is a single flat text file +# by default. +Name: templatedb +Driver: File +Mode: 644 +Filename: /var/cache/debconf/templates.dat + +# Well that was pretty straightforward, and it will be enough for most +# people's needs, but debconf's database drivers can be used to do much +# more interesting things. For example, suppose you want to use config +# data from another host, which is mounted over nfs or perhaps the database +# is accessed via LDAP. You don't want to write to the remote debconf database, +# just read from it, so you still need a local database for local changes. +# +# A remote NFS mounted database, read-only. It is optional; if debconf +# fails to use it it will not abort. +#Name: remotedb +#Driver: DirTree +#Directory: /mnt/otherhost/var/cache/debconf/config +#Readonly: true +#Required: false +# +# A remote LDAP database. It is also read-only. The password is really +# only necessary if the database is not accessible anonymously. +# Option KeyByKey instructs the backend to retrieve keys from the LDAP +# server individually (when they are requested), instead of loading all +# keys at startup. The default is 0, and should only be enabled if you +# want to track accesses to individual keys on the LDAP server side. +#Name: remotedb +#Driver: LDAP +#Server: remotehost +#BaseDN: cn=debconf,dc=domain,dc=com +#BindDN: uid=admin,dc=domain,dc=com +#BindPasswd: secret +#KeyByKey: 0 +# +# A stack consisting of two databases. Values will be read from +# the first database in the stack to contain a value. In this example, +# writes always go to the first database. +#Name: fulldb +#Driver: Stack +#Stack: configdb, remotedb +# +# In this example, we'd use Config: fulldb at the top of the file +# to make it use the combination of the databases. +# +# Even more complex and interesting setups are possible, see the +# debconf.conf(5) page for details. diff --git a/etc/debian_version b/etc/debian_version new file mode 100644 index 0000000..37ad99e --- /dev/null +++ b/etc/debian_version @@ -0,0 +1 @@ +bullseye/sid diff --git a/etc/default/amd64-microcode b/etc/default/amd64-microcode new file mode 100644 index 0000000..7254c01 --- /dev/null +++ b/etc/default/amd64-microcode @@ -0,0 +1,13 @@ +# Configuration script for amd64-microcode version 3 + +# +# initramfs helper +# + +# +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "early" to always install microcode updates to the early initramfs +# Set this to "auto" to autodetect mode for current system (default); +# +#AMD64UCODE_INITRAMFS=auto + diff --git a/etc/default/apport b/etc/default/apport new file mode 100644 index 0000000..f0c630d --- /dev/null +++ b/etc/default/apport @@ -0,0 +1,4 @@ +# set this to 0 to disable apport, or to 1 to enable it +# you can temporarily override this with +# sudo service apport start force_start=1 +enabled=1 diff --git a/etc/default/bsdmainutils b/etc/default/bsdmainutils new file mode 100644 index 0000000..e4ac054 --- /dev/null +++ b/etc/default/bsdmainutils @@ -0,0 +1,4 @@ +# Uncomment the following line if you'd like all of your users' +# ~/calendar files to be checked daily. Calendar will send them mail +# to remind them of upcoming events. See calendar(1) for more details. +#RUN_DAILY=true diff --git a/etc/default/console-setup b/etc/default/console-setup new file mode 100644 index 0000000..418f135 --- /dev/null +++ b/etc/default/console-setup @@ -0,0 +1,16 @@ +# CONFIGURATION FILE FOR SETUPCON + +# Consult the console-setup(5) manual page. + +ACTIVE_CONSOLES="/dev/tty[1-6]" + +CHARMAP="UTF-8" + +CODESET="guess" +FONTFACE="Fixed" +FONTSIZE="8x16" + +VIDEOMODE= + +# The following is an example how to use a braille font +# FONT='lat9w-08.psf.gz brl-8x8.psf' diff --git a/etc/default/crda b/etc/default/crda new file mode 100644 index 0000000..36b62bd --- /dev/null +++ b/etc/default/crda @@ -0,0 +1,11 @@ +# Set REGDOMAIN to a ISO/IEC 3166-1 alpha2 country code so that iw(8) may set +# the initial regulatory domain setting for IEEE 802.11 devices which operate +# on this system. +# +# Governments assert the right to regulate usage of radio spectrum within +# their respective territories so make sure you select a ISO/IEC 3166-1 alpha2 +# country code suitable for your location or you may infringe on local +# legislature. See `/usr/share/zoneinfo/zone.tab' for a table of timezone +# descriptions containing ISO/IEC 3166-1 alpha2 country codes. + +REGDOMAIN= diff --git a/etc/default/cron b/etc/default/cron new file mode 100644 index 0000000..bba2e52 --- /dev/null +++ b/etc/default/cron @@ -0,0 +1,4 @@ +# This file has been deprecated. Please add custom options for cron using +# $ systemctl edit cron.service +# or +# $ systemctl edit --full cron.service diff --git a/etc/default/cryptdisks b/etc/default/cryptdisks new file mode 100644 index 0000000..c1f837c --- /dev/null +++ b/etc/default/cryptdisks @@ -0,0 +1,12 @@ +# Run cryptdisks initscripts at startup? Default is Yes. +CRYPTDISKS_ENABLE=Yes + +# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes +# mountpoins which are configured in /etc/fstab as arguments. Separate +# mountpoints by space. +# This is useful for keyfiles on removable media. Default is unset. +CRYPTDISKS_MOUNT="" + +# Default check script. Takes effect, if the 'check' option is set in crypttab +# without a value. +CRYPTDISKS_CHECK=blkid diff --git a/etc/default/dbus b/etc/default/dbus new file mode 100644 index 0000000..4bc8e1b --- /dev/null +++ b/etc/default/dbus @@ -0,0 +1,7 @@ +# This is a configuration file for /etc/init.d/dbus; it allows you to +# perform common modifications to the behavior of the dbus daemon +# startup without editing the init script (and thus getting prompted +# by dpkg on upgrades). We all love dpkg prompts. + +# Parameters to pass to dbus. +PARAMS="" diff --git a/etc/default/grub b/etc/default/grub new file mode 100644 index 0000000..583a341 --- /dev/null +++ b/etc/default/grub @@ -0,0 +1,33 @@ +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. +# For full documentation of the options in this file, see: +# info -f grub -n 'Simple configuration' + +GRUB_DEFAULT=0 +GRUB_TIMEOUT_STYLE=hidden +GRUB_TIMEOUT=0 +GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity" +GRUB_CMDLINE_LINUX="" + +# Uncomment to enable BadRAM filtering, modify to suit your needs +# This works with Linux (no patch required) and with any kernel that obtains +# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) +#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +#GRUB_GFXMODE=640x480 + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY="true" + +# Uncomment to get a beep at grub start +#GRUB_INIT_TUNE="480 440 1" diff --git a/etc/default/grub.d/init-select.cfg b/etc/default/grub.d/init-select.cfg new file mode 100644 index 0000000..7fbfff8 --- /dev/null +++ b/etc/default/grub.d/init-select.cfg @@ -0,0 +1,7 @@ +# Work around a bug in the obsolete init-select package which broke +# grub-mkconfig when init-select was removed but not purged. This file does +# nothing and will be removed in a later release. +# +# See: +# https://bugs.debian.org/858528 +# https://bugs.debian.org/863801 diff --git a/etc/default/grub.ucf-dist b/etc/default/grub.ucf-dist new file mode 100644 index 0000000..583a341 --- /dev/null +++ b/etc/default/grub.ucf-dist @@ -0,0 +1,33 @@ +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. +# For full documentation of the options in this file, see: +# info -f grub -n 'Simple configuration' + +GRUB_DEFAULT=0 +GRUB_TIMEOUT_STYLE=hidden +GRUB_TIMEOUT=0 +GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity" +GRUB_CMDLINE_LINUX="" + +# Uncomment to enable BadRAM filtering, modify to suit your needs +# This works with Linux (no patch required) and with any kernel that obtains +# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) +#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +#GRUB_GFXMODE=640x480 + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY="true" + +# Uncomment to get a beep at grub start +#GRUB_INIT_TUNE="480 440 1" diff --git a/etc/default/intel-microcode b/etc/default/intel-microcode new file mode 100644 index 0000000..b958464 --- /dev/null +++ b/etc/default/intel-microcode @@ -0,0 +1,26 @@ +# Configuration script for intel-microcode version 3 + +# +# initramfs helper +# + +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "auto" to use early initramfs mode automatically (default); +# Set this to "early" to always attempt to create an early initramfs; +#IUCODE_TOOL_INITRAMFS=auto + +# Set this to "yes" (default) to use "iucode_tool --scan-system" to reduce +# the initramfs size bloat, by detecting which Intel processors are active +# in this system, and installing only their microcodes. +# +# Set this to "no" to either include all microcodes, or only the microcodes +# selected through the use of IUCODE_TOOL_EXTRA_OPTIONS below. +# +# WARNING: including all microcodes will increase initramfs size greatly. +# This can cause boot issues if the initramfs is already large. +#IUCODE_TOOL_SCANCPUS=yes + +# Extra options to pass to iucode_tool, useful to forbid or to +# force the inclusion of microcode for specific processor signatures. +# See iucode_tool(8) for details. +#IUCODE_TOOL_EXTRA_OPTIONS="" diff --git a/etc/default/irqbalance b/etc/default/irqbalance new file mode 100644 index 0000000..bd87e3d --- /dev/null +++ b/etc/default/irqbalance @@ -0,0 +1,26 @@ +# irqbalance is a daemon process that distributes interrupts across +# CPUS on SMP systems. The default is to rebalance once every 10 +# seconds. This is the environment file that is specified to systemd via the +# EnvironmentFile key in the service unit file (or via whatever method the init +# system you're using has. +# +# ONESHOT=yes +# after starting, wait for a minute, then look at the interrupt +# load and balance it once; after balancing exit and do not change +# it again. +#IRQBALANCE_ONESHOT= + +# +# IRQBALANCE_BANNED_CPUS +# 64 bit bitmask which allows you to indicate which cpu's should +# be skipped when reblancing irqs. Cpu numbers which have their +# corresponding bits set to one in this mask will not have any +# irq's assigned to them on rebalance +# +#IRQBALANCE_BANNED_CPUS= + +# +# IRQBALANCE_ARGS +# append any args here to the irqbalance daemon as documented in the man page +# +#IRQBALANCE_ARGS= diff --git a/etc/default/keyboard b/etc/default/keyboard new file mode 100644 index 0000000..3fecbcc --- /dev/null +++ b/etc/default/keyboard @@ -0,0 +1,10 @@ +# KEYBOARD CONFIGURATION FILE + +# Consult the keyboard(5) manual page. + +XKBMODEL="pc105" +XKBLAYOUT="us" +XKBVARIANT="" +XKBOPTIONS="" + +BACKSPACE="guess" diff --git a/etc/default/locale b/etc/default/locale new file mode 100644 index 0000000..01ec548 --- /dev/null +++ b/etc/default/locale @@ -0,0 +1 @@ +LANG=en_US.UTF-8 diff --git a/etc/default/mdadm b/etc/default/mdadm new file mode 100644 index 0000000..7bec463 --- /dev/null +++ b/etc/default/mdadm @@ -0,0 +1,30 @@ +# mdadm Debian configuration +# +# You can run 'dpkg-reconfigure mdadm' to modify the values in this file, if +# you want. You can also change the values here and changes will be preserved. +# Do note that only the values are preserved; the rest of the file is +# rewritten. +# + +# AUTOCHECK: +# should mdadm run periodic redundancy checks over your arrays? See +# /etc/cron.d/mdadm. +AUTOCHECK=true + +# AUTOSCAN: +# should mdadm check once a day for degraded arrays? See +# /etc/cron.daily/mdadm. +AUTOSCAN=true + +# START_DAEMON: +# should mdadm start the MD monitoring daemon during boot? +START_DAEMON=true + +# DAEMON_OPTIONS: +# additional options to pass to the daemon. +DAEMON_OPTIONS="--syslog" + +# VERBOSE: +# if this variable is set to true, mdadm will be a little more verbose e.g. +# when creating the initramfs. +VERBOSE=false diff --git a/etc/default/motd-news b/etc/default/motd-news new file mode 100644 index 0000000..eefe29c --- /dev/null +++ b/etc/default/motd-news @@ -0,0 +1,19 @@ +# Enable/disable the dynamic MOTD news service +# This is a useful way to provide dynamic, informative +# information pertinent to the users and administrators +# of the local system +ENABLED=0 + +# Configure the source of dynamic MOTD news +# White space separated list of 0 to many news services +# For security reasons, these must be https +# and have a valid certificate +# Canonical runs a service at motd.ubuntu.com, and you +# can easily run one too +URLS="https://motd.ubuntu.com" + +# Specify the time in seconds, you're willing to wait for +# dynamic MOTD news +# Note that news messages are fetched in the background by +# a systemd timer, so this should never block boot or login +WAIT=5 diff --git a/etc/default/networkd-dispatcher b/etc/default/networkd-dispatcher new file mode 100644 index 0000000..bc9854c --- /dev/null +++ b/etc/default/networkd-dispatcher @@ -0,0 +1,3 @@ +# Specify command line options here. This config file is used +# by the included systemd service file. +networkd_dispatcher_args="--run-startup-triggers" diff --git a/etc/default/nginx b/etc/default/nginx new file mode 100644 index 0000000..09b8fd0 --- /dev/null +++ b/etc/default/nginx @@ -0,0 +1,10 @@ +# Note: You may want to look at the following page before setting the ULIMIT. +# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile +# Set the ulimit variable if you need defaults to change. +# Example: ULIMIT="-n 4096" +#ULIMIT="-n 4096" + +# Define the stop schedule for nginx +# see the start-stop-daemon --retry documentation for more information +# +#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5" diff --git a/etc/default/nss b/etc/default/nss new file mode 100644 index 0000000..c43e88b --- /dev/null +++ b/etc/default/nss @@ -0,0 +1,37 @@ +# /etc/default/nss +# This file can theoretically contain a bunch of customization variables +# for Name Service Switch in the GNU C library. For now there are only +# four variables: +# +# NETID_AUTHORITATIVE +# If set to TRUE, the initgroups() function will accept the information +# from the netid.byname NIS map as authoritative. This can speed up the +# function significantly if the group.byname map is large. The content +# of the netid.byname map is used AS IS. The system administrator has +# to make sure it is correctly generated. +#NETID_AUTHORITATIVE=TRUE +# +# SERVICES_AUTHORITATIVE +# If set to TRUE, the getservbyname{,_r}() function will assume +# services.byservicename NIS map exists and is authoritative, particularly +# that it contains both keys with /proto and without /proto for both +# primary service names and service aliases. The system administrator +# has to make sure it is correctly generated. +#SERVICES_AUTHORITATIVE=TRUE +# +# SETENT_BATCH_READ +# If set to TRUE, various setXXent() functions will read the entire +# database at once and then hand out the requests one by one from +# memory with every getXXent() call. Otherwise each getXXent() call +# might result into a network communication with the server to get +# the next entry. +#SETENT_BATCH_READ=TRUE +# +# ADJUNCT_AS_SHADOW +# If set to TRUE, the passwd routines in the NIS NSS module will not +# use the passwd.adjunct.byname tables to fill in the password data +# in the passwd structure. This is a security problem if the NIS +# server cannot be trusted to send the passwd.adjuct table only to +# privileged clients. Instead the passwd.adjunct.byname table is +# used to synthesize the shadow.byname table if it does not exist. +ADJUNCT_AS_SHADOW=TRUE diff --git a/etc/default/open-iscsi b/etc/default/open-iscsi new file mode 100644 index 0000000..8cb4e2f --- /dev/null +++ b/etc/default/open-iscsi @@ -0,0 +1,67 @@ +# List of LVMed iSCSI Volume Groups. +# Multiple Volume Groups can be specified with spaces +# +# This list defines the Volume Groups that should be activated at boot +# after iSCSI has been activated. If you use dynamic activation of LVM +# volumes (lvmetad), you can (and should) leave this empty. +# +# On shutdown, this setting typically has no effect, since open-iscsi +# tries to determine all active VGs on iSCSI and deactivate them. +# However, if you have a really complicated stacking setup that isn't +# automatically detected, volume groups defined here will also be +# deactivated. +# +# To see whether open-iscsi is able to properly detect your setup for +# shutdown, execute the following on a running system: +# /lib/open-iscsi/umountiscsi.sh --dry-run +# This will tell you what steps will betaken at shutdown before logging +# out of the iSCSI session. +LVMGROUPS="" + + +# Handle _netdev devices +# You can specify your iSCSI (LVMed or Multipathed or DM Encrypted) +# devices with the _netdev mount option and open-iscsi will treat them +# accordingly. +# +# Note: however, handling _netdev devices comes with the caveat that +# other _netdev mounts, like an NFS share, also get pulled in with it. +# +# If this option is set to 0, no iSCSI mounts in /etc/fstab will be +# automatically mounted on systems running sysvinit. This setting is +# not necessary when using systemd as init system (Debian's default). +HANDLE_NETDEV=1 + + +# Additional mounts to exclude at shutdown. +# +# If you have additional mounts on iSCSI that shouldn't be umounted at +# shutdown by open-iscsi (by default, open-iscsi excludes / and on +# systemd systems als /usr), place them here. iSCSI sessions that carry +# these mounts will also be kept open. +# +# If any of these mountpoints contain spaces, please use the same +# escaping as in /etc/fstab, i.e. replace the spaces with \040. +EXCLUDE_MOUNTS_AT_SHUTDOWN="" + + + +# Don't logout from ANY iSCSI session on shutdown +# +# When shutting down, if the root filesystem is on iSCSI, open-iscsi +# tries to determine which sessions are still required for the root +# filesystem. By default, the host will still logout from all other +# sessions. +# +# If you are running a very complicated setup of your root filesystem +# (multiple mapping levels stacked on top of each other), it may be the +# case that the autodetection logic doesn't work propery. You may then +# enable this setting to keep around all iSCSI sessions. +# +# Note that /etc/iscsi/iscsi.initramfs must exist for this option to +# have any effect at all. +# +# This was the default behavior in previous versions of this package +# up to the version that shipped with Debian 8 (Jessie). +# +ISCSI_ROOT_KEEP_ALL_SESSIONS_AT_SHUTDOWN=0 diff --git a/etc/default/pollinate b/etc/default/pollinate new file mode 100644 index 0000000..6b70433 --- /dev/null +++ b/etc/default/pollinate @@ -0,0 +1,10 @@ +# These the options that are used by pollinate(1) by default. +# Note that any option here can be overriden on the command line +# at invocation time. Please see pollinate(1) for documentation. +BINARY=1 +QUIET=0 +WAIT=10 +DEVICE="/dev/urandom" +SERVER="https://entropy.ubuntu.com/" +POOL="" +CURL_OPTS="--cacert /etc/pollinate/entropy.ubuntu.com.pem --capath /dev/null" diff --git a/etc/default/rsync b/etc/default/rsync new file mode 100644 index 0000000..424b1c0 --- /dev/null +++ b/etc/default/rsync @@ -0,0 +1,47 @@ +# defaults file for rsync daemon mode +# +# This file is only used for init.d based systems! +# If this system uses systemd, you can specify options etc. for rsync +# in daemon mode by copying /lib/systemd/system/rsync.service to +# /etc/systemd/system/rsync.service and modifying the copy; add required +# options to the ExecStart line. + +# start rsync in daemon mode from init.d script? +# only allowed values are "true", "false", and "inetd" +# Use "inetd" if you want to start the rsyncd from inetd, +# all this does is prevent the init.d script from printing a message +# about not starting rsyncd (you still need to modify inetd's config yourself). +RSYNC_ENABLE=false + +# which file should be used as the configuration file for rsync. +# This file is used instead of the default /etc/rsyncd.conf +# Warning: This option has no effect if the daemon is accessed +# using a remote shell. When using a different file for +# rsync you might want to symlink /etc/rsyncd.conf to +# that file. +# RSYNC_CONFIG_FILE= + +# what extra options to give rsync --daemon? +# that excludes the --daemon; that's always done in the init.d script +# Possibilities are: +# --address=123.45.67.89 (bind to a specific IP address) +# --port=8730 (bind to specified port; default 873) +RSYNC_OPTS='' + +# run rsyncd at a nice level? +# the rsync daemon can impact performance due to much I/O and CPU usage, +# so you may want to run it at a nicer priority than the default priority. +# Allowed values are 0 - 19 inclusive; 10 is a reasonable value. +RSYNC_NICE='' + +# run rsyncd with ionice? +# "ionice" does for IO load what "nice" does for CPU load. +# As rsync is often used for backups which aren't all that time-critical, +# reducing the rsync IO priority will benefit the rest of the system. +# See the manpage for ionice for allowed options. +# -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment +# the next line to activate this. +# RSYNC_IONICE='-c3' + +# Don't forget to create an appropriate config file, +# else the daemon will not start. diff --git a/etc/default/smartmontools b/etc/default/smartmontools new file mode 100644 index 0000000..6a8a6e2 --- /dev/null +++ b/etc/default/smartmontools @@ -0,0 +1,9 @@ +# Defaults for smartmontools initscript (/etc/init.d/smartmontools) +# This is a POSIX shell fragment + +# List of devices you want to explicitly enable S.M.A.R.T. for +# Not needed (and not recommended) if the device is monitored by smartd +#enable_smart="/dev/hda /dev/hdb" + +# uncomment to pass additional options to smartd on startup +#smartd_opts="--interval=1800" diff --git a/etc/default/ssh b/etc/default/ssh new file mode 100644 index 0000000..3040422 --- /dev/null +++ b/etc/default/ssh @@ -0,0 +1,5 @@ +# Default settings for openssh-server. This file is sourced by /bin/sh from +# /etc/init.d/ssh. + +# Options to pass to sshd +SSHD_OPTS= diff --git a/etc/default/sysstat b/etc/default/sysstat new file mode 100644 index 0000000..dfeb7e0 --- /dev/null +++ b/etc/default/sysstat @@ -0,0 +1,10 @@ +# +# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat +# and /etc/cron.daily/sysstat files +# + +# Should sadc collect system activity informations? Valid values +# are "true" and "false". Please do not put other values, they +# will be overwritten by debconf! +ENABLED="false" + diff --git a/etc/default/ufw b/etc/default/ufw new file mode 100644 index 0000000..7989f4b --- /dev/null +++ b/etc/default/ufw @@ -0,0 +1,47 @@ +# /etc/default/ufw +# + +# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback +# accepted). You will need to 'disable' and then 'enable' the firewall for +# the changes to take affect. +IPV6=yes + +# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_INPUT_POLICY="DROP" + +# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_OUTPUT_POLICY="ACCEPT" + +# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that +# if you change this you will most likely want to adjust your rules +DEFAULT_FORWARD_POLICY="DROP" + +# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please +# note that setting this to ACCEPT may be a security risk. See 'man ufw' for +# details +DEFAULT_APPLICATION_POLICY="SKIP" + +# By default, ufw only touches its own chains. Set this to 'yes' to have ufw +# manage the built-in chains too. Warning: setting this to 'yes' will break +# non-ufw managed firewall rules +MANAGE_BUILTINS=no + +# +# IPT backend +# +# only enable if using iptables backend +IPT_SYSCTL=/etc/ufw/sysctl.conf + +# Extra connection tracking modules to load. IPT_MODULES should typically be +# empty for new installations and modules added only as needed. See +# 'CONNECTION HELPERS' from 'man ufw-framework' for details. Complete list can +# be found in net/netfilter/Kconfig of your kernel source. Some common modules: +# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support +# nf_conntrack_netbios_ns: NetBIOS (samba) client support +# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT +# nf_conntrack_ftp, nf_nat_ftp: active FTP support +# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) +# nf_conntrack_sane: sane support +IPT_MODULES="" diff --git a/etc/default/useradd b/etc/default/useradd new file mode 100644 index 0000000..e32955a --- /dev/null +++ b/etc/default/useradd @@ -0,0 +1,37 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DSHELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/sh +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +# GROUP=100 +# +# The default home directory. Same as DHOME for adduser +# HOME=/home +# +# The number of days after a password expires until the account +# is permanently disabled +# INACTIVE=-1 +# +# The default expire date +# EXPIRE= +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes + diff --git a/etc/deluser.conf b/etc/deluser.conf new file mode 100644 index 0000000..fff8d81 --- /dev/null +++ b/etc/deluser.conf @@ -0,0 +1,20 @@ +# /etc/deluser.conf: `deluser' configuration. + +# Remove home directory and mail spool when user is removed +REMOVE_HOME = 0 + +# Remove all files on the system owned by the user to be removed +REMOVE_ALL_FILES = 0 + +# Backup files before removing them. This options has only an effect if +# REMOVE_HOME or REMOVE_ALL_FILES is set. +BACKUP = 0 + +# target directory for the backup file +BACKUP_TO = "." + +# delete a group even there are still users in this group +ONLY_IF_EMPTY = 0 + +# exclude these filesystem types when searching for files of a user to backup +EXCLUDE_FSTYPES = "(proc|sysfs|usbfs|devpts|tmpfs|afs)" diff --git a/etc/depmod.d/ubuntu.conf b/etc/depmod.d/ubuntu.conf new file mode 100644 index 0000000..6b1a01d --- /dev/null +++ b/etc/depmod.d/ubuntu.conf @@ -0,0 +1 @@ +search updates ubuntu built-in diff --git a/etc/dhcp/debug b/etc/dhcp/debug new file mode 100644 index 0000000..593e7df --- /dev/null +++ b/etc/dhcp/debug @@ -0,0 +1,38 @@ +# +# The purpose of this script is just to show the variables that are +# available to all the scripts in this directory. All these scripts are +# called from dhclient-script, which exports all the variables shown +# before. If you want to debug a problem with your DHCP setup you can +# enable this script and take a look at /tmp/dhclient-script.debug. + +# To enable this script set the following variable to "yes" +RUN="no" + +if [ "$RUN" = "yes" ]; then + echo "$(date): entering ${1%/*}, dumping variables." \ + >> /tmp/dhclient-script.debug + + # loop over the 4 possible prefixes: (empty), cur_, new_, old_ + for prefix in '' 'cur_' 'new_' 'old_'; do + # loop over the DHCP variables passed to dhclient-script + for basevar in reason interface medium alias_ip_address \ + ip_address host_name network_number subnet_mask \ + broadcast_address routers static_routes \ + rfc3442_classless_static_routes \ + domain_name domain_search domain_name_servers \ + netbios_name_servers netbios_scope \ + ntp_servers \ + ip6_address ip6_prefix ip6_prefixlen \ + dhcp6_domain_search dhcp6_name_servers ; do + var="${prefix}${basevar}" + eval "content=\$$var" + + # show only variables with values set + if [ -n "${content}" ]; then + echo "$var='${content}'" >> /tmp/dhclient-script.debug + fi + done + done + + echo '--------------------------' >> /tmp/dhclient-script.debug +fi diff --git a/etc/dhcp/dhclient-enter-hooks.d/debug b/etc/dhcp/dhclient-enter-hooks.d/debug new file mode 120000 index 0000000..ee34fdc --- /dev/null +++ b/etc/dhcp/dhclient-enter-hooks.d/debug @@ -0,0 +1 @@ +../debug \ No newline at end of file diff --git a/etc/dhcp/dhclient-enter-hooks.d/resolved b/etc/dhcp/dhclient-enter-hooks.d/resolved new file mode 100755 index 0000000..870ea76 --- /dev/null +++ b/etc/dhcp/dhclient-enter-hooks.d/resolved @@ -0,0 +1,87 @@ +# +# Script fragment to make dhclient supply nameserver information to resolvconf +# + +# Tips: +# * Be careful about changing the environment since this is sourced +# * This script fragment uses bash features +# * As of isc-dhcp-client 4.2 the "reason" (for running the script) can be one of the following. +# (Listed on man page:) MEDIUM(0) PREINIT(0) BOUND(M) RENEW(M) REBIND(M) REBOOT(M) EXPIRE(D) FAIL(D) RELEASE(D) STOP(D) NBI(-) TIMEOUT(M) +# (Also used in master script:) ARPCHECK(0), ARPSEND(0) +# (Also used in master script:) PREINIT6(0) BOUND6(M) RENEW6(M) REBIND6(M) DEPREF6(0) EXPIRE6(D) RELEASE6(D) STOP6(D) +# (0) = master script does not run make_resolv_conf +# (M) = master script runs make_resolv_conf +# (D) = master script downs interface +# (-) = master script does nothing with this + +if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then + # For safety, first undefine the nasty default make_resolv_conf() + make_resolv_conf() { : ; } + case "$reason" in + BOUND|RENEW|REBIND|REBOOT|TIMEOUT|BOUND6|RENEW6|REBIND6) + # Define a resolvconf-compatible m_r_c() function + # It gets run later (or, in the TIMEOUT case, MAY get run later) + make_resolv_conf() { + local statedir + if [ ! "$interface" ] ; then + return + fi + statedir="/run/systemd/resolved.conf.d" + mkdir -p $statedir + + oldstate="$(mktemp)" + md5sum $statedir/isc-dhcp-v4-$interface.conf $statedir/isc-dhcp-v6-$interface.conf > $oldstate 2> /dev/null + if [ -n "$new_domain_name_servers" ] ; then + cat <$statedir/isc-dhcp-v4-$interface.conf +[Resolve] +DNS=$new_domain_name_servers +EOF + if [ -n "$new_domain_name" ] || [ -n "$new_domain_search" ] ; then + cat <>$statedir/isc-dhcp-v4-$interface.conf +Domains=$new_domain_search $new_domain_name +EOF + fi + fi + if [ -n "$new_dhcp6_name_servers" ] ; then + cat <$statedir/isc-dhcp-v6-$interface.conf +[Resolve] +DNS=$new_dhcp6_name_servers +EOF + if [ -n "$new_dhcp6_domain_search" ] ; then + cat <>$statedir/isc-dhcp-v6-$interface.conf +Domains=$new_dhcp6_domain_search +EOF + fi + fi + + newstate="$(mktemp)" + md5sum $statedir/isc-dhcp-v4-$interface.conf $statedir/isc-dhcp-v6-$interface.conf > $newstate 2> /dev/null + if ! cmp --quiet $oldstate $newstate; then + # We need to reset-failed to reset the start limit counter, + # in case we're processing more than StartLimitBurst interfaces + # LP: #1939255 + systemctl reset-failed systemd-resolved.service + systemctl try-reload-or-restart systemd-resolved.service + fi + + rm $oldstate + rm $newstate + } + ;; + + EXPIRE|FAIL|RELEASE|STOP) + if [ ! "$interface" ] ; then + return + fi + rm -f /run/systemd/resolved.conf.d/isc-dhcp-v4-$interface.conf + systemctl try-reload-or-restart systemd-resolved.service + ;; + EXPIRE6|RELEASE6|STOP6) + if [ ! "$interface" ] ; then + return + fi + rm -f /run/systemd/resolved.conf.d/isc-dhcp-v6-$interface.conf + systemctl try-reload-or-restart systemd-resolved.service + ;; + esac +fi diff --git a/etc/dhcp/dhclient-exit-hooks.d/debug b/etc/dhcp/dhclient-exit-hooks.d/debug new file mode 120000 index 0000000..ee34fdc --- /dev/null +++ b/etc/dhcp/dhclient-exit-hooks.d/debug @@ -0,0 +1 @@ +../debug \ No newline at end of file diff --git a/etc/dhcp/dhclient-exit-hooks.d/hook-dhclient b/etc/dhcp/dhclient-exit-hooks.d/hook-dhclient new file mode 100755 index 0000000..02122f3 --- /dev/null +++ b/etc/dhcp/dhclient-exit-hooks.d/hook-dhclient @@ -0,0 +1,27 @@ +#!/bin/sh +# This file is part of cloud-init. See LICENSE file for license information. + +# This script writes DHCP lease information into the cloud-init run directory +# It is sourced, not executed. For more information see dhclient-script(8). + +is_azure() { + local dmi_path="/sys/class/dmi/id/board_vendor" vendor="" + if [ -e "$dmi_path" ] && read vendor < "$dmi_path"; then + [ "$vendor" = "Microsoft Corporation" ] && return 0 + fi + return 1 +} + +is_enabled() { + # only execute hooks if cloud-init is enabled and on azure + [ -e /run/cloud-init/enabled ] || return 1 + is_azure +} + +if is_enabled; then + case "$reason" in + BOUND) cloud-init dhclient-hook up "$interface";; + DOWN|RELEASE|REBOOT|STOP|EXPIRE) + cloud-init dhclient-hook down "$interface";; + esac +fi diff --git a/etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes b/etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes new file mode 100644 index 0000000..1ef7b8a --- /dev/null +++ b/etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes @@ -0,0 +1,78 @@ +# set classless routes based on the format specified in RFC3442 +# e.g.: +# new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41' +# specifies the routes: +# 192.168.10.0/24 via 192.168.1.1 +# 10.0.0.0/8 via 10.10.17.66.41 + +RUN="yes" + + +if [ "$RUN" = "yes" ]; then + if [ -n "$new_rfc3442_classless_static_routes" ]; then + if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then + + set -- $new_rfc3442_classless_static_routes + + while [ $# -gt 0 ]; do + net_length=$1 + via_arg='' + + case $net_length in + 32|31|30|29|28|27|26|25) + if [ $# -lt 9 ]; then + return 1 + fi + net_address="${2}.${3}.${4}.${5}" + gateway="${6}.${7}.${8}.${9}" + shift 9 + ;; + 24|23|22|21|20|19|18|17) + if [ $# -lt 8 ]; then + return 1 + fi + net_address="${2}.${3}.${4}.0" + gateway="${5}.${6}.${7}.${8}" + shift 8 + ;; + 16|15|14|13|12|11|10|9) + if [ $# -lt 7 ]; then + return 1 + fi + net_address="${2}.${3}.0.0" + gateway="${4}.${5}.${6}.${7}" + shift 7 + ;; + 8|7|6|5|4|3|2|1) + if [ $# -lt 6 ]; then + return 1 + fi + net_address="${2}.0.0.0" + gateway="${3}.${4}.${5}.${6}" + shift 6 + ;; + 0) # default route + if [ $# -lt 5 ]; then + return 1 + fi + net_address="0.0.0.0" + gateway="${2}.${3}.${4}.${5}" + shift 5 + ;; + *) # error + return 1 + ;; + esac + + # take care of link-local routes + if [ "${gateway}" != '0.0.0.0' ]; then + via_arg="via ${gateway}" + fi + + # set route (ip detects host routes automatically) + ip -4 route add "${net_address}/${net_length}" \ + ${via_arg} dev "${interface}" >/dev/null 2>&1 + done + fi + fi +fi diff --git a/etc/dhcp/dhclient-exit-hooks.d/timesyncd b/etc/dhcp/dhclient-exit-hooks.d/timesyncd new file mode 100644 index 0000000..3cde992 --- /dev/null +++ b/etc/dhcp/dhclient-exit-hooks.d/timesyncd @@ -0,0 +1,42 @@ +TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf + +timesyncd_servers_setup_remove() { + if [ -e $TIMESYNCD_CONF ]; then + rm -f $TIMESYNCD_CONF + systemctl try-restart systemd-timesyncd.service || true + fi +} + +timesyncd_servers_setup_add() { + if [ ! -d /run/systemd/system ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then + return + fi + + if [ -z "$new_ntp_servers" ]; then + timesyncd_servers_setup_remove + return + fi + + mkdir -p $(dirname $TIMESYNCD_CONF) + cat < ${TIMESYNCD_CONF}.new +# NTP server entries received from DHCP server +[Time] +NTP=$new_ntp_servers +EOF + mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF} + systemctl try-restart systemd-timesyncd.service || true +} + + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + timesyncd_servers_setup_add + ;; + EXPIRE|FAIL|RELEASE|STOP) + timesyncd_servers_setup_remove + ;; +esac diff --git a/etc/dhcp/dhclient.conf b/etc/dhcp/dhclient.conf new file mode 100644 index 0000000..1e4ec62 --- /dev/null +++ b/etc/dhcp/dhclient.conf @@ -0,0 +1,54 @@ +# Configuration file for /sbin/dhclient. +# +# This is a sample configuration file for dhclient. See dhclient.conf's +# man page for more information about the syntax of this file +# and a more comprehensive list of the parameters understood by +# dhclient. +# +# Normally, if the DHCP server provides reasonable information and does +# not leave anything out (like the domain name, for example), then +# few changes must be made to this file, if any. +# + +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +send host-name = gethostname(); +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, domain-search, host-name, + dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, + netbios-name-servers, netbios-scope, interface-mtu, + rfc3442-classless-static-routes, ntp-servers; + +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +#send dhcp-lease-time 3600; +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +#require subnet-mask, domain-name-servers; +timeout 300; +#retry 60; +#reboot 10; +#select-timeout 5; +#initial-interval 2; +#script "/sbin/dhclient-script"; +#media "-link0 -link1 -link2", "link0 link1"; +#reject 192.33.137.209; + +#alias { +# interface "eth0"; +# fixed-address 192.5.5.213; +# option subnet-mask 255.255.255.255; +#} + +#lease { +# interface "eth0"; +# fixed-address 192.33.137.200; +# medium "link0 link1"; +# option host-name "andare.swiftmedia.com"; +# option subnet-mask 255.255.255.0; +# option broadcast-address 192.33.137.255; +# option routers 192.33.137.250; +# option domain-name-servers 127.0.0.1; +# renew 2 2000/1/12 00:00:01; +# rebind 2 2000/1/12 00:00:01; +# expire 2 2000/1/12 00:00:01; +#} diff --git a/etc/dpkg/dpkg.cfg b/etc/dpkg/dpkg.cfg new file mode 100644 index 0000000..ba898ee --- /dev/null +++ b/etc/dpkg/dpkg.cfg @@ -0,0 +1,13 @@ +# dpkg configuration file +# +# This file can contain default options for dpkg. All command-line +# options are allowed. Values can be specified by putting them after +# the option, separated by whitespace and/or an `=' sign. +# + +# Do not enable debsig-verify by default; since the distribution is not using +# embedded signatures, debsig-verify would reject all packages. +no-debsig + +# Log status changes and actions to a file. +log /var/log/dpkg.log diff --git a/etc/dpkg/dpkg.cfg.d/pkg-config-hook-config b/etc/dpkg/dpkg.cfg.d/pkg-config-hook-config new file mode 100644 index 0000000..b230b27 --- /dev/null +++ b/etc/dpkg/dpkg.cfg.d/pkg-config-hook-config @@ -0,0 +1 @@ +post-invoke=if { test "$DPKG_HOOK_ACTION" = add-architecture || test "$DPKG_HOOK_ACTION" = remove-architecture; } && test -x /usr/share/pkg-config-dpkghook; then /usr/share/pkg-config-dpkghook update; fi diff --git a/etc/dpkg/origins/debian b/etc/dpkg/origins/debian new file mode 100644 index 0000000..91f6ed1 --- /dev/null +++ b/etc/dpkg/origins/debian @@ -0,0 +1,3 @@ +Vendor: Debian +Vendor-URL: http://www.debian.org/ +Bugs: debbugs://bugs.debian.org diff --git a/etc/dpkg/origins/default b/etc/dpkg/origins/default new file mode 120000 index 0000000..7d13753 --- /dev/null +++ b/etc/dpkg/origins/default @@ -0,0 +1 @@ +ubuntu \ No newline at end of file diff --git a/etc/dpkg/origins/ubuntu b/etc/dpkg/origins/ubuntu new file mode 100644 index 0000000..7cc3ce2 --- /dev/null +++ b/etc/dpkg/origins/ubuntu @@ -0,0 +1,4 @@ +Vendor: Ubuntu +Vendor-URL: http://www.ubuntu.com/ +Bugs: https://bugs.launchpad.net/ubuntu/+filebug +Parent: Debian diff --git a/etc/dpkg/shlibs.default b/etc/dpkg/shlibs.default new file mode 100644 index 0000000..661a889 --- /dev/null +++ b/etc/dpkg/shlibs.default @@ -0,0 +1,7 @@ +# dpkg shlibs defaults file +# +# This file contains shlibs entries that are used as a last resort when +# no matching entries are found elsewhere. For more information see the +# dpkg-shlibdeps(1) manual page. +# +# diff --git a/etc/dpkg/shlibs.override b/etc/dpkg/shlibs.override new file mode 100644 index 0000000..fbdb68d --- /dev/null +++ b/etc/dpkg/shlibs.override @@ -0,0 +1,8 @@ +# dpkg shlibs override file +# +# Entries in this file will override all others, only use if you +# are really sure that is what you want! +# +# For more information see the dpkg-shlibdeps(1) manual page. +# +# diff --git a/etc/e2scrub.conf b/etc/e2scrub.conf new file mode 100644 index 0000000..661fc13 --- /dev/null +++ b/etc/e2scrub.conf @@ -0,0 +1,25 @@ +# e2scrub configuration file + +# Uncomment to enable automatic periodic runs of e2scrub_all +# (either via cron or via a systemd timer) +# periodic_e2scrub=1 + +# e-mail destination used by e2scrub_fail when problems are found with +# the file system. +# recipient=root + +# e-mail sender used by e2scrub_fail when problems are found with +# the file system. +# sender=e2scrub@host.domain.name + +# Snapshots will be created to run fsck; the snapshot will be of this size. +# snap_size_mb=256 + +# Set this to 1 to enable fstrim for everyone. +# fstrim=0 + +# Arguments passed into e2fsck. +# e2fsck_opts="-vtt" + +# Set this to 1 to have e2scrub_all scrub all LVs, not just the mounted ones. +# scrub_all=0 diff --git a/etc/environment b/etc/environment new file mode 100644 index 0000000..a565d9d --- /dev/null +++ b/etc/environment @@ -0,0 +1 @@ +PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" diff --git a/etc/ethertypes b/etc/ethertypes new file mode 100644 index 0000000..caa9f56 --- /dev/null +++ b/etc/ethertypes @@ -0,0 +1,45 @@ +# Ethernet frame types +# +# The EtherType is a two-octet field of Ethernet frames used to indicate +# which protocol is contained in their payload. +# +# More entries, mostly historical, can be found on: +# https://www.iana.org/assignments/ieee-802-numbers/ +# http://standards-oui.ieee.org/ethertype/eth.txt +# +# ... # Comment +# +IPv4 0800 ip ip4 # IP (IPv4) +X25 0805 +ARP 0806 ether-arp # Address Resolution Protocol +FR_ARP 0808 # Frame Relay ARP [RFC1701] +BPQ 08FF # G8BPQ AX.25 over Ethernet +TRILL 22F3 # TRILL [RFC6325] +L2-IS-IS 22F4 # TRILL IS-IS [RFC6325] +TEB 6558 # Transparent Ethernet Bridging [RFC1701] +RAW_FR 6559 # Raw Frame Relay [RFC1701] +RARP 8035 # Reverse ARP [RFC903] +ATALK 809B # Appletalk +AARP 80F3 # Appletalk Address Resolution Protocol +802_1Q 8100 8021q 1q 802.1q dot1q # VLAN tagged frame [802.1q] +IPX 8137 # Novell IPX +NetBEUI 8191 # NetBEUI +IPv6 86DD ip6 # IP version 6 +PPP 880B # Point-to-Point Protocol +MPLS 8847 # MPLS [RFC5332] +MPLS_MULTI 8848 # MPLS with upstream-assigned label [RFC5332] +ATMMPOA 884C # MultiProtocol over ATM +PPP_DISC 8863 # PPP over Ethernet discovery stage +PPP_SES 8864 # PPP over Ethernet session stage +ATMFATE 8884 # Frame-based ATM Transport over Ethernet +EAPOL 888E # EAP over LAN [802.1x] +S-TAG 88A8 # QinQ Service VLAN tag identifier [802.1q] +EAP_PREAUTH 88C7 # EAPOL Pre-Authentication [802.11i] +LLDP 88CC # Link Layer Discovery Protocol [802.1ab] +MACSEC 88E5 # Media Access Control Security [802.1ae] +PBB 88E7 macinmac # Provider Backbone Bridging [802.1ah] +MVRP 88F5 # Multiple VLAN Registration Protocol [802.1q] +PTP 88F7 # Precision Time Protocol +FCOE 8906 # Fibre Channel over Ethernet +FIP 8914 # FCoE Initialization Protocol +ROCE 8915 # RDMA over Converged Ethernet diff --git a/etc/fonts/conf.avail/10-antialias.conf b/etc/fonts/conf.avail/10-antialias.conf new file mode 100644 index 0000000..913d117 --- /dev/null +++ b/etc/fonts/conf.avail/10-antialias.conf @@ -0,0 +1,8 @@ + + + + + + true + + diff --git a/etc/fonts/conf.avail/10-autohint.conf b/etc/fonts/conf.avail/10-autohint.conf new file mode 100644 index 0000000..50ec3b4 --- /dev/null +++ b/etc/fonts/conf.avail/10-autohint.conf @@ -0,0 +1,19 @@ + + + + + + + + Enable autohinter + + + + true + + diff --git a/etc/fonts/conf.avail/10-hinting-full.conf b/etc/fonts/conf.avail/10-hinting-full.conf new file mode 100644 index 0000000..aff7976 --- /dev/null +++ b/etc/fonts/conf.avail/10-hinting-full.conf @@ -0,0 +1,19 @@ + + + + + + + + Set hintfull to hintstyle + + + + hintfull + + diff --git a/etc/fonts/conf.avail/10-hinting-medium.conf b/etc/fonts/conf.avail/10-hinting-medium.conf new file mode 100644 index 0000000..1d49f3a --- /dev/null +++ b/etc/fonts/conf.avail/10-hinting-medium.conf @@ -0,0 +1,19 @@ + + + + + + + + Set hintmedium to hintstyle + + + + hintmedium + + diff --git a/etc/fonts/conf.avail/10-hinting-none.conf b/etc/fonts/conf.avail/10-hinting-none.conf new file mode 100644 index 0000000..a134ed8 --- /dev/null +++ b/etc/fonts/conf.avail/10-hinting-none.conf @@ -0,0 +1,19 @@ + + + + + + + + Set hintnone to hintstyle + + + + hintnone + + diff --git a/etc/fonts/conf.avail/10-hinting-slight.conf b/etc/fonts/conf.avail/10-hinting-slight.conf new file mode 100644 index 0000000..f00bcd3 --- /dev/null +++ b/etc/fonts/conf.avail/10-hinting-slight.conf @@ -0,0 +1,19 @@ + + + + + + + + Set hintslight to hintstyle + + + + hintslight + + diff --git a/etc/fonts/conf.avail/10-no-sub-pixel.conf b/etc/fonts/conf.avail/10-no-sub-pixel.conf new file mode 100644 index 0000000..4fd1776 --- /dev/null +++ b/etc/fonts/conf.avail/10-no-sub-pixel.conf @@ -0,0 +1,19 @@ + + + + + + + + Disable sub-pixel rendering + + + + none + + diff --git a/etc/fonts/conf.avail/10-scale-bitmap-fonts.conf b/etc/fonts/conf.avail/10-scale-bitmap-fonts.conf new file mode 100644 index 0000000..ebb6c7b --- /dev/null +++ b/etc/fonts/conf.avail/10-scale-bitmap-fonts.conf @@ -0,0 +1,87 @@ + + + + + + + + Bitmap scaling + + + + false + + + + pixelsize + pixelsize + + + + + + + false + + + false + + + true + + + + + pixelsizefixupfactor + 1.2 + + + pixelsizefixupfactor + 0.8 + + + + + + + true + + + 1.0 + + + + + + false + + + 1.0 + + + + matrix + + pixelsizefixupfactor 0 + 0 pixelsizefixupfactor + + + + + + size + pixelsizefixupfactor + + + + + diff --git a/etc/fonts/conf.avail/10-sub-pixel-bgr.conf b/etc/fonts/conf.avail/10-sub-pixel-bgr.conf new file mode 100644 index 0000000..241e589 --- /dev/null +++ b/etc/fonts/conf.avail/10-sub-pixel-bgr.conf @@ -0,0 +1,19 @@ + + + + + + + + Enable sub-pixel rendering with the BGR stripes layout + + + + bgr + + diff --git a/etc/fonts/conf.avail/10-sub-pixel-rgb.conf b/etc/fonts/conf.avail/10-sub-pixel-rgb.conf new file mode 100644 index 0000000..1cb103d --- /dev/null +++ b/etc/fonts/conf.avail/10-sub-pixel-rgb.conf @@ -0,0 +1,19 @@ + + + + + + + + Enable sub-pixel rendering with the RGB stripes layout + + + + rgb + + diff --git a/etc/fonts/conf.avail/10-sub-pixel-vbgr.conf b/etc/fonts/conf.avail/10-sub-pixel-vbgr.conf new file mode 100644 index 0000000..1a0690a --- /dev/null +++ b/etc/fonts/conf.avail/10-sub-pixel-vbgr.conf @@ -0,0 +1,19 @@ + + + + + + + + Enable sub-pixel rendering with the vertical BGR stripes layout + + + + vbgr + + diff --git a/etc/fonts/conf.avail/10-sub-pixel-vrgb.conf b/etc/fonts/conf.avail/10-sub-pixel-vrgb.conf new file mode 100644 index 0000000..61bc663 --- /dev/null +++ b/etc/fonts/conf.avail/10-sub-pixel-vrgb.conf @@ -0,0 +1,19 @@ + + + + + + + + Enable sub-pixel rendering with the vertical RGB stripes layout + + + + vrgb + + diff --git a/etc/fonts/conf.avail/10-unhinted.conf b/etc/fonts/conf.avail/10-unhinted.conf new file mode 100644 index 0000000..f92df0c --- /dev/null +++ b/etc/fonts/conf.avail/10-unhinted.conf @@ -0,0 +1,19 @@ + + + + + + + + Disable hinting + + + + false + + diff --git a/etc/fonts/conf.avail/11-lcdfilter-default.conf b/etc/fonts/conf.avail/11-lcdfilter-default.conf new file mode 100644 index 0000000..929caaa --- /dev/null +++ b/etc/fonts/conf.avail/11-lcdfilter-default.conf @@ -0,0 +1,21 @@ + + + + + + + + Use lcddefault as default for LCD filter + + + + + lcddefault + + + diff --git a/etc/fonts/conf.avail/11-lcdfilter-legacy.conf b/etc/fonts/conf.avail/11-lcdfilter-legacy.conf new file mode 100644 index 0000000..25c3635 --- /dev/null +++ b/etc/fonts/conf.avail/11-lcdfilter-legacy.conf @@ -0,0 +1,21 @@ + + + + + + + + Use lcdlegacy as default for LCD filter + + + + + lcdlegacy + + + diff --git a/etc/fonts/conf.avail/11-lcdfilter-light.conf b/etc/fonts/conf.avail/11-lcdfilter-light.conf new file mode 100644 index 0000000..6f1eb3d --- /dev/null +++ b/etc/fonts/conf.avail/11-lcdfilter-light.conf @@ -0,0 +1,21 @@ + + + + + + + + Use lcdlight as default for LCD filter + + + + + lcdlight + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf new file mode 100644 index 0000000..9036e83 --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu LGC Sans Mono + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans.conf new file mode 100644 index 0000000..35abebd --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-sans.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu LGC Sans + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-serif.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-serif.conf new file mode 100644 index 0000000..54486e8 --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-lgc-serif.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu LGC Serif + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-sans-mono.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-sans-mono.conf new file mode 100644 index 0000000..102dbcc --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-sans-mono.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu Sans Mono + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-sans.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-sans.conf new file mode 100644 index 0000000..ee69996 --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-sans.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu Sans + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-dejavu-serif.conf b/etc/fonts/conf.avail/20-unhint-small-dejavu-serif.conf new file mode 100644 index 0000000..cf6caa2 --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-dejavu-serif.conf @@ -0,0 +1,26 @@ + + + + + + + DejaVu Serif + + + 7.5 + + + false + + + diff --git a/etc/fonts/conf.avail/20-unhint-small-vera.conf b/etc/fonts/conf.avail/20-unhint-small-vera.conf new file mode 100644 index 0000000..7b3d7bd --- /dev/null +++ b/etc/fonts/conf.avail/20-unhint-small-vera.conf @@ -0,0 +1,53 @@ + + + + + + + + Disable hinting for Bitstream Vera fonts when the size is less than 8ppem + + + + + Bitstream Vera Sans + + + 7.5 + + + false + + + + + + Bitstream Vera Serif + + + 7.5 + + + false + + + + + + Bitstream Vera Sans Mono + + + 7.5 + + + false + + + + diff --git a/etc/fonts/conf.avail/25-unhint-nonlatin.conf b/etc/fonts/conf.avail/25-unhint-nonlatin.conf new file mode 100644 index 0000000..78cc7a3 --- /dev/null +++ b/etc/fonts/conf.avail/25-unhint-nonlatin.conf @@ -0,0 +1,132 @@ + + + + + + + + Disable hinting for CJK fonts + + + + + Kochi Mincho + + + false + + + + + Kochi Gothic + + + false + + + + + Sazanami Mincho + + + false + + + + + Sazanami Gothic + + + false + + + + + Baekmuk Batang + + + false + + + + + Baekmuk Dotum + + + false + + + + + Baekmuk Gulim + + + false + + + + + Baekmuk Headline + + + false + + + + + AR PL Mingti2L Big5 + + + false + + + + + AR PL ShanHeiSun Uni + + + false + + + + + AR PL KaitiM Big5 + + + false + + + + + AR PL ZenKai Uni + + + false + + + + + AR PL SungtiL GB + + + false + + + + + AR PL KaitiM GB + + + false + + + + + ZYSong18030 + + + false + + + + diff --git a/etc/fonts/conf.avail/30-cjk-aliases.conf b/etc/fonts/conf.avail/30-cjk-aliases.conf new file mode 100644 index 0000000..497d2bf --- /dev/null +++ b/etc/fonts/conf.avail/30-cjk-aliases.conf @@ -0,0 +1,569 @@ + + + + + + Batang + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + 바탕 + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + BatangChe + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + 바탕체 + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + Myeongjo + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + 명조 + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + MyeongjoChe + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + 명조체 + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + AR MingtiM KSC + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + Adobe 명조 Std M + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + Adobe Myeongjo Std M + + Noto Serif CJK KR + NanumMyeongjo + UnBatang + + + + Gungsuh + + Noto Serif CJK KR + UnGungseo + NanumMyeongjo + + + + 궁서 + + Noto Serif CJK KR + UnGungseo + NanumMyeongjo + + + + GungsuhChe + + Noto Serif CJK KR + UnGungseo + NanumMyeongjo + + + + 궁서체 + + Noto Serif CJK KR + UnGungseo + NanumMyeongjo + + + + Dotum + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + 돋움 + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + Gothic + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + 고딕 + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + Malgun Gothic + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + 맑은 고딕 + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + Gulim + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + 굴림 + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + AppleGothic + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + 애플고딕 + + Noto Sans CJK KR + NanumGothic + UnDotum + + + + DotumChe + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + 돋움체 + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + GothicChe + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + 고딕체 + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + GulimChe + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + 굴림체 + + Noto Sans Mono CJK KR + NanumGothicCoding + NanumGothic + + + + + MS Gothic + + Noto Sans Mono CJK JP + TakaoGothic + IPAGothic + IPAMonaGothic + VL Gothic + Sazanami Gothic + Kochi Gothic + + + + ï¼­ï¼³ ゴシック + + Noto Sans Mono CJK JP + TakaoGothic + IPAGothic + IPAMonaGothic + VL Gothic + Sazanami Gothic + Kochi Gothic + + + + MS PGothic + + Noto Sans CJK JP + IPAMonaPGothic + TakaoPGothic + IPAPGothic + VL PGothic + Sazanami Gothic + Kochi Gothic + + + + ï¼­ï¼³ Pゴシック + + Noto Sans CJK JP + IPAMonaPGothic + TakaoPGothic + IPAPGothic + VL PGothic + Sazanami Gothic + Kochi Gothic + + + + MS UIGothic + + Noto Sans CJK JP + IPAMonaPGothic + TakaoPGothic + IPAPGothic + VL PGothic + Sazanami Gothic + Kochi Gothic + + + + Meiryo UI + + Noto Sans CJK JP + IPAMonaPGothic + TakaoPGothic + IPAPGothic + VL PGothic + Sazanami Gothic + Kochi Gothic + + + + MS Mincho + + Noto Serif CJK JP + TakaoMincho + IPAMincho + IPAMonaMincho + Sazanami Mincho + Kochi Mincho + + + + ï¼­ï¼³ 明朝 + + Noto Serif CJK JP + TakaoMincho + IPAMincho + IPAMonaMincho + Sazanami Mincho + Kochi Mincho + + + + AR MinchoL JIS + + Noto Serif CJK JP + TakaoMincho + IPAMincho + IPAMonaMincho + Sazanami Mincho + Kochi Mincho + + + + MS PMincho + + Noto Serif CJK JP + IPAMonaPMincho + TakaoPMincho + IPAPMincho + Sazanami Mincho + Kochi Mincho + + + + ï¼­ï¼³ P明朝 + + Noto Serif CJK JP + IPAMonaPMincho + TakaoPMincho + IPAPMincho + Sazanami Mincho + Kochi Mincho + + + + Meiryo + + IPAexGothic + + + + メイリオ + + IPAexGothic + + + + + SimSun + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + NSimSun + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + SimSun-18030 + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + NSimSun-18030 + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + 宋体 + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + 新宋体 + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + AR MingtiM GB + + Noto Serif CJK SC + HYSong + AR PL UMing CN + + + + KaiTi + + Noto Serif CJK SC + AR PL UKai CN + AR PL ZenKai Uni + + + + 楷体 + + Noto Serif CJK SC + AR PL UKai CN + AR PL ZenKai Uni + + + + Microsoft YaHei + + Noto Sans CJK SC + WenQuanYi Micro Hei + WenQuanYi Zen Hei + + + + 微软雅黑 + + Noto Sans CJK SC + WenQuanYi Micro Hei + WenQuanYi Zen Hei + + + + + MingLiU + + Noto Serif CJK TC + AR PL UMing TW + + + + 細明體 + + Noto Serif CJK TC + AR PL UMing TW + + + + PMingLiU + + Noto Serif CJK TC + AR PL UMing TW + + + + 新細明體 + + Noto Serif CJK TC + AR PL UMing TW + + + + AR MingtiM BIG-5 + + Noto Serif CJK TC + AR PL UMing TW + + + + DFKai\-SB + + Noto Serif CJK TC + AR PL UKai TW + AR PL ZenKai Uni + + + + 標楷體 + + Noto Serif CJK TC + AR PL UKai TW + AR PL ZenKai Uni + + + + Microsoft JhengHei + + Noto Sans CJK TC + WenQuanYi Micro Hei + WenQuanYi Zen Hei + + + + 微軟正黑體 + + Noto Sans CJK TC + WenQuanYi Micro Hei + WenQuanYi Zen Hei + + + + + Ming (for ISO10646) + + AR PL UMing HK + + + + MingLiU_HKSCS + + AR PL UMing HK + + + + 細明體_HKSCS + + AR PL UMing HK + + + diff --git a/etc/fonts/conf.avail/30-metric-aliases.conf b/etc/fonts/conf.avail/30-metric-aliases.conf new file mode 100644 index 0000000..147fde6 --- /dev/null +++ b/etc/fonts/conf.avail/30-metric-aliases.conf @@ -0,0 +1,634 @@ + + + + + + + + Set substitutions for similar/metric-compatible families + + + + + + + + Nimbus Sans L + + Helvetica + + + + + Nimbus Sans + + Helvetica + + + + + TeX Gyre Heros + + Helvetica + + + + + Nimbus Sans Narrow + + Helvetica Narrow + + + + + TeX Gyre Heros Cn + + Helvetica Narrow + + + + + Nimbus Roman No9 L + + Times + + + + + Nimbus Roman + + Times + + + + + TeX Gyre Termes + + Times + + + + + Nimbus Mono L + + Courier + + + + + Nimbus Mono + + Courier + + + + + Nimbus Mono PS + + Courier + + + + + TeX Gyre Cursor + + Courier + + + + + Avant Garde + + ITC Avant Garde Gothic + + + + + URW Gothic L + + ITC Avant Garde Gothic + + + + + URW Gothic + + ITC Avant Garde Gothic + + + + + TeX Gyre Adventor + + ITC Avant Garde Gothic + + + + + Bookman + + ITC Bookman + + + + + URW Bookman L + + ITC Bookman + + + + + Bookman URW + + ITC Bookman + + + + + URW Bookman + + ITC Bookman + + + + + TeX Gyre Bonum + + ITC Bookman + + + + + Bookman Old Style + + ITC Bookman + + + + + Zapf Chancery + + ITC Zapf Chancery + + + + + URW Chancery L + + ITC Zapf Chancery + + + + + Chancery URW + + ITC Zapf Chancery + + + + + Z003 + + ITC Zapf Chancery + + + + + TeX Gyre Chorus + + ITC Zapf Chancery + + + + + URW Palladio L + + Palatino + + + + + Palladio URW + + Palatino + + + + + P052 + + Palatino + + + + + TeX Gyre Pagella + + Palatino + + + + + Palatino Linotype + + Palatino + + + + + Century Schoolbook L + + New Century Schoolbook + + + + + Century SchoolBook URW + + New Century Schoolbook + + + + + C059 + + New Century Schoolbook + + + + + TeX Gyre Schola + + New Century Schoolbook + + + + + Century Schoolbook + + New Century Schoolbook + + + + + + Arimo + + Arial + + + + + Liberation Sans + + Arial + + + + + Liberation Sans Narrow + + Arial Narrow + + + + + Albany + + Arial + + + + + Albany AMT + + Arial + + + + + Tinos + + Times New Roman + + + + + Liberation Serif + + Times New Roman + + + + + Thorndale + + Times New Roman + + + + + Thorndale AMT + + Times New Roman + + + + + Cousine + + Courier New + + + + + Liberation Mono + + Courier New + + + + + Cumberland + + Courier New + + + + + Cumberland AMT + + Courier New + + + + + Gelasio + + Georgia + + + + + Caladea + + Cambria + + + + + Carlito + + Calibri + + + + + SymbolNeu + + Symbol + + + + + + + + Helvetica + + Arial + + + + + Helvetica Narrow + + Arial Narrow + + + + + Times + + Times New Roman + + + + + Courier + + Courier New + + + + + + Arial + + Helvetica + + + + + Arial Narrow + + Helvetica Narrow + + + + + Times New Roman + + Times + + + + + Courier New + + Courier + + + + + + + + Helvetica + + TeX Gyre Heros + + + + + Helvetica Narrow + + TeX Gyre Heros Cn + + + + + Times + + TeX Gyre Termes + + + + + Courier + + TeX Gyre Cursor + + + + + ITC Avant Garde Gothic + + TeX Gyre Adventor + + + + + ITC Bookman + + Bookman Old Style + TeX Gyre Bonum + + + + + ITC Zapf Chancery + + TeX Gyre Chorus + + + + + Palatino + + Palatino Linotype + TeX Gyre Pagella + + + + + New Century Schoolbook + + Century Schoolbook + TeX Gyre Schola + + + + + + Arial + + Arimo + Liberation Sans + Albany + Albany AMT + + + + + Arial Narrow + + Liberation Sans Narrow + + + + + Times New Roman + + Tinos + Liberation Serif + Thorndale + Thorndale AMT + + + + + Courier New + + Cousine + Liberation Mono + Cumberland + Cumberland AMT + + + + + Georgia + + Gelasio + + + + + Cambria + + Caladea + + + + + Calibri + + Carlito + + + + + Symbol + + SymbolNeu + + + + diff --git a/etc/fonts/conf.avail/40-nonlatin.conf b/etc/fonts/conf.avail/40-nonlatin.conf new file mode 100644 index 0000000..a70a4ad --- /dev/null +++ b/etc/fonts/conf.avail/40-nonlatin.conf @@ -0,0 +1,244 @@ + + + + + + + + Set substitutions for non-Latin fonts + + + + + Nazli + serif + + + Lotoos + serif + + + Mitra + serif + + + Ferdosi + serif + + + Badr + serif + + + Zar + serif + + + Titr + serif + + + Jadid + serif + + + Kochi Mincho + serif + + + AR PL SungtiL GB + serif + + + AR PL Mingti2L Big5 + serif + + + ï¼­ï¼³ 明朝 + serif + + + NanumMyeongjo + serif + + + UnBatang + serif + + + Baekmuk Batang + serif + + + MgOpen Canonica + serif + + + Sazanami Mincho + serif + + + AR PL ZenKai Uni + serif + + + ZYSong18030 + serif + + + FreeSerif + serif + + + SimSun + serif + + + + Arshia + sans-serif + + + Elham + sans-serif + + + Farnaz + sans-serif + + + Nasim + sans-serif + + + Sina + sans-serif + + + Roya + sans-serif + + + Koodak + sans-serif + + + Terafik + sans-serif + + + Kochi Gothic + sans-serif + + + AR PL KaitiM GB + sans-serif + + + AR PL KaitiM Big5 + sans-serif + + + ï¼­ï¼³ ゴシック + sans-serif + + + NanumGothic + sans-serif + + + UnDotum + sans-serif + + + Baekmuk Dotum + sans-serif + + + MgOpen Moderna + sans-serif + + + MgOpen Modata + sans-serif + + + MgOpen Cosmetica + sans-serif + + + Sazanami Gothic + sans-serif + + + AR PL ShanHeiSun Uni + sans-serif + + + ZYSong18030 + sans-serif + + + FreeSans + sans-serif + + + + NSimSun + monospace + + + ZYSong18030 + monospace + + + NanumGothicCoding + monospace + + + FreeMono + monospace + + + + + Homa + fantasy + + + Kamran + fantasy + + + Fantezi + fantasy + + + Tabassom + fantasy + + + + + IranNastaliq + cursive + + + Nafees Nastaleeq + cursive + + + diff --git a/etc/fonts/conf.avail/45-generic.conf b/etc/fonts/conf.avail/45-generic.conf new file mode 100644 index 0000000..e8d1978 --- /dev/null +++ b/etc/fonts/conf.avail/45-generic.conf @@ -0,0 +1,136 @@ + + + + + + + + Set substitutions for emoji/math fonts + + + + + + + + Noto Color Emoji + emoji + + + Apple Color Emoji + emoji + + + Segoe UI Emoji + emoji + + + Twitter Color Emoji + emoji + + + EmojiOne Mozilla + emoji + + + + Emoji Two + emoji + + + Emoji One + emoji + + + + Noto Emoji + emoji + + + Android Emoji + emoji + + + + + + emoji + + + und-zsye + + + + + + und-zsye + + + emoji + + + + + emoji + + + + + + + + + XITS Math + math + + + STIX Two Math + math + + + Cambria Math + math + + + Latin Modern Math + math + + + Minion Math + math + + + Lucida Math + math + + + Asana Math + math + + + + + + math + + + und-zmth + + + + + + und-zmth + + + math + + + + + math + + + + + diff --git a/etc/fonts/conf.avail/45-latin.conf b/etc/fonts/conf.avail/45-latin.conf new file mode 100644 index 0000000..a9240b9 --- /dev/null +++ b/etc/fonts/conf.avail/45-latin.conf @@ -0,0 +1,278 @@ + + + + + + + + Set substitutions for Latin fonts + + + + + Bitstream Vera Serif + serif + + + Cambria + serif + + + Constantia + serif + + + DejaVu Serif + serif + + + Elephant + serif + + + Garamond + serif + + + Georgia + serif + + + Liberation Serif + serif + + + Luxi Serif + serif + + + MS Serif + serif + + + Nimbus Roman No9 L + serif + + + Nimbus Roman + serif + + + Palatino Linotype + serif + + + Thorndale AMT + serif + + + Thorndale + serif + + + Times New Roman + serif + + + Times + serif + + + + Albany AMT + sans-serif + + + Albany + sans-serif + + + Arial Unicode MS + sans-serif + + + Arial + sans-serif + + + Bitstream Vera Sans + sans-serif + + + Britannic + sans-serif + + + Calibri + sans-serif + + + Candara + sans-serif + + + Century Gothic + sans-serif + + + Corbel + sans-serif + + + DejaVu Sans + sans-serif + + + Helvetica + sans-serif + + + Haettenschweiler + sans-serif + + + Liberation Sans + sans-serif + + + MS Sans Serif + sans-serif + + + Nimbus Sans L + sans-serif + + + Nimbus Sans + sans-serif + + + Luxi Sans + sans-serif + + + Tahoma + sans-serif + + + Trebuchet MS + sans-serif + + + Twentieth Century + sans-serif + + + Verdana + sans-serif + + + + Andale Mono + monospace + + + Bitstream Vera Sans Mono + monospace + + + Consolas + monospace + + + Courier New + monospace + + + Courier + monospace + + + Cumberland AMT + monospace + + + Cumberland + monospace + + + DejaVu Sans Mono + monospace + + + Fixedsys + monospace + + + Inconsolata + monospace + + + Liberation Mono + monospace + + + Luxi Mono + monospace + + + Nimbus Mono L + monospace + + + Nimbus Mono + monospace + + + Nimbus Mono PS + monospace + + + Terminal + monospace + + + + Bauhaus Std + fantasy + + + Cooper Std + fantasy + + + Copperplate Gothic Std + fantasy + + + Impact + fantasy + + + + Comic Sans MS + cursive + + + ITC Zapf Chancery Std + cursive + + + Zapfino + cursive + + + diff --git a/etc/fonts/conf.avail/49-sansserif.conf b/etc/fonts/conf.avail/49-sansserif.conf new file mode 100644 index 0000000..8b587b0 --- /dev/null +++ b/etc/fonts/conf.avail/49-sansserif.conf @@ -0,0 +1,26 @@ + + + + + + + + Add sans-serif to the family when no generic name + + + + sans-serif + + + serif + + + monospace + + + sans-serif + + + diff --git a/etc/fonts/conf.avail/50-user.conf b/etc/fonts/conf.avail/50-user.conf new file mode 100644 index 0000000..681ed6d --- /dev/null +++ b/etc/fonts/conf.avail/50-user.conf @@ -0,0 +1,20 @@ + + + + + + + + Load per-user customization files + + fontconfig/conf.d + fontconfig/fonts.conf + + ~/.fonts.conf.d + ~/.fonts.conf + diff --git a/etc/fonts/conf.avail/51-local.conf b/etc/fonts/conf.avail/51-local.conf new file mode 100644 index 0000000..885c357 --- /dev/null +++ b/etc/fonts/conf.avail/51-local.conf @@ -0,0 +1,11 @@ + + + + + + + + Load local customization file + + local.conf + diff --git a/etc/fonts/conf.avail/53-monospace-lcd-filter.conf b/etc/fonts/conf.avail/53-monospace-lcd-filter.conf new file mode 100644 index 0000000..ca80195 --- /dev/null +++ b/etc/fonts/conf.avail/53-monospace-lcd-filter.conf @@ -0,0 +1,36 @@ + + + + + + + + DejaVu Sans Mono + + + 12.0 + + + + lcdlegacy + + + hintfull + + + + + Bitstream Vera Sans Mono + + + 12.0 + + + + lcdlegacy + + + hintfull + + + diff --git a/etc/fonts/conf.avail/56-language-selector-ar.conf b/etc/fonts/conf.avail/56-language-selector-ar.conf new file mode 100644 index 0000000..6a1f3e7 --- /dev/null +++ b/etc/fonts/conf.avail/56-language-selector-ar.conf @@ -0,0 +1,28 @@ + + + + + + ar + + + sans-serif + + + Noto Sans + Noto Sans Arabic UI + + + + + ar + + + serif + + + Noto Serif + Noto Naskh Arabic + + + diff --git a/etc/fonts/conf.avail/57-dejavu-sans-mono.conf b/etc/fonts/conf.avail/57-dejavu-sans-mono.conf new file mode 100644 index 0000000..cc42561 --- /dev/null +++ b/etc/fonts/conf.avail/57-dejavu-sans-mono.conf @@ -0,0 +1,62 @@ + + + + + + + Bepa Mono + + DejaVu Sans Mono + + + + Bitstream Prima Sans Mono + + DejaVu Sans Mono + + + + Bitstream Vera Sans Mono + + DejaVu Sans Mono + + + + DejaVu LGC Sans Mono + + DejaVu Sans Mono + + + + Olwen Sans Mono + + DejaVu Sans Mono + + + + SUSE Sans Mono + + DejaVu Sans Mono + + + + + DejaVu Sans Mono + + monospace + + + + + monospace + + DejaVu Sans Mono + + + diff --git a/etc/fonts/conf.avail/57-dejavu-sans.conf b/etc/fonts/conf.avail/57-dejavu-sans.conf new file mode 100644 index 0000000..565cab5 --- /dev/null +++ b/etc/fonts/conf.avail/57-dejavu-sans.conf @@ -0,0 +1,87 @@ + + + + + + + Arev Sans + + DejaVu Sans + + + + Bepa + + DejaVu Sans + + + + Bitstream Prima Sans + + DejaVu Sans + + + + Bitstream Vera Sans + + DejaVu Sans + + + + DejaVu LGC Sans + + DejaVu Sans + + + + Hunky Sans + + DejaVu Sans + + + + Olwen Sans + + DejaVu Sans + + + + SUSE Sans + + DejaVu Sans + + + + Verajja + + DejaVu Sans + + + + + VerajjaPDA + + DejaVu Sans + + + + + DejaVu Sans + + sans-serif + + + + + sans-serif + + DejaVu Sans + + + diff --git a/etc/fonts/conf.avail/57-dejavu-serif.conf b/etc/fonts/conf.avail/57-dejavu-serif.conf new file mode 100644 index 0000000..a922e9b --- /dev/null +++ b/etc/fonts/conf.avail/57-dejavu-serif.conf @@ -0,0 +1,69 @@ + + + + + + + Bitstream Prima Serif + + DejaVu Serif + + + + Bitstream Vera Serif + + DejaVu Serif + + + + DejaVu LGC Serif + + DejaVu Serif + + + + Hunky Serif + + DejaVu Serif + + + + Olwen Serif + + DejaVu Serif + + + + SUSE Serif + + DejaVu Serif + + + + + Verajja Serif + + DejaVu Serif + + + + + DejaVu Serif + + serif + + + + + serif + + DejaVu Serif + + + diff --git a/etc/fonts/conf.avail/58-dejavu-lgc-sans-mono.conf b/etc/fonts/conf.avail/58-dejavu-lgc-sans-mono.conf new file mode 100644 index 0000000..9d0a8b2 --- /dev/null +++ b/etc/fonts/conf.avail/58-dejavu-lgc-sans-mono.conf @@ -0,0 +1,62 @@ + + + + + + + Bepa Mono + + DejaVu LGC Sans Mono + + + + Bitstream Prima Sans Mono + + DejaVu LGC Sans Mono + + + + Bitstream Vera Sans Mono + + DejaVu LGC Sans Mono + + + + DejaVu Sans Mono + + DejaVu LGC Sans Mono + + + + Olwen Sans Mono + + DejaVu LGC Sans Mono + + + + SUSE Sans Mono + + DejaVu LGC Sans Mono + + + + + DejaVu LGC Sans Mono + + monospace + + + + + monospace + + DejaVu LGC Sans Mono + + + diff --git a/etc/fonts/conf.avail/58-dejavu-lgc-sans.conf b/etc/fonts/conf.avail/58-dejavu-lgc-sans.conf new file mode 100644 index 0000000..decd2a3 --- /dev/null +++ b/etc/fonts/conf.avail/58-dejavu-lgc-sans.conf @@ -0,0 +1,87 @@ + + + + + + + Arev Sans + + DejaVu LGC Sans + + + + Bepa + + DejaVu LGC Sans + + + + Bitstream Prima Sans + + DejaVu LGC Sans + + + + Bitstream Vera Sans + + DejaVu LGC Sans + + + + DejaVu Sans + + DejaVu LGC Sans + + + + Hunky Sans + + DejaVu LGC Sans + + + + Olwen Sans + + DejaVu LGC Sans + + + + SUSE Sans + + DejaVu LGC Sans + + + + Verajja + + DejaVu LGC Sans + + + + + VerajjaPDA + + DejaVu LGC Sans + + + + + DejaVu LGC Sans + + sans-serif + + + + + sans-serif + + DejaVu LGC Sans + + + diff --git a/etc/fonts/conf.avail/58-dejavu-lgc-serif.conf b/etc/fonts/conf.avail/58-dejavu-lgc-serif.conf new file mode 100644 index 0000000..01045e8 --- /dev/null +++ b/etc/fonts/conf.avail/58-dejavu-lgc-serif.conf @@ -0,0 +1,69 @@ + + + + + + + Bitstream Prima Serif + + DejaVu LGC Serif + + + + Bitstream Vera Serif + + DejaVu LGC Serif + + + + DejaVu Serif + + DejaVu LGC Serif + + + + Hunky Serif + + DejaVu LGC Serif + + + + Olwen Serif + + DejaVu LGC Serif + + + + SUSE Serif + + DejaVu LGC Serif + + + + + Verajja Serif + + DejaVu LGC Serif + + + + + DejaVu LGC Serif + + serif + + + + + serif + + DejaVu LGC Serif + + + diff --git a/etc/fonts/conf.avail/60-generic.conf b/etc/fonts/conf.avail/60-generic.conf new file mode 100644 index 0000000..be7b52b --- /dev/null +++ b/etc/fonts/conf.avail/60-generic.conf @@ -0,0 +1,67 @@ + + + + + + + + Set preferable fonts for emoji/math fonts + + + + + + + + und-zsye + + + true + + + false + + + true + + + + + + emoji + + + Noto Color Emoji + Apple Color Emoji + Segoe UI Emoji + Twitter Color Emoji + EmojiOne Mozilla + + Emoji Two + Emoji One + + Noto Emoji + Android Emoji + + + + + + + math + + XITS Math + STIX Two Math + Cambria Math + Latin Modern Math + Minion Math + Lucida Math + Asana Math + + + + diff --git a/etc/fonts/conf.avail/60-latin.conf b/etc/fonts/conf.avail/60-latin.conf new file mode 100644 index 0000000..5c081e4 --- /dev/null +++ b/etc/fonts/conf.avail/60-latin.conf @@ -0,0 +1,79 @@ + + + + + + + + Set preferable fonts for Latin + + serif + + DejaVu Serif + Bitstream Vera Serif + Times New Roman + Thorndale AMT + Luxi Serif + Nimbus Roman No9 L + Nimbus Roman + Times + + + + sans-serif + + DejaVu Sans + Bitstream Vera Sans + Verdana + Arial + Albany AMT + Luxi Sans + Nimbus Sans L + Nimbus Sans + Helvetica + Lucida Sans Unicode + BPG Glaho International + Tahoma + + + + monospace + + DejaVu Sans Mono + Bitstream Vera Sans Mono + Inconsolata + Andale Mono + Courier New + Cumberland AMT + Luxi Mono + Nimbus Mono L + Nimbus Mono + Nimbus Mono PS + Courier + + + + + fantasy + + Impact + Copperplate Gothic Std + Cooper Std + Bauhaus Std + + + + + cursive + + ITC Zapf Chancery Std + Zapfino + Comic Sans MS + + + + diff --git a/etc/fonts/conf.avail/64-language-selector-prefer.conf b/etc/fonts/conf.avail/64-language-selector-prefer.conf new file mode 100644 index 0000000..0cffddb --- /dev/null +++ b/etc/fonts/conf.avail/64-language-selector-prefer.conf @@ -0,0 +1,35 @@ + + + + + sans-serif + + Noto Sans CJK JP + Noto Sans CJK KR + Noto Sans CJK SC + Noto Sans CJK TC + Noto Sans CJK HK + Lohit Devanagari + + + + serif + + Noto Serif CJK JP + Noto Serif CJK KR + Noto Serif CJK SC + Noto Serif CJK TC + Lohit Devanagari + + + + monospace + + Noto Sans Mono CJK JP + Noto Sans Mono CJK KR + Noto Sans Mono CJK SC + Noto Sans Mono CJK TC + Noto Sans Mono CJK HK + + + diff --git a/etc/fonts/conf.avail/65-fonts-persian.conf b/etc/fonts/conf.avail/65-fonts-persian.conf new file mode 100644 index 0000000..5591486 --- /dev/null +++ b/etc/fonts/conf.avail/65-fonts-persian.conf @@ -0,0 +1,423 @@ + + + + + + + + + + + + + + + Nesf + Nesf2 + + + Nesf2 + Persian_sansserif_default + + + + + + Nazanin + Nazli + + + Lotus + Lotoos + + + Yaqut + Yaghoot + + + Yaghut + Yaghoot + + + Traffic + Terafik + + + Ferdowsi + Ferdosi + + + Fantezy + Fantezi + + + + + + + + Jadid + Persian_title + + + Titr + Persian_title + + + + + Kamran + + Persian_fantasy + Homa + + + + Homa + + Persian_fantasy + Kamran + + + + Fantezi + Persian_fantasy + + + Tabassom + Persian_fantasy + + + + + Arshia + Persian_square + + + Nasim + Persian_square + + + Elham + + Persian_square + Farnaz + + + + Farnaz + + Persian_square + Elham + + + + Sina + Persian_square + + + + + + + Persian_title + + Titr + Jadid + Persian_serif + + + + + + Persian_fantasy + + Homa + Kamran + Fantezi + Tabassom + Persian_square + + + + + + Persian_square + + Arshia + Elham + Farnaz + Nasim + Sina + Persian_serif + + + + + + + + Elham + + + farsiweb + + + + + + Homa + + + farsiweb + + + + + + Koodak + + + farsiweb + + + + + + Nazli + + + farsiweb + + + + + + Roya + + + farsiweb + + + + + + Terafik + + + farsiweb + + + + + + Titr + + + farsiweb + + + + + + + + + + TURNED-OFF + + + farsiweb + + + + roman + + + + roman + + + + + matrix + 1-0.2 + 01 + + + + + + oblique + + + + + + + + + farsiweb + + + false + + + false + + + false + + + + + + + + + serif + + Nazli + Lotoos + Mitra + Ferdosi + Badr + Zar + + + + + + sans-serif + + Roya + Koodak + Terafik + + + + + + monospace + + + Terafik + + + + + + fantasy + + Homa + Kamran + Fantezi + Tabassom + + + + + + cursive + + IranNastaliq + Nafees Nastaleeq + + + + + + + + + serif + + + 200 + + + 24 + + + Titr + + + + + + + sans-serif + + + 200 + + + 24 + + + Titr + + + + + + + Persian_sansserif_default + + + 200 + + + 24 + + + Titr + + + + + + + + + Persian_sansserif_default + + + Roya + + + + diff --git a/etc/fonts/conf.avail/65-khmer.conf b/etc/fonts/conf.avail/65-khmer.conf new file mode 100644 index 0000000..8985c0d --- /dev/null +++ b/etc/fonts/conf.avail/65-khmer.conf @@ -0,0 +1,20 @@ + + + + + + + + + serif + + Khmer OS" + + + + sans-serif + + Khmer OS" + + + diff --git a/etc/fonts/conf.avail/65-nonlatin.conf b/etc/fonts/conf.avail/65-nonlatin.conf new file mode 100644 index 0000000..532218c --- /dev/null +++ b/etc/fonts/conf.avail/65-nonlatin.conf @@ -0,0 +1,197 @@ + + + + + + + + Set preferable fonts for non-Latin + + serif + + Artsounk + BPG UTF8 M + Kinnari + Norasi + Frank Ruehl + Dror + JG LaoTimes + Saysettha Unicode + Pigiarniq + B Davat + B Compset + Kacst-Qr + Urdu Nastaliq Unicode + Raghindi + Mukti Narrow + padmaa + Hapax Berbère + MS Mincho + SimSun + PMingLiu + WenQuanYi Zen Hei + WenQuanYi Bitmap Song + AR PL ShanHeiSun Uni + AR PL New Sung + ZYSong18030 + HanyiSong + MgOpen Canonica + Sazanami Mincho + IPAMonaMincho + IPAMincho + Kochi Mincho + AR PL SungtiL GB + AR PL Mingti2L Big5 + AR PL Zenkai Uni + ï¼­ï¼³ 明朝 + ZYSong18030 + NanumMyeongjo + UnBatang + Baekmuk Batang + KacstQura + Frank Ruehl CLM + Lohit Bengali + Lohit Gujarati + Lohit Hindi + Lohit Marathi + Lohit Maithili + Lohit Kashmiri + Lohit Konkani + Lohit Nepali + Lohit Sindhi + Lohit Punjabi + Lohit Tamil + Rachana + Lohit Malayalam + Lohit Kannada + Lohit Telugu + Lohit Oriya + LKLUG + + + + sans-serif + + Nachlieli + Lucida Sans Unicode + Yudit Unicode + Kerkis + ArmNet Helvetica + Artsounk + BPG UTF8 M + Waree + Loma + Garuda + Umpush + Saysettha Unicode + JG Lao Old Arial + GF Zemen Unicode + Pigiarniq + B Davat + B Compset + Kacst-Qr + Urdu Nastaliq Unicode + Raghindi + Mukti Narrow + padmaa + Hapax Berbère + MS Gothic + UmePlus P Gothic + Microsoft YaHei + Microsoft JhengHei + WenQuanYi Zen Hei + WenQuanYi Bitmap Song + AR PL ShanHeiSun Uni + AR PL New Sung + MgOpen Moderna + MgOpen Modata + MgOpen Cosmetica + VL Gothic + IPAMonaGothic + IPAGothic + Sazanami Gothic + Kochi Gothic + AR PL KaitiM GB + AR PL KaitiM Big5 + AR PL ShanHeiSun Uni + AR PL SungtiL GB + AR PL Mingti2L Big5 + ï¼­ï¼³ ゴシック + ZYSong18030 + NanumGothic + UnDotum + Baekmuk Dotum + Baekmuk Gulim + KacstQura + Lohit Bengali + Lohit Gujarati + Lohit Hindi + Lohit Marathi + Lohit Maithili + Lohit Kashmiri + Lohit Konkani + Lohit Nepali + Lohit Sindhi + Lohit Punjabi + Lohit Tamil + Meera + Lohit Malayalam + Lohit Kannada + Lohit Telugu + Lohit Oriya + LKLUG + + + + monospace + + Miriam Mono + VL Gothic + IPAMonaGothic + IPAGothic + Sazanami Gothic + Kochi Gothic + AR PL KaitiM GB + MS Gothic + UmePlus Gothic + NSimSun + MingLiu + AR PL ShanHeiSun Uni + AR PL New Sung Mono + HanyiSong + AR PL SungtiL GB + AR PL Mingti2L Big5 + ZYSong18030 + NanumGothicCoding + NanumGothic + UnDotum + Baekmuk Dotum + Baekmuk Gulim + TlwgTypo + TlwgTypist + TlwgTypewriter + TlwgMono + Hasida + Mitra Mono + GF Zemen Unicode + Hapax Berbère + Lohit Bengali + Lohit Gujarati + Lohit Hindi + Lohit Marathi + Lohit Maithili + Lohit Kashmiri + Lohit Konkani + Lohit Nepali + Lohit Sindhi + Lohit Punjabi + Lohit Tamil + Meera + Lohit Malayalam + Lohit Kannada + Lohit Telugu + Lohit Oriya + LKLUG + + + diff --git a/etc/fonts/conf.avail/69-language-selector-ja.conf b/etc/fonts/conf.avail/69-language-selector-ja.conf new file mode 100644 index 0000000..d562429 --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-ja.conf @@ -0,0 +1,32 @@ + + + + + + Noto Sans CJK JP + + + 18 + + + false + + + hintnone + + + + + Noto Serif CJK JP + + + 18 + + + false + + + hintnone + + + diff --git a/etc/fonts/conf.avail/69-language-selector-zh-cn.conf b/etc/fonts/conf.avail/69-language-selector-zh-cn.conf new file mode 100644 index 0000000..254249a --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-zh-cn.conf @@ -0,0 +1,61 @@ + + + + + + + zh-cn + + + serif + + + Noto Serif CJK SC + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + WenQuanYi Bitmap Song + AR PL UKai CN + AR PL ZenKai Uni + + + + + sans-serif + + + zh-cn + + + Noto Sans CJK SC + WenQuanYi Zen Hei + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + AR PL UKai CN + AR PL ZenKai Uni + + + + + monospace + + + zh-cn + + + DejaVu Sans Mono + Noto Sans Mono CJK SC + WenQuanYi Zen Hei Mono + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + AR PL UKai CN + AR PL ZenKai Uni + + + + diff --git a/etc/fonts/conf.avail/69-language-selector-zh-hk.conf b/etc/fonts/conf.avail/69-language-selector-zh-hk.conf new file mode 100644 index 0000000..cc277be --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-zh-hk.conf @@ -0,0 +1,56 @@ + + + + + + + serif + + + zh-hk + + + Noto Serif CJK TC + AR PL UMing HK + AR PL New Sung + HYSong + WenQuanYi Bitmap Song + AR PL UKai HK + AR PL ZenKai Uni + + + + + sans-serif + + + zh-hk + + + Noto Sans CJK HK + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai HK + AR PL ZenKai Uni + + + + + monospace + + + zh-hk + + + DejaVu Sans Mono + Noto Sans Mono CJK HK + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai HK + AR PL ZenKai Uni + + + + diff --git a/etc/fonts/conf.avail/69-language-selector-zh-mo.conf b/etc/fonts/conf.avail/69-language-selector-zh-mo.conf new file mode 100644 index 0000000..57af177 --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-zh-mo.conf @@ -0,0 +1,58 @@ + + + + + + + serif + + + zh-mo + + + Noto Serif CJK TC + AR PL UMing HK + AR PL New Sung + HYSong + WenQuanYi Bitmap Song + AR PL UKai HK + AR PL ZenKai Uni + + + + + sans-serif + + + zh-mo + + + Bitstream Vera Sans + Noto Sans CJK TC + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai HK + AR PL ZenKai Uni + + + + + monospace + + + zh-mo + + + Bitstream Vera Sans Mono + DejaVu Sans Mono + Noto Sans Mono CJK TC + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai HK + AR PL ZenKai Uni + + + + diff --git a/etc/fonts/conf.avail/69-language-selector-zh-sg.conf b/etc/fonts/conf.avail/69-language-selector-zh-sg.conf new file mode 100644 index 0000000..13693e6 --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-zh-sg.conf @@ -0,0 +1,61 @@ + + + + + + + serif + + + zh-sg + + + Noto Serif CJK SC + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + WenQuanYi Bitmap Song + AR PL UKai CN + AR PL ZenKai Uni + + + + + sans-serif + + + zh-sg + + + Noto Sans CJK SC + WenQuanYi Zen Hei + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + AR PL UKai CN + AR PL ZenKai Uni + + + + + monospace + + + zh-sg + + + DejaVu Sans Mono + Noto Sans Mono CJK SC + WenQuanYi Zen Hei Mono + HYSong + AR PL UMing CN + AR PL UMing HK + AR PL New Sung + AR PL UKai CN + AR PL ZenKai Uni + + + + diff --git a/etc/fonts/conf.avail/69-language-selector-zh-tw.conf b/etc/fonts/conf.avail/69-language-selector-zh-tw.conf new file mode 100644 index 0000000..6cd0500 --- /dev/null +++ b/etc/fonts/conf.avail/69-language-selector-zh-tw.conf @@ -0,0 +1,71 @@ + + + + + + + + serif + + + zh-tw + + + Noto Serif CJK TC + AR PL UMing TW + AR PL UMing HK + AR PL New Sung + HYSong + WenQuanYi Bitmap Song + AR PL UKai TW + AR PL UKai HK + AR PL ZenKai Uni + DejaVu Serif + Bitstream Vera Serif + + + + + sans-serif + + + zh-tw + + + Noto Sans CJK TC + WenQuanYi Zen Hei + AR PL UMing TW + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai TW + AR PL UKai HK + AR PL ZenKai Uni + DejaVu Sans + Bitstream Vera Sans + + + + + monospace + + + zh-tw + + + DejaVu Sans Mono + Noto Sans Mono CJK TC + WenQuanYi Zen Hei Mono + AR PL UMing TW + AR PL UMing HK + AR PL New Sung + HYSong + AR PL UKai TW + AR PL UKai HK + AR PL ZenKai Uni + DejaVu Sans Mono + Bitstream Vera Sans Mono + + + + diff --git a/etc/fonts/conf.avail/69-unifont.conf b/etc/fonts/conf.avail/69-unifont.conf new file mode 100644 index 0000000..a3586f2 --- /dev/null +++ b/etc/fonts/conf.avail/69-unifont.conf @@ -0,0 +1,32 @@ + + + + + + + + + serif + + FreeSerif + Code2000 + Code2001 + + + + sans-serif + + FreeSans + Arial Unicode MS + Arial Unicode + Code2000 + Code2001 + + + + monospace + + FreeMono + + + diff --git a/etc/fonts/conf.avail/70-force-bitmaps.conf b/etc/fonts/conf.avail/70-force-bitmaps.conf new file mode 100644 index 0000000..0c70a53 --- /dev/null +++ b/etc/fonts/conf.avail/70-force-bitmaps.conf @@ -0,0 +1,17 @@ + + + + + + + + Accept bitmap fonts + + + + + false + + + + diff --git a/etc/fonts/conf.avail/70-no-bitmaps.conf b/etc/fonts/conf.avail/70-no-bitmaps.conf new file mode 100644 index 0000000..efb1bc0 --- /dev/null +++ b/etc/fonts/conf.avail/70-no-bitmaps.conf @@ -0,0 +1,17 @@ + + + + + + + + Reject bitmap fonts + + + + + false + + + + diff --git a/etc/fonts/conf.avail/70-yes-bitmaps.conf b/etc/fonts/conf.avail/70-yes-bitmaps.conf new file mode 100644 index 0000000..1e4c10b --- /dev/null +++ b/etc/fonts/conf.avail/70-yes-bitmaps.conf @@ -0,0 +1,3 @@ + + + diff --git a/etc/fonts/conf.avail/80-delicious.conf b/etc/fonts/conf.avail/80-delicious.conf new file mode 100644 index 0000000..8cd01f9 --- /dev/null +++ b/etc/fonts/conf.avail/80-delicious.conf @@ -0,0 +1,23 @@ + + + + + + + + + + + + + Delicious + + + Heavy + + + heavy + + + + diff --git a/etc/fonts/conf.avail/90-synthetic.conf b/etc/fonts/conf.avail/90-synthetic.conf new file mode 100644 index 0000000..6b929dd --- /dev/null +++ b/etc/fonts/conf.avail/90-synthetic.conf @@ -0,0 +1,68 @@ + + + + + + + + + + + + + roman + + + + roman + + + + + matrix + 10.2 + 01 + + + + + + oblique + + + + false + + + + + + + + + medium + + + + bold + + + + true + + + + bold + + + diff --git a/etc/fonts/conf.avail/99-language-selector-zh.conf b/etc/fonts/conf.avail/99-language-selector-zh.conf new file mode 100644 index 0000000..18e5f0c --- /dev/null +++ b/etc/fonts/conf.avail/99-language-selector-zh.conf @@ -0,0 +1,69 @@ + + + + + + + Song + + + + 100 + + + 180 + + + true + + + + + + Sun + + + + 100 + + + 180 + + + true + + + + + + Kai + + + + 100 + + + 180 + + + true + + + + + + Ming + + + + 100 + + + 180 + + + true + + + + diff --git a/etc/fonts/conf.d/10-antialias.conf b/etc/fonts/conf.d/10-antialias.conf new file mode 120000 index 0000000..c0ef0f7 --- /dev/null +++ b/etc/fonts/conf.d/10-antialias.conf @@ -0,0 +1 @@ +../conf.avail/10-antialias.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/10-hinting-slight.conf b/etc/fonts/conf.d/10-hinting-slight.conf new file mode 120000 index 0000000..5488142 --- /dev/null +++ b/etc/fonts/conf.d/10-hinting-slight.conf @@ -0,0 +1 @@ +../conf.avail/10-hinting-slight.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/10-scale-bitmap-fonts.conf b/etc/fonts/conf.d/10-scale-bitmap-fonts.conf new file mode 120000 index 0000000..c3ca696 --- /dev/null +++ b/etc/fonts/conf.d/10-scale-bitmap-fonts.conf @@ -0,0 +1 @@ +../conf.avail/10-scale-bitmap-fonts.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/11-lcdfilter-default.conf b/etc/fonts/conf.d/11-lcdfilter-default.conf new file mode 120000 index 0000000..5269f93 --- /dev/null +++ b/etc/fonts/conf.d/11-lcdfilter-default.conf @@ -0,0 +1 @@ +../conf.avail/11-lcdfilter-default.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf new file mode 120000 index 0000000..068e8ea --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf new file mode 120000 index 0000000..4c76710 --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-lgc-sans.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf new file mode 120000 index 0000000..1c8a107 --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-lgc-serif.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf new file mode 120000 index 0000000..e075245 --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-sans-mono.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf new file mode 120000 index 0000000..61320a1 --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-sans.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf b/etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf new file mode 120000 index 0000000..7abd5e1 --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-dejavu-serif.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/20-unhint-small-vera.conf b/etc/fonts/conf.d/20-unhint-small-vera.conf new file mode 120000 index 0000000..56c5b8f --- /dev/null +++ b/etc/fonts/conf.d/20-unhint-small-vera.conf @@ -0,0 +1 @@ +../conf.avail/20-unhint-small-vera.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/30-cjk-aliases.conf b/etc/fonts/conf.d/30-cjk-aliases.conf new file mode 120000 index 0000000..81247d5 --- /dev/null +++ b/etc/fonts/conf.d/30-cjk-aliases.conf @@ -0,0 +1 @@ +../conf.avail/30-cjk-aliases.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/30-metric-aliases.conf b/etc/fonts/conf.d/30-metric-aliases.conf new file mode 120000 index 0000000..6809157 --- /dev/null +++ b/etc/fonts/conf.d/30-metric-aliases.conf @@ -0,0 +1 @@ +../conf.avail/30-metric-aliases.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/40-nonlatin.conf b/etc/fonts/conf.d/40-nonlatin.conf new file mode 120000 index 0000000..efb8230 --- /dev/null +++ b/etc/fonts/conf.d/40-nonlatin.conf @@ -0,0 +1 @@ +../conf.avail/40-nonlatin.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/45-generic.conf b/etc/fonts/conf.d/45-generic.conf new file mode 120000 index 0000000..1f25c2c --- /dev/null +++ b/etc/fonts/conf.d/45-generic.conf @@ -0,0 +1 @@ +../conf.avail/45-generic.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/45-latin.conf b/etc/fonts/conf.d/45-latin.conf new file mode 120000 index 0000000..c400905 --- /dev/null +++ b/etc/fonts/conf.d/45-latin.conf @@ -0,0 +1 @@ +../conf.avail/45-latin.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/49-sansserif.conf b/etc/fonts/conf.d/49-sansserif.conf new file mode 120000 index 0000000..0262faa --- /dev/null +++ b/etc/fonts/conf.d/49-sansserif.conf @@ -0,0 +1 @@ +../conf.avail/49-sansserif.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/50-user.conf b/etc/fonts/conf.d/50-user.conf new file mode 120000 index 0000000..967e33e --- /dev/null +++ b/etc/fonts/conf.d/50-user.conf @@ -0,0 +1 @@ +../conf.avail/50-user.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/51-local.conf b/etc/fonts/conf.d/51-local.conf new file mode 120000 index 0000000..58fc313 --- /dev/null +++ b/etc/fonts/conf.d/51-local.conf @@ -0,0 +1 @@ +../conf.avail/51-local.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/56-language-selector-ar.conf b/etc/fonts/conf.d/56-language-selector-ar.conf new file mode 120000 index 0000000..c8a386b --- /dev/null +++ b/etc/fonts/conf.d/56-language-selector-ar.conf @@ -0,0 +1 @@ +../conf.avail/56-language-selector-ar.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/57-dejavu-sans-mono.conf b/etc/fonts/conf.d/57-dejavu-sans-mono.conf new file mode 120000 index 0000000..c0c1959 --- /dev/null +++ b/etc/fonts/conf.d/57-dejavu-sans-mono.conf @@ -0,0 +1 @@ +../conf.avail/57-dejavu-sans-mono.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/57-dejavu-sans.conf b/etc/fonts/conf.d/57-dejavu-sans.conf new file mode 120000 index 0000000..92a40d6 --- /dev/null +++ b/etc/fonts/conf.d/57-dejavu-sans.conf @@ -0,0 +1 @@ +../conf.avail/57-dejavu-sans.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/57-dejavu-serif.conf b/etc/fonts/conf.d/57-dejavu-serif.conf new file mode 120000 index 0000000..b7e7481 --- /dev/null +++ b/etc/fonts/conf.d/57-dejavu-serif.conf @@ -0,0 +1 @@ +../conf.avail/57-dejavu-serif.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf b/etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf new file mode 120000 index 0000000..89ea6b2 --- /dev/null +++ b/etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf @@ -0,0 +1 @@ +../conf.avail/58-dejavu-lgc-sans-mono.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/58-dejavu-lgc-sans.conf b/etc/fonts/conf.d/58-dejavu-lgc-sans.conf new file mode 120000 index 0000000..ca377e0 --- /dev/null +++ b/etc/fonts/conf.d/58-dejavu-lgc-sans.conf @@ -0,0 +1 @@ +../conf.avail/58-dejavu-lgc-sans.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/58-dejavu-lgc-serif.conf b/etc/fonts/conf.d/58-dejavu-lgc-serif.conf new file mode 120000 index 0000000..603352a --- /dev/null +++ b/etc/fonts/conf.d/58-dejavu-lgc-serif.conf @@ -0,0 +1 @@ +../conf.avail/58-dejavu-lgc-serif.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/60-generic.conf b/etc/fonts/conf.d/60-generic.conf new file mode 120000 index 0000000..aba0e09 --- /dev/null +++ b/etc/fonts/conf.d/60-generic.conf @@ -0,0 +1 @@ +../conf.avail/60-generic.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/60-latin.conf b/etc/fonts/conf.d/60-latin.conf new file mode 120000 index 0000000..4827df3 --- /dev/null +++ b/etc/fonts/conf.d/60-latin.conf @@ -0,0 +1 @@ +../conf.avail/60-latin.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/64-language-selector-prefer.conf b/etc/fonts/conf.d/64-language-selector-prefer.conf new file mode 120000 index 0000000..95dbf21 --- /dev/null +++ b/etc/fonts/conf.d/64-language-selector-prefer.conf @@ -0,0 +1 @@ +../conf.avail/64-language-selector-prefer.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/65-fonts-persian.conf b/etc/fonts/conf.d/65-fonts-persian.conf new file mode 120000 index 0000000..7f72bfe --- /dev/null +++ b/etc/fonts/conf.d/65-fonts-persian.conf @@ -0,0 +1 @@ +../conf.avail/65-fonts-persian.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/65-nonlatin.conf b/etc/fonts/conf.d/65-nonlatin.conf new file mode 120000 index 0000000..d99e17a --- /dev/null +++ b/etc/fonts/conf.d/65-nonlatin.conf @@ -0,0 +1 @@ +../conf.avail/65-nonlatin.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-ja.conf b/etc/fonts/conf.d/69-language-selector-ja.conf new file mode 120000 index 0000000..7136c20 --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-ja.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-ja.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-zh-cn.conf b/etc/fonts/conf.d/69-language-selector-zh-cn.conf new file mode 120000 index 0000000..609f792 --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-zh-cn.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-zh-cn.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-zh-hk.conf b/etc/fonts/conf.d/69-language-selector-zh-hk.conf new file mode 120000 index 0000000..ae709b8 --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-zh-hk.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-zh-hk.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-zh-mo.conf b/etc/fonts/conf.d/69-language-selector-zh-mo.conf new file mode 120000 index 0000000..4a4d83a --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-zh-mo.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-zh-mo.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-zh-sg.conf b/etc/fonts/conf.d/69-language-selector-zh-sg.conf new file mode 120000 index 0000000..f5b2881 --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-zh-sg.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-zh-sg.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-language-selector-zh-tw.conf b/etc/fonts/conf.d/69-language-selector-zh-tw.conf new file mode 120000 index 0000000..977b8f3 --- /dev/null +++ b/etc/fonts/conf.d/69-language-selector-zh-tw.conf @@ -0,0 +1 @@ +../conf.avail/69-language-selector-zh-tw.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/69-unifont.conf b/etc/fonts/conf.d/69-unifont.conf new file mode 120000 index 0000000..7ba1b65 --- /dev/null +++ b/etc/fonts/conf.d/69-unifont.conf @@ -0,0 +1 @@ +../conf.avail/69-unifont.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/70-no-bitmaps.conf b/etc/fonts/conf.d/70-no-bitmaps.conf new file mode 120000 index 0000000..b2263fa --- /dev/null +++ b/etc/fonts/conf.d/70-no-bitmaps.conf @@ -0,0 +1 @@ +../conf.avail/70-no-bitmaps.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/80-delicious.conf b/etc/fonts/conf.d/80-delicious.conf new file mode 120000 index 0000000..22d6770 --- /dev/null +++ b/etc/fonts/conf.d/80-delicious.conf @@ -0,0 +1 @@ +../conf.avail/80-delicious.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/90-synthetic.conf b/etc/fonts/conf.d/90-synthetic.conf new file mode 120000 index 0000000..a25f312 --- /dev/null +++ b/etc/fonts/conf.d/90-synthetic.conf @@ -0,0 +1 @@ +../conf.avail/90-synthetic.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/99-language-selector-zh.conf b/etc/fonts/conf.d/99-language-selector-zh.conf new file mode 120000 index 0000000..23ec678 --- /dev/null +++ b/etc/fonts/conf.d/99-language-selector-zh.conf @@ -0,0 +1 @@ +../conf.avail/99-language-selector-zh.conf \ No newline at end of file diff --git a/etc/fonts/conf.d/README b/etc/fonts/conf.d/README new file mode 100644 index 0000000..6a774c5 --- /dev/null +++ b/etc/fonts/conf.d/README @@ -0,0 +1,23 @@ +conf.d/README + +Each file in this directory is a fontconfig configuration file. Fontconfig +scans this directory, loading all files of the form [0-9][0-9]*.conf. +These files are normally installed in /usr/share/fontconfig/conf.avail +and then symlinked here, allowing them to be easily installed and then +enabled/disabled by adjusting the symlinks. + +The files are loaded in numeric order, the structure of the configuration +has led to the following conventions in usage: + + Files begining with: Contain: + + 00 through 09 Font directories + 10 through 19 system rendering defaults (AA, etc) + 20 through 29 font rendering options + 30 through 39 family substitution + 40 through 49 generic identification, map family->generic + 50 through 59 alternate config file loading + 60 through 69 generic aliases, map generic->family + 70 through 79 select font (adjust which fonts are available) + 80 through 89 match target="scan" (modify scanned patterns) + 90 through 99 font synthesis diff --git a/etc/fonts/fonts.conf b/etc/fonts/fonts.conf new file mode 100644 index 0000000..f0f908e --- /dev/null +++ b/etc/fonts/fonts.conf @@ -0,0 +1,108 @@ + + + + + + + + + Default configuration file + + + + + + /usr/share/fonts + /usr/local/share/fonts + fonts + + ~/.fonts + + + + + mono + + + monospace + + + + + + + sans serif + + + sans-serif + + + + + + + sans + + + sans-serif + + + + + + + *.dpkg-tmp + + + + + *.dpkg-new + + + + + conf.d + + + + /var/cache/fontconfig + fontconfig + + ~/.fontconfig + + + + + 30 + + + + diff --git a/etc/fstab b/etc/fstab new file mode 100644 index 0000000..25965e2 --- /dev/null +++ b/etc/fstab @@ -0,0 +1,10 @@ +# /etc/fstab: static file system information. +# +# Use 'blkid' to print the universally unique identifier for a +# device; this may be used with UUID= as a more robust way to name devices +# that works even if disks are added and removed. See fstab(5). +# +# +# / was on /dev/sda2 during curtin installation +/dev/disk/by-uuid/f0928f5d-dd43-419c-838b-65f726da56e3 / ext4 defaults 0 0 +/swap.img none swap sw 0 0 diff --git a/etc/fuse.conf b/etc/fuse.conf new file mode 100644 index 0000000..ae194a0 --- /dev/null +++ b/etc/fuse.conf @@ -0,0 +1,8 @@ +# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE) + +# Set the maximum number of FUSE mounts allowed to non-root users. +# The default is 1000. +#mount_max = 1000 + +# Allow non-root users to specify the allow_other or allow_root mount options. +#user_allow_other diff --git a/etc/fwupd/daemon.conf b/etc/fwupd/daemon.conf new file mode 100644 index 0000000..851047f --- /dev/null +++ b/etc/fwupd/daemon.conf @@ -0,0 +1,64 @@ +[fwupd] + +# Allow blocking specific devices by their GUID +# Uses semicolons as delimiter +DisabledDevices= + +# Allow blocking specific plugins +# Uses semicolons as delimiter +DisabledPlugins=test;test_ble;invalid + +# Maximum archive size that can be loaded in Mb, with 0 for the default +ArchiveSizeMax=0 + +# Idle time in seconds to shut down the daemon -- note some plugins might +# inhibit the auto-shutdown, for instance thunderbolt. +# +# A value of 0 specifies 'never' +IdleTimeout=7200 + +# Comma separated list of domains to log in verbose mode +# If unset, no domains +# If set to FuValue, FuValue domain (same as --domain-verbose=FuValue) +# If set to *, all domains (same as --verbose) +VerboseDomains= + +# Update the message of the day (MOTD) on device and metadata changes +UpdateMotd=true + +# For some plugins, enumerate only devices supported by metadata +EnumerateAllDevices=false + +# A list of firmware checksums that has been approved by the site admin +# If unset, all firmware is approved +ApprovedFirmware= + +# Allow blocking specific devices by their checksum, either SHA1 or SHA256 +# Uses semicolons as delimiter +BlockedFirmware= + +# Allowed URI schemes in the preference order; failed downloads from the first +# scheme will be retried with the next in order until no choices remain. +# +# If unset or no schemes are listed, the default will be: file,https,http,ipfs +UriSchemes= + +# Ignore power levels of devices when running updates +IgnorePower=false + +# Only support installing firmware signed with a trusted key +OnlyTrusted=true + +# A host best known configuration is used when using `fwupdmgr sync` which can +# downgrade firmware to factory versions or upgrade firmware to a supported +# config level. e.g. `vendor-factory-2021q1` +HostBkc= + +# these are only required when the SMBIOS or Device Tree data is invalid or missing +#Manufacturer= +#ProductName= +#ProductSku= +#Family= +#EnclosureKind= +#BaseboardProduct= +#BaseboardManufacturer= diff --git a/etc/fwupd/redfish.conf b/etc/fwupd/redfish.conf new file mode 100644 index 0000000..6675d59 --- /dev/null +++ b/etc/fwupd/redfish.conf @@ -0,0 +1,17 @@ +[redfish] + +# The URI to the Redfish service in the format ://: +# ex: https://192.168.0.133:443 +#Uri= + +# The username and password to the Redfish service +#Username= +#Password= + +# Whether to verify the server certificate or not +# Expected value: TRUE or FALSE +# Default: FALSE +#CACheck= + +# Do not use IPMI KCS to create an initial user account if no SMBIOS data +IpmiDisableCreateUser=False diff --git a/etc/fwupd/remotes.d/dell-esrt.conf b/etc/fwupd/remotes.d/dell-esrt.conf new file mode 100644 index 0000000..7313eee --- /dev/null +++ b/etc/fwupd/remotes.d/dell-esrt.conf @@ -0,0 +1,8 @@ +[fwupd Remote] + +# this remote provides metadata shipped with the fwupd package +Enabled=true +Title=Enable UEFI capsule updates on Dell systems +Keyring=none +MetadataURI=file:///usr/share/fwupd/remotes.d/dell-esrt/metadata.xml +ApprovalRequired=false diff --git a/etc/fwupd/remotes.d/lvfs-testing.conf b/etc/fwupd/remotes.d/lvfs-testing.conf new file mode 100644 index 0000000..4257549 --- /dev/null +++ b/etc/fwupd/remotes.d/lvfs-testing.conf @@ -0,0 +1,12 @@ +[fwupd Remote] + +# this remote provides metadata and firmware marked as 'testing' from the LVFS +Enabled=false +Title=Linux Vendor Firmware Service (testing) +MetadataURI=https://cdn.fwupd.org/downloads/firmware-testing.xml.gz +ReportURI=https://fwupd.org/lvfs/firmware/report +#Username= +#Password= +OrderBefore=lvfs,fwupd +AutomaticReports=false +ApprovalRequired=false diff --git a/etc/fwupd/remotes.d/lvfs.conf b/etc/fwupd/remotes.d/lvfs.conf new file mode 100644 index 0000000..f956bc9 --- /dev/null +++ b/etc/fwupd/remotes.d/lvfs.conf @@ -0,0 +1,12 @@ +[fwupd Remote] + +# this remote provides metadata and firmware marked as 'stable' from the LVFS +Enabled=true +Title=Linux Vendor Firmware Service +MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz +ReportURI=https://fwupd.org/lvfs/firmware/report +SecurityReportURI=https://fwupd.org/lvfs/hsireports/upload +OrderBefore=fwupd +AutomaticReports=false +AutomaticSecurityReports=false +ApprovalRequired=false diff --git a/etc/fwupd/remotes.d/vendor-directory.conf b/etc/fwupd/remotes.d/vendor-directory.conf new file mode 100644 index 0000000..fd8886b --- /dev/null +++ b/etc/fwupd/remotes.d/vendor-directory.conf @@ -0,0 +1,8 @@ +[fwupd Remote] +# this remote provides dynamically generated metadata shipped by the OS vendor and can +# be found in /usr/share/fwupd/remotes.d/vendor/firmware +Enabled=false +Title=Vendor (Automatic) +Keyring=none +MetadataURI=file:///usr/share/fwupd/remotes.d/vendor/firmware +ApprovalRequired=false diff --git a/etc/fwupd/remotes.d/vendor.conf b/etc/fwupd/remotes.d/vendor.conf new file mode 100644 index 0000000..b2cf0d3 --- /dev/null +++ b/etc/fwupd/remotes.d/vendor.conf @@ -0,0 +1,8 @@ +[fwupd Remote] +# this remote provides metadata shipped by the OS vendor and can be found in +# /usr/share/fwupd/remotes.d/vendor and firmware in /usr/share/fwupd/remotes.d/vendor/firmware +Enabled=false +Title=Vendor +Keyring=none +MetadataURI=file:///usr/share/fwupd/remotes.d/vendor/vendor.xml.gz +ApprovalRequired=false diff --git a/etc/fwupd/thunderbolt.conf b/etc/fwupd/thunderbolt.conf new file mode 100644 index 0000000..d6a61d1 --- /dev/null +++ b/etc/fwupd/thunderbolt.conf @@ -0,0 +1,9 @@ +[thunderbolt] + +# Minimum kernel version to allow use of this plugin +# It's important that all backports from this kernel have been +# made if using an older kernel +MinimumKernelVersion=4.13.0 + +# Forces delaying activation until shutdown/logout/reboot +DelayedActivation=false diff --git a/etc/fwupd/uefi_capsule.conf b/etc/fwupd/uefi_capsule.conf new file mode 100644 index 0000000..1fc5ef4 --- /dev/null +++ b/etc/fwupd/uefi_capsule.conf @@ -0,0 +1,22 @@ +[uefi_capsule] + +# use GRUB to launch fwupdx64.efi +#EnableGrubChainLoad=false + +# the shim loader is required to chainload the fwupd EFI binary unless +# the fwupd.efi file has been self-signed manually +#DisableShimForSecureBoot=true + +# the EFI system partition (ESP) path used if UDisks is not available +# or if this partition is not mounted at /boot/efi, /boot, or /efi +#OverrideESPMountPoint= + +# amount of free space required on the ESP, for example using 0x2000000 for 32Mb +#RequireESPFreeSpace= + +# with the UEFI removable path enabled, the default esp path is set to /EFI/boot +# the shim EFI binary and presumably this is $ESP/EFI/boot/bootx64.efi +#FallbacktoRemovablePath=false + +# allow ignoring the CapsuleOnDisk support advertised by the firmware +#DisableCapsuleUpdateOnDisk=true diff --git a/etc/fwupd/upower.conf b/etc/fwupd/upower.conf new file mode 100644 index 0000000..18c3b19 --- /dev/null +++ b/etc/fwupd/upower.conf @@ -0,0 +1,5 @@ +[upower] + +# The threshold to to require battery be at or above to allow updates +# Measure in percent +BatteryThreshold=10 diff --git a/etc/gai.conf b/etc/gai.conf new file mode 100644 index 0000000..4616ed0 --- /dev/null +++ b/etc/gai.conf @@ -0,0 +1,65 @@ +# Configuration for getaddrinfo(3). +# +# So far only configuration for the destination address sorting is needed. +# RFC 3484 governs the sorting. But the RFC also says that system +# administrators should be able to overwrite the defaults. This can be +# achieved here. +# +# All lines have an initial identifier specifying the option followed by +# up to two values. Information specified in this file replaces the +# default information. Complete absence of data of one kind causes the +# appropriate default information to be used. The supported commands include: +# +# reload +# If set to yes, each getaddrinfo(3) call will check whether this file +# changed and if necessary reload. This option should not really be +# used. There are possible runtime problems. The default is no. +# +# label +# Add another rule to the RFC 3484 label table. See section 2.1 in +# RFC 3484. The default is: +# +#label ::1/128 0 +#label ::/0 1 +#label 2002::/16 2 +#label ::/96 3 +#label ::ffff:0:0/96 4 +#label fec0::/10 5 +#label fc00::/7 6 +#label 2001:0::/32 7 +# +# This default differs from the tables given in RFC 3484 by handling +# (now obsolete) site-local IPv6 addresses and Unique Local Addresses. +# The reason for this difference is that these addresses are never +# NATed while IPv4 site-local addresses most probably are. Given +# the precedence of IPv6 over IPv4 (see below) on machines having only +# site-local IPv4 and IPv6 addresses a lookup for a global address would +# see the IPv6 be preferred. The result is a long delay because the +# site-local IPv6 addresses cannot be used while the IPv4 address is +# (at least for the foreseeable future) NATed. We also treat Teredo +# tunnels special. +# +# precedence +# Add another rule to the RFC 3484 precedence table. See section 2.1 +# and 10.3 in RFC 3484. The default is: +# +#precedence ::1/128 50 +#precedence ::/0 40 +#precedence 2002::/16 30 +#precedence ::/96 20 +#precedence ::ffff:0:0/96 10 +# +# For sites which prefer IPv4 connections change the last line to +# +#precedence ::ffff:0:0/96 100 + +# +# scopev4 +# Add another rule to the RFC 6724 scope table for IPv4 addresses. +# By default the scope IDs described in section 3.2 in RFC 6724 are +# used. Changing these defaults should hardly ever be necessary. +# The defaults are equivalent to: +# +#scopev4 ::ffff:169.254.0.0/112 2 +#scopev4 ::ffff:127.0.0.0/104 2 +#scopev4 ::ffff:0.0.0.0/96 14 diff --git a/etc/groff/man.local b/etc/groff/man.local new file mode 100644 index 0000000..0c5cd9a --- /dev/null +++ b/etc/groff/man.local @@ -0,0 +1,33 @@ +.\" -*- nroff -*- +.\" +.\" This file is loaded after an-old.tmac. +.\" Put any local modifications to an-old.tmac here. +. +.if n \{\ +. \" Debian: Map \(oq to ' rather than ` in nroff mode for devices other +. \" than utf8. +. if !'\*[.T]'utf8' \ +. tr \[oq]' +. +. \" Debian: Disable the use of SGR (ANSI colour) escape sequences by +. \" grotty. +. if '\V[GROFF_SGR]'' \ +. output x X tty: sgr 0 +. +. \" Debian: Strictly, "-" is a hyphen while "\-" is a minus sign, and the +. \" former may not always be rendered in the form expected for things like +. \" command-line options. Uncomment this if you want to make sure that +. \" manual pages you're writing are clear of this problem. +. \" if '\*[.T]'utf8' \ +. \" char - \[hy] +. +. \" Debian: "\-" is more commonly used for option dashes than for minus +. \" signs in manual pages, so map it to plain "-" for HTML/XHTML output +. \" rather than letting it be rendered as "−". +. ie '\*[.T]'html' \ +. char \- \N'45' +. el \{\ +. if '\*[.T]'xhtml' \ +. char \- \N'45' +. \} +.\} diff --git a/etc/groff/mdoc.local b/etc/groff/mdoc.local new file mode 100644 index 0000000..c29fac8 --- /dev/null +++ b/etc/groff/mdoc.local @@ -0,0 +1,33 @@ +.\" -*- nroff -*- +.\" +.\" This file is loaded after doc.tmac. +.\" Put any local modifications to doc.tmac here. +. +.if n \{\ +. \" Debian: Map \(oq to ' rather than ` in nroff mode for devices other +. \" than utf8. +. if !'\*[.T]'utf8' \ +. tr \[oq]' +. +. \" Debian: Disable the use of SGR (ANSI colour) escape sequences by +. \" grotty. +. if '\V[GROFF_SGR]'' \ +. output x X tty: sgr 0 +. +. \" Debian: Strictly, "-" is a hyphen while "\-" is a minus sign, and the +. \" former may not always be rendered in the form expected for things like +. \" command-line options. Uncomment this if you want to make sure that +. \" manual pages you're writing are clear of this problem. +. \" if '\*[.T]'utf8' \ +. \" char - \[hy] +. +. \" Debian: "\-" is more commonly used for option dashes than for minus +. \" signs in manual pages, so map it to plain "-" for HTML/XHTML output +. \" rather than letting it be rendered as "−". +. ie '\*[.T]'html' \ +. char \- \N'45' +. el \{\ +. if '\*[.T]'xhtml' \ +. char \- \N'45' +. \} +.\} diff --git a/etc/group b/etc/group new file mode 100644 index 0000000..9ecee83 --- /dev/null +++ b/etc/group @@ -0,0 +1,61 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4:syslog +tty:x:5:syslog +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27:gg +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +systemd-journal:x:101: +systemd-network:x:102: +systemd-resolve:x:103: +systemd-timesync:x:104: +crontab:x:105: +messagebus:x:106: +input:x:107: +kvm:x:108: +render:x:109: +syslog:x:110: +tss:x:111: +uuidd:x:112: +tcpdump:x:113: +ssh:x:114: +landscape:x:115: +lxd:x:116: +systemd-coredump:x:999: +ssl-cert:x:117:postgres +postgres:x:118: +shane:x:1001: +jon:x:1002: +gg:x:1003: diff --git a/etc/group- b/etc/group- new file mode 100644 index 0000000..7d88611 --- /dev/null +++ b/etc/group- @@ -0,0 +1,62 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4:syslog,gamesguru +tty:x:5:syslog +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24:gamesguru +floppy:x:25: +tape:x:26: +sudo:x:27:gamesguru,gg +audio:x:29: +dip:x:30:gamesguru +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46:gamesguru +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +systemd-journal:x:101: +systemd-network:x:102: +systemd-resolve:x:103: +systemd-timesync:x:104: +crontab:x:105: +messagebus:x:106: +input:x:107: +kvm:x:108: +render:x:109: +syslog:x:110: +tss:x:111: +uuidd:x:112: +tcpdump:x:113: +ssh:x:114: +landscape:x:115: +lxd:x:116:gamesguru +systemd-coredump:x:999: +gamesguru:x:1000: +ssl-cert:x:117:postgres +postgres:x:118: +shane:x:1001: +jon:x:1002: +gg:x:1003: diff --git a/etc/grub.d/00_header b/etc/grub.d/00_header new file mode 100755 index 0000000..c627dbb --- /dev/null +++ b/etc/grub.d/00_header @@ -0,0 +1,448 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" +grub_lang=`echo $LANG | cut -d . -f 1` +grubdir="`echo "/boot/grub" | sed 's,//*,/,g'`" +quick_boot="1" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +. "$pkgdatadir/grub-mkconfig_lib" + +# Do this as early as possible, since other commands might depend on it. +# (e.g. the `loadfont' command might need lvm or raid modules) +for i in ${GRUB_PRELOAD_MODULES} ; do + echo "insmod $i" +done + +if [ "x${GRUB_DEFAULT}" = "x" ] ; then GRUB_DEFAULT=0 ; fi +if [ "x${GRUB_DEFAULT}" = "xsaved" ] ; then GRUB_DEFAULT='${saved_entry}' ; fi +if [ "x${GRUB_TIMEOUT}" = "x" ] ; then GRUB_TIMEOUT=5 ; fi +if [ "x${GRUB_GFXMODE}" = "x" ] ; then GRUB_GFXMODE=auto ; fi + +if [ "x${GRUB_DEFAULT_BUTTON}" = "x" ] ; then GRUB_DEFAULT_BUTTON="$GRUB_DEFAULT" ; fi +if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved" ] ; then GRUB_DEFAULT_BUTTON='${saved_entry}' ; fi +if [ "x${GRUB_TIMEOUT_BUTTON}" = "x" ] ; then GRUB_TIMEOUT_BUTTON="$GRUB_TIMEOUT" ; fi + +cat << EOF +if [ -s \$prefix/grubenv ]; then + set have_grubenv=true + load_env +fi +EOF +cat < /dev/null ; then + font_path="${path}" + else + continue + fi + break 2 + done + done + if [ -n "${font_path}" ] ; then + cat << EOF +if [ x\$feature_default_font_path = xy ] ; then + font=unicode +else +EOF + # Make the font accessible + prepare_grub_to_access_device `${grub_probe} --target=device "${font_path}"` + cat << EOF + font="`make_system_path_relative_to_its_root "${font_path}"`" +fi + +if loadfont \$font ; then +EOF + else + cat << EOF +if loadfont unicode ; then +EOF + fi + fi + + cat << EOF + set gfxmode=${GRUB_GFXMODE} + load_video + insmod gfxterm +EOF + +# Gettext variables and module +if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "x" ]; then + cat << EOF + set locale_dir=\$prefix/locale + set lang=${grub_lang} + insmod gettext +EOF +fi + +cat <&2 + + prepare_grub_to_access_device `${grub_probe} --target=device "$GRUB_THEME"` + cat << EOF +insmod gfxmenu +EOF + themedir="`dirname "$GRUB_THEME"`" + for x in "$themedir"/*.pf2 "$themedir"/f/*.pf2; do + if [ -f "$x" ]; then + cat << EOF +loadfont (\$root)`make_system_path_relative_to_its_root $x` +EOF + fi + done + if [ x"`echo "$themedir"/*.jpg`" != x"$themedir/*.jpg" ] || [ x"`echo "$themedir"/*.jpeg`" != x"$themedir/*.jpeg" ]; then + cat << EOF +insmod jpeg +EOF + fi + if [ x"`echo "$themedir"/*.png`" != x"$themedir/*.png" ]; then + cat << EOF +insmod png +EOF + fi + if [ x"`echo "$themedir"/*.tga`" != x"$themedir/*.tga" ]; then + cat << EOF +insmod tga +EOF + fi + + cat << EOF +set theme=(\$root)`make_system_path_relative_to_its_root $GRUB_THEME` +export theme +EOF + elif [ "x$GRUB_BACKGROUND" != x ] && [ -f "$GRUB_BACKGROUND" ] \ + && is_path_readable_by_grub "$GRUB_BACKGROUND"; then + gettext_printf "Found background: %s\n" "$GRUB_BACKGROUND" >&2 + case "$GRUB_BACKGROUND" in + *.png) reader=png ;; + *.tga) reader=tga ;; + *.jpg|*.jpeg) reader=jpeg ;; + *) gettext "Unsupported image format" >&2; echo >&2; exit 1 ;; + esac + prepare_grub_to_access_device `${grub_probe} --target=device "$GRUB_BACKGROUND"` + cat << EOF +insmod $reader +background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"` +EOF + fi +fi + +make_timeout () +{ + cat << EOF +if [ "\${recordfail}" = 1 ] ; then + set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30} +else +EOF + if [ "x${3}" != "x" ] ; then + timeout="${2}" + style="${3}" + elif [ "x${1}" != "x" ] && \ + ([ "$quick_boot" = 1 ] || [ "x${1}" != "x0" ]) ; then + # Handle the deprecated GRUB_HIDDEN_TIMEOUT scheme. + timeout="${1}" + if [ "x${2}" != "x0" ] ; then + grub_warn "$(gettext "Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.")" + fi + if [ "x${GRUB_HIDDEN_TIMEOUT_QUIET}" = "xtrue" ] ; then + style="hidden" + verbose= + else + style="countdown" + verbose=" --verbose" + fi + else + # No hidden timeout, so treat as GRUB_TIMEOUT_STYLE=menu + timeout="${2}" + style="menu" + fi + cat << EOF + if [ x\$feature_timeout_style = xy ] ; then + set timeout_style=${style} + set timeout=${timeout} +EOF + if [ "x${style}" = "xmenu" ] ; then + cat << EOF + # Fallback normal timeout code in case the timeout_style feature is + # unavailable. + else + set timeout=${timeout} +EOF + else + cat << EOF + # Fallback hidden-timeout code in case the timeout_style feature is + # unavailable. + elif sleep${verbose} --interruptible ${timeout} ; then + set timeout=0 +EOF + fi + cat << EOF + fi +fi +EOF +if [ "$recordfail_broken" = 1 ]; then + cat << EOF +if [ \$grub_platform = efi ]; then + set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30} + if [ x\$feature_timeout_style = xy ] ; then + set timeout_style=menu + fi +fi +EOF +fi +} + +if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then + cat < +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +# Include the GRUB helper library for grub-mkconfig. +. /usr/share/grub/grub-mkconfig_lib + +# We want to work in /boot/grub/ only. +test -d /boot/grub; cd /boot/grub + +# Set the location of a possibly necessary cache file for the background image. +# NOTE: This MUST BE A DOTFILE to avoid confusing it with user-defined images. +BACKGROUND_CACHE=".background_cache" + +set_default_theme(){ + case $GRUB_DISTRIBUTOR in + Tanglu|Ubuntu|Kubuntu) + # Set a monochromatic theme for Tanglu/Ubuntu. + echo "${1}set menu_color_normal=white/black" + echo "${1}set menu_color_highlight=black/light-gray" + + if [ -e /usr/share/plymouth/themes/default.grub ]; then + sed "s/^/${1}/" /usr/share/plymouth/themes/default.grub + fi + # For plymouth backward compatiblity. Can be removed + # after xenial. + if [ -e /lib/plymouth/themes/default.grub ]; then + sed "s/^/${1}/" /lib/plymouth/themes/default.grub + fi + ;; + *) + # Set the traditional Debian blue theme. + echo "${1}set menu_color_normal=cyan/blue" + echo "${1}set menu_color_highlight=white/blue" + ;; + esac +} + +module_available(){ + local module + for module in "${1}.mod" */"${1}.mod"; do + if [ -f "${module}" ]; then + return 0 + fi + done + return 1 +} + +set_background_image(){ + # Step #1: Search all available output modes ... + local output + for output in ${GRUB_TERMINAL_OUTPUT}; do + if [ "x$output" = "xgfxterm" ]; then + break + fi + done + + # ... and check if we are able to display a background image at all. + if ! [ "x${output}" = "xgfxterm" ]; then + return 1 + fi + + # Step #2: Check if the specified background image exists. + if ! [ -f "${1}" ]; then + return 2 + fi + + # Step #3: Search the correct GRUB module for our background image. + local reader + case "${1}" in + *.jpg|*.JPG|*.jpeg|*.JPEG) reader="jpeg";; + *.png|*.PNG) reader="png";; + *.tga|*.TGA) reader="tga";; + *) return 3;; # Unknown image type. + esac + + # Step #4: Check if the necessary GRUB module is available. + if ! module_available "${reader}"; then + return 4 + fi + + # Step #5: Check if GRUB can read the background image directly. + # If so, we can remove the cache file (if any). Otherwise the backgound + # image needs to be cached under /boot/grub/. + if is_path_readable_by_grub "${1}"; then + rm --force "${BACKGROUND_CACHE}.jpeg" \ + "${BACKGROUND_CACHE}.png" "${BACKGROUND_CACHE}.tga" + elif cp "${1}" "${BACKGROUND_CACHE}.${reader}"; then + set -- "${BACKGROUND_CACHE}.${reader}" "${2}" "${3}" + else + return 5 + fi + + # Step #6: Prepare GRUB to read the background image. + if ! prepare_grub_to_access_device "`${grub_probe} --target=device "${1}"`"; then + return 6 + fi + + # Step #7: Everything went fine, print out a message to stderr ... + echo "Found background image: ${1}" >&2 + + # ... and write our configuration snippet to stdout. Use the colors + # desktop-base specified. If we're using a user-defined background, use + # the default colors since we've got no idea how the image looks like. + # If loading the background image fails, use the default theme. + echo "insmod ${reader}" + echo "if background_image `make_system_path_relative_to_its_root "${1}"`; then" + if [ -n "${2}" ]; then + echo " set color_normal=${2}" + fi + if [ -n "${3}" ]; then + echo " set color_highlight=${3}" + fi + if [ -z "${2}" ] && [ -z "${3}" ]; then + echo " true" + fi + echo "else" + set_default_theme " " + echo "fi" +} + +# Earlier versions of grub-pc copied the default background image to /boot/grub +# during postinst. Remove those obsolete images if they haven't been touched by +# the user. They are still available under /usr/share/images/desktop-base/ if +# desktop-base is installed. +while read checksum background; do + if [ -f "${background}" ] && [ "x`sha1sum "${background}"`" = "x${checksum} ${background}" ]; then + echo "Removing old background image: ${background}" >&2 + rm "${background}" + fi +done <. + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" +ubuntu_recovery="1" +quiet_boot="1" +quick_boot="1" +gfxpayload_dynamic="1" +vt_handoff="1" + +. "$pkgdatadir/grub-mkconfig_lib" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class gnu-linux --class gnu --class os" +SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart" + +if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then + OS=GNU/Linux +else + case ${GRUB_DISTRIBUTOR} in + Ubuntu|Kubuntu) + OS="${GRUB_DISTRIBUTOR}" + ;; + *) + OS="${GRUB_DISTRIBUTOR} GNU/Linux" + ;; + esac + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" +fi + +# loop-AES arranges things so that /dev/loop/X can be our root device, but +# the initrds that Linux uses don't like that. +case ${GRUB_DEVICE} in + /dev/loop/*|/dev/loop[0-9]) + GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` + # We can't cope with devices loop-mounted from files here. + case ${GRUB_DEVICE} in + /dev/*) ;; + *) exit 0 ;; + esac + ;; +esac + +# Default to disabling partition uuid support to maintian compatibility with +# older kernels. +GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} + +# get_dm_field_for_dev /dev/dm-0 uuid -> get the device mapper UUID for /dev/dm-0 +# get_dm_field_for_dev /dev/dm-1 name -> get the device mapper name for /dev/dm-1 +# etc +get_dm_field_for_dev () { + dmsetup info -c --noheadings -o $2 $1 2>/dev/null +} + +# Is $1 a multipath device? +is_multipath () { + local dmuuid dmtype + dmuuid="$(get_dm_field_for_dev $1 uuid)" + if [ $? -ne 0 ]; then + # Not a device mapper device -- or dmsetup not installed, and as + # multipath depends on kpartx which depends on dmsetup, if there is no + # dmsetup then there are not going to be any multipath devices. + return 1 + fi + # A device mapper "uuid" is always -. If is of the form + # part[0-9] then is the device the partition is on and we want to + # look at that instead. A multipath node always has of mpath. + dmtype="${dmuuid%%-*}" + if [ "${dmtype#part}" != "$dmtype" ]; then + dmuuid="${dmuuid#*-}" + dmtype="${dmuuid%%-*}" + fi + if [ "$dmtype" = "mpath" ]; then + return 0 + else + return 1 + fi +} + +if test -e "${GRUB_DEVICE}" && is_multipath "${GRUB_DEVICE}"; then + # If / is multipathed, there will be multiple paths to the partition, so + # using root=UUID= exposes the boot process to udev races. In addition + # GRUB_DEVICE in this case will be /dev/dm-0 or similar -- better to use a + # symlink that depends on the multipath name. + GRUB_DEVICE=/dev/mapper/"$(get_dm_field_for_dev $GRUB_DEVICE name)" + GRUB_DISABLE_LINUX_UUID=true +fi + +# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter +# and mounting btrfs requires user space scanning, so force UUID in this case. +if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ + || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ + && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ + || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ + && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ + || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} +elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ + || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then + LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} +else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} +fi + +case x"$GRUB_FS" in + xbtrfs) + rootsubvol="`make_system_path_relative_to_its_root /`" + rootsubvol="${rootsubvol#/}" + if [ "x${rootsubvol}" != x ]; then + GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" + fi;; + xzfs) + # We have a more specialized ZFS handler, with multiple system in 10_linux_zfs. + if [ -e "`dirname $(readlink -f $0)`/10_linux_zfs" ]; then + exit 0 + fi + rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` + bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" + LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" + ;; +esac + +title_correction_code= + +if [ -x /lib/recovery-mode/recovery-menu ]; then + GRUB_CMDLINE_LINUX_RECOVERY=recovery +else + GRUB_CMDLINE_LINUX_RECOVERY=single +fi +if [ "$ubuntu_recovery" = 1 ]; then + GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY nomodeset" +fi + +if [ "$vt_handoff" = 1 ]; then + for word in $GRUB_CMDLINE_LINUX_DEFAULT; do + if [ "$word" = splash ]; then + GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT \$vt_handoff" + fi + done +fi + +if [ x"$GRUB_FORCE_PARTUUID" != x ]; then + gettext_printf "GRUB_FORCE_PARTUUID is set, will attempt initrdless boot\n" >&2 + cat << EOF +# +# GRUB_FORCE_PARTUUID is set, will attempt initrdless boot +# Upon panic fallback to booting with initrd +EOF + echo "set partuuid=${GRUB_FORCE_PARTUUID}" +fi + +linux_entry () +{ + os="$1" + version="$2" + type="$3" + args="$4" + + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ x$type != xsimple ] ; then + case $type in + recovery) + title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ;; + init-*) + title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "${type#init-}")" ;; + *) + title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; + esac + if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then + replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" + grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" + fi + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + else + echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + fi + if [ "$quick_boot" = 1 ]; then + echo " recordfail" | sed "s/^/$submenu_indentation/" + fi + if [ x$type != xrecovery ] ; then + save_default_entry | grub_add_tab + fi + + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then + echo " load_video" | sed "s/^/$submenu_indentation/" + else + if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then + echo " load_video" | sed "s/^/$submenu_indentation/" + fi + fi + if ([ "$ubuntu_recovery" = 0 ] || [ x$type != xrecovery ]) && \ + ([ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 1 ]); then + echo " gfxmode \$linux_gfx_mode" | sed "s/^/$submenu_indentation/" + fi + + echo " insmod gzio" | sed "s/^/$submenu_indentation/" + echo " if [ x\$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi" | sed "s/^/$submenu_indentation/" + + if [ x$dirname = x/ ]; then + if [ -z "${prepare_root_cache}" ]; then + prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" + fi + printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" + else + if [ -z "${prepare_boot_cache}" ]; then + prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" + fi + printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" + fi + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + message="$(gettext_printf "Loading Linux %s ..." ${version})" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then + sed "s/^/$submenu_indentation/" << EOF + linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} +EOF + else + # We have initrd and PARTUUID is set - we try to boot without initrd, and fallback to using it + # if it fails. + # "panic=-1" means "on panic reboot immediately". "panic=0" disables the reboot behavior. + if [ x"$GRUB_FORCE_PARTUUID" != x ]; then + linux_root_device_thisversion="PARTUUID=${GRUB_FORCE_PARTUUID}" + fi + message="$(gettext_printf "Loading initial ramdisk ...")" + initrdlessfail_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.")" + initrdlesstry_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, attempting initrdless boot.")" + initrd_path= + for i in ${initrd}; do + initrd_path="${initrd_path} ${rel_dirname}/${i}" + done + initrd_path_only_early= + for i in ${initrd_early}; do + initrd_path_only_early="${initrd_path_only_early} ${rel_dirname}/${i}" + done + if test -n "${initrd}" && [ x"$GRUB_FORCE_PARTUUID" != x ]; then + sed "s/^/$submenu_indentation/" << EOF + if [ "\${initrdfail}" = 1 ]; then + echo '$(echo "$initrdlessfail_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} +EOF + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path) + else + echo '$(echo "$initrdlesstry_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} panic=-1 +EOF + if [ -n "$initrd_path_only_early" ]; then + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path_only_early) +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + fi + initrdfail +EOF + else + # We don't have initrd or we don't want to set PARTUUID. Don't try initrd-less boot with fallback. + sed "s/^/$submenu_indentation/" << EOF + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} +EOF + if test -n "${initrd}"; then + # We do have initrd - let's use it at boot. + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path) +EOF + fi + fi + if test -n "${dtb}" ; then + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + message="$(gettext_printf "Loading device tree blob...")" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + devicetree ${rel_dirname}/${dtb} +EOF + fi + fi + sed "s/^/$submenu_indentation/" << EOF +} +EOF +} + +machine=`uname -m` +case "x$machine" in + xi?86 | xx86_64) + list= + for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do + if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi + done ;; + *) + list= + for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do + if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi + done ;; +esac + +case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; + mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; + arm*) GENKERNEL_ARCH="arm" ;; + *) GENKERNEL_ARCH="$machine" ;; +esac + +case "$GENKERNEL_ARCH" in + x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; +esac + +prepare_boot_cache= +prepare_root_cache= +boot_device_id= +title_correction_code= + +cat << 'EOF' +function gfxmode { + set gfxpayload="${1}" +EOF +if [ "$vt_handoff" = 1 ]; then + cat << 'EOF' + if [ "${1}" = "keep" ]; then + set vt_handoff=vt.handoff=7 + else + set vt_handoff= + fi +EOF +fi +cat << EOF +} +EOF + +# Use ELILO's generic "efifb" when it's known to be available. +# FIXME: We need an interface to select vesafb in case efifb can't be used. +if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then + echo "set linux_gfx_mode=$GRUB_GFXPAYLOAD_LINUX" +else + cat << EOF +if [ "\${recordfail}" != 1 ]; then + if [ -e \${prefix}/gfxblacklist.txt ]; then + if [ \${grub_platform} != pc ]; then + set linux_gfx_mode=keep + elif hwmatch \${prefix}/gfxblacklist.txt 3; then + if [ \${match} = 0 ]; then + set linux_gfx_mode=keep + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=keep + fi +else + set linux_gfx_mode=text +fi +EOF +fi +cat << EOF +export linux_gfx_mode +EOF + +# Extra indentation to add to menu entries in a submenu. We're not in a submenu +# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). +submenu_indentation="" + +is_top_level=true +while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + case $linux in + *.efi.signed) + # We handle these in linux_entry. + list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '` + continue + ;; + esac + gettext_printf "Found linux image: %s\n" "$linux" >&2 + basename=`basename $linux` + dirname=`dirname $linux` + rel_dirname=`make_system_path_relative_to_its_root $dirname` + version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + + initrd_early= + for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ + ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do + if test -e "${dirname}/${i}" ; then + initrd_early="${initrd_early} ${i}" + fi + done + + initrd_real= + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then + initrd_real="${i}" + break + fi + done + + initrd= + if test -n "${initrd_early}" || test -n "${initrd_real}"; then + initrd="${initrd_early} ${initrd_real}" + + initrd_display= + for i in ${initrd}; do + initrd_display="${initrd_display} ${dirname}/${i}" + done + gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 + fi + + dtb= + for i in "dtb-${version}" "dtb-${alt_version}" "dtb"; do + if test -e "${dirname}/${i}" ; then + dtb="$i" + break + fi + done + + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then + config="${i}" + break + fi + done + + initramfs= + if test -n "${config}" ; then + initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` + fi + + if test -z "${initramfs}" && test -z "${initrd_real}" ; then + # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's + # no initrd or builtin initramfs, it can't work here. + if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ + || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then + + linux_root_device_thisversion=${GRUB_DEVICE} + else + linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} + fi + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then + linux_entry "${OS}" "${version}" simple \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + + submenu_indentation="$grub_tab" + + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + # TRANSLATORS: %s is replaced with an OS name + echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" + is_top_level=false + fi + + linux_entry "${OS}" "${version}" advanced \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + for supported_init in ${SUPPORTED_INITS}; do + init_path="${supported_init#*:}" + if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then + linux_entry "${OS}" "${version}" "init-${supported_init%%:*}" \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}" + fi + done + if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then + linux_entry "${OS}" "${version}" recovery \ + "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" + fi + + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` +done + +# If at least one kernel was found, then we need to +# add a closing '}' for the submenu command. +if [ x"$is_top_level" != xtrue ]; then + echo '}' +fi + +echo "$title_correction_code" diff --git a/etc/grub.d/10_linux_zfs b/etc/grub.d/10_linux_zfs new file mode 100755 index 0000000..4efb681 --- /dev/null +++ b/etc/grub.d/10_linux_zfs @@ -0,0 +1,1117 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2019 Canonical Ltd. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="/usr" +datarootdir="/usr/share" +ubuntu_recovery="1" +quiet_boot="1" +quick_boot="1" +gfxpayload_dynamic="1" +vt_handoff="1" + +. "${pkgdatadir}/grub-mkconfig_lib" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +set -u + +## Skip early if zfs utils isn't installed (instead of failing on first zpool list) +if ! `which zfs >/dev/null 2>&1`; then + exit 0 +fi + +imported_pools="" +MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)" +ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)" + + +machine="$(uname -m)" +case "${machine}" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; + mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; + arm*) GENKERNEL_ARCH="arm" ;; + *) GENKERNEL_ARCH="${machine}" ;; +esac + +RC=0 +on_exit() { + # Restore initial zpool import state + for pool in ${imported_pools}; do + zpool export "${pool}" + done + + mountpoint -q "${MNTDIR}" && umount "${MNTDIR}" || true + rmdir "${MNTDIR}" + rm -rf "${ZFSTMP}" + exit "${RC}" +} +trap on_exit EXIT INT QUIT ABRT PIPE TERM + +# List ONLINE and DEGRADED pools +import_pools() { + # We have to ignore zpool import output, as potentially multiple / will be available, + # and we need to autodetect all zpools this way with their real mountpoints. + local initial_pools="$(zpool list | awk '{if (NR>1) print $1}')" + local all_pools="" + local imported_pools="" + local err="" + + set +e + err="$(zpool import -f -a -o cachefile=none -o readonly=on -N 2>&1)" + # Only print stderr if the command returned an error + # (it can echo "No zpool to import" with success, which we don't want) + if [ $? -ne 0 ]; then + echo "Some pools couldn't be imported and will be ignored:\n${err}" >&2 + fi + set -e + + all_pools="$(zpool list | awk '{if (NR>1) print $1}')" + for pool in ${all_pools}; do + if echo "${initial_pools}" | grep -wq "${pool}"; then + continue + fi + imported_pools="${imported_pools} ${pool}" + done + + echo "${imported_pools}" +} + +# List all the dataset with a root mountpoint +get_root_datasets() { + local pools="$(zpool list | awk '{if (NR>1) print $1}')" + + for p in ${pools}; do + local rel_pool_root=$(zpool get -H altroot ${p} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="/" + fi + + zfs list -H -o name,canmount,mountpoint -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' | awk '{print $1}' + done +} + +# find if given datasets can be mounted for directory and return its path (snapshot or real path) +# $1 is our current dataset name +# $2 directory path we look for (cannot contains /) +# $3 is the temporary mount directory to use +# $4 is the optional snapshot name +# return path for directory (which can be a mountpoint) +validate_system_dataset() { + local dataset="$1" + local directory="$2" + local mntdir="$3" + local snapshot_name="$4" + + local mount_path="${mntdir}/${directory}" + + if ! zfs list "${dataset}" >/dev/null 2>&1; then + return + fi + + if ! mount -o noatime,zfsutil -t zfs "${dataset}" "${mount_path}"; then + grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset}@${snapshot_name}'. Ignoring" + return + fi + + local candidate_path="${mount_path}" + if [ -n "${snapshot_name}" ]; then + # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 + # Reading the content of a snapshot fails if it is not the first mount + # for a given dataset + first_mntdir=$(awk '{if ($1 == "'${dataset}'") {print $2; exit;}}' /proc/mounts) + if [ "${first_mntdir}" = "/" ]; then + # prevents // on candidate_path + first_mntdir="" + fi + candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}" + fi + + if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + else + mountpoint -q "${mount_path}" && umount "${mount_path}" || true + fi +} + +# Detect system directory relevant to the other, trying to find the ones associated on the current dataset or snapshot/ +# System directory should be at most a direct child dataset of main datasets (no recursivity) +# We can fallback trying other zfs pools if no match has been found. +# $1 is our current dataset name (which can have @snapshot name) +# $2 directory path we look for (cannot contains /) +# $3 restrict_to_same_pool (true|false) force looking for dataset with the same basename in the current dataset pool only +# $4 is the temporary mount directory to use +# $5 is the optional etc directory (if not $2 is not etc itself) +# return path for directory (which can be a mountpoint) +get_system_directory() { + local dataset_path="$1" + local directory="$2" + local restrict_to_same_pool="$3" + local mntdir="$4" + local etc_dir="$5" + + if [ -z "${etc_dir}" ]; then + etc_dir="${mntdir}/etc" + fi + + local candidate_path="${mntdir}/${directory}" + + # 1. Look for /etc/fstab first (which will mount even on top of non empty $directory) + local mounted_fstab_entry="false" + if [ -f "${etc_dir}/fstab" ]; then + mount_args=$(awk '/^[^#].*[ \t]\/'"${directory}"'[ \t]/ {print "-t", $3, $1}' "${etc_dir}/fstab") + if [ -n "${mount_args}" ]; then + mounted_fstab_entry="true" + mount -o noatime ${mount_args} "${candidate_path}" || mounted_fstab_entry="false" + fi + fi + + # If directory isn't empty. Only count if coming from /etc/fstab. Will be + # handled below otherwise as we are interested in potential snapshots. + if [ "${mounted_fstab_entry}" = "true" -a -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + fi + + # 2. Handle zfs case, which can be a snapshots. + + local base_dataset_path="${dataset_path}" + local snapshot_name="" + # For snapshots we extract the parent dataset + if echo "${dataset_path}" | grep -q '@'; then + base_dataset_path=$(echo "${dataset_path}" | cut -d '@' -f1) + snapshot_name=$(echo "${dataset_path}" | cut -d '@' -f2) + fi + base_dataset_name="${base_dataset_path##*/}" + base_pool="$(echo "${base_dataset_path}" | cut -d'/' -f1)" + + # 2.a) Look for child dataset included in base dataset, which needs to hold same snapshot if any + candidate_path=$(validate_system_dataset "${base_dataset_path}/${directory}" "${directory}" "${mntdir}" "${snapshot_name}") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + + # 2.b) Look for current dataset (which is already mounted as /) + candidate_path="${mntdir}/${directory}" + if [ -n "${snapshot_name}" ]; then + # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 + # Reading the content of a snapshot fails if it is not the first mount + # for a given dataset + first_mntdir=$(awk '{if ($1 == "'${base_dataset_path}'") {print $2; exit;}}' /proc/mounts) + if [ "${first_mntdir}" = "/" ]; then + # prevents // on candidate_path + first_mntdir="" + fi + candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}/${directory}" + fi + if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + fi + + # 2.c) Look for every datasets in every pool which isn't the current dataset which holds: + # - the same dataset name (last section) than our base_dataset_name + # - mountpoint=directory + # - canmount!=off + all_same_base_dataset_name="$(zfs list -H -t filesystem -o name,canmount | awk '/^[^ ]+\/'"${base_dataset_name}"'[ \t](on|noauto)/ {print $1}') " + + # order by local pool datasets first + current_pool_same_base_datasets="" + other_pools_same_base_datasets="" + root_pool=$(echo "${dataset_path%%/*}") + for d in ${all_same_base_dataset_name}; do + cur_dataset_pool=$(echo "${d%%/*}") + if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then + current_pool_same_base_datasets="${current_pool_same_base_datasets} ${d}" + else + other_pools_same_base_datasets="${other_pools_same_base_datasets} ${d}" + fi + done + ordered_same_base_datasets="${current_pool_same_base_datasets} ${other_pools_same_base_datasets}" + if [ "${restrict_to_same_pool}" = "true" ]; then + ordered_same_base_datasets="${current_pool_same_base_datasets}" + fi + + # now, loop over them + for d in ${ordered_same_base_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + + rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + # check mountpoint match + candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') + if [ -z "${candidate_dataset}" ]; then + continue + fi + + candidate_path=$(validate_system_dataset "${candidate_dataset}" "${directory}" "${mntdir}" "${snapshot_name}") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + done + + # 2.d) If we didn't find anything yet: check for persistent datasets corresponding to our mountpoint, with canmount=on without any snapshot associated: + # Note: we go over previous datasets as well, but this is ok, as we didn't include them before. + all_mountable_datasets="$(zfs list -t filesystem -o name,canmount | awk '/^[^ ]+[ \t]+on/ {print $1}')" + + # order by local pool datasets first + current_pool_datasets="" + other_pools_datasets="" + root_pool=$(echo "${dataset_path%%/*}") + for d in ${all_mountable_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then + current_pool_datasets="${current_pool_datasets} ${d}" + else + other_pools_datasets="${other_pools_datasets} ${d}" + fi + done + ordered_datasets="${current_pool_datasets} ${other_pools_datasets}" + if [ "${restrict_to_same_pool}" = "true" ]; then + ordered_datasets="${current_pool_datasets}" + fi + + for d in ${ordered_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + + rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + # check mountpoint match + candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') + if [ -z "${candidate_dataset}" ]; then + continue + fi + + candidate_path=$(validate_system_dataset "${d}" "${directory}" "${mntdir}" "") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + done + + grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset_path}'. Ignoring" + return +} + +# Try our default layout bpool as a prefered layout (fast path) +# This is get_system_directory for boot optimized for our default installation layout +# $1 is our current dataset name (which can have @snapshot name) +# $2 is the temporary mount directory to use +# return path for directory (which can be a mountpoint) if found +try_default_layout_bpool() { + local root_dataset_path="$1" + local mntdir="$2" + + dataset_basename="${root_dataset_path##*/}" + candidate_dataset="bpool/BOOT/${dataset_basename}" + dataset_properties="$(zfs get -H mountpoint,canmount ${candidate_dataset} | cut -f3 | paste -sd ' ')" + if [ -z "${dataset_properties}" ]; then + return + fi + + rel_pool_root=$(zpool get -H altroot bpool | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + snapshot_name="${dataset_basename##*@}" + [ "${snapshot_name}" = "${dataset_basename}" ] && snapshot_name="" + if [ -z "${snapshot_name}" ]; then + if ! echo "${dataset_properties}" | grep -Eq "${rel_pool_root}/boot (on|noauto)"; then + return + fi + else + candidate_dataset=$(echo "${candidate_dataset}" | cut -d '@' -f1) + fi + + validate_system_dataset "${candidate_dataset}" "boot" "${mntdir}" "${snapshot_name}" +} + +# Return if secure boot is enabled on that system +is_secure_boot_enabled() { + if LANG=C mokutil --sb-state 2>/dev/null | grep -qi enabled; then + echo "true" + return + fi + echo "false" + return +} + +# Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used +# $1 is dataset we want information from +# $2 is the temporary mount directory to use +get_dataset_info() { + local dataset="$1" + local mntdir="$2" + + local base_dataset="${dataset}" + local etc_dir="${mntdir}/etc" + local is_snapshot="false" + # For snapshot we extract the parent dataset + if echo "${dataset}" | grep -q '@'; then + base_dataset=$(echo "${dataset}" | cut -d '@' -f1) + is_snapshot="true" + fi + + mount -o noatime,zfsutil -t zfs "${base_dataset}" "${mntdir}" + + # read machine-id/os-release from /etc + etc_dir=$(get_system_directory "${dataset}" "etc" "true" "${mntdir}" "") + if [ -z "${etc_dir}" ]; then + grub_warn "Ignoring ${dataset}" + mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true + umount "${mntdir}" + return + fi + + machine_id="" + if [ -f "${etc_dir}/machine-id" ]; then + machine_id=$(cat "${etc_dir}/machine-id") + fi + # We have to use a random temporary id if we don't have any machine-id file or if this one is empty + # (mostly the case of new installations before first boot). + # Let's use the dataset name directly for this. + # Consequence is that all datasets are then separated. + if [ -z "${machine_id}" ]; then + machine_id="${dataset}" + fi + pretty_name=$(. "${etc_dir}/os-release" && echo "${PRETTY_NAME}") + mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true + + # read available kernels from /boot + boot_dir="$(try_default_layout_bpool "${dataset}" "${mntdir}")" + if [ -z "${boot_dir}" ]; then + boot_dir=$(get_system_directory "${dataset}" "boot" "false" "${mntdir}" "${etc_dir}") + fi + + if [ -z "${boot_dir}" ]; then + grub_warn "Ignoring ${dataset}" + mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true + umount "${mntdir}" + return + fi + + initrd_list="" + kernel_list="" + list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + if ! grub_file_is_not_garbage "${linux}" ; then + continue + fi + + # Filters entry if efi/non efi. + # Note that for now we allow kernel without .efi.signed as those are signed kernel + # on ubuntu, loaded by the shim. + case "${linux}" in + *.efi.signed) + if [ "$(is_secure_boot_enabled)" = "false" ]; then + continue + fi + ;; + esac + + linux_basename=$(basename "${linux}") + linux_dirname=$(dirname "${linux}") + version=$(echo "${linux_basename}" | sed -e "s,^[^0-9]*-,,g") + alt_version=$(echo "${version}" | sed -e "s,\.old$,,g") + + gettext_printf "Found linux image: %s in %s\n" "${linux_basename}" "${dataset}" >&2 + + initrd="" + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${linux_dirname}/${i}" ; then + initrd="$i" + break + fi + done + + if test -z "${initrd}" ; then + grub_warn "Couldn't find any valid initrd for dataset ${dataset}." + continue + fi + + gettext_printf "Found initrd image: %s in %s\n" "${initrd}" "${dataset}" >&2 + + rel_linux_dirname=$(make_system_path_relative_to_its_root "${linux_dirname}") + + initrd_list="${initrd_list}|${rel_linux_dirname}/${initrd}" + kernel_list="${kernel_list}|${rel_linux_dirname}/${linux_basename}" + done + + initrd_list="${initrd_list#|}" + kernel_list="${kernel_list#|}" + + initrd_device=$(${grub_probe} --target=device "${boot_dir}" | head -1) + + mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true + # We needed to look in / for snapshots on root dataset, umount there before zfs lazily unmount it + case "${boot_dir}" in /boot/.zfs/snapshot/*) + umount "${boot_dir}" || true + ;; + esac + + # for zsys snapshots: we want to know which kernel we successful last booted with + last_booted_kernel=$(zfs get -H com.ubuntu.zsys:last-booted-kernel "${dataset}" | awk '{print $3}') + + # snapshot: last_used is dataset creation time + if [ "${is_snapshot}" = "true" ]; then + last_used="$(zfs get -pH creation "${dataset}" | awk -F '\t' '{print $3}')" + # otherwise, last_used is manually marked at boot/shutdown on a root dataset for zsys + else + # if current system, take current time + if zfs mount | awk '/[ \t]+\/$/ {print $1}' | grep -q ${dataset}; then + last_used=$(date +%s) + else + last_used=$(zfs get -H com.ubuntu.zsys:last-used "${dataset}" | awk '{print $3}') + # case of non zsys, or zsys without annotation, take /etc/machine-id stat (as we mounted with noatime). + # However, as systems can be relatime, if system is current mounted one, set current time (case of clone + reboot + # within the same d). + if [ "${last_used}" = "-" ]; then + last_used=$(stat --printf="%X" "${mntdir}/etc/os-release") + if [ -f "${mntdir}/etc/machine-id" ]; then + last_used=$(stat --printf="%X" "${mntdir}/etc/machine-id") + fi + fi + fi + fi + + is_zsys=$(zfs get -H com.ubuntu.zsys:bootfs "${base_dataset}" | awk '{print $3}') + + if [ -n "${initrd_list}" -a -n "${kernel_list}" ]; then + echo "${dataset}\t${is_zsys}\t${machine_id}\t${pretty_name}\t${last_used}\t${initrd_device}\t${initrd_list}\t${kernel_list}\t${last_booted_kernel}" + else + grub_warn "didn't find any valid initrd or kernel." + fi + + umount "${mntdir}" || true + # We needed to look in / for snapshots on root dataset, umount the snapshot for etc before zfs lazily unmount it + case "${etc_dir}" in /.zfs/snapshot/*/etc) + snapshot_path="$(findmnt -n -o TARGET -T ${etc_dir})" + umount "${snapshot_path}" || true + ;; + esac +} + +# Scan available boot options and returns in a formatted list +# $1 is the temporary mount directory to use +bootlist() { + local mntdir="$1" + local boot_list="" + + for dataset in $(get_root_datasets); do + # get information from current root dataset + boot_list="${boot_list}$(get_dataset_info ${dataset} ${mntdir})\n" + + # get information from snapshots of this root dataset + for snapshot_dataset in $(zfs list -H -o name -t snapshot "${dataset}"); do + boot_list="${boot_list}$(get_dataset_info ${snapshot_dataset} ${mntdir})\n" + done + done + echo "${boot_list}" +} + + +# Order machine ids by last_used from their main entry +get_machines_sorted() { + local bootlist="$1" + + local machineids="$(echo "${bootlist}" | awk '{print $3}' | sort -u)" + for machineid in ${machineids}; do + echo "${bootlist}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print $5, $3}' | sort -nr | grep -E "[^^]\b${machineid}\b" | head -1 + done | sort -nr | awk '{print $2}' +} + +# Sort entries by last_used for a given machineid +sort_entries_for_machineid() { + local bootlist="$1" + local machineid="$2" + + tab="$(printf '\t')" + echo "${bootlist}" | grep -E "[^^]\b${machineid}\b" | sort -k5,5r -k1,1 -t "${tab}" +} + +# Return main entry index +get_main_entry() { + local entries="$1" + + echo "${entries}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print}' | head -1 +} + +# Return specific field at index from entry +get_field_from_entry() { + local entry="$1" + local index="$2" + + echo "${entry}" | awk "BEGIN{FS=\"\t\"} {print \$$index}" +} + +# Get the main entry metadata +main_entry_meta() { + local main_entry="$1" + + initrd=$(get_field_from_entry "${main_entry}" 7 | cut -d'|' -f1) + kernel=$(get_field_from_entry "${main_entry}" 8 | cut -d'|' -f1) + + # Take first element (most recent entry) which is not a snapshot + echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"main\", \$4, \$1, \$6, \"$initrd\", \"$kernel\"}" +} + +# Get advanced entries metadata +advanced_entries_meta() { + local main_entry="$1" + + last_used_kernel="$(get_field_from_entry "${main_entry}" 9 )" + + # We must align initrds with kernels. + # Adds initrds to the stack then pop them 1 by 1 as we process the kernels + set -- $(get_field_from_entry "${main_entry}" 7 | tr "|" " ") + for kernel in $(get_field_from_entry "${main_entry}" 8 | tr "|" " "); do + # get initrd and pop to the next one + initrd="$1"; shift + + was_last_used_kernel="false" + kernel_basename=$(basename "${kernel}") + if [ "${kernel_basename}" = "${last_used_kernel}" ]; then + was_last_used_kernel="true" + fi + + echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"advanced\", \$4, \$1, \$6, \"$initrd\", \"$kernel\", \"$was_last_used_kernel\"}" + done +} + +# Get history metadata +history_entries_meta() { + local entries="$1" + local main_dataset_name="$2" + local main_dataset_releasename="$3" + + if [ -z "${entries}" ]; then + return + fi + + # Traverse snapshots and clones + echo "${entries}" | while read entry; do + name="" + # Compute snapshot/filesystem dataset name + snap_dataset_name="$(get_field_from_entry "${entry}" 1)" + + snapname="${snap_dataset_name##*@}" + # If, this is a clone, take what is after main_dataset_name + if [ "${snapname}" = "${snap_dataset_name}" ]; then + snapname="${snap_dataset_name##${main_dataset_name}_}" + + # Handle manual user clone (not prefixed by "main_dataset_name") + snapname="${snapname##*/}" + fi + + # We keep the snapname only if it is not only a zsys auto snapshot + if echo "${snapname}" | grep -q "^autozsys_"; then + snapname="" + fi + + # We store the release only if it different from main dataset release (snapshot before a release upgrade) + releasename=$(get_field_from_entry "${entry}" 4) + if [ "${releasename}" = "${main_dataset_releasename}" ]; then + releasename="" + fi + + # Snapshot date + foo="$(get_field_from_entry "${entry}" 5)" + snapdate="$(date -d @$(get_field_from_entry "${entry}" 5) "+%x @ %H:%M")" + + # For snapshots/clones the name can have the following formats: + # : autozsys, same release + # on : autozsys, different release + # on : Manual snapshot, same release + # , on : Manual snapshot, different release + if [ "${snapname}" = "" -a "${releasename}" = "" ]; then + name="${snapdate}" + elif [ "${snapname}" = "" -a "${releasename}" != "" ]; then + name=$(gettext_printf "%s on %s" "${releasename}" "${snapdate}") + elif [ "${snapname}" != "" -a "${releasename}" = "" ]; then + name=$(gettext_printf "%s on %s" "${snapname}" "${snapdate}") + else # snapname != "" && releasename != "" + name=$(gettext_printf "%s, %s on %s" "${snapname}" "${releasename}" "${snapdate}") + fi + + # Choose kernel and initrd if the snapshot was booted successfully on a specific kernel before + # Take latest by default if no match + initrd=$(get_field_from_entry "${entry}" 7 | cut -d'|' -f1) + kernel=$(get_field_from_entry "${entry}" 8 | cut -d'|' -f1) + last_used_kernel="$(get_field_from_entry "${entry}" 9)" + + # We must align initrds with kernels. + # Adds initrds to the stack then pop them 1 by 1 as we process the kernels + set -- $(get_field_from_entry "${entry}" 7 | tr "|" " ") + for k in $(get_field_from_entry "${entry}" 8|tr "|" " "); do + # get initrd and pop to the next one + candidate_initrd="$1"; shift + + kernel_basename=$(basename "${k}") + if [ "${kernel_basename}" = "${last_used_kernel}" ]; then + kernel="${k}" + initrd="${candidate_initrd}" + break + fi + done + + echo "${entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"history\", \"$name\", \$1, \$6, \"$initrd\", \"$kernel\"}" + done +} + +# Generate metadata from a BOOTLIST that will subsequently used to generate +# the final grub menu entries +generate_grub_menu_metadata() { + local bootlist="$1" + + # Sort machineids by last_used from their main entry + for machineid in $(get_machines_sorted "${bootlist}"); do + entries="$(sort_entries_for_machineid "${bootlist}" ${machineid})" + main_entry="$(get_main_entry "${entries}")" + + if [ -z "$main_entry" ]; then + continue + fi + + main_entry_meta "${main_entry}" + advanced_entries_meta "${main_entry}" + + main_dataset_name="$(get_field_from_entry "${main_entry}" 1)" + main_dataset_releasename="$(get_field_from_entry "${main_entry}" 4)" + # grep -v errcode != 0 if there is no match. || true to not fail with -e + other_entries="$(echo "${entries}" | grep -v "${main_entry}" || true)" + history_entries_meta "${other_entries}" "${main_dataset_name}" "${main_dataset_releasename}" + done +} + +# Print the configuration part common to all sections +# Note: +# If 10_linux runs these part will be defined twice in grub configuration +print_menu_prologue() { + cat << 'EOF' +function gfxmode { + set gfxpayload="${1}" +EOF + if [ "${vt_handoff}" = 1 ]; then + cat << 'EOF' + if [ "${1}" = "keep" ]; then + set vt_handoff=vt.handoff=1 + else + set vt_handoff= + fi +EOF + fi + cat << EOF +} +EOF + + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}" + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 0 ]; then + echo "set linux_gfx_mode=${GRUB_GFXPAYLOAD_LINUX}" + else + cat << EOF +if [ "\${recordfail}" != 1 ]; then + if [ -e \${prefix}/gfxblacklist.txt ]; then + if hwmatch \${prefix}/gfxblacklist.txt 3; then + if [ \${match} = 0 ]; then + set linux_gfx_mode=keep + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=keep + fi +else + set linux_gfx_mode=text +fi +EOF + fi + cat << EOF +export linux_gfx_mode +EOF +} + +# Cache for prepare_grub_to_access_device call +# $1: boot_device +# $2: submenu_level +prepare_grub_to_access_device_cached() { + local boot_device="$1" + local submenu_level="$2" + + local boot_device_idx="$(echo ${boot_device} | tr '/' '_')" + + cache_file="${ZFSTMP}/$(echo boot_device${boot_device_idx})" + if [ ! -f "${cache_file}" ]; then + set +u + echo "$(prepare_grub_to_access_device "${boot_device}")" > "${cache_file}" + set -u + for i in 0 1 2; do + submenu_indentation="$(printf %${i}s | tr " " "${grub_tab}")" + sed "s/^/${submenu_indentation} /" "${cache_file}" > "${cache_file}--${i}" + done + fi + + cat "${cache_file}--${submenu_level}" +} + + +# Print a grub menu entry +zfs_linux_entry () { + submenu_level="$1" + title="$2" + type="$3" + dataset="$4" + boot_device="$5" + initrd="$6" + kernel="$7" + kernel_version="$8" + kernel_additional_args="${9:-}" + boot_devices="${10:-}" + + submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")" + + echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" + + if [ "${quick_boot}" = 1 ]; then + echo "${submenu_indentation} recordfail" + fi + + if [ "${type}" != "recovery" ] ; then + GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} + default_entry="$(save_default_entry)" + if [ -n "${default_entry}" ]; then + echo "${submenu_indentation} ${default_entry}" + fi + fi + + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then + echo "${submenu_indentation} load_video" + else + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then + echo "${submenu_indentation} load_video" + fi + fi + + if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \ + ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then + echo "${submenu_indentation} gfxmode \${linux_gfx_mode}" + fi + + echo "${submenu_indentation} insmod gzio" + echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi" + + if [ -n "$boot_devices" ]; then + for device in ${boot_devices}; do + echo "${submenu_indentation} if [ "${boot_device}" = "${device}" ]; then" + echo "$(prepare_grub_to_access_device_cached "${device}" $(( submenu_level +1 )) )" + echo "${submenu_indentation} fi" + done + else + echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" + fi + + if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then + echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" + fi + + linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + if [ ${type} = "recovery" ]; then + linux_default_args="${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" + fi + + echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" + + if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then + echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'" + fi + echo "${submenu_indentation} initrd ${initrd}" + echo "${submenu_indentation}}" +} + +# Generate a GRUB Menu from menu meta data +# $1 menu metadata +generate_grub_menu() { + local menu_metadata="$1" + local last_section="" + local main_dataset_name="" + local main_dataset="" + local have_zsys="" + + if [ -z "${menu_metadata}" ]; then + return + fi + + CLASS="--class gnu-linux --class gnu --class os" + + if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then + OS=GNU/Linux + else + case ${GRUB_DISTRIBUTOR} in + Ubuntu|Kubuntu) + OS="${GRUB_DISTRIBUTOR}" + ;; + *) + OS="${GRUB_DISTRIBUTOR} GNU/Linux" + ;; + esac + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + + if [ -x /lib/recovery-mode/recovery-menu ]; then + GRUB_CMDLINE_LINUX_RECOVERY=recovery + else + GRUB_CMDLINE_LINUX_RECOVERY=single + fi + if [ "${ubuntu_recovery}" = 1 ]; then + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + + case "$GENKERNEL_ARCH" in + x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; + esac + + + if [ "${vt_handoff}" = 1 ]; then + for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do + if [ "${word}" = splash ]; then + GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} \${vt_handoff}" + fi + done + fi + + print_menu_prologue + + cat<<'EOF' +function zsyshistorymenu { + # $1: root dataset (eg rpool/ROOT/ubuntu_2zhm07@autozsys_k56fr6) + # $2: boot device id (eg 411f29ce1557bfed) + # $3: initrd (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/initrd.img-5.4.0-21-generic) + # $4: kernel (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/vmlinuz-5.4.0-21-generic) + # $5: kernel_version (eg 5.4.0-21-generic) + + set root_dataset="${1}" + set boot_device="${2}" + set initrd="${3}" + set kernel="${4}" + set kversion="${5}" + +EOF + boot_devices=$(echo "${menu_metadata}" | cut -d"$(printf '\t')" -f6 | sort -u) + + title=$(gettext_printf "Revert system only") + zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" + + title="$(gettext_printf "Revert system and user data")" + zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" + + title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" + fi +echo "}" +echo + + # IFS is set to TAB (ASCII 0x09) + echo "${menu_metadata}" | + { + at_least_one_entry=0 + have_zsys="$(which zsysd || true)" + while IFS="$(printf '\t')" read -r machineid iszsys section name dataset device initrd kernel opt; do + + # Disable history for non zsys system or if systems is a zsys one and zsys isn't installed. + # In pure zfs systems, we identified multiple issues due to the mount generator + # in upstream zfs which makes it incompatible. Don't show history for now. + if [ "${section}" = "history" ]; then + if [ "${iszsys}" != "yes" ] || [ "${iszsys}" = "yes" -a -z "${have_zsys}" ]; then + continue + fi + fi + + if [ "${last_section}" != "${section}" -a -n "${last_section}" ]; then + # Close previous section wrapper + if [ "${last_section}" != "main" ]; then + echo "}" # Add grub_tabs + at_least_one_entry=0 + fi + fi + + case "${section}" in + main) + title="${name}" + main_dataset_name="${name}" + main_dataset="${dataset}" + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + at_least_one_entry=1 + ;; + advanced) + # normal and recovery entries for a given kernel + if [ "${last_section}" != "${section}" ]; then + echo "submenu '$(gettext_printf "Advanced options for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-advanced-${main_dataset}' {" + fi + + last_booted_kernel_marker="" + if [ "${opt}" = "true" ]; then + last_booted_kernel_marker="* " + fi + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" + zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "%s%s, with Linux %s (%s)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + at_least_one_entry=1 + ;; + history) + # Revert to a snapshot + # revert system, revert system and user data and associated recovery entries + if [ "${last_section}" != "${section}" ]; then + echo "submenu '$(gettext_printf "History for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-history-${main_dataset}' {" + fi + + if [ "${iszsys}" = "yes" ]; then + title="$(gettext_printf "Revert to %s" "${name}" | grub_quote)" + else + title="$(gettext_printf "Boot on %s" "${name}" | grub_quote)" + fi + echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {" + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + + # Zsys only: let revert system without destroying snapshots + if [ "${iszsys}" = "yes" ]; then + echo "${grub_tab}${grub_tab}zsyshistorymenu" \"${dataset}\" \"${device}\" \"${initrd}\" \"${kernel}\" \"${kernel_version}\" + # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) + else + title="$(gettext_printf "One time boot")" + zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "One time boot (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + + title="$(gettext_printf "Revert system (all intermediate snapshots will be destroyed)")" + zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" "rollback=yes" + fi + + echo " }" + at_least_one_entry=1 + ;; + *) + grub_warn "unknown section: ${section}. Ignoring entry ${name} for ${dataset}" + ;; + esac + last_section="${section}" + done + + if [ "${at_least_one_entry}" -eq 1 ]; then + echo "}" + fi + } +} + +# don't add trailing newline of variable is empty +# $1: content to write +# $2: destination file +trailing_newline_if_not_empty() { + content="$1" + dest="$2" + + if [ -z "${content}" ]; then + rm -f "${dest}" + touch "${dest}" + return + fi + echo "${content}" > "${dest}" +} + + +GRUB_LINUX_ZFS_TEST="${GRUB_LINUX_ZFS_TEST:-}" +case "${GRUB_LINUX_ZFS_TEST}" in + bootlist) + # Import all available pools on the system and return imported list + imported_pools=$(import_pools) + boot_list="$(bootlist ${MNTDIR})" + trailing_newline_if_not_empty "${boot_list}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + metamenu) + boot_list="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" + menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" + trailing_newline_if_not_empty "${menu_metadata}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + grubmenu) + menu_metadata="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" + grub_menu=$(generate_grub_menu "${menu_metadata}") + trailing_newline_if_not_empty "${grub_menu}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + *) + # Import all available pools on the system and return imported list + imported_pools=$(import_pools) + # Generate the complete list of boot entries + boot_list="$(bootlist ${MNTDIR})" + # Create boot menu meta data from the list of boot entries + menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" + # Create boot menu meta data from the list of boot entries + grub_menu="$(generate_grub_menu "${menu_metadata}")" + if [ -n "${grub_menu}" ]; then + # We want the trailing newline as a marker will be added + echo "${grub_menu}" + fi + ;; +esac diff --git a/etc/grub.d/20_linux_xen b/etc/grub.d/20_linux_xen new file mode 100755 index 0000000..a032ecc --- /dev/null +++ b/etc/grub.d/20_linux_xen @@ -0,0 +1,343 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" + +. "$pkgdatadir/grub-mkconfig_lib" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class gnu-linux --class gnu --class os --class xen" +SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart" + +if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then + OS=GNU/Linux +else + OS="${GRUB_DISTRIBUTOR} GNU/Linux" + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" +fi + +# loop-AES arranges things so that /dev/loop/X can be our root device, but +# the initrds that Linux uses don't like that. +case ${GRUB_DEVICE} in + /dev/loop/*|/dev/loop[0-9]) + GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` + # We can't cope with devices loop-mounted from files here. + case ${GRUB_DEVICE} in + /dev/*) ;; + *) exit 0 ;; + esac + ;; +esac + +# Default to disabling partition uuid support to maintian compatibility with +# older kernels. +GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} + +# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter +# and mounting btrfs requires user space scanning, so force UUID in this case. +if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ + || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ + && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ + || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ + && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ + || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} +elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ + || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then + LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} +else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} +fi + +# Allow overriding GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT. +if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE}" ]; then + GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX_XEN_REPLACE}" +fi +if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" ]; then + GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" +fi + +case x"$GRUB_FS" in + xbtrfs) + rootsubvol="`make_system_path_relative_to_its_root /`" + rootsubvol="${rootsubvol#/}" + if [ "x${rootsubvol}" != x ]; then + GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" + fi;; + xzfs) + rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` + bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" + LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" + ;; +esac + +title_correction_code= + +linux_entry () +{ + os="$1" + version="$2" + xen_version="$3" + type="$4" + args="$5" + xen_args="$6" + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ x$type != xsimple ] ; then + if [ x$type = xrecovery ] ; then + title="$(gettext_printf "%s, with Xen %s and Linux %s (%s)" "${os}" "${xen_version}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + elif [ "${type#init-}" != "$type" ] ; then + title="$(gettext_printf "%s, with Xen %s and Linux %s (%s)" "${os}" "${xen_version}" "${version}" "${type#init-}")" + else + title="$(gettext_printf "%s, with Xen %s and Linux %s" "${os}" "${xen_version}" "${version}")" + fi + replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" + if [ x"Xen ${xen_version}>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" + grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" + fi + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + else + title="$(gettext_printf "%s, with Xen hypervisor" "${os}")" + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + fi + if [ x$type != xrecovery ] ; then + save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/" + fi + + if [ -z "${prepare_boot_cache}" ]; then + prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" + fi + printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" + xmessage="$(gettext_printf "Loading Xen %s ..." ${xen_version})" + lmessage="$(gettext_printf "Loading Linux %s ..." ${version})" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$xmessage" | grub_quote)' + if [ "\$grub_platform" = "pc" -o "\$grub_platform" = "" ]; then + xen_rm_opts= + else + xen_rm_opts="no-real-mode edd=off" + fi + ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} + echo '$(echo "$lmessage" | grub_quote)' + ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} +EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" + initrd_path= + for i in ${initrd}; do + initrd_path="${initrd_path} ${rel_dirname}/${i}" + done + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' + ${module_loader} --nounzip $(echo $initrd_path) +EOF + fi + sed "s/^/$submenu_indentation/" << EOF +} +EOF +} + +linux_list= +for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do + if grub_file_is_not_garbage "$i"; then + basename=$(basename $i) + version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") + dirname=$(dirname $i) + config= + for j in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${j}" ; then + config="${j}" + break + fi + done + if (grep -qx "CONFIG_XEN_DOM0=y" "${config}" 2> /dev/null || grep -qx "CONFIG_XEN_PRIVILEGED_GUEST=y" "${config}" 2> /dev/null); then linux_list="$linux_list $i" ; fi + fi +done +if [ "x${linux_list}" = "x" ] ; then + exit 0 +fi + +file_is_not_sym () { + case "$1" in + */xen-syms-*) + return 1;; + *) + return 0;; + esac +} + +xen_list= +for i in /boot/xen*; do + if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then xen_list="$xen_list $i" ; fi +done +prepare_boot_cache= +boot_device_id= + +title_correction_code= + +machine=`uname -m` + +case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; + mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; + arm*) GENKERNEL_ARCH="arm" ;; + *) GENKERNEL_ARCH="$machine" ;; +esac + +# Extra indentation to add to menu entries in a submenu. We're not in a submenu +# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). +submenu_indentation="" + +is_top_level=true + +while [ "x${xen_list}" != "x" ] ; do + list="${linux_list}" + current_xen=`version_find_latest $xen_list` + xen_basename=`basename ${current_xen}` + xen_dirname=`dirname ${current_xen}` + rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` + xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"` + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ "x$is_top_level" != xtrue ]; then + echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" + fi + if ($grub_file --is-arm64-efi $current_xen); then + xen_loader="xen_hypervisor" + module_loader="xen_module" + else + if ($grub_file --is-x86-multiboot2 $current_xen); then + xen_loader="multiboot2" + module_loader="module2" + else + xen_loader="multiboot" + module_loader="module" + fi + fi + + initrd_early= + for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ + ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do + if test -e "${xen_dirname}/${i}" ; then + initrd_early="${initrd_early} ${i}" + fi + done + + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + gettext_printf "Found linux image: %s\n" "$linux" >&2 + basename=`basename $linux` + dirname=`dirname $linux` + rel_dirname=`make_system_path_relative_to_its_root $dirname` + version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + + initrd_real= + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" ; do + if test -e "${dirname}/${i}" ; then + initrd_real="$i" + break + fi + done + + initrd= + if test -n "${initrd_early}" || test -n "${initrd_real}"; then + initrd="${initrd_early} ${initrd_real}" + + initrd_display= + for i in ${initrd}; do + initrd_display="${initrd_display} ${dirname}/${i}" + done + gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 + fi + + if test -z "${initrd_real}"; then + # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here. + if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ + || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then + + linux_root_device_thisversion=${GRUB_DEVICE} + else + linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} + fi + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then + linux_entry "${OS}" "${version}" "${xen_version}" simple \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" + + submenu_indentation="$grub_tab$grub_tab" + + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + # TRANSLATORS: %s is replaced with an OS name + echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" + echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" + is_top_level=false + fi + + linux_entry "${OS}" "${version}" "${xen_version}" advanced \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" + for supported_init in ${SUPPORTED_INITS}; do + init_path="${supported_init#*:}" + if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then + linux_entry "${OS}" "${version}" "${xen_version}" "init-${supported_init%%:*}" \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" + + fi + done + if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then + linux_entry "${OS}" "${version}" "${xen_version}" recovery \ + "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" + fi + + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + done + if [ x"$is_top_level" != xtrue ]; then + echo ' }' + fi + xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '` +done + +# If at least one kernel was found, then we need to +# add a closing '}' for the submenu command. +if [ x"$is_top_level" != xtrue ]; then + echo '}' +fi + +echo "$title_correction_code" diff --git a/etc/grub.d/30_os-prober b/etc/grub.d/30_os-prober new file mode 100755 index 0000000..258799b --- /dev/null +++ b/etc/grub.d/30_os-prober @@ -0,0 +1,376 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" +quick_boot="1" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +. "$pkgdatadir/grub-mkconfig_lib" + +found_other_os= + +adjust_timeout () { + if [ "$quick_boot" = 1 ] && [ "x${found_other_os}" != "x" ]; then + cat << EOF +set timeout_style=menu +if [ "\${timeout}" = 0 ]; then + set timeout=10 +fi +EOF + fi +} + +if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then + exit 0 +fi + +if [ -z "`which os-prober 2> /dev/null`" ] || [ -z "`which linux-boot-prober 2> /dev/null`" ] ; then + # missing os-prober and/or linux-boot-prober + exit 0 +fi + +OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`" +if [ -z "${OSPROBED}" ] ; then + # empty os-prober output, nothing doing + exit 0 +fi + +osx_entry() { + found_other_os=1 + if [ x$2 = x32 ]; then + # TRANSLATORS: it refers to kernel architecture (32-bit) + bitstr="$(gettext "(32-bit)")" + else + # TRANSLATORS: it refers to kernel architecture (64-bit) + bitstr="$(gettext "(64-bit)")" + fi + # TRANSLATORS: it refers on the OS residing on device %s + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + cat << EOF +menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { +EOF + save_default_entry | grub_add_tab + prepare_grub_to_access_device ${DEVICE} | grub_add_tab + cat << EOF + load_video + set do_resume=0 + if [ /var/vm/sleepimage -nt10 / ]; then + if xnu_resume /var/vm/sleepimage; then + set do_resume=1 + fi + fi + if [ \$do_resume = 0 ]; then + xnu_uuid ${OSXUUID} uuid + if [ -f /Extra/DSDT.aml ]; then + acpi -e /Extra/DSDT.aml + fi + if [ /kernelcache -nt /System/Library/Extensions ]; then + $1 /kernelcache boot-uuid=\${uuid} rd=*uuid + elif [ -f /System/Library/Kernels/kernel ]; then + $1 /System/Library/Kernels/kernel boot-uuid=\${uuid} rd=*uuid + xnu_kextdir /System/Library/Extensions + else + $1 /mach_kernel boot-uuid=\${uuid} rd=*uuid + if [ /System/Library/Extensions.mkext -nt /System/Library/Extensions ]; then + xnu_mkext /System/Library/Extensions.mkext + else + xnu_kextdir /System/Library/Extensions + fi + fi + if [ -f /Extra/Extensions.mkext ]; then + xnu_mkext /Extra/Extensions.mkext + fi + if [ -d /Extra/Extensions ]; then + xnu_kextdir /Extra/Extensions + fi + if [ -f /Extra/devprop.bin ]; then + xnu_devprop_load /Extra/devprop.bin + fi + if [ -f /Extra/splash.jpg ]; then + insmod jpeg + xnu_splash /Extra/splash.jpg + fi + if [ -f /Extra/splash.png ]; then + insmod png + xnu_splash /Extra/splash.png + fi + if [ -f /Extra/splash.tga ]; then + insmod tga + xnu_splash /Extra/splash.tga + fi + fi +} +EOF +} + +used_osprober_linux_ids= + +wubi= + +for OS in ${OSPROBED} ; do + DEVICE="`echo ${OS} | cut -d ':' -f 1`" + LONGNAME="`echo ${OS} | cut -d ':' -f 2 | tr '^' ' '`" + LABEL="`echo ${OS} | cut -d ':' -f 3 | tr '^' ' '`" + BOOT="`echo ${OS} | cut -d ':' -f 4`" + if UUID="`${grub_probe} --target=fs_uuid --device ${DEVICE%@*}`"; then + EXPUUID="$UUID" + + if [ x"${DEVICE#*@}" != x ] ; then + EXPUUID="${EXPUUID}@${DEVICE#*@}" + fi + + if [ "x${GRUB_OS_PROBER_SKIP_LIST}" != "x" ] && [ "x`echo ${GRUB_OS_PROBER_SKIP_LIST} | grep -i -e '\b'${EXPUUID}'\b'`" != "x" ] ; then + echo "Skipped ${LONGNAME} on ${DEVICE} by user request." >&2 + continue + fi + fi + + BTRFS="`echo ${OS} | cut -d ':' -f 5`" + if [ "x$BTRFS" = "xbtrfs" ]; then + BTRFSuuid="`echo ${OS} | cut -d ':' -f 6`" + BTRFSsubvol="`echo ${OS} | cut -d ':' -f 7`" + fi + + if [ -z "${LONGNAME}" ] ; then + LONGNAME="${LABEL}" + fi + + # os-prober returns text string followed by optional counter + CLASS="--class $(echo "${LABEL}" | LC_ALL=C sed 's,[[:digit:]]*$,,' | cut -d' ' -f1 | tr 'A-Z' 'a-z' | LC_ALL=C sed 's,[^[:alnum:]_],_,g')" + + gettext_printf "Found %s on %s\n" "${LONGNAME}" "${DEVICE}" >&2 + + case ${BOOT} in + chain) + + case ${LONGNAME} in + Windows*) + if [ -z "$wubi" ]; then + if [ -x /usr/share/lupin-support/grub-mkimage ] && \ + /usr/share/lupin-support/grub-mkimage --test; then + wubi=yes + else + wubi=no + fi + fi + if [ "$wubi" = yes ]; then + echo "Skipping ${LONGNAME} on Wubi system" >&2 + continue + fi + ;; + esac + + found_other_os=1 + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + cat << EOF +menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' { +EOF + save_default_entry | grub_add_tab + prepare_grub_to_access_device ${DEVICE} | grub_add_tab + + if [ x"`${grub_probe} --device ${DEVICE} --target=partmap`" = xmsdos ]; then + cat << EOF + parttool \${root} hidden- +EOF + fi + + case ${LONGNAME} in + Windows\ Vista*|Windows\ 7*|Windows\ Server\ 2008*) + ;; + *) + cat << EOF + drivemap -s (hd0) \${root} +EOF + ;; + esac + + cat < /dev/null; do + counter=$((counter+1)); + done + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${DEVICE}")" + fi + used_osprober_linux_ids="$used_osprober_linux_ids 'osprober-gnulinux-$LKERNEL-${recovery_params}-$counter-$boot_device_id'" + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then + cat << EOF +menuentry '$(echo "$OS $onstr" | grub_quote)' $CLASS --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' { +EOF + save_default_entry | grub_add_tab + printf '%s\n' "${prepare_boot_cache}" + cat << EOF + linux ${LKERNEL} ${LPARAMS} +EOF + if [ -n "${LINITRD}" ] ; then + cat << EOF + initrd ${LINITRD} +EOF + fi + cat << EOF +} +EOF + echo "submenu '$(gettext_printf "Advanced options for %s" "${OS} $onstr" | grub_quote)' \$menuentry_id_option 'osprober-gnulinux-advanced-$boot_device_id' {" + is_top_level=false + fi + title="${LLABEL} $onstr" + cat << EOF + menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' { +EOF + save_default_entry | sed -e "s/^/$grub_tab$grub_tab/" + printf '%s\n' "${prepare_boot_cache}" | grub_add_tab + cat << EOF + linux ${LKERNEL} ${LPARAMS} +EOF + if [ -n "${LINITRD}" ] ; then + cat << EOF + initrd ${LINITRD} +EOF + fi + cat << EOF + } +EOF + if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then + replacement_title="$(echo "Advanced options for ${OS} $onstr" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" + grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" + fi + done + if [ x"$is_top_level" != xtrue ]; then + echo '}' + fi + echo "$title_correction_code" + ;; + macosx) + if [ "${UUID}" ]; then + OSXUUID="${UUID}" + osx_entry xnu_kernel 32 + osx_entry xnu_kernel64 64 + fi + ;; + hurd) + found_other_os=1 + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + cat << EOF +menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' { +EOF + save_default_entry | grub_add_tab + prepare_grub_to_access_device ${DEVICE} | grub_add_tab + grub_device="`${grub_probe} --device ${DEVICE} --target=drive`" + mach_device="`echo "${grub_device}" | sed -e 's/(\(hd.*\),msdos\(.*\))/\1s\2/'`" + grub_fs="`${grub_probe} --device ${DEVICE} --target=fs`" + case "${grub_fs}" in + *fs) hurd_fs="${grub_fs}" ;; + *) hurd_fs="${grub_fs}fs" ;; + esac + cat << EOF + multiboot /boot/gnumach.gz root=device:${mach_device} + module /hurd/${hurd_fs}.static ${hurd_fs} --readonly \\ + --multiboot-command-line='\${kernel-command-line}' \\ + --host-priv-port='\${host-port}' \\ + --device-master-port='\${device-port}' \\ + --exec-server-task='\${exec-task}' -T typed '\${root}' \\ + '\$(task-create)' '\$(task-resume)' + module /lib/ld.so.1 exec /hurd/exec '\$(exec-task=task-create)' +} +EOF + ;; + minix) + cat << EOF +menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" { +EOF + save_default_entry | sed -e "s/^/\t/" + prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/" + cat << EOF + multiboot /boot/image_latest +} +EOF + ;; + *) + # TRANSLATORS: %s is replaced by OS name. + gettext_printf "%s is not yet supported by grub-mkconfig.\n" " ${LONGNAME}" >&2 + ;; + esac +done + +adjust_timeout diff --git a/etc/grub.d/30_uefi-firmware b/etc/grub.d/30_uefi-firmware new file mode 100755 index 0000000..7cc32b6 --- /dev/null +++ b/etc/grub.d/30_uefi-firmware @@ -0,0 +1,46 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2012 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +. "${datarootdir}/grub/grub-mkconfig_lib" + +efi_vars_dir=/sys/firmware/efi/vars +EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c +OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" + +if [ -e "$OsIndications" ] && \ + [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then + LABEL="UEFI Firmware Settings" + + gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2 + + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + + cat << EOF +menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { + fwsetup +} +EOF +fi diff --git a/etc/grub.d/35_fwupd b/etc/grub.d/35_fwupd new file mode 100755 index 0000000..496cd66 --- /dev/null +++ b/etc/grub.d/35_fwupd @@ -0,0 +1,24 @@ +#! /bin/sh +# SPDX-License-Identifier: LGPL-2.1+ +set -e + +[ -d ${pkgdatadir:?} ] +# shellcheck source=/dev/null +. "$pkgdatadir/grub-mkconfig_lib" + +if [ -f /var/lib/fwupd/uefi_capsule.conf ] && + ls /sys/firmware/efi/efivars/fwupd-*-0abba7dc-e516-4167-bbf5-4d9d1c739416 1>/dev/null 2>&1; then + . /var/lib/fwupd/uefi_capsule.conf + if [ "${EFI_PATH}" != "" ] && [ "${ESP}" != "" ]; then + echo "Adding Linux Firmware Updater entry" >&2 +cat << EOF +menuentry 'Linux Firmware Updater' \$menuentry_id_option 'fwupd' { +EOF + ${grub_probe:?} + prepare_grub_to_access_device '`${grub_probe} --target=device \${ESP}` | sed -e "s/^/\t/"' +cat << EOF + chainloader ${EFI_PATH} +} +EOF + fi +fi diff --git a/etc/grub.d/40_custom b/etc/grub.d/40_custom new file mode 100755 index 0000000..48068de --- /dev/null +++ b/etc/grub.d/40_custom @@ -0,0 +1,5 @@ +#!/bin/sh +exec tail -n +3 $0 +# This file provides an easy way to add custom menu entries. Simply type the +# menu entries you want to add after this comment. Be careful not to change +# the 'exec tail' line above. diff --git a/etc/grub.d/41_custom b/etc/grub.d/41_custom new file mode 100755 index 0000000..fcc21a9 --- /dev/null +++ b/etc/grub.d/41_custom @@ -0,0 +1,9 @@ +#!/bin/sh +cat < +# Kees Cook +# +# /etc/init.d/apparmor +# +# Note: "Required-Start: $local_fs" implies that the cache may not be available +# yet when /var is on a remote filesystem. The worst consequence this should +# have is slowing down the boot. +# +### BEGIN INIT INFO +# Provides: apparmor +# Required-Start: $local_fs +# Required-Stop: umountfs +# Default-Start: S +# Default-Stop: +# Short-Description: AppArmor initialization +# Description: AppArmor init script. This script loads all AppArmor profiles. +### END INIT INFO + +APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions + +# Functions needed by rc.apparmor.functions + +. /lib/lsb/init-functions + +aa_action() { + STRING=$1 + shift + $* + rc=$? + if [ $rc -eq 0 ] ; then + aa_log_success_msg $"$STRING " + else + aa_log_failure_msg $"$STRING " + fi + return $rc +} + +aa_log_action_start() { + log_action_begin_msg $@ +} + +aa_log_action_end() { + log_action_end_msg $@ +} + +aa_log_success_msg() { + log_success_msg $@ +} + +aa_log_warning_msg() { + log_warning_msg $@ +} + +aa_log_failure_msg() { + log_failure_msg $@ +} + +aa_log_skipped_msg() { + if [ -n "$1" ]; then + log_warning_msg "${1}: Skipped." + fi +} + +aa_log_daemon_msg() { + log_daemon_msg $@ +} + +aa_log_end_msg() { + log_end_msg $@ +} + +# Source AppArmor function library +if [ -f "${APPARMOR_FUNCTIONS}" ]; then + . ${APPARMOR_FUNCTIONS} +else + aa_log_failure_msg "Unable to find AppArmor initscript functions" + exit 1 +fi + +usage() { + echo "Usage: $0 {start|stop|restart|reload|force-reload|status}" +} + +test -x ${PARSER} || exit 0 # by debian policy +# LSM is built-in, so it is either there or not enabled for this boot +test -d /sys/module/apparmor || exit 0 + +# do not perform start/stop/reload actions when running from liveCD +test -d /rofs/etc/apparmor.d && exit 0 + +rc=255 +case "$1" in + start) + if [ -x /usr/bin/systemd-detect-virt ] && \ + systemd-detect-virt --quiet --container && \ + ! is_container_with_internal_policy; then + aa_log_daemon_msg "Not starting AppArmor in container" + aa_log_end_msg 0 + exit 0 + fi + apparmor_start + rc=$? + ;; + restart|reload|force-reload) + if [ -x /usr/bin/systemd-detect-virt ] && \ + systemd-detect-virt --quiet --container && \ + ! is_container_with_internal_policy; then + aa_log_daemon_msg "Not starting AppArmor in container" + aa_log_end_msg 0 + exit 0 + fi + apparmor_restart + rc=$? + ;; + stop) + aa_log_daemon_msg "Leaving AppArmor profiles loaded" + cat >&2 <= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + [ -e /var/crash ] || mkdir -p /var/crash + chmod 1777 /var/crash + + # check for kernel crash dump, convert it to apport report + if [ -e /var/crash/vmcore ] || [ -n "`ls /var/crash | egrep ^[0-9]{12}$`" ];then + /usr/share/apport/kernel_crashdump || true + fi + + # check for incomplete suspend/resume or hibernate + if [ -e /var/lib/pm-utils/status ]; then + /usr/share/apport/apportcheckresume || true + rm -f /var/lib/pm-utils/status + rm -f /var/lib/pm-utils/resume-hang.log + fi + + echo "|$AGENT -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" > /proc/sys/kernel/core_pattern + echo 2 > /proc/sys/fs/suid_dumpable + echo 10 > /proc/sys/kernel/core_pipe_limit +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + echo 0 > /proc/sys/kernel/core_pipe_limit + echo 0 > /proc/sys/fs/suid_dumpable + + # Check for a hung resume. If we find one try and grab everything + # we can to aid in its discovery. + if [ -e /var/lib/pm-utils/status ]; then + ps -wwef >/var/lib/pm-utils/resume-hang.log + fi + + if [ "`dd if=/proc/sys/kernel/core_pattern count=1 bs=1 2>/dev/null`" != "|" ]; then + return 1 + else + echo "core" > /proc/sys/kernel/core_pattern + fi +} + +case "$1" in + start) + # don't start in containers + grep -zqs '^container=' /proc/1/environ && exit 0 + + [ "$enabled" = "1" ] || [ "$force_start" = "1" ] || exit 0 + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC:" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + # don't stop in containers + grep -zqs '^container=' /proc/1/environ && exit 0 + + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC:" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + restart|force-reload) + $0 stop || true + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/etc/init.d/atd b/etc/init.d/atd new file mode 100755 index 0000000..2e825fc --- /dev/null +++ b/etc/init.d/atd @@ -0,0 +1,48 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: atd +# Required-Start: $syslog $time $remote_fs +# Required-Stop: $syslog $time $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Deferred execution scheduler +# Description: Debian init script for the atd deferred executions +# scheduler +### END INIT INFO +# +# Author: Ryan Murray +# + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/atd +PIDFILE=/var/run/atd.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +case "$1" in + start) + log_daemon_msg "Starting deferred execution scheduler" "atd" + start_daemon -p $PIDFILE $DAEMON + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping deferred execution scheduler" "atd" + killproc -p $PIDFILE $DAEMON + log_end_msg $? + ;; + force-reload|restart) + $0 stop + $0 start + ;; + status) + status_of_proc -p $PIDFILE $DAEMON atd && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/atd {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/binfmt-support b/etc/init.d/binfmt-support new file mode 100755 index 0000000..41b9390 --- /dev/null +++ b/etc/init.d/binfmt-support @@ -0,0 +1,56 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: binfmt-support +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Support for extra binary formats +# Description: Enable support for extra binary formats using the Linux +# kernel's binfmt_misc facility. +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +NAME=binfmt-support +DESC="additional executable binary formats" + +if [ "$(uname)" != Linux ]; then + exit 0 +fi + +which update-binfmts >/dev/null 2>&1 || exit 0 + +. /lib/lsb/init-functions +[ -r /etc/default/rcS ] && . /etc/default/rcS + +set -e +CODE=0 + +case "$1" in + start) + log_daemon_msg "Enabling $DESC" "$NAME" + update-binfmts --enable || CODE=$? + log_end_msg $CODE + exit $CODE + ;; + + stop) + log_daemon_msg "Disabling $DESC" "$NAME" + update-binfmts --disable || CODE=$? + log_end_msg $CODE + exit $CODE + ;; + + restart|force-reload) + $0 stop + $0 start + ;; + + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/console-setup.sh b/etc/init.d/console-setup.sh new file mode 100755 index 0000000..292d831 --- /dev/null +++ b/etc/init.d/console-setup.sh @@ -0,0 +1,46 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: console-setup.sh +# Required-Start: $remote_fs +# Required-Stop: +# Should-Start: console-screen kbd +# Default-Start: 2 3 4 5 +# Default-Stop: +# X-Interactive: true +# Short-Description: Set console font and keymap +### END INIT INFO + +if [ -f /bin/setupcon ]; then + case "$1" in + stop|status) + # console-setup isn't a daemon + ;; + start|force-reload|restart|reload) + if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions + else + log_action_begin_msg () { + echo -n "$@... " + } + + log_action_end_msg () { + if [ "$1" -eq 0 ]; then + echo done. + else + echo failed. + fi + } + fi + log_action_begin_msg "Setting up console font and keymap" + if /lib/console-setup/console-setup.sh; then + log_action_end_msg 0 + else + log_action_end_msg $? + fi + ;; + *) + echo 'Usage: /etc/init.d/console-setup {start|reload|restart|force-reload|stop|status}' + exit 3 + ;; + esac +fi diff --git a/etc/init.d/cron b/etc/init.d/cron new file mode 100755 index 0000000..c90dc1e --- /dev/null +++ b/etc/init.d/cron @@ -0,0 +1,92 @@ +#!/bin/sh +# Start/stop the cron daemon. +# +### BEGIN INIT INFO +# Provides: cron +# Required-Start: $remote_fs $syslog $time +# Required-Stop: $remote_fs $syslog $time +# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd +# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Regular background program processing daemon +# Description: cron is a standard UNIX program that runs user-specified +# programs at periodic scheduled times. vixie cron adds a +# number of features to the basic UNIX cron, including better +# security and more powerful configuration options. +### END INIT INFO + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DESC="cron daemon" +NAME=cron +DAEMON=/usr/sbin/cron +PIDFILE=/var/run/crond.pid +SCRIPTNAME=/etc/init.d/"$NAME" + +test -f $DAEMON || exit 0 + +. /lib/lsb/init-functions + +[ -r /etc/default/cron ] && . /etc/default/cron + +# Read the system's locale and set cron's locale. This is only used for +# setting the charset of mails generated by cron. To provide locale +# information to tasks running under cron, see /etc/pam.d/cron. +# +# We read /etc/environment, but warn about locale information in +# there because it should be in /etc/default/locale. +parse_environment () +{ + for ENV_FILE in /etc/environment /etc/default/locale; do + [ -r "$ENV_FILE" ] || continue + [ -s "$ENV_FILE" ] || continue + + for var in LANG LANGUAGE LC_ALL LC_CTYPE; do + value=`egrep "^${var}=" "$ENV_FILE" | tail -n1 | cut -d= -f2` + [ -n "$value" ] && eval export $var=$value + + if [ -n "$value" ] && [ "$ENV_FILE" = /etc/environment ]; then + log_warning_msg "/etc/environment has been deprecated for locale information; use /etc/default/locale for $var=$value instead" + fi + done + done + +# Get the timezone set. + if [ -z "$TZ" -a -e /etc/timezone ]; then + TZ=`cat /etc/timezone` + fi +} + +# Parse the system's environment +if [ "$READ_ENV" = "yes" ] ; then + parse_environment +fi + + +case "$1" in +start) log_daemon_msg "Starting periodic command scheduler" "cron" + start_daemon -p $PIDFILE $DAEMON $EXTRA_OPTS + log_end_msg $? + ;; +stop) log_daemon_msg "Stopping periodic command scheduler" "cron" + killproc -p $PIDFILE $DAEMON + RETVAL=$? + [ $RETVAL -eq 0 ] && [ -e "$PIDFILE" ] && rm -f $PIDFILE + log_end_msg $RETVAL + ;; +restart) log_daemon_msg "Restarting periodic command scheduler" "cron" + $0 stop + $0 start + ;; +reload|force-reload) log_daemon_msg "Reloading configuration files for periodic command scheduler" "cron" + # cron reloads automatically + log_end_msg 0 + ;; +status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; +*) log_action_msg "Usage: /etc/init.d/cron {start|stop|status|restart|reload|force-reload}" + exit 2 + ;; +esac +exit 0 diff --git a/etc/init.d/cryptdisks b/etc/init.d/cryptdisks new file mode 100755 index 0000000..0cd4a83 --- /dev/null +++ b/etc/init.d/cryptdisks @@ -0,0 +1,53 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cryptdisks +# Required-Start: checkroot cryptdisks-early +# Required-Stop: umountroot cryptdisks-early +# Should-Start: udev mdadm-raid lvm2 +# Should-Stop: udev mdadm-raid lvm2 +# X-Start-Before: checkfs +# X-Stop-After: umountfs +# X-Interactive: true +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Setup remaining encrypted block devices. +# Description: +### END INIT INFO + +set -e + +if [ -r /lib/cryptsetup/cryptdisks-functions ]; then + . /lib/cryptsetup/cryptdisks-functions +else + exit 0 +fi + +INITSTATE="remaining" +DEFAULT_LOUD="yes" + +case "$CRYPTDISKS_ENABLE" in +[Nn]*) + exit 0 + ;; +esac + +case "$1" in +start) + do_start + ;; +stop) + do_stop + ;; +restart|reload|force-reload) + do_stop + do_start + ;; +force-start) + FORCE_START="yes" + do_start + ;; +*) + echo "Usage: cryptdisks {start|stop|restart|reload|force-reload|force-start}" + exit 1 + ;; +esac diff --git a/etc/init.d/cryptdisks-early b/etc/init.d/cryptdisks-early new file mode 100755 index 0000000..6498431 --- /dev/null +++ b/etc/init.d/cryptdisks-early @@ -0,0 +1,53 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cryptdisks-early +# Required-Start: checkroot +# Required-Stop: umountroot +# Should-Start: udev mdadm-raid +# Should-Stop: udev mdadm-raid +# X-Start-Before: lvm2 +# X-Stop-After: lvm2 umountfs +# X-Interactive: true +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Setup early encrypted block devices. +# Description: +### END INIT INFO + +set -e + +if [ -r /lib/cryptsetup/cryptdisks-functions ]; then + . /lib/cryptsetup/cryptdisks-functions +else + exit 0 +fi + +INITSTATE="early" +DEFAULT_LOUD="" + +case "$CRYPTDISKS_ENABLE" in +[Nn]*) + exit 0 + ;; +esac + +case "$1" in +start) + do_start + ;; +stop) + do_stop + ;; +restart|reload|force-reload) + do_stop + do_start + ;; +force-start) + FORCE_START="yes" + do_start + ;; +*) + echo "Usage: cryptdisks-early {start|stop|restart|reload|force-reload|force-start}" + exit 1 + ;; +esac diff --git a/etc/init.d/dbus b/etc/init.d/dbus new file mode 100755 index 0000000..105c83b --- /dev/null +++ b/etc/init.d/dbus @@ -0,0 +1,129 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dbus +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: D-Bus systemwide message bus +# Description: D-Bus is a simple interprocess messaging system, used +# for sending messages between applications. +### END INIT INFO +# -*- coding: utf-8 -*- +# Debian init.d script for D-BUS +# Copyright © 2003 Colin Walters +# Copyright © 2005 Sjoerd Simons + +set -e + +DAEMON=/usr/bin/dbus-daemon +UUIDGEN=/usr/bin/dbus-uuidgen +UUIDGEN_OPTS=--ensure +NAME=dbus +DAEMONUSER=messagebus +PIDDIR=/var/run/dbus +PIDFILE=$PIDDIR/pid +DESC="system message bus" + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +# Source defaults file; edit that file to configure this script. +PARAMS="" +if [ -e /etc/default/dbus ]; then + . /etc/default/dbus +fi + +create_machineid() { + # Create machine-id file + if [ -x $UUIDGEN ]; then + $UUIDGEN $UUIDGEN_OPTS + fi +} + +start_it_up() +{ + if [ ! -d $PIDDIR ]; then + mkdir -p $PIDDIR + chown $DAEMONUSER $PIDDIR + chgrp $DAEMONUSER $PIDDIR + fi + + if ! mountpoint -q /proc/ ; then + log_failure_msg "Can't start $DESC - /proc is not mounted" + return + fi + + if [ -e $PIDFILE ]; then + if $0 status > /dev/null ; then + log_success_msg "$DESC already started; not starting." + return + else + log_success_msg "Removing stale PID file $PIDFILE." + rm -f $PIDFILE + fi + fi + + create_machineid + + # Force libnss-systemd to avoid trying to communicate via D-Bus, which + # is never going to work well from within dbus-daemon. systemd + # special-cases this internally, but we might need to do the same when + # booting with sysvinit if libnss-systemd is still installed. + # (Workaround for #940971) + export SYSTEMD_NSS_BYPASS_BUS=1 + + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- --system $PARAMS + log_end_msg $? +} + +shut_it_down() +{ + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --retry 5 --quiet --oknodo --pidfile $PIDFILE \ + --user $DAEMONUSER + # We no longer include these arguments so that start-stop-daemon + # can do its job even given that we may have been upgraded. + # We rely on the pidfile being sanely managed + # --exec $DAEMON -- --system $PARAMS + log_end_msg $? + rm -f $PIDFILE +} + +reload_it() +{ + create_machineid + log_action_begin_msg "Reloading $DESC config" + dbus-send --print-reply --system --type=method_call \ + --dest=org.freedesktop.DBus \ + / org.freedesktop.DBus.ReloadConfig > /dev/null + # hopefully this is enough time for dbus to reload it's config file. + log_action_end_msg $? +} + +case "$1" in + start) + start_it_up + ;; + stop) + shut_it_down + ;; + reload|force-reload) + reload_it + ;; + restart) + shut_it_down + start_it_up + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}" >&2 + exit 2 + ;; +esac + diff --git a/etc/init.d/grub-common b/etc/init.d/grub-common new file mode 100755 index 0000000..3e80af4 --- /dev/null +++ b/etc/init.d/grub-common @@ -0,0 +1,39 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: grub-common +# Required-Start: $all +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Record successful boot for GRUB +# Description: GRUB displays the boot menu at the next boot if it +# believes that the previous boot failed. This script +# informs it that the system booted successfully. +### END INIT INFO + +which grub-editenv >/dev/null 2>&1 || exit 0 + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +case $1 in + start|restart|force-reload) + log_action_msg "Recording successful boot for GRUB" + [ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv + mkdir -p /boot/grub + grub-editenv /boot/grub/grubenv unset recordfail + log_end_msg $? + ;; + stop) + ;; + status) + exit 0 + ;; + *) + echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +exit 0 diff --git a/etc/init.d/hwclock.sh b/etc/init.d/hwclock.sh new file mode 100755 index 0000000..208ca2d --- /dev/null +++ b/etc/init.d/hwclock.sh @@ -0,0 +1,120 @@ +#!/bin/sh +# hwclock.sh Set and adjust the CMOS clock. +# +# Version: @(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl +# +# Patches: +# 2000-01-30 Henrique M. Holschuh +# - Minor cosmetic changes in an attempt to help new +# users notice something IS changing their clocks +# during startup/shutdown. +# - Added comments to alert users of hwclock issues +# and discourage tampering without proper doc reading. +# 2012-02-16 Roger Leigh +# - Use the UTC/LOCAL setting in /etc/adjtime rather than +# the UTC setting in /etc/default/rcS. Additionally +# source /etc/default/hwclock to permit configuration. + +### BEGIN INIT INFO +# Provides: hwclock +# Required-Start: mountdevsubfs +# Required-Stop: mountdevsubfs +# Should-Stop: umountfs +# Default-Start: S +# X-Start-Before: checkroot +# Default-Stop: 0 6 +# Short-Description: Sync hardware and system clock time. +### END INIT INFO + +# These defaults are user-overridable in /etc/default/hwclock +BADYEAR=no +HWCLOCKACCESS=yes +HWCLOCKPARS= +HCTOSYS_DEVICE=rtc0 + +# We only want to use the system timezone or else we'll get +# potential inconsistency at startup. +unset TZ + +hwclocksh() +{ + [ ! -x /sbin/hwclock ] && return 0 + [ ! -r /etc/default/rcS ] || . /etc/default/rcS + [ ! -r /etc/default/hwclock ] || . /etc/default/hwclock + + . /lib/lsb/init-functions + verbose_log_action_msg() { [ "$VERBOSE" = no ] || log_action_msg "$@"; } + + case "$BADYEAR" in + no|"") BADYEAR="" ;; + yes) BADYEAR="--badyear" ;; + *) log_action_msg "unknown BADYEAR setting: \"$BADYEAR\""; return 1 ;; + esac + + case "$1" in + start) + # If the admin deleted the hwclock config, create a blank + # template with the defaults. + if [ -w /etc ] && [ ! -f /etc/adjtime ] && [ ! -e /etc/adjtime ]; then + printf "0.0 0 0.0\n0\nUTC\n" > /etc/adjtime + fi + + if [ -d /run/udev ] || [ -d /dev/.udev ]; then + return 0 + fi + + if [ "$HWCLOCKACCESS" != no ]; then + log_action_msg "Setting the system clock" + + # Just for reporting. + if sed '3!d' /etc/adjtime | grep -q '^UTC$'; then + UTC="--utc" + else + UTC= + fi + # Copies Hardware Clock time to System Clock using the correct + # timezone for hardware clocks in local time, and sets kernel + # timezone. DO NOT REMOVE. + if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --hctosys $HWCLOCKPARS $BADYEAR; then + # Announce the local time. + verbose_log_action_msg "System Clock set to: `date $UTC`" + else + log_warning_msg "Unable to set System Clock to: `date $UTC`" + fi + else + verbose_log_action_msg "Not setting System Clock" + fi + ;; + stop|restart|reload|force-reload) + # + # Updates the Hardware Clock with the System Clock time. + # This will *override* any changes made to the Hardware Clock. + # + # WARNING: If you disable this, any changes to the system + # clock will not be carried across reboots. + # + + if [ "$HWCLOCKACCESS" != no ]; then + log_action_msg "Saving the system clock" + if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --systohc $HWCLOCKPARS $BADYEAR; then + verbose_log_action_msg "Hardware Clock updated to `date`" + fi + else + verbose_log_action_msg "Not saving System Clock" + fi + ;; + show) + if [ "$HWCLOCKACCESS" != no ]; then + /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --show $HWCLOCKPARS $BADYEAR + fi + ;; + *) + log_success_msg "Usage: hwclock.sh {start|stop|reload|force-reload|show}" + log_success_msg " start sets kernel (system) clock from hardware (RTC) clock" + log_success_msg " stop and reload set hardware (RTC) clock from kernel (system) clock" + return 1 + ;; + esac +} + +hwclocksh "$@" diff --git a/etc/init.d/irqbalance b/etc/init.d/irqbalance new file mode 100755 index 0000000..fd15764 --- /dev/null +++ b/etc/init.d/irqbalance @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: irqbalance +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: daemon to balance interrupts for SMP systems +### END INIT INFO +# irqbalance init script +# August 2003 +# Eric Dorland + +# Based on spamassassin init script + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/irqbalance +NAME=irqbalance +SNAME=irqbalance +DESC="SMP IRQ Balancer" +PIDFILE="/run/$NAME.pid" +PNAME="irqbalance" +DOPTIONS="" + +# Defaults - don't touch, edit /etc/default/ +OPTIONS="" + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +test -f /etc/default/irqbalance && . /etc/default/irqbalance + +# Beware: irqbalance tries to read and handle environment variables +# directly itself, but since start-stop-daemon clears the env +# we convert the variables to commandline arguments here... +# (Note: in the daemon an option is enabled even if its set to +# e.g. the empty string or 0 or whatever. To disable it should not +# be exported at all!) +# Warning: this will need to be maintained and updated on upgrades +# to new upstream release which might introduce new ones! +if [ ! -z ${IRQBALANCE_ONESHOT+x} ]; then + DOPTIONS="--oneshot" +fi +if [ ! -z ${IRQBALANCE_ARGS+x} ]; then + OPTIONS="$OPTIONS $IRQBALANCE_ARGS" +fi + +case "$1" in + start) + log_begin_msg "Starting $DESC: $NAME" + + pid=$( pidofproc -p $PIDFILE $DAEMON ) + if [ -n "$pid" ] ; then + log_begin_msg ". Already running" + log_end_msg 0 + exit 0 + fi + + mkdir -p /run/irqbalance + start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- --pid=$PIDFILE $OPTIONS $DOPTIONS + + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping $DESC: $NAME" + + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON + rm -f $PIDFILE + + log_end_msg $? + ;; + restart|force-reload) + log_begin_msg "Restarting $DESC: $NAME" + + start-stop-daemon --stop --retry 5 --quiet --oknodo --exec $DAEMON + rm -f $PIDFILE + + mkdir -p /run/irqbalance + start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- --pid=$PIDFILE $OPTIONS $DOPTIONS + + log_end_msg $? + ;; + status) + if [ -z "${IRQBALANCE_ONESHOT+x}" ]; then + status_of_proc $DAEMON $NAME + else + echo "Irqbalance setup to run in oneshot mode." + fi + ;; + *) + N=/etc/init.d/$SNAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/iscsid b/etc/init.d/iscsid new file mode 100755 index 0000000..18b1856 --- /dev/null +++ b/etc/init.d/iscsid @@ -0,0 +1,48 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: iscsid +# Required-Start: $network $local_fs +# Required-Stop: $network $local_fs sendsigs +# Default-Start: S +# Default-Stop: 0 1 6 +# Short-Description: iSCSI initiator daemon (iscsid) +# Description: The iSCSI initiator daemon takes care of +# monitoring iSCSI connections to targets. It is +# also the daemon providing the interface for the +# iscisadm tool to talk to when administering iSCSI +# connections. +### END INIT INFO + +# Author: Christian Seiler + +DESC="iSCSI initiator daemon" +DAEMON=/sbin/iscsid +PIDFILE=/run/iscsid.pid +OMITDIR=/run/sendsigs.omit.d + +do_start_prepare() { + if ! /lib/open-iscsi/startup-checks.sh ; then + exit 1 + fi +} + +do_start_cleanup() { + ln -sf $PIDFILE $OMITDIR +} + +do_stop_override() { + # Don't stop iscsid if we're on initramfs or we had some + # excluded sessions. We could actually stop it, it's not + # required for the kernel to continue working with active + # sessions, but it also doesn't hurt to leave it running. + if [ -f /etc/iscsi/iscsi.initramfs ] || + ( [ -f /run/open-iscsi/shutdown-keep-sessions ] && [ -n "$(cat /run/open-iscsi/shutdown-keep-sessions)" ] ) + then + return + fi + do_stop "$@" +} diff --git a/etc/init.d/keyboard-setup.sh b/etc/init.d/keyboard-setup.sh new file mode 100755 index 0000000..f1ab5ba --- /dev/null +++ b/etc/init.d/keyboard-setup.sh @@ -0,0 +1,50 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: keyboard-setup.sh +# Required-Start: mountkernfs +# Required-Stop: +# X-Start-Before: checkroot +# Default-Start: S +# Default-Stop: +# X-Interactive: true +# Short-Description: Set the console keyboard layout +# Description: Set the console keyboard as early as possible +# so during the file systems checks the administrator +# can interact. At this stage of the boot process +# only the ASCII symbols are supported. +### END INIT INFO + +if [ -f /bin/setupcon ]; then + case "$1" in + stop|status) + # console-setup isn't a daemon + ;; + start|force-reload|restart|reload) + if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions + else + log_action_begin_msg () { + echo -n "$@... " + } + + log_action_end_msg () { + if [ "$1" -eq 0 ]; then + echo done. + else + echo failed. + fi + } + fi + log_action_begin_msg "Setting up keyboard layout" + if /lib/console-setup/keyboard-setup.sh; then + log_action_end_msg 0 + else + log_action_end_msg $? + fi + ;; + *) + echo 'Usage: /etc/init.d/keyboard-setup {start|reload|restart|force-reload|stop|status}' + exit 3 + ;; + esac +fi diff --git a/etc/init.d/kmod b/etc/init.d/kmod new file mode 100755 index 0000000..d7ec083 --- /dev/null +++ b/etc/init.d/kmod @@ -0,0 +1,92 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: kmod +# Required-Start: +# Required-Stop: +# Should-Start: checkroot +# Should-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Load the modules listed in /etc/modules. +# Description: Load the modules listed in /etc/modules. +### END INIT INFO + +# Silently exit if the kernel does not support modules. +[ -f /proc/modules ] || exit 0 +[ -x /sbin/modprobe ] || exit 0 + +[ -f /etc/default/rcS ] && . /etc/default/rcS +. /lib/lsb/init-functions + +PATH='/sbin:/bin' + +case "$1" in + start) + ;; + + stop|restart|reload|force-reload) + log_warning_msg "Action '$1' is meaningless for this init script" + exit 0 + ;; + + *) + log_success_msg "Usage: $0 start" + exit 1 +esac + +load_module() { + local module args + module="$1" + args="$2" + + if [ "$VERBOSE" != no ]; then + log_action_msg "Loading kernel module $module" + modprobe $module $args || true + else + modprobe $module $args > /dev/null 2>&1 || true + fi +} + +modules_files() { + local modules_load_dirs='/etc/modules-load.d /run/modules-load.d /usr/local/lib/modules-load.d /usr/lib/modules-load.d /lib/modules-load.d' + local processed=' ' + local add_etc_modules=true + + for dir in $modules_load_dirs; do + [ -d $dir ] || continue + for file in $(run-parts --list --regex='\.conf$' $dir 2> /dev/null || true); do + local base=${file##*/} + if echo -n "$processed" | grep -qF " $base "; then + continue + fi + if [ "$add_etc_modules" -a -L $file \ + -a "$(readlink -f $file)" = /etc/modules ]; then + add_etc_modules= + fi + processed="$processed$base " + echo $file + done + done + + if [ "$add_etc_modules" ]; then + echo /etc/modules + fi +} + +if [ "$VERBOSE" = no ]; then + log_action_begin_msg 'Loading kernel modules' +fi + +files=$(modules_files) +if [ "$files" ] ; then + grep -h '^[^#]' $files | + while read module args; do + [ "$module" ] || continue + load_module "$module" "$args" + done +fi + +if [ "$VERBOSE" = no ]; then + log_action_end_msg 0 +fi + diff --git a/etc/init.d/lvm2 b/etc/init.d/lvm2 new file mode 100755 index 0000000..33a4a3c --- /dev/null +++ b/etc/init.d/lvm2 @@ -0,0 +1,33 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: lvm2 lvm +# Required-Start: mountdevsubfs +# Required-Stop: +# Should-Start: udev mdadm-raid cryptdisks-early multipath-tools-boot +# Should-Stop: umountroot mdadm-raid +# X-Start-Before: checkfs mountall +# X-Stop-After: umountfs +# Default-Start: S +# Default-Stop: +### END INIT INFO + +SCRIPTNAME=/etc/init.d/lvm2 + +. /lib/lsb/init-functions + +[ -x /sbin/vgchange ] || exit 0 + +case "$1" in + start) + log_action_begin_msg "Setting up LVM Volume Groups" + /sbin/lvm vgchange -aay --sysinit >/dev/null + log_action_end_msg "$?" + ;; + stop|restart|force-reload|status) + ;; + *) + echo "Usage: $SCRIPTNAME start" >&2 + exit 3 + ;; +esac + diff --git a/etc/init.d/lvm2-lvmpolld b/etc/init.d/lvm2-lvmpolld new file mode 100755 index 0000000..0954cee --- /dev/null +++ b/etc/init.d/lvm2-lvmpolld @@ -0,0 +1,22 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: lvm2-lvmpolld +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: LVM2 poll daemon +### END INIT INFO + +DESC="LVM2 poll daemon" +DAEMON=/sbin/lvmpolld +DAEMON_ARGS="-t 60" +PIDFILE=/run/lvmpolld.pid + +do_start_prepare() { + mkdir -m 0700 -p /run/lvm +} diff --git a/etc/init.d/multipath-tools b/etc/init.d/multipath-tools new file mode 100755 index 0000000..5c1a3c1 --- /dev/null +++ b/etc/init.d/multipath-tools @@ -0,0 +1,109 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: multipath-tools +# Required-Start: udev $local_fs $remote_fs $syslog +# Required-Stop: udev $local_fs $remote_fs $syslog +# Should-Start: iscsi +# Should-Stop: iscsi +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: multipath daemon +# Description: +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin/:/usr/bin +DAEMON=/sbin/multipathd +NAME=multipathd +DESC="multipath daemon" +syspath=/sys/block + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +if [ -f /etc/default/multipath-tools ] ; then + . /etc/default/multipath-tools +fi + +teardown_slaves() +{ +cd $1; +if [ -d "slaves" ]; then +for slave in slaves/*; +do + if [ "$slave" = "slaves/*" ]; then + read dev < $1/dev + tablename=$(dmsetup table --target multipath | sed -n "s/\(.*\): .* $dev .*/\1/p") + if ! [ -z $tablename ]; then + log_daemon_msg "Root is on a multipathed device, multipathd can not be stopped" + DONT_STOP_MPATHD=1 + fi + else + local_slave=`readlink -f $slave`; + teardown_slaves $local_slave; + fi + done + +else + read dev < $1/dev + tablename=$(dmsetup table --target multipath | sed -n "s/\(.*\): .* $dev .*/\1/p") + if ! [ -z $tablename ]; then + log_daemon_msg "Root is on a multipathed device, multipathd can not be stopped" + DONT_STOP_MPATHD=1 + fi +fi +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + modprobe -a scsi_dh_alua scsi_dh_emc scsi_dh_rdac dm-multipath 2> /dev/null || true + start-stop-daemon --oknodo --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS + log_end_msg $? + ;; + stop) + DONT_STOP_MPATHD=0 + root_dev=$(awk '{ if ($1 !~ /^[ \t]*#/ && $1 ~ /\// && $2 == "/") { print $1; }}' /etc/mtab) + if [ -n "$root_dev" ]; then + dm_num=$(dmsetup info -c --noheadings -o minor $root_dev 2>/dev/null) + else + dm_num= + fi + if [ $? -ne 0 -o -z "$dm_num" ]; then + # Looks like we couldn't find a device mapper root device + # But we shouldn't bail out here, otherwise the stop target and the + # upgrade processes will break. See DBUG #674733 + : + else + root_dm_device="dm-$dm_num" + [ -d "$syspath/$root_dm_device" ] && teardown_slaves $syspath/$root_dm_device + fi + + if [ x$DONT_STOP_MPATHD = x0 ]; then + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON + log_end_msg $? + fi + ;; + status) + status_of_proc -p /var/run/$NAME.pid $DAEMON $NAME && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + start-stop-daemon --stop --signal 1 --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON + log_end_msg $? + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + N=/etc/init.d/multipath-tools + echo "Usage: $N {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/nginx b/etc/init.d/nginx new file mode 100755 index 0000000..db10b7d --- /dev/null +++ b/etc/init.d/nginx @@ -0,0 +1,196 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -r /etc/default/nginx ]; then + . /etc/default/nginx +fi + +STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" + +test -x $DAEMON || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +# Try to extract nginx pidfile +PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) +if [ -z "$PID" ]; then + PID=/run/nginx.pid +fi + +if [ -n "$ULIMIT" ]; then + # Set ulimit if it is set in /etc/default/nginx + ulimit $ULIMIT +fi + +start_nginx() { + # Start the daemon/service + # + # Returns: + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ + $DAEMON_OPTS 2>/dev/null \ + || return 2 +} + +test_config() { + # Test the nginx configuration + $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 +} + +stop_nginx() { + # Stops the daemon/service + # + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME + RETVAL="$?" + sleep 1 + return "$RETVAL" +} + +reload_nginx() { + # Function that sends a SIGHUP to the daemon/service + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME + return 0 +} + +rotate_logs() { + # Rotate log files + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME + return 0 +} + +upgrade_nginx() { + # Online upgrade nginx executable + # http://nginx.org/en/docs/control.html + # + # Return + # 0 if nginx has been successfully upgraded + # 1 if nginx is not running + # 2 if the pid files were not created on time + # 3 if the old master could not be killed + if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then + # Wait for both old and new master to write their pid file + while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 10 ]; then + return 2 + fi + sleep 1 + done + # Everything is ready, gracefully stop the old master + if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then + return 0 + else + return 3 + fi + else + return 1 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + + # Check configuration before stopping nginx + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + stop_nginx + case "$?" in + 0|1) + start_nginx + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration" "$NAME" + + # Check configuration before stopping nginx + # + # This is not entirely correct since the on-disk nginx binary + # may differ from the in-memory one, but that's not common. + # We prefer to check the configuration and return an error + # to the administrator. + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + reload_nginx + log_end_msg $? + ;; + configtest|testconfig) + log_daemon_msg "Testing $DESC configuration" + test_config + log_end_msg $? + ;; + status) + status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + upgrade) + log_daemon_msg "Upgrading binary" "$NAME" + upgrade_nginx + log_end_msg $? + ;; + rotate) + log_daemon_msg "Re-opening $DESC log files" "$NAME" + rotate_logs + log_end_msg $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 + exit 3 + ;; +esac diff --git a/etc/init.d/open-iscsi b/etc/init.d/open-iscsi new file mode 100755 index 0000000..5d98f9b --- /dev/null +++ b/etc/init.d/open-iscsi @@ -0,0 +1,116 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: open-iscsi iscsi +# Required-Start: $network $local_fs iscsid +# Required-Stop: $network $local_fs iscsid sendsigs +# Default-Start: S +# Default-Stop: 0 1 6 +# Short-Description: Login to default iSCSI targets +# Description: Login to default iSCSI targets at boot and log out +# of all iSCSI targets at shutdown. +### END INIT INFO + +PATH=/sbin:/bin +DAEMON=/sbin/iscsid +ADM=/sbin/iscsiadm +PIDFILE=/run/iscsid.pid +NAMEFILE=/etc/iscsi/initiatorname.iscsi +CONFIGFILE=/etc/iscsi/iscsid.conf +OMITDIR=/run/sendsigs.omit.d + +[ -x "$DAEMON" ] || exit 0 + +. /lib/lsb/init-functions + +# Include defaults if available +if [ -f /etc/default/open-iscsi ]; then + . /etc/default/open-iscsi +fi + + +if [ ! -d /sys/class/ ]; then + log_failure_msg "iSCSI requires a mounted sysfs, not started." + exit 0 +fi + +RETVAL=0 + +start() { + if ! [ -s $PIDFILE ] || ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then + log_failure_msg "iSCSI initiator daemon not started: not logging in to default targets" + exit 1 + fi + + starttargets + + # activate LVM, mount filesystems, etc. + /lib/open-iscsi/activate-storage.sh +} + +starttargets() { + log_daemon_msg "Setting up iSCSI targets" + echo + $ADM -m node --loginall=automatic + log_end_msg 0 +} + +stoptargets() { + log_daemon_msg "Disconnecting iSCSI targets" + sync + # only logout if daemon is running, iscsiadm hangs otherwise + if [ -s $PIDFILE ] && kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then + /lib/open-iscsi/logout-all.sh + fi + + log_end_msg 0 +} + +stop() { + # Call umountiscsi.sh to unmount iSCSI devices first (always do + # that, regardless of whether root is on iSCSI, umountiscsi.sh + # will exclude it - and even if that shouldn't work, the mount + # point will be busy) + log_daemon_msg "Umounting iSCSI filesystems" + /lib/open-iscsi/umountiscsi.sh + umount_exit_status=$? + log_end_msg $umount_exit_status + + if [ $umount_exit_status -ne 0 ]; then + log_failure_msg "Couldn't unmount all iSCSI devices. not logging out from any target." + exit 1 + fi + + stoptargets +} + +restart() { + stop + start +} + +restarttargets() { + stoptargets + starttargets +} + +status() { + #XXX FIXME: what to do here? + #status iscsid + # list active sessions + echo Current active iSCSI sessions: + $ADM -m session +} + +case "$1" in + start|starttargets|stop|stoptargets|restart|restarttargets|status) + $1 + ;; + force-reload) + restart + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac +exit $RETVAL diff --git a/etc/init.d/open-vm-tools b/etc/init.d/open-vm-tools new file mode 100755 index 0000000..fa7fcf6 --- /dev/null +++ b/etc/init.d/open-vm-tools @@ -0,0 +1,64 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: open-vm-tools +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# X-Start-Before: +# X-Stop-After: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: Runs the open-vm-tools services +# Short-Description: Runs the open-vm-tools services +### END INIT INFO + +. /lib/lsb/init-functions + +exit_if_not_in_vm () { + if which systemd-detect-virt 1>/dev/null; then + checktool='systemd-detect-virt' + else + checktool='vmware-checkvm' + fi + + if ! ${checktool} | grep -iq vmware; then + echo "open-vm-tools: not starting as this is not a VMware VM" + exit 0 + fi +} + +case "${1}" in + start) + # Check if we're running inside VMWare + exit_if_not_in_vm + + log_daemon_msg "Starting open-vm daemon" "vmtoolsd" + start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null || exit 1 + start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid || exit 2 + log_end_msg 0 + ;; + + stop) + log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd" + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd + RETURN="${?}" + [ "${RETURN}" = 2 ] && exit 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f /var/run/vmtoolsd.pid + log_end_msg 0 + ;; + + force-reload|restart) + ${0} stop + ${0} start + ;; + + status) + status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 || exit $? + ;; + + *) + log_success_msg "Usage: ${0} {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/etc/init.d/plymouth b/etc/init.d/plymouth new file mode 100755 index 0000000..64ee8d2 --- /dev/null +++ b/etc/init.d/plymouth @@ -0,0 +1,89 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: plymouth +# Required-Start: udev $remote_fs $all +# Required-Stop: $remote_fs +# Should-Start: $x-display-manager +# Should-Stop: $x-display-manager +# Default-Start: 2 3 4 5 +# Default-Stop: 0 6 +# Short-Description: Stop plymouth during boot and start it on shutdown +### END INIT INFO + +PATH="/sbin:/bin:/usr/sbin:/usr/bin" +NAME="plymouth" +DESC="Boot splash manager" + +test -x /sbin/plymouthd || exit 0 + +if [ -r "/etc/default/${NAME}" ] +then + . "/etc/default/${NAME}" +fi + +. /lib/lsb/init-functions + +set -e + +SPLASH="true" +for ARGUMENT in $(cat /proc/cmdline) +do + case "${ARGUMENT}" in + splash*) + SPLASH="true" + ;; + + nosplash*|plymouth.enable=0) + SPLASH="false" + ;; + esac +done + +case "${1}" in + start) + case "${SPLASH}" in + true) + /bin/plymouth quit --retain-splash + ;; + esac + ;; + + stop) + case "${SPLASH}" in + true) + if ! plymouth --ping + then + /sbin/plymouthd --mode=shutdown + fi + + RUNLEVEL="$(/sbin/runlevel | cut -d " " -f 2)" + + case "${RUNLEVEL}" in + 0) + TEXT="Shutting down system..." + ;; + + 6) + TEXT="Restarting system..." + ;; + esac + + /bin/plymouth message --text="${TEXT}" + + /bin/plymouth --show-splash + ;; + esac + ;; + + restart|force-reload) + + ;; + + *) + echo "Usage: ${0} {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/plymouth-log b/etc/init.d/plymouth-log new file mode 100755 index 0000000..a0adb55 --- /dev/null +++ b/etc/init.d/plymouth-log @@ -0,0 +1,47 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: plymouth-log +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Should-Start: +# Should-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Inform plymouth that /var/log is writable +### END INIT INFO + +PATH="/sbin:/bin:/usr/sbin:/usr/bin" +NAME="plymouth-log" +DESC="Boot splash manager (write log file)" + +test -x /bin/plymouth || exit 0 + +if [ -r "/etc/default/${NAME}" ] +then + . "/etc/default/${NAME}" +fi + +. /lib/lsb/init-functions + +set -e + +case "${1}" in + start) + if plymouth --ping + then + /bin/plymouth update-root-fs --read-write + fi + ;; + + stop|restart|force-reload) + + ;; + + *) + echo "Usage: ${0} {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/postgresql b/etc/init.d/postgresql new file mode 100755 index 0000000..579fdd2 --- /dev/null +++ b/etc/init.d/postgresql @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +### BEGIN INIT INFO +# Provides: postgresql +# Required-Start: $local_fs $remote_fs $network $time +# Required-Stop: $local_fs $remote_fs $network $time +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: PostgreSQL RDBMS server +### END INIT INFO + +# Setting environment variables for the postmaster here does not work; please +# set them in /etc/postgresql///environment instead. + +[ -r /usr/share/postgresql-common/init.d-functions ] || exit 0 + +. /usr/share/postgresql-common/init.d-functions + +# versions can be specified explicitly +if [ -n "$2" ]; then + versions="$2 $3 $4 $5 $6 $7 $8 $9" +else + get_versions +fi + +case "$1" in + start|stop|restart|reload) + if [ "$1" = "start" ]; then + create_socket_directory + fi + if [ -z "`pg_lsclusters -h`" ]; then + log_warning_msg 'No PostgreSQL clusters exist; see "man pg_createcluster"' + exit 0 + fi + for v in $versions; do + $1 $v || EXIT=$? + done + exit ${EXIT:-0} + ;; + status) + LS=`pg_lsclusters -h` + # no clusters -> unknown status + [ -n "$LS" ] || exit 4 + echo "$LS" | awk 'BEGIN {rc=0} {if (match($4, "down")) rc=3; printf ("%s/%s (port %s): %s\n", $1, $2, $3, $4)}; END {exit rc}' + ;; + force-reload) + for v in $versions; do + reload $v + done + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload|status} [version ..]" + exit 1 + ;; +esac + +exit 0 + diff --git a/etc/init.d/procps b/etc/init.d/procps new file mode 100755 index 0000000..4d7f4ce --- /dev/null +++ b/etc/init.d/procps @@ -0,0 +1,34 @@ +#! /bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: procps +# Required-Start: mountkernfs $local_fs +# Required-Stop: +# Should-Start: udev module-init-tools +# X-Start-Before: $network +# Default-Start: S +# Default-Stop: +# Short-Description: Configure kernel parameters at boottime +# Description: Loads kernel parameters that are specified in /etc/sysctl.conf +### END INIT INFO +# +# written by Elrond + +DESC="Setting kernel variables" +DAEMON=/sbin/sysctl +PIDFILE=none + +# Comment this out for sysctl to print every item changed +QUIET_SYSCTL="-q" + +do_start_cmd() { + STATUS=0 + $DAEMON $QUIET_SYSCTL --system || STATUS=$? + return $STATUS +} + +do_stop() { return 0; } +do_status() { return 0; } diff --git a/etc/init.d/rsync b/etc/init.d/rsync new file mode 100755 index 0000000..3cb0447 --- /dev/null +++ b/etc/init.d/rsync @@ -0,0 +1,156 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: rsyncd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $named autofs +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: fast remote file copy program daemon +# Description: rsync is a program that allows files to be copied to and +# from remote machines in much the same way as rcp. +# This provides rsyncd daemon functionality. +### END INIT INFO + +set -e + +# /etc/init.d/rsync: start and stop the rsync daemon + +DAEMON=/usr/bin/rsync +RSYNC_ENABLE=false +RSYNC_OPTS='' +RSYNC_DEFAULTS_FILE=/etc/default/rsync +RSYNC_CONFIG_FILE=/etc/rsyncd.conf +RSYNC_PID_FILE=/var/run/rsync.pid +RSYNC_NICE_PARM='' +RSYNC_IONICE_PARM='' + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +if [ -s $RSYNC_DEFAULTS_FILE ]; then + . $RSYNC_DEFAULTS_FILE + case "x$RSYNC_ENABLE" in + xtrue|xfalse) ;; + xinetd) exit 0 + ;; + *) log_failure_msg "Value of RSYNC_ENABLE in $RSYNC_DEFAULTS_FILE must be either 'true' or 'false';" + log_failure_msg "not starting rsync daemon." + exit 1 + ;; + esac + case "x$RSYNC_NICE" in + x[0-9]|x1[0-9]) RSYNC_NICE_PARM="--nicelevel $RSYNC_NICE";; + x) ;; + *) log_warning_msg "Value of RSYNC_NICE in $RSYNC_DEFAULTS_FILE must be a value between 0 and 19 (inclusive);" + log_warning_msg "ignoring RSYNC_NICE now." + ;; + esac + case "x$RSYNC_IONICE" in + x-c[123]*) RSYNC_IONICE_PARM="$RSYNC_IONICE";; + x) ;; + *) log_warning_msg "Value of RSYNC_IONICE in $RSYNC_DEFAULTS_FILE must be -c1, -c2 or -c3;" + log_warning_msg "ignoring RSYNC_IONICE now." + ;; + esac +fi + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +rsync_start() { + if [ ! -s "$RSYNC_CONFIG_FILE" ]; then + log_failure_msg "missing or empty config file $RSYNC_CONFIG_FILE" + log_end_msg 1 + exit 0 + fi + # See ionice(1) + if [ -n "$RSYNC_IONICE_PARM" ] && [ -x /usr/bin/ionice ] && + /usr/bin/ionice "$RSYNC_IONICE_PARM" true 2>/dev/null; then + /usr/bin/ionice "$RSYNC_IONICE_PARM" -p$$ > /dev/null 2>&1 + fi + if start-stop-daemon --start --quiet --background \ + --pidfile $RSYNC_PID_FILE --make-pidfile \ + $RSYNC_NICE_PARM --exec $DAEMON \ + -- --no-detach --daemon --config "$RSYNC_CONFIG_FILE" $RSYNC_OPTS + then + rc=0 + sleep 1 + if ! kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then + log_failure_msg "rsync daemon failed to start" + rc=1 + fi + else + rc=1 + fi + if [ $rc -eq 0 ]; then + log_end_msg 0 + else + log_end_msg 1 + rm -f $RSYNC_PID_FILE + fi +} # rsync_start + + +case "$1" in + start) + if "$RSYNC_ENABLE"; then + log_daemon_msg "Starting rsync daemon" "rsync" + if [ -s $RSYNC_PID_FILE ] && kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then + log_progress_msg "apparently already running" + log_end_msg 0 + exit 0 + fi + rsync_start + else + if [ -s "$RSYNC_CONFIG_FILE" ]; then + [ "$VERBOSE" != no ] && log_warning_msg "rsync daemon not enabled in $RSYNC_DEFAULTS_FILE, not starting..." + fi + fi + ;; + stop) + log_daemon_msg "Stopping rsync daemon" "rsync" + start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $RSYNC_PID_FILE + RETVAL="$?" + log_end_msg $RETVAL + if [ $RETVAL != 0 ] + then + exit 1 + fi + rm -f $RSYNC_PID_FILE + ;; + + reload|force-reload) + log_warning_msg "Reloading rsync daemon: not needed, as the daemon" + log_warning_msg "re-reads the config file whenever a client connects." + ;; + + restart) + set +e + if $RSYNC_ENABLE; then + log_daemon_msg "Restarting rsync daemon" "rsync" + if [ -s $RSYNC_PID_FILE ] && kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then + start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $RSYNC_PID_FILE + else + log_warning_msg "rsync daemon not running, attempting to start." + rm -f $RSYNC_PID_FILE + fi + rsync_start + else + if [ -s "$RSYNC_CONFIG_FILE" ]; then + [ "$VERBOSE" != no ] && log_warning_msg "rsync daemon not enabled in $RSYNC_DEFAULTS_FILE, not starting..." + fi + fi + ;; + + status) + status_of_proc -p $RSYNC_PID_FILE "$DAEMON" rsync + exit $? # notreached due to set -e + ;; + *) + echo "Usage: /etc/init.d/rsync {start|stop|reload|force-reload|restart|status}" + exit 1 +esac + +exit 0 diff --git a/etc/init.d/rsyslog b/etc/init.d/rsyslog new file mode 100755 index 0000000..14017cf --- /dev/null +++ b/etc/init.d/rsyslog @@ -0,0 +1,129 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: rsyslog +# Required-Start: $remote_fs $time +# Required-Stop: umountnfs $time +# X-Stop-After: sendsigs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: enhanced syslogd +# Description: Rsyslog is an enhanced multi-threaded syslogd. +# It is quite compatible to stock sysklogd and can be +# used as a drop-in replacement. +### END INIT INFO + +# +# Author: Michael Biebl +# + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="enhanced syslogd" +NAME=rsyslog + +RSYSLOGD=rsyslogd +DAEMON=/usr/sbin/rsyslogd +PIDFILE=/run/rsyslogd.pid + +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # other if daemon could not be started or a failure occured + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $RSYSLOGD_OPTIONS +} + +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # other if daemon could not be stopped or a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON +} + +# +# Tell rsyslogd to close all open files +# +do_rotate() { + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --exec $DAEMON +} + +create_xconsole() { + XCONSOLE=/dev/xconsole + if [ "$(uname -s)" != "Linux" ]; then + XCONSOLE=/run/xconsole + ln -sf $XCONSOLE /dev/xconsole + fi + if [ ! -e $XCONSOLE ]; then + mknod -m 640 $XCONSOLE p + chown root:adm $XCONSOLE + [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE + fi +} + +sendsigs_omit() { + OMITDIR=/run/sendsigs.omit.d + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/rsyslog +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$RSYSLOGD" + create_xconsole + do_start + case "$?" in + 0) sendsigs_omit + log_end_msg 0 ;; + 1) log_progress_msg "already started" + log_end_msg 0 ;; + *) log_end_msg 1 ;; + esac + + ;; + stop) + log_daemon_msg "Stopping $DESC" "$RSYSLOGD" + do_stop + case "$?" in + 0) log_end_msg 0 ;; + 1) log_progress_msg "already stopped" + log_end_msg 0 ;; + *) log_end_msg 1 ;; + esac + + ;; + rotate) + log_daemon_msg "Closing open files" "$RSYSLOGD" + do_rotate + log_end_msg $? + ;; + restart|force-reload) + $0 stop + $0 start + ;; + try-restart) + $0 status >/dev/null 2>&1 && $0 restart + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $RSYSLOGD && exit 0 || exit $? + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2 + exit 3 + ;; +esac + +: diff --git a/etc/init.d/screen-cleanup b/etc/init.d/screen-cleanup new file mode 100755 index 0000000..3eb4185 --- /dev/null +++ b/etc/init.d/screen-cleanup @@ -0,0 +1,49 @@ +#!/bin/sh +# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $ +# +# Script to remove stale screen named pipes on bootup. +# + +### BEGIN INIT INFO +# Provides: screen-cleanup +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: S +# Default-Stop: +# Short-Description: screen sessions cleaning +# Description: Cleans up the screen session directory and fixes its +# permissions if needed. +### END INIT INFO + +set -e + +test -f /usr/bin/screen || exit 0 + +SCREENDIR=/run/screen + +case "$1" in +start) + if test -L $SCREENDIR || ! test -d $SCREENDIR; then + rm -f $SCREENDIR + mkdir $SCREENDIR + chown root:utmp $SCREENDIR + [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR + fi + find $SCREENDIR -type p -delete +# If the local admin has used dpkg-statoverride to install the screen +# binary with different set[ug]id bits, change the permissions of +# $SCREENDIR accordingly + BINARYPERM=`stat -c%a /usr/bin/screen` + if [ "$BINARYPERM" -ge 4000 ]; then + chmod 0755 $SCREENDIR + elif [ "$BINARYPERM" -ge 2000 ]; then + chmod 0775 $SCREENDIR + else + chmod 1777 $SCREENDIR + fi + ;; +stop|restart|reload|force-reload) + ;; +esac + +exit 0 diff --git a/etc/init.d/smartmontools b/etc/init.d/smartmontools new file mode 100755 index 0000000..7584d02 --- /dev/null +++ b/etc/init.d/smartmontools @@ -0,0 +1,123 @@ +#!/bin/sh -e +# +# smartmontools init.d startup script +# +# (C) 2003,04,07 Guido Günther +# +# loosely based on the init script that comes with smartmontools which is +# copyrighted 2002 by Bruce Allen +# +### BEGIN INIT INFO +# Provides: smartmontools +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: SMART monitoring daemon +### END INIT INFO + +SMARTCTL=/usr/sbin/smartctl +DAEMON=/usr/sbin/smartd +PIDFILE=/var/run/smartd.pid +[ -x $SMARTCTL ] || exit 0 +[ -x $DAEMON ] || exit 0 +. /lib/lsb/init-functions + +RET=0 + +[ -r /etc/default/rcS ] && . /etc/default/rcS +[ -r /etc/default/smartmontools ] && . /etc/default/smartmontools + +smartd_opts="--pidfile $PIDFILE $smartd_opts" + +enable_smart() { + log_action_begin_msg "Enabling S.M.A.R.T." + for device in $enable_smart; do + log_action_cont_msg "$device" + if ! $SMARTCTL --quietmode=errorsonly --smart=on $device; then + log_action_cont_msg "(failed)" + RET=2 + fi + done + log_action_end_msg 0 +} + +running_pid() +{ + # Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected child? + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() +{ +# Check if the process is running looking at /proc +# (works for all users) + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + # Obtain the pid and check it against the binary name + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +case "$1" in + start) + [ -n "$enable_smart" ] && enable_smart + log_daemon_msg "Starting S.M.A.R.T. daemon" "smartd" + if running; then + log_progress_msg "already running" + log_end_msg 0 + exit 0 + fi + rm -f $PIDFILE + if start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $smartd_opts; then + log_end_msg 0 + else + log_end_msg 1 + RET=1 + fi + ;; + stop) + log_daemon_msg "Stopping S.M.A.R.T. daemon" "smartd" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE + log_end_msg 0 + ;; + reload|force-reload) + log_daemon_msg "Reloading S.M.A.R.T. daemon" "smartd" + if start-stop-daemon --stop --quiet --signal 1 \ + --pidfile $PIDFILE; then + log_end_msg 0 + else + log_end_msg 1 + RET=1 + fi + ;; + restart) + log_daemon_msg "Restarting S.M.A.R.T. daemon" "smartd" + start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $PIDFILE + rm -f $PIDFILE + if start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $smartd_opts; then + log_end_msg 0 + else + log_end_msg 1 + RET=1 + fi + ;; + status) + status_of_proc $DAEMON smartd && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/smartmontools {start|stop|restart|reload|force-reload|status}" + exit 1 +esac + +exit $RET diff --git a/etc/init.d/ssh b/etc/init.d/ssh new file mode 100755 index 0000000..620af70 --- /dev/null +++ b/etc/init.d/ssh @@ -0,0 +1,162 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: OpenBSD Secure Shell server +### END INIT INFO + +set -e + +# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon + +test -x /usr/sbin/sshd || exit 0 +( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 + +umask 022 + +if test -f /etc/default/ssh; then + . /etc/default/ssh +fi + +. /lib/lsb/init-functions + +if [ -n "$2" ]; then + SSHD_OPTS="$SSHD_OPTS $2" +fi + +# Are we running from init? +run_by_init() { + ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ] +} + +check_for_no_start() { + # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists + if [ -e /etc/ssh/sshd_not_to_be_run ]; then + if [ "$1" = log_end_msg ]; then + log_end_msg 0 || true + fi + if ! run_by_init; then + log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true + fi + exit 0 + fi +} + +check_dev_null() { + if [ ! -c /dev/null ]; then + if [ "$1" = log_end_msg ]; then + log_end_msg 1 || true + fi + if ! run_by_init; then + log_action_msg "/dev/null is not a character device!" || true + fi + exit 1 + fi +} + +check_privsep_dir() { + # Create the PrivSep empty dir if necessary + if [ ! -d /run/sshd ]; then + mkdir /run/sshd + chmod 0755 /run/sshd + fi +} + +check_config() { + if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then + /usr/sbin/sshd $SSHD_OPTS -t || exit 1 + fi +} + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +case "$1" in + start) + check_privsep_dir + check_for_no_start + check_dev_null + log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true + if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + stop) + log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true + if start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + reload|force-reload) + check_for_no_start + check_config + log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true + if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + restart) + check_privsep_dir + check_config + log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true + start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /run/sshd.pid --exec /usr/sbin/sshd + check_for_no_start log_end_msg + check_dev_null log_end_msg + if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + try-restart) + check_privsep_dir + check_config + log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true + RET=0 + start-stop-daemon --stop --quiet --retry 30 --pidfile /run/sshd.pid --exec /usr/sbin/sshd || RET="$?" + case $RET in + 0) + # old daemon stopped + check_for_no_start log_end_msg + check_dev_null log_end_msg + if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + 1) + # daemon not running + log_progress_msg "(not running)" || true + log_end_msg 0 || true + ;; + *) + # failed to stop + log_progress_msg "(failed to stop)" || true + log_end_msg 1 || true + ;; + esac + ;; + + status) + status_of_proc -p /run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? + ;; + + *) + log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" || true + exit 1 +esac + +exit 0 diff --git a/etc/init.d/sysstat b/etc/init.d/sysstat new file mode 100755 index 0000000..34209a5 --- /dev/null +++ b/etc/init.d/sysstat @@ -0,0 +1,62 @@ +#! /bin/sh +# vim:ft=sh:et +### BEGIN INIT INFO +# Provides: sysstat +# Required-Start: $remote_fs $local_fs $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start/stop sysstat's sadc +# Description: Sysstat contains system performance tools for Linux +# The init file runs the sadc command in order to write +# the "LINUX RESTART" mark to the daily data file +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/lib/sysstat/debian-sa1 +NAME=sadc +DESC="the system activity data collector" + +test -f "$DAEMON" || exit 0 +umask 022 + +# our configuration file +DEFAULT=/etc/default/sysstat + +# default setting... +ENABLED="false" + +# ...overridden in the configuration file +test -r "$DEFAULT" && . "$DEFAULT" + +set -e +status=0 + +. /lib/lsb/init-functions + +case "$1" in + start|restart|reload|force-reload) + if [ "$ENABLED" = "true" ] ; then + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --exec $DAEMON -- --boot || status=$? + log_end_msg $status + fi + ;; + stop) + ;; + status) + if [ "$ENABLED" = "true" ] ; then + log_success_msg "sadc cron jobs are enabled" + exit 0 + else + log_failure_msg "sadc cron jobs are disabled" + exit 3 + fi + ;; + *) + log_failure_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" + exit 1 + ;; +esac + +exit $status diff --git a/etc/init.d/udev b/etc/init.d/udev new file mode 100755 index 0000000..a10a586 --- /dev/null +++ b/etc/init.d/udev @@ -0,0 +1,256 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: udev +# Required-Start: mountkernfs +# Required-Stop: umountroot +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Start systemd-udevd, populate /dev and load drivers. +### END INIT INFO + +PATH="/sbin:/bin" +NAME="systemd-udevd" +DAEMON="/lib/systemd/systemd-udevd" +DESC="hotplug events dispatcher" +PIDFILE="/run/udev.pid" +CTRLFILE="/run/udev/control" +OMITDIR="/run/sendsigs.omit.d" + +# we need to unmount /dev/pts/ and remount it later over the devtmpfs +unmount_devpts() { + if mountpoint -q /dev/pts/; then + umount -n -l /dev/pts/ + fi + + if mountpoint -q /dev/shm/; then + umount -n -l /dev/shm/ + fi +} + +# mount a devtmpfs over /dev, if somebody did not already do it +mount_devtmpfs() { + if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then + mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev + return + fi + + if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 + fi + + return 0 +} + +create_dev_makedev() { + if [ -e /sbin/MAKEDEV ]; then + ln -sf /sbin/MAKEDEV /dev/MAKEDEV + else + ln -sf /bin/true /dev/MAKEDEV + fi +} + +# shell version of /usr/bin/tty +my_tty() { + [ -x /bin/readlink ] || return 0 + [ -e /proc/self/fd/0 ] || return 0 + readlink --silent /proc/self/fd/0 || true +} + +warn_if_interactive() { + if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then + return + fi + + TTY=$(my_tty) + if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then + return + fi + + printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n" + printf "has been run from an interactive shell.\n" + printf "It will probably not do what you expect, so this script will wait\n" + printf "60 seconds before continuing. Press ^C to stop it.\n" + printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n" + sleep 60 +} + +make_static_nodes() { + [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0 + [ -x /bin/kmod ] || return 0 + + /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \ + while read type name mode uid gid age arg; do + [ -e $name ] && continue + case "$type" in + c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;; + d|d!) mkdir $name ;; + *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;; + esac + + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $name + fi + done +} + + +############################################################################## + + +[ -x $DAEMON ] || exit 0 + +# defaults +tmpfs_size="10M" + +if [ -e /etc/udev/udev.conf ]; then + . /etc/udev/udev.conf +fi + +. /lib/lsb/init-functions + +if [ ! -e /proc/filesystems ]; then + log_failure_msg "udev requires a mounted procfs, not started" + log_end_msg 1 +fi + +if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 +fi + +if [ ! -d /sys/class/ ]; then + log_failure_msg "udev requires a mounted sysfs, not started" + log_end_msg 1 +fi + +if [ ! -w /sys ]; then + log_warning_msg "udev does not support containers, not started" + exit 0 +fi + +if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \ + [ -e /sys/block -a ! -e /sys/class/block ]; then + log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected" + log_warning_msg "Booting will continue in 30 seconds but many things will be broken" + sleep 30 +fi + +# When modifying this script, do not forget that between the time that the +# new /dev has been mounted and udevadm trigger has been run there will be +# no /dev/null. This also means that you cannot use the "&" shell command. + +case "$1" in + start) + if [ ! -e "/run/udev/" ]; then + warn_if_interactive + fi + + if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper + fi + + if ! mountpoint -q /dev/; then + unmount_devpts + mount_devtmpfs + [ -d /proc/1 ] || mount -n /proc + fi + + make_static_nodes + + # clean up parts of the database created by the initramfs udev + udevadm info --cleanup-db + + # set the SELinux context for devices created in the initramfs + [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_warning_msg $? + log_warning_msg "Waiting 15 seconds and trying to continue anyway" + sleep 15 + fi + + log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)" + if udevadm trigger --type=subsystems --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + log_action_begin_msg "Synthesizing the initial hotplug events (devices)" + if udevadm trigger --type=devices --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + + create_dev_makedev + + # wait for the systemd-udevd childs to finish + log_action_begin_msg "Waiting for /dev to be fully populated" + if udevadm settle; then + log_action_end_msg 0 + else + log_action_end_msg 0 'timeout' + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? + fi + ;; + + restart) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? || true + fi + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_end_msg $? + fi + ;; + + reload|force-reload) + udevadm control --reload-rules + ;; + + status) + status_of_proc $DAEMON $NAME && exit 0 || exit $? + ;; + + *) + echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/etc/init.d/ufw b/etc/init.d/ufw new file mode 100755 index 0000000..c491994 --- /dev/null +++ b/etc/init.d/ufw @@ -0,0 +1,86 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: ufw +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: S +# Default-Stop: 1 +# Short-Description: start firewall +# Description: Start ufw firewall +### END INIT INFO + +set -e + +PATH="/sbin:/bin" + +[ -d /lib/ufw ] || exit 0 + +. /lib/lsb/init-functions + +for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do + if [ -s "$s" ]; then + . "$s" + else + log_failure_msg "Could not find $s (aborting)" + exit 1 + fi +done + +error=0 +case "$1" in +start) + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + log_action_begin_msg "Starting firewall:" "ufw" + output=`ufw_start` || error="$?" + if [ "$error" = "0" ]; then + log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)" + fi + if [ ! -z "$output" ]; then + echo "$output" | while read line ; do + log_action_cont_msg "$line" + done + fi + else + log_action_begin_msg "Skip starting firewall:" "ufw (not enabled)" + fi + log_action_end_msg $error + exit $error + ;; +stop) + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + log_action_begin_msg "Stopping firewall:" "ufw" + output=`ufw_stop` || error="$?" + if [ ! -z "$output" ]; then + log_action_cont_msg "$output" + fi + else + log_action_begin_msg "Skip stopping firewall:" "ufw (not enabled)" + fi + log_action_end_msg $error + exit $error + ;; +restart|force-reload) + log_action_begin_msg "Reloading firewall:" "ufw" + output=`ufw_reload` || error="$?" + if [ ! -z "$output" ]; then + log_action_cont_msg "$output" + fi + log_action_end_msg $error + exit $error + ;; +status) + output=`ufw_status` || error="$?" + if [ ! -z "$output" ]; then + log_action_cont_msg "$output" + fi + log_action_end_msg $error + exit $error + ;; +*) + echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/init.d/unattended-upgrades b/etc/init.d/unattended-upgrades new file mode 100755 index 0000000..f77a730 --- /dev/null +++ b/etc/init.d/unattended-upgrades @@ -0,0 +1,51 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Provides: unattended-upgrade-shutdown-check +# Default-Start: 2 3 4 5 +# Default-Stop: 0 6 +# Short-Description: Check if unattended upgrades are being applied +# Description: Check if unattended upgrades are being applied +# and wait for them to finish +### END INIT INFO +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +NAME="unattended-upgrades-shutdown" +DESC="unattended package upgrades shutdown" +SCRIPTNAME="/etc/init.d/$NAME" +SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown" + +if [ -x /usr/bin/python3 ]; then + PYTHON=python3 +else + PYTHON=python +fi + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +. /lib/lsb/init-functions + +case "$1" in +start|restart|force-reload|status) + # nothing, just to keep update-rc.d happy (see debian #630732) + ;; +stop) + if [ -e $SHUTDOWN_HELPER ]; then + [ "$VERBOSE" != "no" ] && log_action_begin_msg "Checking for running $DESC" + $PYTHON $SHUTDOWN_HELPER + [ "$VERBOSE" != "no" ] && log_action_end_msg $? "$NAME" + fi + ;; +*) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac +: diff --git a/etc/init.d/uuidd b/etc/init.d/uuidd new file mode 100755 index 0000000..cb615d1 --- /dev/null +++ b/etc/init.d/uuidd @@ -0,0 +1,62 @@ +#! /bin/sh -e +### BEGIN INIT INFO +# Provides: uuidd +# Required-Start: $time $local_fs $remote_fs +# Required-Stop: $time $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: uuidd daemon +# Description: Init script for the uuid generation daemon +### END INIT INFO +# +# Author: "Theodore Ts'o" +# +set -e + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/uuidd +UUIDD_USER=uuidd +UUIDD_GROUP=uuidd +UUIDD_DIR=/run/uuidd +PIDFILE=$UUIDD_DIR/uuidd.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +case "$1" in + start) + log_daemon_msg "Starting uuid generator" "uuidd" + if ! test -d $UUIDD_DIR; then + mkdir -p $UUIDD_DIR + chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR + fi + start_daemon -p $PIDFILE $DAEMON + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping uuid generator" "uuidd" + killproc -p $PIDFILE $DAEMON + log_end_msg $? + ;; + status) + if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&1; then + echo "$DAEMON is running"; + exit 0; + else + echo "$DAEMON is NOT running"; + if test -f $PIDFILE; then exit 2; fi + exit 3; + fi + ;; + force-reload|restart) + $0 stop + $0 start + ;; + *) + echo "Usage: /etc/init.d/uuidd {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/initramfs-tools/initramfs.conf b/etc/initramfs-tools/initramfs.conf new file mode 100644 index 0000000..70ec614 --- /dev/null +++ b/etc/initramfs-tools/initramfs.conf @@ -0,0 +1,81 @@ +# +# initramfs.conf +# Configuration file for mkinitramfs(8). See initramfs.conf(5). +# +# Note that configuration options from this file can be overridden +# by config files in the /etc/initramfs-tools/conf.d directory. + +# +# MODULES: [ most | netboot | dep | list ] +# +# most - Add most filesystem and all harddrive drivers. +# +# dep - Try and guess which modules to load. +# +# netboot - Add the base modules, network modules, but skip block devices. +# +# list - Only include modules from the 'additional modules' list +# + +MODULES=most + +# +# BUSYBOX: [ y | n | auto ] +# +# Use busybox shell and utilities. If set to n, klibc utilities will be used. +# If set to auto (or unset), busybox will be used if installed and klibc will +# be used otherwise. +# + +BUSYBOX=auto + +# +# COMPCACHE_SIZE: [ "x K" | "x M" | "x G" | "x %" ] +# +# Amount of RAM to use for RAM-based compressed swap space. +# +# An empty value - compcache isn't used, or added to the initramfs at all. +# An integer and K (e.g. 65536 K) - use a number of kilobytes. +# An integer and M (e.g. 256 M) - use a number of megabytes. +# An integer and G (e.g. 1 G) - use a number of gigabytes. +# An integer and % (e.g. 50 %) - use a percentage of the amount of RAM. +# +# You can optionally install the compcache package to configure this setting +# via debconf and have userspace scripts to load and unload compcache. +# + +COMPCACHE_SIZE="" + +# +# COMPRESS: [ gzip | bzip2 | lz4 | lzma | lzop | xz ] +# + +COMPRESS=lz4 + +# +# NFS Section of the config. +# + +# +# DEVICE: ... +# +# Specify a specific network interface, like eth0 +# Overridden by optional ip= or BOOTIF= bootarg +# + +DEVICE= + +# +# NFSROOT: [ auto | HOST:MOUNT ] +# + +NFSROOT=auto + +# +# RUNSIZE: ... +# +# The size of the /run tmpfs mount point, like 256M or 10% +# Overridden by optional initramfs.runsize= bootarg +# + +RUNSIZE=10% diff --git a/etc/initramfs-tools/modules b/etc/initramfs-tools/modules new file mode 100644 index 0000000..dd9dc54 --- /dev/null +++ b/etc/initramfs-tools/modules @@ -0,0 +1,11 @@ +# List of modules that you want to include in your initramfs. +# They will be loaded at boot time in the order below. +# +# Syntax: module_name [args ...] +# +# You must run update-initramfs(8) to effect this change. +# +# Examples: +# +# raid1 +# sd_mod diff --git a/etc/initramfs-tools/update-initramfs.conf b/etc/initramfs-tools/update-initramfs.conf new file mode 100644 index 0000000..31823e2 --- /dev/null +++ b/etc/initramfs-tools/update-initramfs.conf @@ -0,0 +1,20 @@ +# +# Configuration file for update-initramfs(8) +# + +# +# update_initramfs [ yes | all | no ] +# +# Default is yes +# If set to all update-initramfs will update all initramfs +# If set to no disables any update to initramfs beside kernel upgrade + +update_initramfs=yes + +# +# backup_initramfs [ yes | no ] +# +# Default is no +# If set to no leaves no .bak backup files. + +backup_initramfs=no diff --git a/etc/inputrc b/etc/inputrc new file mode 100644 index 0000000..d3da985 --- /dev/null +++ b/etc/inputrc @@ -0,0 +1,67 @@ +# /etc/inputrc - global inputrc for libreadline +# See readline(3readline) and `info rluserman' for more information. + +# Be 8 bit clean. +set input-meta on +set output-meta on + +# To allow the use of 8bit-characters like the german umlauts, uncomment +# the line below. However this makes the meta key not work as a meta key, +# which is annoying to those which don't need to type in 8-bit characters. + +# set convert-meta off + +# try to enable the application keypad when it is called. Some systems +# need this to enable the arrow keys. +# set enable-keypad on + +# see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys + +# do not bell on tab-completion +# set bell-style none +# set bell-style visible + +# some defaults / modifications for the emacs mode +$if mode=emacs + +# allow the use of the Home/End keys +"\e[1~": beginning-of-line +"\e[4~": end-of-line + +# allow the use of the Delete/Insert keys +"\e[3~": delete-char +"\e[2~": quoted-insert + +# mappings for "page up" and "page down" to step to the beginning/end +# of the history +# "\e[5~": beginning-of-history +# "\e[6~": end-of-history + +# alternate mappings for "page up" and "page down" to search the history +# "\e[5~": history-search-backward +# "\e[6~": history-search-forward + +# mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving +"\e[1;5C": forward-word +"\e[1;5D": backward-word +"\e[5C": forward-word +"\e[5D": backward-word +"\e\e[C": forward-word +"\e\e[D": backward-word + +$if term=rxvt +"\e[7~": beginning-of-line +"\e[8~": end-of-line +"\eOc": forward-word +"\eOd": backward-word +$endif + +# for non RH/Debian xterm, can't hurt for RH/Debian xterm +# "\eOH": beginning-of-line +# "\eOF": end-of-line + +# for freebsd console +# "\e[H": beginning-of-line +# "\e[F": end-of-line + +$endif diff --git a/etc/iproute2/bpf_pinning b/etc/iproute2/bpf_pinning new file mode 100644 index 0000000..2b39c70 --- /dev/null +++ b/etc/iproute2/bpf_pinning @@ -0,0 +1,6 @@ +# +# subpath mappings from mount point for pinning +# +#3 tracing +#4 foo/bar +#5 tc/cls1 diff --git a/etc/iproute2/ematch_map b/etc/iproute2/ematch_map new file mode 100644 index 0000000..4d6bb2f --- /dev/null +++ b/etc/iproute2/ematch_map @@ -0,0 +1,8 @@ +# lookup table for ematch kinds +1 cmp +2 nbyte +3 u32 +4 meta +7 canid +8 ipset +9 ipt diff --git a/etc/iproute2/group b/etc/iproute2/group new file mode 100644 index 0000000..6f000b2 --- /dev/null +++ b/etc/iproute2/group @@ -0,0 +1,2 @@ +# device group names +0 default diff --git a/etc/iproute2/nl_protos b/etc/iproute2/nl_protos new file mode 100644 index 0000000..7c17cf0 --- /dev/null +++ b/etc/iproute2/nl_protos @@ -0,0 +1,23 @@ +# Netlink protocol names mapping + +0 rtnl +1 unused +2 usersock +3 fw +4 tcpdiag +5 nflog +6 xfrm +7 selinux +8 iscsi +9 audit +10 fiblookup +11 connector +12 nft +13 ip6fw +14 dec-rt +15 uevent +16 genl +18 scsi-trans +19 ecryptfs +20 rdma +21 crypto diff --git a/etc/iproute2/rt_dsfield b/etc/iproute2/rt_dsfield new file mode 100644 index 0000000..1426d60 --- /dev/null +++ b/etc/iproute2/rt_dsfield @@ -0,0 +1,26 @@ +# Differentiated field values +# These include the DSCP and unused bits +0x0 default +# Newer RFC2597 values +0x28 AF11 +0x30 AF12 +0x38 AF13 +0x48 AF21 +0x50 AF22 +0x58 AF23 +0x68 AF31 +0x70 AF32 +0x78 AF33 +0x88 AF41 +0x90 AF42 +0x98 AF43 +# Older values RFC2474 +0x20 CS1 +0x40 CS2 +0x60 CS3 +0x80 CS4 +0xA0 CS5 +0xC0 CS6 +0xE0 CS7 +# RFC 2598 +0xB8 EF diff --git a/etc/iproute2/rt_protos b/etc/iproute2/rt_protos new file mode 100644 index 0000000..b3a0ec8 --- /dev/null +++ b/etc/iproute2/rt_protos @@ -0,0 +1,23 @@ +# +# Reserved protocols. +# +0 unspec +1 redirect +2 kernel +3 boot +4 static +8 gated +9 ra +10 mrt +11 zebra +12 bird +13 dnrouted +14 xorp +15 ntk +16 dhcp +42 babel +186 bgp +187 isis +188 ospf +189 rip +192 eigrp diff --git a/etc/iproute2/rt_protos.d/README b/etc/iproute2/rt_protos.d/README new file mode 100644 index 0000000..f9c599c --- /dev/null +++ b/etc/iproute2/rt_protos.d/README @@ -0,0 +1,2 @@ +Each file in this directory is an rt_protos configuration file. iproute2 +commands scan this directory processing all files that end in '.conf'. diff --git a/etc/iproute2/rt_realms b/etc/iproute2/rt_realms new file mode 100644 index 0000000..eedd76d --- /dev/null +++ b/etc/iproute2/rt_realms @@ -0,0 +1,13 @@ +# +# reserved values +# +0 cosmos +# +# local +# +#1 inr.ac +#2 inr.ruhep +#3 freenet +#4 radio-msu +#5 russia +#6 internet diff --git a/etc/iproute2/rt_scopes b/etc/iproute2/rt_scopes new file mode 100644 index 0000000..8514bc1 --- /dev/null +++ b/etc/iproute2/rt_scopes @@ -0,0 +1,11 @@ +# +# reserved values +# +0 global +255 nowhere +254 host +253 link +# +# pseudo-reserved +# +200 site diff --git a/etc/iproute2/rt_tables b/etc/iproute2/rt_tables new file mode 100644 index 0000000..541abfd --- /dev/null +++ b/etc/iproute2/rt_tables @@ -0,0 +1,11 @@ +# +# reserved values +# +255 local +254 main +253 default +0 unspec +# +# local +# +#1 inr.ruhep diff --git a/etc/iproute2/rt_tables.d/README b/etc/iproute2/rt_tables.d/README new file mode 100644 index 0000000..0920cb1 --- /dev/null +++ b/etc/iproute2/rt_tables.d/README @@ -0,0 +1,2 @@ +Each file in this directory is an rt_tables configuration file. iproute2 +commands scan this directory processing all files that end in '.conf'. diff --git a/etc/iscsi/initiatorname.iscsi b/etc/iscsi/initiatorname.iscsi new file mode 100644 index 0000000..8cd09cc --- /dev/null +++ b/etc/iscsi/initiatorname.iscsi @@ -0,0 +1,6 @@ +## DO NOT EDIT OR REMOVE THIS FILE! +## If you remove this file, the iSCSI daemon will not start. +## If you change the InitiatorName, existing access control lists +## may reject this initiator. The InitiatorName must be unique +## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames. +InitiatorName=iqn.1993-08.org.debian:01:af5bf2af245 diff --git a/etc/iscsi/iscsid.conf b/etc/iscsi/iscsid.conf new file mode 100644 index 0000000..1aa74db --- /dev/null +++ b/etc/iscsi/iscsid.conf @@ -0,0 +1,316 @@ +# +# Open-iSCSI default configuration. +# Could be located at /etc/iscsi/iscsid.conf or ~/.iscsid.conf +# +# Note: To set any of these values for a specific node/session run +# the iscsiadm --mode node --op command for the value. See the README +# and man page for iscsiadm for details on the --op command. +# + +###################### +# iscsid daemon config +###################### +# If you want iscsid to start the first time an iscsi tool +# needs to access it, instead of starting it when the init +# scripts run, set the iscsid startup command here. This +# should normally only need to be done by distro package +# maintainers. +# +# Default for Fedora and RHEL. (uncomment to activate). +# iscsid.startup = /etc/rc.d/init.d/iscsid force-start +iscsid.startup = /bin/systemctl start iscsid.socket +# +# Default for upstream open-iscsi scripts (uncomment to activate). +# iscsid.startup = /sbin/iscsid + +# Check for active mounts on devices reachable through a session +# and refuse to logout if there are any. Defaults to "No". +# iscsid.safe_logout = Yes + +############################# +# NIC/HBA and driver settings +############################# +# open-iscsi can create a session and bind it to a NIC/HBA. +# To set this up see the example iface config file. + +#***************** +# Startup settings +#***************** + +# To request that the iscsi initd scripts startup a session set to "automatic". +# node.startup = automatic +# +# To manually startup the session set to "manual". The default is manual. +node.startup = manual + +# For "automatic" startup nodes, setting this to "Yes" will try logins on each +# available iface until one succeeds, and then stop. The default "No" will try +# logins on all available ifaces simultaneously. +node.leading_login = No + +# ************* +# CHAP Settings +# ************* + +# To enable CHAP authentication set node.session.auth.authmethod +# to CHAP. The default is None. +#node.session.auth.authmethod = CHAP + +# To set a CHAP username and password for initiator +# authentication by the target(s), uncomment the following lines: +#node.session.auth.username = username +#node.session.auth.password = password + +# To set a CHAP username and password for target(s) +# authentication by the initiator, uncomment the following lines: +#node.session.auth.username_in = username_in +#node.session.auth.password_in = password_in + +# To enable CHAP authentication for a discovery session to the target +# set discovery.sendtargets.auth.authmethod to CHAP. The default is None. +#discovery.sendtargets.auth.authmethod = CHAP + +# To set a discovery session CHAP username and password for the initiator +# authentication by the target(s), uncomment the following lines: +#discovery.sendtargets.auth.username = username +#discovery.sendtargets.auth.password = password + +# To set a discovery session CHAP username and password for target(s) +# authentication by the initiator, uncomment the following lines: +#discovery.sendtargets.auth.username_in = username_in +#discovery.sendtargets.auth.password_in = password_in + +# ******** +# Timeouts +# ******** +# +# See the iSCSI README's Advanced Configuration section for tips +# on setting timeouts when using multipath or doing root over iSCSI. +# +# To specify the length of time to wait for session re-establishment +# before failing SCSI commands back to the application when running +# the Linux SCSI Layer error handler, edit the line. +# The value is in seconds and the default is 120 seconds. +# Special values: +# - If the value is 0, IO will be failed immediately. +# - If the value is less than 0, IO will remain queued until the session +# is logged back in, or until the user runs the logout command. +node.session.timeo.replacement_timeout = 120 + +# To specify the time to wait for login to complete, edit the line. +# The value is in seconds and the default is 15 seconds. +node.conn[0].timeo.login_timeout = 15 + +# To specify the time to wait for logout to complete, edit the line. +# The value is in seconds and the default is 15 seconds. +node.conn[0].timeo.logout_timeout = 15 + +# Time interval to wait for on connection before sending a ping. +node.conn[0].timeo.noop_out_interval = 5 + +# To specify the time to wait for a Nop-out response before failing +# the connection, edit this line. Failing the connection will +# cause IO to be failed back to the SCSI layer. If using dm-multipath +# this will cause the IO to be failed to the multipath layer. +node.conn[0].timeo.noop_out_timeout = 5 + +# To specify the time to wait for abort response before +# failing the operation and trying a logical unit reset edit the line. +# The value is in seconds and the default is 15 seconds. +node.session.err_timeo.abort_timeout = 15 + +# To specify the time to wait for a logical unit response +# before failing the operation and trying session re-establishment +# edit the line. +# The value is in seconds and the default is 30 seconds. +node.session.err_timeo.lu_reset_timeout = 30 + +# To specify the time to wait for a target response +# before failing the operation and trying session re-establishment +# edit the line. +# The value is in seconds and the default is 30 seconds. +node.session.err_timeo.tgt_reset_timeout = 30 + + +#****** +# Retry +#****** + +# To specify the number of times iscsid should retry a login +# if the login attempt fails due to the node.conn[0].timeo.login_timeout +# expiring modify the following line. Note that if the login fails +# quickly (before node.conn[0].timeo.login_timeout fires) because the network +# layer or the target returns an error, iscsid may retry the login more than +# node.session.initial_login_retry_max times. +# +# This retry count along with node.conn[0].timeo.login_timeout +# determines the maximum amount of time iscsid will try to +# establish the initial login. node.session.initial_login_retry_max is +# multiplied by the node.conn[0].timeo.login_timeout to determine the +# maximum amount. +# +# The default node.session.initial_login_retry_max is 8 and +# node.conn[0].timeo.login_timeout is 15 so we have: +# +# node.conn[0].timeo.login_timeout * node.session.initial_login_retry_max = +# 120 seconds +# +# Valid values are any integer value. This only +# affects the initial login. Setting it to a high value can slow +# down the iscsi service startup. Setting it to a low value can +# cause a session to not get logged into, if there are distuptions +# during startup or if the network is not ready at that time. +node.session.initial_login_retry_max = 8 + +################################ +# session and device queue depth +################################ + +# To control how many commands the session will queue set +# node.session.cmds_max to an integer between 2 and 2048 that is also +# a power of 2. The default is 128. +node.session.cmds_max = 128 + +# To control the device's queue depth set node.session.queue_depth +# to a value between 1 and 1024. The default is 32. +node.session.queue_depth = 32 + +################################## +# MISC SYSTEM PERFORMANCE SETTINGS +################################## + +# For software iscsi (iscsi_tcp) and iser (ib_iser) each session +# has a thread used to transmit or queue data to the hardware. For +# cxgb3i you will get a thread per host. +# +# Setting the thread's priority to a lower value can lead to higher throughput +# and lower latencies. The lowest value is -20. Setting the priority to +# a higher value, can lead to reduced IO performance, but if you are seeing +# the iscsi or scsi threads dominate the use of the CPU then you may want +# to set this value higher. +# +# Note: For cxgb3i you must set all sessions to the same value, or the +# behavior is not defined. +# +# The default value is -20. The setting must be between -20 and 20. +node.session.xmit_thread_priority = -20 + + +#*************** +# iSCSI settings +#*************** + +# To enable R2T flow control (i.e., the initiator must wait for an R2T +# command before sending any data), uncomment the following line: +# +#node.session.iscsi.InitialR2T = Yes +# +# To disable R2T flow control (i.e., the initiator has an implied +# initial R2T of "FirstBurstLength" at offset 0), uncomment the following line: +# +# The defaults is No. +node.session.iscsi.InitialR2T = No + +# +# To disable immediate data (i.e., the initiator does not send +# unsolicited data with the iSCSI command PDU), uncomment the following line: +# +#node.session.iscsi.ImmediateData = No +# +# To enable immediate data (i.e., the initiator sends unsolicited data +# with the iSCSI command packet), uncomment the following line: +# +# The default is Yes +node.session.iscsi.ImmediateData = Yes + +# To specify the maximum number of unsolicited data bytes the initiator +# can send in an iSCSI PDU to a target, edit the following line. +# +# The value is the number of bytes in the range of 512 to (2^24-1) and +# the default is 262144 +node.session.iscsi.FirstBurstLength = 262144 + +# To specify the maximum SCSI payload that the initiator will negotiate +# with the target for, edit the following line. +# +# The value is the number of bytes in the range of 512 to (2^24-1) and +# the defauls it 16776192 +node.session.iscsi.MaxBurstLength = 16776192 + +# To specify the maximum number of data bytes the initiator can receive +# in an iSCSI PDU from a target, edit the following line. +# +# The value is the number of bytes in the range of 512 to (2^24-1) and +# the default is 262144 +node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144 + +# To specify the maximum number of data bytes the initiator will send +# in an iSCSI PDU to the target, edit the following line. +# +# The value is the number of bytes in the range of 512 to (2^24-1). +# Zero is a special case. If set to zero, the initiator will use +# the target's MaxRecvDataSegmentLength for the MaxXmitDataSegmentLength. +# The default is 0. +node.conn[0].iscsi.MaxXmitDataSegmentLength = 0 + +# To specify the maximum number of data bytes the initiator can receive +# in an iSCSI PDU from a target during a discovery session, edit the +# following line. +# +# The value is the number of bytes in the range of 512 to (2^24-1) and +# the default is 32768 +# +discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768 + +# To allow the targets to control the setting of the digest checking, +# with the initiator requesting a preference of enabling the checking, uncomment# one or both of the following lines: +#node.conn[0].iscsi.HeaderDigest = CRC32C,None +#node.conn[0].iscsi.DataDigest = CRC32C,None +# +# To allow the targets to control the setting of the digest checking, +# with the initiator requesting a preference of disabling the checking, +# uncomment one or both of the following lines: +#node.conn[0].iscsi.HeaderDigest = None,CRC32C +#node.conn[0].iscsi.DataDigest = None,CRC32C +# +# To enable CRC32C digest checking for the header and/or data part of +# iSCSI PDUs, uncomment one or both of the following lines: +#node.conn[0].iscsi.HeaderDigest = CRC32C +#node.conn[0].iscsi.DataDigest = CRC32C +# +# To disable digest checking for the header and/or data part of +# iSCSI PDUs, uncomment one or both of the following lines: +#node.conn[0].iscsi.HeaderDigest = None +#node.conn[0].iscsi.DataDigest = None +# +# The default is to never use DataDigests or HeaderDigests. +# + +# For multipath configurations, you may want more than one session to be +# created on each iface record. If node.session.nr_sessions is greater +# than 1, performing a 'login' for that node will ensure that the +# appropriate number of sessions is created. +node.session.nr_sessions = 1 + +#************ +# Workarounds +#************ + +# Some targets like IET prefer after an initiator has sent a task +# management function like an ABORT TASK or LOGICAL UNIT RESET, that +# it does not respond to PDUs like R2Ts. To enable this behavior uncomment +# the following line (The default behavior is Yes): +node.session.iscsi.FastAbort = Yes + +# Some targets like Equalogic prefer that after an initiator has sent +# a task management function like an ABORT TASK or LOGICAL UNIT RESET, that +# it continue to respond to R2Ts. To enable this uncomment this line +# node.session.iscsi.FastAbort = No + +# To prevent doing automatic scans that would add unwanted luns to the system +# we can disable them and have sessions only do manually requested scans. +# Automatic scans are performed on startup, on login, and on AEN/AER reception +# on devices supporting it. For HW drivers all sessions will use the value +# defined in the configuration file. This configuration option is independent +# of scsi_mod scan parameter. (The default behavior is auto): +node.session.scan = auto diff --git a/etc/issue b/etc/issue new file mode 100644 index 0000000..2105b54 --- /dev/null +++ b/etc/issue @@ -0,0 +1,2 @@ +Ubuntu 20.04.4 LTS \n \l + diff --git a/etc/issue.net b/etc/issue.net new file mode 100644 index 0000000..a3bf199 --- /dev/null +++ b/etc/issue.net @@ -0,0 +1 @@ +Ubuntu 20.04.4 LTS diff --git a/etc/kernel/postinst.d/initramfs-tools b/etc/kernel/postinst.d/initramfs-tools new file mode 100755 index 0000000..5d02e57 --- /dev/null +++ b/etc/kernel/postinst.d/initramfs-tools @@ -0,0 +1,36 @@ +#!/bin/sh -e + +version="$1" +bootopt="" + +command -v update-initramfs >/dev/null 2>&1 || exit 0 + +# passing the kernel version is required +if [ -z "${version}" ]; then + echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-kernel package} did not pass a version number" + exit 2 +fi + +# exit if kernel does not need an initramfs +if [ "$INITRD" = 'No' ]; then + exit 0 +fi + +# absolute file name of kernel image may be passed as a second argument; +# create the initrd in the same directory +if [ -n "$2" ]; then + bootdir=$(dirname "$2") + bootopt="-b ${bootdir}" +fi + +# avoid running multiple times +if [ -n "$DEB_MAINT_PARAMS" ]; then + eval set -- "$DEB_MAINT_PARAMS" + if [ -z "$1" ] || [ "$1" != "configure" ]; then + exit 0 + fi +fi + +# we're good - create initramfs. update runs do_bootloader +# shellcheck disable=SC2086 +INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -c -k "${version}" ${bootopt} >&2 diff --git a/etc/kernel/postinst.d/unattended-upgrades b/etc/kernel/postinst.d/unattended-upgrades new file mode 100755 index 0000000..3f54dea --- /dev/null +++ b/etc/kernel/postinst.d/unattended-upgrades @@ -0,0 +1,13 @@ +#!/bin/sh + +case "$DPKG_MAINTSCRIPT_PACKAGE::$DPKG_MAINTSCRIPT_NAME" in + linux-image-extra*::postrm) + exit 0;; +esac + +if [ -d /var/run ]; then + touch /var/run/reboot-required + if ! grep -q "^$DPKG_MAINTSCRIPT_PACKAGE$" /var/run/reboot-required.pkgs 2> /dev/null ; then + echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs + fi +fi diff --git a/etc/kernel/postinst.d/update-notifier b/etc/kernel/postinst.d/update-notifier new file mode 120000 index 0000000..e34356c --- /dev/null +++ b/etc/kernel/postinst.d/update-notifier @@ -0,0 +1 @@ +/usr/share/update-notifier/notify-reboot-required \ No newline at end of file diff --git a/etc/kernel/postinst.d/xx-update-initrd-links b/etc/kernel/postinst.d/xx-update-initrd-links new file mode 100755 index 0000000..51f2a39 --- /dev/null +++ b/etc/kernel/postinst.d/xx-update-initrd-links @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# installkernel script calls postinst.d without any DEB_MAINT_PARAMS set +# linux-image-* postinst calls postinst.d with DEB_MAINT_PARAMS set +# do nothing in case linux-image-* calls this, as it already calls `linux-update-symlinks` +[ -z "$DEB_MAINT_PARAMS" ] || exit 0 + +# installkernel must call postinst.d with two args, version & image_path +version="$1" +image_path="$2" + +[ -n "$version" ] || exit 0 +[ -n "$image_path" ] || exit 0 + +# call linux-update-symlinks in install mode, which will correctly +# update vmlinuz & initrd.img symlinks. Even if initrd.img does not +# exist yet, or has already been created by the initramfs-update +# postinst.d hook. It will also honor kernel_img.conf settings to +# link_in_boot yes/no. Thus matching behaviour of linux-image-* +# postinst call to linux-update-symlinks. +linux-update-symlinks install $version $image_path + +exit 0 diff --git a/etc/kernel/postinst.d/zz-update-grub b/etc/kernel/postinst.d/zz-update-grub new file mode 100755 index 0000000..5ed065f --- /dev/null +++ b/etc/kernel/postinst.d/zz-update-grub @@ -0,0 +1,26 @@ +#! /bin/sh +set -e + +which update-grub >/dev/null 2>&1 || exit 0 + +if type systemd-detect-virt >/dev/null 2>&1 && + systemd-detect-virt --quiet --container; then + exit 0 +fi + +set -- $DEB_MAINT_PARAMS +mode="${1#\'}" +mode="${mode%\'}" +case $0:$mode in + # Only run on postinst configure and postrm remove, to avoid wasting + # time by calling update-grub multiple times on upgrade and removal. + # Also run if we have no DEB_MAINT_PARAMS, in order to work with old + # kernel packages. + */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove) + if [ -e /boot/grub/grub.cfg ]; then + exec update-grub + fi + ;; +esac + +exit 0 diff --git a/etc/kernel/postrm.d/initramfs-tools b/etc/kernel/postrm.d/initramfs-tools new file mode 100755 index 0000000..471da86 --- /dev/null +++ b/etc/kernel/postrm.d/initramfs-tools @@ -0,0 +1,36 @@ +#!/bin/sh -e + +version="$1" +bootopt="" + +[ -x /usr/sbin/update-initramfs ] || exit 0 + +# passing the kernel version is required +if [ -z "${version}" ]; then + echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-kernel package} did not pass a version number" + exit 0 +fi + +# exit if custom kernel does not need an initramfs +if [ "$INITRD" = 'No' ]; then + exit 0 +fi + +# absolute file name of kernel image may be passed as a second argument; +# create the initrd in the same directory +if [ -n "$2" ]; then + bootdir=$(dirname "$2") + bootopt="-b ${bootdir}" +fi + +# avoid running multiple times +if [ -n "$DEB_MAINT_PARAMS" ]; then + eval set -- "$DEB_MAINT_PARAMS" + if [ -z "$1" ] || [ "$1" != "remove" ]; then + exit 0 + fi +fi + +# delete initramfs +# shellcheck disable=SC2086 +INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -d -k "${version}" ${bootopt} >&2 diff --git a/etc/kernel/postrm.d/zz-update-grub b/etc/kernel/postrm.d/zz-update-grub new file mode 100755 index 0000000..5ed065f --- /dev/null +++ b/etc/kernel/postrm.d/zz-update-grub @@ -0,0 +1,26 @@ +#! /bin/sh +set -e + +which update-grub >/dev/null 2>&1 || exit 0 + +if type systemd-detect-virt >/dev/null 2>&1 && + systemd-detect-virt --quiet --container; then + exit 0 +fi + +set -- $DEB_MAINT_PARAMS +mode="${1#\'}" +mode="${mode%\'}" +case $0:$mode in + # Only run on postinst configure and postrm remove, to avoid wasting + # time by calling update-grub multiple times on upgrade and removal. + # Also run if we have no DEB_MAINT_PARAMS, in order to work with old + # kernel packages. + */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove) + if [ -e /boot/grub/grub.cfg ]; then + exec update-grub + fi + ;; +esac + +exit 0 diff --git a/etc/kernel/preinst.d/intel-microcode b/etc/kernel/preinst.d/intel-microcode new file mode 100755 index 0000000..d98b40c --- /dev/null +++ b/etc/kernel/preinst.d/intel-microcode @@ -0,0 +1,17 @@ +#!/bin/sh +# +# /etc/kernel/preinst.d script for intel-microcode version 3 +# Copyright (C) 2014 Henrique de Moraes Holschuh +# Released under the GPL v2 or later license +# +# This script makes sure the cpuid module is loaded, before the +# kernel image has a chance to replace it with a new one that +# might not be compatible with the current kernel. +# +# We need the cpuid module for iucode_tool --scan-system, +# which is used by the initramfs hook. +# + +grep -q cpu/cpuid /proc/devices || modprobe -q cpuid || true + +: diff --git a/etc/ld.so.cache b/etc/ld.so.cache new file mode 100644 index 0000000..8502955 Binary files /dev/null and b/etc/ld.so.cache differ diff --git a/etc/ld.so.conf b/etc/ld.so.conf new file mode 100644 index 0000000..20c9763 --- /dev/null +++ b/etc/ld.so.conf @@ -0,0 +1,2 @@ +include /etc/ld.so.conf.d/*.conf + diff --git a/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf b/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf new file mode 100644 index 0000000..bf03379 --- /dev/null +++ b/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf @@ -0,0 +1 @@ +/usr/lib/x86_64-linux-gnu/libfakeroot diff --git a/etc/ld.so.conf.d/libc.conf b/etc/ld.so.conf.d/libc.conf new file mode 100644 index 0000000..463b8bb --- /dev/null +++ b/etc/ld.so.conf.d/libc.conf @@ -0,0 +1,2 @@ +# libc default configuration +/usr/local/lib diff --git a/etc/ld.so.conf.d/x86_64-linux-gnu.conf b/etc/ld.so.conf.d/x86_64-linux-gnu.conf new file mode 100644 index 0000000..cd691ab --- /dev/null +++ b/etc/ld.so.conf.d/x86_64-linux-gnu.conf @@ -0,0 +1,4 @@ +# Multiarch support +/usr/local/lib/x86_64-linux-gnu +/lib/x86_64-linux-gnu +/usr/lib/x86_64-linux-gnu diff --git a/etc/ld.so.conf.d/zz_i386-biarch-compat.conf b/etc/ld.so.conf.d/zz_i386-biarch-compat.conf new file mode 100644 index 0000000..447564e --- /dev/null +++ b/etc/ld.so.conf.d/zz_i386-biarch-compat.conf @@ -0,0 +1,3 @@ +# Legacy biarch compatibility support +/lib32 +/usr/lib32 diff --git a/etc/ldap/ldap.conf b/etc/ldap/ldap.conf new file mode 100644 index 0000000..42d42b0 --- /dev/null +++ b/etc/ldap/ldap.conf @@ -0,0 +1,17 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never + +# TLS certificates (needed for GnuTLS) +TLS_CACERT /etc/ssl/certs/ca-certificates.crt + diff --git a/etc/legal b/etc/legal new file mode 100644 index 0000000..cf276aa --- /dev/null +++ b/etc/legal @@ -0,0 +1,8 @@ + +The programs included with the Ubuntu system are free software; +the exact distribution terms for each program are described in the +individual files in /usr/share/doc/*/copyright. + +Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by +applicable law. + diff --git a/etc/libaudit.conf b/etc/libaudit.conf new file mode 100644 index 0000000..90855d7 --- /dev/null +++ b/etc/libaudit.conf @@ -0,0 +1,7 @@ +# This is the configuration file for libaudit tunables. +# It is currently only used for the failure_action tunable. + +# failure_action can be: log, ignore, terminate +failure_action = ignore + + diff --git a/etc/libblockdev/conf.d/00-default.cfg b/etc/libblockdev/conf.d/00-default.cfg new file mode 100644 index 0000000..6412ab9 --- /dev/null +++ b/etc/libblockdev/conf.d/00-default.cfg @@ -0,0 +1,43 @@ +# This is the default configuration for the libblockdev library. For +# each supported technology/plugin there is a separate section/group +# with the 'sonames' key. The value of the key has to be a list of +# sonames of shared objects that should be attempted to be loaded for +# the plugin falling back to the next one in the list. +# +# So this example: +# [lvm] +# sonames=libbd_lvm-dbus.so.0;libbd_lvm.so.0 +# +# would result in the libbd_lvm-dbus.so.0 shared object attempted to +# be loaded and if that failed, the libbd_lvm.so.0 would be attempted +# to be loaded. + +[btrfs] +sonames=libbd_btrfs.so.2 + +[crypto] +sonames=libbd_crypto.so.2 + +[dm] +sonames=libbd_dm.so.2 + +[kbd] +sonames=libbd_kbd.so.2 + +[loop] +sonames=libbd_loop.so.2 + +[lvm] +sonames=libbd_lvm.so.2 + +[mdraid] +sonames=libbd_mdraid.so.2 + +[mpath] +sonames=libbd_mpath.so.2 + +[swap] +sonames=libbd_swap.so.2 + +[s390] +sonames=libbd_s390.so.2 diff --git a/etc/libnl-3/classid b/etc/libnl-3/classid new file mode 100644 index 0000000..2203243 --- /dev/null +++ b/etc/libnl-3/classid @@ -0,0 +1,45 @@ +############################################################################### +# +# ClassID <-> Name Translation Table +# +# This file can be used to assign names to classids for easier reference +# in all libnl tools. +# +# Format: +# # qdisc definition +# # class deifnition +# # class definition referencing an +# existing qdisc definition. +# +# Example: +# 1: top # top -> 1:0 +# top:1 interactive # interactive -> 1:1 +# top:2 www # www -> 1:2 +# top:3 bulk # bulk -> 1:3 +# 2:1 test_class # test_class -> 2:1 +# +# Illegal Example: +# 30:1 classD +# classD:2 invalidClass # classD refers to a class, not a qdisc +# +############################################################################### + +# + +# Reserved default classids +0:0 none +ffff:ffff root +ffff:fff1 ingress + +# +# List your classid definitions here: +# + + + +############################################################################### +# List of auto-generated classids +# +# DO NOT ADD CLASSID DEFINITIONS BELOW THIS LINE +# +# diff --git a/etc/libnl-3/pktloc b/etc/libnl-3/pktloc new file mode 100644 index 0000000..8559161 --- /dev/null +++ b/etc/libnl-3/pktloc @@ -0,0 +1,76 @@ +# +# Location definitions for packet matching +# + +# name alignment offset mask shift +ip.version u8 net+0 0xF0 4 +ip.hdrlen u8 net+0 0x0F +ip.diffserv u8 net+1 +ip.length u16 net+2 +ip.id u16 net+4 +ip.flag.res u8 net+6 0xff 7 +ip.df u8 net+6 0x40 6 +ip.mf u8 net+6 0x20 5 +ip.offset u16 net+6 0x1FFF +ip.ttl u8 net+8 +ip.proto u8 net+9 +ip.chksum u16 net+10 +ip.src u32 net+12 +ip.dst u32 net+16 + +# if ip.ihl > 5 +ip.opts u32 net+20 + + +# +# IP version 6 +# +# name alignment offset mask shift +ip6.version u8 net+0 0xF0 4 +ip6.tc u16 net+0 0xFF0 4 +ip6.flowlabel u32 net+0 0xFFFFF +ip6.length u16 net+4 +ip6.nexthdr u8 net+6 +ip6.hoplimit u8 net+7 +ip6.src 16 net+8 +ip6.dst 16 net+24 + +# +# Transmission Control Protocol (TCP) +# +# name alignment offset mask shift +tcp.sport u16 tcp+0 +tcp.dport u16 tcp+2 +tcp.seq u32 tcp+4 +tcp.ack u32 tcp+8 + +# Data offset (4 bits) +tcp.off u8 tcp+12 0xF0 4 + +# Reserved [0 0 0] (3 bits) +tcp.reserved u8 tcp+12 0x04 1 + +# ECN [N C E] (3 bits) +tcp.ecn u16 tcp+12 0x01C00 6 + +# Individual TCP flags (0|1) (6 bits in total) +tcp.flag.urg u8 tcp+13 0x20 5 +tcp.flag.ack u8 tcp+13 0x10 4 +tcp.flag.psh u8 tcp+13 0x08 3 +tcp.flag.rst u8 tcp+13 0x04 2 +tcp.flag.syn u8 tcp+13 0x02 1 +tcp.flag.fin u8 tcp+13 0x01 + +tcp.win u16 tcp+14 +tcp.csum u16 tcp+16 +tcp.urg u16 tcp+18 +tcp.opts u32 tcp+20 + +# +# User Datagram Protocol (UDP) +# +# name alignment offset mask shift +udp.sport u16 tcp+0 +udp.dport u16 tcp+2 +udp.length u16 tcp+4 +udp.csum u16 tcp+6 diff --git a/etc/locale.alias b/etc/locale.alias new file mode 100644 index 0000000..3766afc --- /dev/null +++ b/etc/locale.alias @@ -0,0 +1,82 @@ +# Locale name alias data base. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . + +# The format of this file is the same as for the corresponding file of +# the X Window System, which normally can be found in +# /usr/lib/X11/locale/locale.alias +# A single line contains two fields: an alias and a substitution value. +# All entries are case independent. + +# Note: This file is obsolete and is kept around for the time being for +# backward compatibility. Nobody should rely on the names defined here. +# Locales should always be specified by their full name. + +# Note: This file used to contain the following lines: +# bokmaal nb_NO.ISO-8859-1 +# franc,ais fr_FR.ISO-8859-1 +# except that the "aa" was actually the byte '\0xE5' (the Latin-1 +# encoding for U+00E5 LATIN SMALL LETTER A WITH RING ABOVE) and the +# "c," was actually the byte '\xE7' (the Latin-1 encoding for U+00E7 +# LATIN SMALL LETTER C WITH CEDILLA). These lines were removed +# because they caused 'locale -a' to output text encoded in Latin-1, +# which broke applications in UTF-8 locales. See: +# https://sourceware.org/bugzilla/show_bug.cgi?id=18412 + +bokmal nb_NO.ISO-8859-1 +catalan ca_ES.ISO-8859-1 +croatian hr_HR.ISO-8859-2 +czech cs_CZ.ISO-8859-2 +danish da_DK.ISO-8859-1 +dansk da_DK.ISO-8859-1 +deutsch de_DE.ISO-8859-1 +dutch nl_NL.ISO-8859-1 +eesti et_EE.ISO-8859-15 +estonian et_EE.ISO-8859-15 +finnish fi_FI.ISO-8859-1 +french fr_FR.ISO-8859-1 +galego gl_ES.ISO-8859-1 +galician gl_ES.ISO-8859-1 +german de_DE.ISO-8859-1 +greek el_GR.ISO-8859-7 +hebrew he_IL.ISO-8859-8 +hrvatski hr_HR.ISO-8859-2 +hungarian hu_HU.ISO-8859-2 +icelandic is_IS.ISO-8859-1 +italian it_IT.ISO-8859-1 +japanese ja_JP.eucJP +japanese.euc ja_JP.eucJP +ja_JP ja_JP.eucJP +ja_JP.ujis ja_JP.eucJP +japanese.sjis ja_JP.SJIS +korean ko_KR.eucKR +korean.euc ko_KR.eucKR +ko_KR ko_KR.eucKR +lithuanian lt_LT.ISO-8859-13 +no_NO nb_NO.ISO-8859-1 +no_NO.ISO-8859-1 nb_NO.ISO-8859-1 +norwegian nb_NO.ISO-8859-1 +nynorsk nn_NO.ISO-8859-1 +polish pl_PL.ISO-8859-2 +portuguese pt_PT.ISO-8859-1 +romanian ro_RO.ISO-8859-2 +russian ru_RU.KOI8-R +slovak sk_SK.ISO-8859-2 +slovene sl_SI.ISO-8859-2 +slovenian sl_SI.ISO-8859-2 +spanish es_ES.ISO-8859-1 +swedish sv_SE.ISO-8859-1 +thai th_TH.TIS-620 +turkish tr_TR.ISO-8859-9 diff --git a/etc/locale.gen b/etc/locale.gen new file mode 100644 index 0000000..f3b0386 --- /dev/null +++ b/etc/locale.gen @@ -0,0 +1,506 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# agr_PE UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# az_IR UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bho_NP UTF-8 +# bi_VU UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia UTF-8 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# ckb_IQ UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dsb_DE UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# el_GR@euro ISO-8859-7 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SC.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# eo_US.UTF-8 UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hif_FJ UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kab_DZ UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mai_NP UTF-8 +# mfe_MU UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# miq_NI UTF-8 +# mjw_IN UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mnw_MM UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sah_RU UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# sd_PK UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shn_MM UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# sm_WS UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# to_TO UTF-8 +# tpi_PG UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# ug_CN@latin UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# yuw_PG UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/etc/localtime b/etc/localtime new file mode 120000 index 0000000..e59d7a1 --- /dev/null +++ b/etc/localtime @@ -0,0 +1 @@ +/usr/share/zoneinfo/Etc/UTC \ No newline at end of file diff --git a/etc/logcheck/ignore.d.server/gpg-agent b/etc/logcheck/ignore.d.server/gpg-agent new file mode 100644 index 0000000..6de7991 --- /dev/null +++ b/etc/logcheck/ignore.d.server/gpg-agent @@ -0,0 +1,11 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG network certificate management daemon\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(ssh-agent emulation\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG network certificate management daemon\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(ssh-agent emulation\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$ + diff --git a/etc/logcheck/ignore.d.server/libsasl2-modules b/etc/logcheck/ignore.d.server/libsasl2-modules new file mode 100644 index 0000000..0cf93aa --- /dev/null +++ b/etc/logcheck/ignore.d.server/libsasl2-modules @@ -0,0 +1 @@ +\w{3} [ :0-9]{11} [._[:alnum:]-]+ [._[:alnum:]-]+: DIGEST-MD5 common mech free diff --git a/etc/logcheck/ignore.d.server/mdadm b/etc/logcheck/ignore.d.server/mdadm new file mode 100644 index 0000000..051c473 --- /dev/null +++ b/etc/logcheck/ignore.d.server/mdadm @@ -0,0 +1,23 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md driver [.[:digit:]]+ MAX_MD_DEVS=[[:digit:]]+, MD_SB_DISKS=[[:digit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: bitmap version [.[:digit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+ stopped\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+ still in use\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: cannot remove active disk [[:alnum:]]+ from md[[:digit:]]+ \.\.\. ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: raid([01456]|456|10) personality registered for level ([01456]|10)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: (data-check|requested-resync|resync|reshape|recovery) of RAID array md[[:digit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: resuming (data-check|requested-resync|resync|reshape|recovery) of md[[:digit:]]+ from checkpoint\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+: (data-check|requested-resync|resync|reshape|recovery) done\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: minimum _guaranteed_ ?speed: [[:digit:]]+ KB/sec/disk\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: using maximum available idle IO bandwidth \(but not more than [[:digit:]]+ KB/sec\) for (data-check|requested-resync|resync|reshape|recovery)\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: delaying (data-check|requested-resync|resync|reshape|recovery) of md[[:digit:]]+ until md[[:digit:]]+ has finished \(they share one or more physical units\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: using [[:digit:]]+k window, over a total of [[:digit:]]+( blocks|k)\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: (un)?bind<[^>]+>$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: export_rdev\([^)]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? raid[[:digit:]]+: raid set [[:alnum:]]+ active with [[:digit:]]+ out of [[:digit:]]+ mirrors$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? RAID([01456]|10) conf printout:$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+---( [wrf]d:[[:digit:]]+){2,3}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+disk [[:digit:]]+,( wo:[[:digit:]]+,)? o:[[:digit:]]+, dev:[[:alnum:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: Rebuild((Start|Finish)ed|[[:digit:]]+) event detected on md device /dev/[-_./[:alnum:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: SpareActive event detected on md device /dev/[-_./[:alnum:]]+, component device /dev/[-_./[:alnum:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: (New|Degraded)Array event detected on md device /dev/[-_./[:alnum:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: DeviceDisappeared event detected on md device /dev/[-_./[:alnum:]]+$ diff --git a/etc/logcheck/ignore.d.server/rsyslog b/etc/logcheck/ignore.d.server/rsyslog new file mode 100644 index 0000000..c29d5bf --- /dev/null +++ b/etc/logcheck/ignore.d.server/rsyslog @@ -0,0 +1,5 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: imklog [0-9.]+, log source = /proc/kmsg started.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Kernel logging \(proc\) stopped.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] start$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] exiting on signal [0-9]+.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] rsyslogd was HUPed$ diff --git a/etc/logcheck/violations.d/mdadm b/etc/logcheck/violations.d/mdadm new file mode 100644 index 0000000..ea8cce7 --- /dev/null +++ b/etc/logcheck/violations.d/mdadm @@ -0,0 +1,3 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: kicking non-fresh [[:alnum:]]+ from array!$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? raid[[:digit:]]+: Disk failure on [[:alnum:]]+, disabling device\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+Operation continuing on [[:digit:]]+ devices?$ diff --git a/etc/login.defs b/etc/login.defs new file mode 100644 index 0000000..7c32d63 --- /dev/null +++ b/etc/login.defs @@ -0,0 +1,341 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK is the default umask value for pam_umask and is used by +# useradd and newusers to set the mode of the new home directories. +# 022 is the "historical" value in Debian for UMASK +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +# +# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value +# for private user groups, i. e. the uid is the same as gid, and username is +# the same as the primary group name: for these, the user permissions will be +# used as group permissions, e. g. 022 will become 002. +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +#SYS_UID_MIN 100 +#SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +#SYS_GID_MIN 100 +#SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# If set to yes, userdel will remove the user's group if it contains no +# more members, and useradd will create by default a group with the name +# of the user. +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is deprecated. You should use ENCRYPT_METHOD. +# +#MD5_CRYPT_ENAB no + +# +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +# Note: It is recommended to use a value consistent with +# the PAM modules configuration. +# +ENCRYPT_METHOD SHA512 + +# +# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/etc/logrotate.conf b/etc/logrotate.conf new file mode 100644 index 0000000..19eefe1 --- /dev/null +++ b/etc/logrotate.conf @@ -0,0 +1,24 @@ +# see "man logrotate" for details +# rotate log files weekly +weekly + +# use the adm group by default, since this is the owning group +# of /var/log/syslog. +su root adm + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# use date as a suffix of the rotated file +#dateext + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# system-specific logs may be also be configured here. diff --git a/etc/logrotate.d/alternatives b/etc/logrotate.d/alternatives new file mode 100644 index 0000000..41c8a9c --- /dev/null +++ b/etc/logrotate.d/alternatives @@ -0,0 +1,9 @@ +/var/log/alternatives.log { + monthly + rotate 12 + compress + delaycompress + missingok + notifempty + create 644 root root +} diff --git a/etc/logrotate.d/apport b/etc/logrotate.d/apport new file mode 100644 index 0000000..e255fea --- /dev/null +++ b/etc/logrotate.d/apport @@ -0,0 +1,9 @@ +/var/log/apport.log { + daily + rotate 7 + delaycompress + compress + notifempty + missingok +} + diff --git a/etc/logrotate.d/apt b/etc/logrotate.d/apt new file mode 100644 index 0000000..9a6e5d1 --- /dev/null +++ b/etc/logrotate.d/apt @@ -0,0 +1,16 @@ +/var/log/apt/term.log { + rotate 12 + monthly + compress + missingok + notifempty +} + +/var/log/apt/history.log { + rotate 12 + monthly + compress + missingok + notifempty +} + diff --git a/etc/logrotate.d/bootlog b/etc/logrotate.d/bootlog new file mode 100644 index 0000000..9be1a64 --- /dev/null +++ b/etc/logrotate.d/bootlog @@ -0,0 +1,8 @@ +/var/log/boot.log +{ + missingok + daily + copytruncate + rotate 7 + notifempty +} diff --git a/etc/logrotate.d/btmp b/etc/logrotate.d/btmp new file mode 100644 index 0000000..0aa1ae1 --- /dev/null +++ b/etc/logrotate.d/btmp @@ -0,0 +1,7 @@ +# no packages own btmp -- we'll rotate it here +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} diff --git a/etc/logrotate.d/certbot b/etc/logrotate.d/certbot new file mode 100644 index 0000000..05caa95 --- /dev/null +++ b/etc/logrotate.d/certbot @@ -0,0 +1,6 @@ +/var/log/letsencrypt/*.log { + rotate 12 + weekly + compress + missingok +} \ No newline at end of file diff --git a/etc/logrotate.d/dpkg b/etc/logrotate.d/dpkg new file mode 100644 index 0000000..cf36f08 --- /dev/null +++ b/etc/logrotate.d/dpkg @@ -0,0 +1,9 @@ +/var/log/dpkg.log { + monthly + rotate 12 + compress + delaycompress + missingok + notifempty + create 644 root root +} diff --git a/etc/logrotate.d/nginx b/etc/logrotate.d/nginx new file mode 100644 index 0000000..423c6ad --- /dev/null +++ b/etc/logrotate.d/nginx @@ -0,0 +1,18 @@ +/var/log/nginx/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty + create 0640 www-data adm + sharedscripts + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi \ + endscript + postrotate + invoke-rc.d nginx rotate >/dev/null 2>&1 + endscript +} diff --git a/etc/logrotate.d/postgresql-common b/etc/logrotate.d/postgresql-common new file mode 100644 index 0000000..0cbf10a --- /dev/null +++ b/etc/logrotate.d/postgresql-common @@ -0,0 +1,10 @@ +/var/log/postgresql/*.log { + weekly + rotate 10 + copytruncate + delaycompress + compress + notifempty + missingok + su root root +} diff --git a/etc/logrotate.d/rsyslog b/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..a69d4e5 --- /dev/null +++ b/etc/logrotate.d/rsyslog @@ -0,0 +1,37 @@ +/var/log/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +/var/log/mail.log +/var/log/daemon.log +/var/log/kern.log +/var/log/auth.log +/var/log/user.log +/var/log/lpr.log +/var/log/cron.log +/var/log/debug +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} diff --git a/etc/logrotate.d/ubuntu-advantage-tools b/etc/logrotate.d/ubuntu-advantage-tools new file mode 100644 index 0000000..7c64857 --- /dev/null +++ b/etc/logrotate.d/ubuntu-advantage-tools @@ -0,0 +1,12 @@ +# use the root group by default, since this is the owning group +# of /var/log/ubuntu-advantage*.log files. +/var/log/ubuntu-advantage*.log { + su root root + create 0644 root root + rotate 6 + monthly + compress + delaycompress + missingok + notifempty +} diff --git a/etc/logrotate.d/ufw b/etc/logrotate.d/ufw new file mode 100644 index 0000000..560f7a5 --- /dev/null +++ b/etc/logrotate.d/ufw @@ -0,0 +1,13 @@ +/var/log/ufw.log +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true + endscript +} diff --git a/etc/logrotate.d/unattended-upgrades b/etc/logrotate.d/unattended-upgrades new file mode 100644 index 0000000..8393767 --- /dev/null +++ b/etc/logrotate.d/unattended-upgrades @@ -0,0 +1,10 @@ +/var/log/unattended-upgrades/unattended-upgrades.log +/var/log/unattended-upgrades/unattended-upgrades-dpkg.log +/var/log/unattended-upgrades/unattended-upgrades-shutdown.log +{ + rotate 6 + monthly + compress + missingok + notifempty +} diff --git a/etc/logrotate.d/wtmp b/etc/logrotate.d/wtmp new file mode 100644 index 0000000..cc8a151 --- /dev/null +++ b/etc/logrotate.d/wtmp @@ -0,0 +1,8 @@ +# no packages own wtmp -- we'll rotate it here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + minsize 1M + rotate 1 +} diff --git a/etc/lsb-release b/etc/lsb-release new file mode 100644 index 0000000..d68631b --- /dev/null +++ b/etc/lsb-release @@ -0,0 +1,4 @@ +DISTRIB_ID=Ubuntu +DISTRIB_RELEASE=20.04 +DISTRIB_CODENAME=focal +DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS" diff --git a/etc/ltrace.conf b/etc/ltrace.conf new file mode 100644 index 0000000..8f83986 --- /dev/null +++ b/etc/ltrace.conf @@ -0,0 +1,543 @@ +; ltrace.conf +; +; ~/.ltrace.conf will also be read, if it exists. The -F option may be +; used to suppress the automatic inclusion of both this file and +; ~/.ltrace.conf, and load a different config file or config files +; instead. +; +; See ltrace.conf(5) for description of syntax of this file. + +; arpa/inet.h +typedef in_addr = struct(hex(uint)); +int inet_aton(string, +in_addr*); +hex(uint) inet_addr(string); +hex(uint) inet_network(string); +string inet_ntoa(in_addr); +in_addr inet_makeaddr(hex(int), hex(int)); +hex(uint) inet_lnaof(in_addr); +hex(uint) inet_netof(in_addr); + +; bfd.h +void bfd_init(); +int bfd_set_default_target(string); +addr bfd_scan_vma(string, addr, int); +addr bfd_openr(string,string); +int bfd_check_format(addr,int); + +; ctype.h +char tolower(char); +char toupper(char); +addr __ctype_b_loc(); +addr __ctype_tolower_loc(); +addr __ctype_toupper_loc(); +ulong __ctype_get_mb_cur_max(); + +; curses.h +int waddch(addr, char); +int mvprintw(int, int, format); +int wmove(addr, int, int); +int waddnstr(addr, string, int); +string tgoto(string, int, int); + +; dirent.h +int closedir(addr); +addr opendir(string); +addr readdir(addr); +addr readdir64(addr); + +; dlfcn.h +addr dlopen(string, int); +string dlerror(); +addr dlsym(addr, string); +int dlclose(addr); + +; errno.h +addr __errno_location(); + +; fcntl.h +int open(string,int,octal); ; WARNING: 3rd argument may not be there +int open64(string,int,octal); ; WARNING: 3rd argument may not be there + +; fnmatch.h +int fnmatch(string, string, int); + +; getopt.h +int getopt_long(int,addr,string,addr,int*); +int getopt_long_only(int,addr,string,addr,addr); + +; grp.h +void endgrent(); +addr getgrnam(string); +void setgrent(); +addr getgrent(); + +; libintl.h +string __dcgettext(string,string,int); +string bindtextdomain(string, string); +string textdomain(string); + +; libio.h +char _IO_getc(file); +int _IO_putc(char,file); + +; locale.h +string setlocale(enum(LC_CTYPE=0, LC_NUMERIC=1, LC_TIME=2, LC_COLLATE=3, LC_MONETARY=4, LC_MESSAGES=5, LC_ALL=6, LC_PAPER=7, LC_NAME=8, LC_ADDRESS=9, LC_TELEPHONE=10, LC_MEASUREMENT=11, LC_IDENTIFICATION=12), string); + +; mcheck.h +void mtrace(); +void muntrace(); + +; mqueue.h +int mq_open(string, int, octal, addr); ; WARNING: 3rd and 4th arguments may not be there +int mq_close(int); +int mq_unlink(string); +int mq_getattr(int, addr); +int mq_setattr(int, addr, addr); +int mq_notify(int, addr); +int mq_send(int, string3, ulong, uint); +int mq_timedsend(int, string3, ulong, uint, addr); +long mq_receive(int, +string0, ulong, addr); +long mq_timedreceive(int, +string0, ulong, addr, addr); + +; netdb.h +void endhostent(); +void endnetent(); +void endnetgrent(); +void endprotoent(); +void endservent(); +void freeaddrinfo(addr); +string gai_strerror(int); +int getaddrinfo(string, string, addr, addr); +addr gethostbyaddr(string, uint, int); +addr gethostbyname(string); +addr gethostent(); +int getnameinfo(addr, uint, string, uint, string, uint, uint); +addr getnetbyaddr(uint, int); +addr getnetbyname(string); +addr getnetent(); +int getnetgrent(addr, addr, addr); +addr getprotobyname(string); +addr getprotobynumber(int); +addr getprotoent(); +addr getservbyname(string, string); +addr getservbyport(int, string); +addr getservent(); +void herror(string); +string hstrerror(int); +int rcmd(addr, ushort, string, string, string, addr); +int rcmd_af(addr, ushort, string, string, string, addr, int); +int rexec(addr, int, string, string, string, addr); +int rexec_af(addr, int, string, string, string, addr, int); +int rresvport (addr); +int rresvport_af (addr, int); +int ruserok(string, int, string, string); +int ruserok_af(string, int, string, string, int); +void sethostent(int); +void setnetent(int); +int setnetgrent(string); +void setprotoent(int); +void setservent(int); + +; netinet/in.h +uint ntohs(uint); + +; pcap.h +string pcap_lookupdev(addr); +addr pcap_open_live(string, int, int, int, addr); +int pcap_snapshot(addr); +int pcap_lookupnet(string, addr, addr, addr); +int pcap_compile(addr, addr, string, int, addr); + +; pwd.h +string getpass(string); +void endpwent(); +addr getpwnam(string); +void setpwent(); + +; readline/readline.h +string readline(string); + +; signal.h +typedef signum = enum(SIGHUP=1, SIGINT=2, SIGQUIT=3, SIGILL=4, SIGTRAP=5, SIGABRT=6, SIGBUS=7, SIGFPE=8, SIGKILL=9, SIGUSR1=10, SIGSEGV=11, SIGUSR2=12, SIGPIPE=13, SIGALRM=14, SIGTERM=15, SIGSTKFLT=16, SIGCHLD=17, SIGCONT=18, SIGSTOP=19, SIGTSTP=20, SIGTTIN=21, SIGTTOU=22, SIGURG=23, SIGXCPU=24, SIGXFSZ=25, SIGVTALRM=26, SIGPROF=27, SIGWINCH=28, SIGIO=29, SIGPWR=30, SIGSYS=31, SIGRTMIN_0=32, SIGRTMIN_1=33, SIGRTMIN_2=34, SIGRTMIN_3=35, SIGRTMIN_4=36, SIGRTMIN_5=37, SIGRTMIN_6=38, SIGRTMIN_7=39, SIGRTMIN_8=40, SIGRTMIN_9=41, SIGRTMIN_10=42, SIGRTMIN_11=43, SIGRTMIN_12=44, SIGRTMIN_13=45, SIGRTMIN_14=46, SIGRTMIN_15=47, SIGRTMIN_16=48, SIGRTMIN_17=49, SIGRTMIN_18=50, SIGRTMIN_19=51, SIGRTMIN_20=52, SIGRTMIN_21=53, SIGRTMIN_22=54, SIGRTMIN_23=55, SIGRTMIN_24=56, SIGRTMIN_25=57, SIGRTMIN_26=58, SIGRTMIN_27=59, SIGRTMIN_28=60, SIGRTMIN_29=61, SIGRTMIN_30=62, SIGRTMIN_31=63); +typedef sigset_t = bitvec(ulong); +; elm3 should be flags +typedef sigaction = struct(addr, sigset_t, hex(int), addr); +int kill(int, signum); +int sigemptyset(+sigset_t*); +int sigaddset(+sigset_t*, signum); +int sigdelset(+sigset_t*, signum); +int sigfillset(+sigset_t*); +int sigismember(sigset_t*, signum); +addr signal(signum,addr); +int sigaction(signum, sigaction*, +sigaction*); +int sigprocmask(enum(SIG_BLOCK=1, SIG_UNBLOCK=2, SIG_SETMASK=3), sigset_t*, +sigset_t*); +int sigpending(+sigset_t*); +int sigsuspend(sigset_t*); +int sigisemptyset(sigset_t*); +int sigorset(+sigset_t*, sigset_t*, sigset_t*); +int sigandset(+sigset_t*, sigset_t*, sigset_t*); + +; stdio.h +int fclose(file); +int feof(file); +int ferror(file); +int fflush(file); +char fgetc(file); +addr fgets(+string, int, file); +int fileno(file); +file fopen(string,string); +file fopen64(string,string); +int fprintf(file,format); +int fputc(char,file); +int fputs(string,file); +ulong fread(addr,ulong,ulong,file); +ulong fread_unlocked(addr,ulong,ulong,file); +ulong fwrite(string,ulong,ulong,file); +ulong fwrite_unlocked(string,ulong,ulong,file); +int pclose(addr); +void perror(string); +addr popen(string, string); +int printf(format); +int puts(string); +int remove(string); +int snprintf(+string2,ulong,format); +int sprintf(+string,format); +string tempnam(string,string); +int vfprintf(file,string,addr); +int vsnprintf(+string2,ulong,string,addr); +int setvbuf(file,addr,int,ulong); +void setbuf(file,addr); +void setbuffer(file,addr,ulong); +void setlinebuf(file); +int rename(string,string); + +; stdlib.h +long __strtol_internal(string,addr,int); +ulong __strtoul_internal(string,addr,int); +int atexit(addr); +addr bsearch(string, addr, ulong, ulong, addr); +addr calloc(ulong, ulong); +void exit(int); +void free(addr); +string getenv(string); +int putenv(string); +int setenv(string,string,int); +void unsetenv(string); +addr malloc(ulong); +void qsort(addr,ulong,ulong,addr); +int random(); +addr realloc(addr,ulong); +void srandom(uint); +int system(string); + +; string.h +void bcopy(addr,addr,ulong); +void bzero(addr,ulong); +string basename(string); +string index(string,char); +addr memchr(string,char,ulong); +addr memcpy(addr,string(array(char, arg3)*),ulong); +addr memmove(addr,string(array(char, arg3)*),ulong); +addr memset(addr,char,long); +string rindex(string,char); +addr stpcpy(addr,string); +int strcasecmp(string, string); +string strcat(string, string); +string strchr(string,char); +int strcoll(string,string); +ulong strlen(string); +int strcmp(string,string); +addr strcpy(addr,string); +addr strdup(string); +string strerror(int); +int strncmp(string,string,ulong); +addr strncpy(addr,string3,ulong); +string strrchr(string,char); +string strsep(addr,string); +ulong strspn(string,string); +ulong strcspn(string,string); +string strstr(string,string); +string strtok(string, string); + +; sys/ioctl.h +int ioctl(int, int, addr); + +; sys/socket.h +int socket(int,int,int); + +; sys/stat.h +int __fxstat(int,int,addr); +int __xstat(int,string,addr); +int __lxstat(int,string,addr); +int __fxstat64(int,int,addr); +int __xstat64(int,string,addr); +int __lxstat64(int,string,addr); +int chmod(string,octal); +int fchmod(int,octal); +int mkfifo(string,octal); +octal umask(octal); + +; sys/utsname.h +int uname(addr); + +; sys/vfs.h +int statfs(string,addr); + +; syslog.h +void closelog(); +void openlog(string,int,int); +void syslog(int,format); + +; term.h +int tputs(string, int, addr); + +; termios.h +int tcgetattr(int,addr); +int tcsetattr(int,int,addr); + +; time.h +string ctime(addr); +int gettimeofday(addr, addr); +addr gmtime(addr); +addr localtime(addr); +ulong strftime(+string2,ulong,string,addr); +long time(addr); + +; unistd.h +void _exit(int); +int access(string, int); +uint alarm(uint); +int chdir(string); +int chown(string,int,int); +int close(int); +string crypt(string,string); +int dup2(int,int); +int execlp(string,string,addr,addr,addr); +int execv(string,addr); +int fchdir(int); +int fork(); +int ftruncate(int,ulong); +string2 getcwd(addr,ulong); +int getdomainname(+string2,ulong); +int geteuid(); +int getegid(); +int getgid(); +int gethostname(+string2,ulong); +string getlogin(); +int getopt(int,addr,string); +int getpid(); +int getppid(); +int getuid(); +int getpgrp(); +int setpgrp(); +int getpgid(int); +int isatty(int); +int link(string,string); +int mkdir(string,octal); +long read(int, +string[retval], ulong); +int rmdir(string); +int seteuid(uint); +int setgid(int); +int sethostname(+string2,ulong); +int setpgid(int,int); +int setreuid(uint, uint); +int setuid(int); +uint sleep(uint); +int symlink(string,string); +int sync(); +int truncate(string,ulong); +string ttyname(int); +int unlink(string); +void usleep(uint); +long write(int, string3, ulong); +addr sbrk(long); +int getpagesize(); +long lseek(int,long,int); +int pipe(addr); + +; utmp.h +void endutent(); +addr getutent(); +void setutent(); + +; wchar.h +int fwide(addr, int); + +; sys/wait.h +int wait(addr); +int waitpid(int,addr,int); + +; X11/Xlib.h +void XCloseDisplay(addr); +int XMapWindow(addr,addr); +addr XOpenDisplay(string); + +; sys/acl.h +int acl_add_perm(addr,uint); +int acl_calc_mask(addr); +int acl_clear_perms(addr); +int acl_copy_entry(addr,addr); +int acl_copy_ext(addr,addr,int); +addr acl_copy_int(addr); +int acl_create_entry(addr,addr); +int acl_delete_def_file(string); +int acl_delete_entry(addr,addr); +int acl_delete_perm(addr,uint); +addr acl_dup(addr); +int acl_free(addr); +addr acl_from_text(string); +int acl_get_entry(addr,int,addr); +addr acl_get_fd(int); +addr acl_get_file(string,int); +int acl_get_permset(addr,addr); +addr acl_get_qualifier(addr); +int acl_get_tag_type(addr,addr); +addr acl_init(int); +int acl_set_fd(int,addr); +int acl_set_file(string,int,addr); +int acl_set_permset(addr,addr); +int acl_set_qualifier(addr,addr); +int acl_set_tag_type(addr,int); +int acl_size(addr); +string acl_to_text(addr,addr); +int acl_valid(addr); + +; acl/libacl.h +int acl_check(addr,addr); +int acl_cmp(addr,addr); +int acl_entries(addr); +int acl_equiv_mode(addr,addr); +string acl_error(int); +int acl_extended_fd(int); +int acl_extended_file(string); +addr acl_from_mode(octal); +int acl_get_perm(addr,uint); +string acl_to_any_text(addr,string,char,int); + +; other symbols not included above +long a64l(string); +string l64a(long); +void abort(); +int abs(int); +long labs(long); + +typedef mntent = struct(string, string, string, string, int, int); +int addmntent(file, mntent*); +int endmntent(file); +int __endmntent(file); +file setmntent(string,string); +file __setmntent(string,string); +mntent *getmntent(addr); +mntent *getmntent_r(file, +mntent*, string, int); +mntent *__getmntent_r(file, +mntent*, string, int); +string hasmntopt(mntent*, string); + +; SYSCALLS +addr SYS_brk(addr); +int SYS_close(int); +int SYS_execve(string,addr,addr); +void SYS_exit(int); +void SYS_exit_group(int); +int SYS_fork(); +int SYS_getcwd(+string2,ulong); +int SYS_getpid(); +;addr SYS_mmap(addr,ulong,int,int,int,long); +int SYS_munmap(addr,ulong); +int SYS_open(string,int,octal); +int SYS_personality(uint); +long SYS_read(int,+string0,ulong); +int SYS_stat(string,addr); +octal SYS_umask(octal); +int SYS_uname(addr); +long SYS_write(int,string3,ulong); +int SYS_sync(); +int SYS_setxattr(string,string,addr,uint,int); +int SYS_lsetxattr(string,string,addr,uint,int); +int SYS_fsetxattr(int,string,addr,uint,int); +int SYS_getxattr(string,string,addr,uint); +int SYS_lgetxattr(string,string,addr,uint); +int SYS_fgetxattr(int,string,addr,uint); +int SYS_listxattr(string,addr,uint); +int SYS_llistxattr(string,addr,uint); +int SYS_flistxattr(int,addr,uint); +int SYS_removexattr(string,string); +int SYS_lremovexattr(string,string); +int SYS_fremovexattr(int,string); +int SYS_chdir(string); +int SYS_fchdir(int); +int SYS_chmod(string,octal); +int SYS_fchmod(int,octal); +int SYS_chown(string,int,int); +int SYS_fchown(int,int,int); +int SYS_lchown(string,int,int); +int SYS_chroot(string); +int SYS_dup(int); +int SYS_dup2(int,int); +int SYS_fdatasync(int); +int SYS_fsync(int); +int SYS_getpriority(int,int); +int SYS_setpriority(int,int,int); +int SYS_getrlimit(int,addr); +int SYS_setrlimit(int,addr); +int SYS_gettimeofday(addr,addr); +int SYS_settimeofday(addr,addr); +int SYS_setfsgid(int); +int SYS_setfsuid(int); +int SYS_getuid(); +int SYS_setuid(int); +int SYS_getgid(); +int SYS_setgid(int); +int SYS_getsid(int); +int SYS_setsid(int); +int SYS_setreuid(int,int); +int SYS_setregid(int,int); +int SYS_geteuid(); +int SYS_getegid(); +int SYS_setpgid(int,int); +int SYS_getresuid(addr,addr,addr); +int SYS_setresuid(int,int,int); +int SYS_getresgid(addr,addr,addr); +int SYS_setresgid(int,int,int); +int SYS_kill(int,int); +int SYS_link(string,string); +int SYS_madvise(addr,ulong,int); +int SYS_mkdir(string,octal); +int SYS_mknod(string,octal,int); +int SYS_msync(addr,ulong,int); +int SYS_nice(int); +int SYS_poll(addr,uint,int); +int SYS_readdir(uint,addr,uint); +int SYS_readlink(string,string,ulong); +int SYS_reboot(int,int,int,addr); +int SYS_rename(string,string); +int SYS_rmdir(string); +int SYS_sigaltstack(addr,addr); +int SYS_statfs(string,addr); +int SYS_fstatfs(int,addr); +int SYS_fstat(int,addr); +int SYS_lstat(string,addr); +int SYS_stime(addr); +int SYS_symlink(string, string); +int SYS_sysinfo(addr); +int SYS_syslog(int,string,int); +int SYS_truncate(string,long); +int SYS_ftruncate(int,long); +int SYS_mount(string,string,string,ulong,addr); +int SYS_umount(string); +int SYS_umount2(string,int); +int SYS_unlink(string); +int SYS_utime(string,addr); +long SYS_lseek(int,long,int); +addr SYS_signal(int,addr); +int SYS_sigaction(int,addr,addr); +int SYS_pause(); +int SYS_sigpending(addr); +int SYS_sigprocmask(int,addr,addr); +int SYS_sigqueue(int,int,addr); +int SYS_sigsuspend(addr); +int SYS_wait(addr); +int SYS_waitpid(int,addr,int); +ulong SYS_readv(int,addr,int); +ulong SYS_writev(int,addr,int); +int SYS_mprotect(addr,int,int); +int SYS_access(string,octal); diff --git a/etc/lvm/lvm.conf b/etc/lvm/lvm.conf new file mode 100644 index 0000000..e3a4984 --- /dev/null +++ b/etc/lvm/lvm.conf @@ -0,0 +1,2282 @@ +# This is an example configuration file for the LVM2 system. +# It contains the default settings that would be used if there was no +# /etc/lvm/lvm.conf file. +# +# Refer to 'man lvm.conf' for further information including the file layout. +# +# Refer to 'man lvm.conf' for information about how settings configured in +# this file are combined with built-in values and command line options to +# arrive at the final values used by LVM. +# +# Refer to 'man lvmconfig' for information about displaying the built-in +# and configured values used by LVM. +# +# If a default value is set in this file (not commented out), then a +# new version of LVM using this file will continue using that value, +# even if the new version of LVM changes the built-in default value. +# +# To put this file in a different directory and override /etc/lvm set +# the environment variable LVM_SYSTEM_DIR before running the tools. +# +# N.B. Take care that each setting only appears once if uncommenting +# example settings in this file. + + +# Configuration section config. +# How LVM configuration settings are handled. +config { + + # Configuration option config/checks. + # If enabled, any LVM configuration mismatch is reported. + # This implies checking that the configuration key is understood by + # LVM and that the value of the key is the proper type. If disabled, + # any configuration mismatch is ignored and the default value is used + # without any warning (a message about the configuration key not being + # found is issued in verbose mode only). + checks = 1 + + # Configuration option config/abort_on_errors. + # Abort the LVM process if a configuration mismatch is found. + abort_on_errors = 0 + + # Configuration option config/profile_dir. + # Directory where LVM looks for configuration profiles. + profile_dir = "/etc/lvm/profile" +} + +# Configuration section devices. +# How LVM uses block devices. +devices { + + # Configuration option devices/dir. + # Directory in which to create volume group device nodes. + # Commands also accept this as a prefix on volume group names. + # This configuration option is advanced. + dir = "/dev" + + # Configuration option devices/scan. + # Directories containing device nodes to use with LVM. + # This configuration option is advanced. + scan = [ "/dev" ] + + # Configuration option devices/obtain_device_list_from_udev. + # Obtain the list of available devices from udev. + # This avoids opening or using any inapplicable non-block devices or + # subdirectories found in the udev directory. Any device node or + # symlink not managed by udev in the udev directory is ignored. This + # setting applies only to the udev-managed device directory; other + # directories will be scanned fully. LVM needs to be compiled with + # udev support for this setting to apply. + obtain_device_list_from_udev = 1 + + # Configuration option devices/external_device_info_source. + # Select an external device information source. + # Some information may already be available in the system and LVM can + # use this information to determine the exact type or use of devices it + # processes. Using an existing external device information source can + # speed up device processing as LVM does not need to run its own native + # routines to acquire this information. For example, this information + # is used to drive LVM filtering like MD component detection, multipath + # component detection, partition detection and others. + # + # Accepted values: + # none + # No external device information source is used. + # udev + # Reuse existing udev database records. Applicable only if LVM is + # compiled with udev support. + # + external_device_info_source = "none" + + # Configuration option devices/hints. + # Use a local file to remember which devices have PVs on them. + # Some commands will use this as an optimization to reduce device + # scanning, and will only scan the listed PVs. Removing the hint file + # will cause lvm to generate a new one. Disable hints if PVs will + # be copied onto devices using non-lvm commands, like dd. + # + # Accepted values: + # all + # Use all hints. + # none + # Use no hints. + # + # This configuration option has an automatic default value. + # hints = "all" + + # Configuration option devices/preferred_names. + # Select which path name to display for a block device. + # If multiple path names exist for a block device, and LVM needs to + # display a name for the device, the path names are matched against + # each item in this list of regular expressions. The first match is + # used. Try to avoid using undescriptive /dev/dm-N names, if present. + # If no preferred name matches, or if preferred_names are not defined, + # the following built-in preferences are applied in order until one + # produces a preferred name: + # Prefer names with path prefixes in the order of: + # /dev/mapper, /dev/disk, /dev/dm-*, /dev/block. + # Prefer the name with the least number of slashes. + # Prefer a name that is a symlink. + # Prefer the path with least value in lexicographical order. + # + # Example + # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ] + # + # This configuration option does not have a default value defined. + + # Configuration option devices/filter. + # Limit the block devices that are used by LVM commands. + # This is a list of regular expressions used to accept or reject block + # device path names. Each regex is delimited by a vertical bar '|' + # (or any character) and is preceded by 'a' to accept the path, or + # by 'r' to reject the path. The first regex in the list to match the + # path is used, producing the 'a' or 'r' result for the device. + # When multiple path names exist for a block device, if any path name + # matches an 'a' pattern before an 'r' pattern, then the device is + # accepted. If all the path names match an 'r' pattern first, then the + # device is rejected. Unmatching path names do not affect the accept + # or reject decision. If no path names for a device match a pattern, + # then the device is accepted. Be careful mixing 'a' and 'r' patterns, + # as the combination might produce unexpected results (test changes.) + # Run vgscan after changing the filter to regenerate the cache. + # + # Example + # Accept every block device: + # filter = [ "a|.*|" ] + # Reject the cdrom drive: + # filter = [ "r|/dev/cdrom|" ] + # Work with just loopback devices, e.g. for testing: + # filter = [ "a|loop|", "r|.*|" ] + # Accept all loop devices and ide drives except hdc: + # filter = [ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ] + # Use anchors to be very specific: + # filter = [ "a|^/dev/hda8$|", "r|.*|" ] + # + # This configuration option has an automatic default value. + # filter = [ "a|.*|" ] + + # Configuration option devices/global_filter. + # Limit the block devices that are used by LVM system components. + # Because devices/filter may be overridden from the command line, it is + # not suitable for system-wide device filtering, e.g. udev. + # Use global_filter to hide devices from these LVM system components. + # The syntax is the same as devices/filter. Devices rejected by + # global_filter are not opened by LVM. + # This configuration option has an automatic default value. + # global_filter = [ "a|.*|" ] + + # Configuration option devices/types. + # List of additional acceptable block device types. + # These are of device type names from /proc/devices, followed by the + # maximum number of partitions. + # + # Example + # types = [ "fd", 16 ] + # + # This configuration option is advanced. + # This configuration option does not have a default value defined. + + # Configuration option devices/sysfs_scan. + # Restrict device scanning to block devices appearing in sysfs. + # This is a quick way of filtering out block devices that are not + # present on the system. sysfs must be part of the kernel and mounted.) + sysfs_scan = 1 + + # Configuration option devices/scan_lvs. + # Scan LVM LVs for layered PVs, allowing LVs to be used as PVs. + # When 1, LVM will detect PVs layered on LVs, and caution must be + # taken to avoid a host accessing a layered VG that may not belong + # to it, e.g. from a guest image. This generally requires excluding + # the LVs with device filters. Also, when this setting is enabled, + # every LVM command will scan every active LV on the system (unless + # filtered), which can cause performance problems on systems with + # many active LVs. When this setting is 0, LVM will not detect or + # use PVs that exist on LVs, and will not allow a PV to be created on + # an LV. The LVs are ignored using a built in device filter that + # identifies and excludes LVs. + scan_lvs = 0 + + # Configuration option devices/multipath_component_detection. + # Ignore devices that are components of DM multipath devices. + multipath_component_detection = 1 + + # Configuration option devices/md_component_detection. + # Enable detection and exclusion of MD component devices. + # An MD component device is a block device that MD uses as part + # of a software RAID virtual device. When an LVM PV is created + # on an MD device, LVM must only use the top level MD device as + # the PV, and should ignore the underlying component devices. + # In cases where the MD superblock is located at the end of the + # component devices, it is more difficult for LVM to consistently + # identify an MD component, see the md_component_checks setting. + md_component_detection = 1 + + # Configuration option devices/md_component_checks. + # The checks LVM should use to detect MD component devices. + # MD component devices are block devices used by MD software RAID. + # + # Accepted values: + # auto + # LVM will skip scanning the end of devices when it has other + # indications that the device is not an MD component. + # start + # LVM will only scan the start of devices for MD superblocks. + # This does not incur extra I/O by LVM. + # full + # LVM will scan the start and end of devices for MD superblocks. + # This requires an extra read at the end of devices. + # + # This configuration option has an automatic default value. + # md_component_checks = "auto" + + # Configuration option devices/fw_raid_component_detection. + # Ignore devices that are components of firmware RAID devices. + # LVM must use an external_device_info_source other than none for this + # detection to execute. + fw_raid_component_detection = 0 + + # Configuration option devices/md_chunk_alignment. + # Align the start of a PV data area with md device's stripe-width. + # This applies if a PV is placed directly on an md device. + # default_data_alignment will be overriden if it is not aligned + # with the value detected for this setting. + # This setting is overriden by data_alignment_detection, + # data_alignment, and the --dataalignment option. + md_chunk_alignment = 1 + + # Configuration option devices/default_data_alignment. + # Align the start of a PV data area with this number of MiB. + # Set to 1 for 1MiB, 2 for 2MiB, etc. Set to 0 to disable. + # This setting is overriden by data_alignment and the --dataalignment + # option. + # This configuration option has an automatic default value. + # default_data_alignment = 1 + + # Configuration option devices/data_alignment_detection. + # Align the start of a PV data area with sysfs io properties. + # The start of a PV data area will be a multiple of minimum_io_size or + # optimal_io_size exposed in sysfs. minimum_io_size is the smallest + # request the device can perform without incurring a read-modify-write + # penalty, e.g. MD chunk size. optimal_io_size is the device's + # preferred unit of receiving I/O, e.g. MD stripe width. + # minimum_io_size is used if optimal_io_size is undefined (0). + # If md_chunk_alignment is enabled, that detects the optimal_io_size. + # default_data_alignment and md_chunk_alignment will be overriden + # if they are not aligned with the value detected for this setting. + # This setting is overriden by data_alignment and the --dataalignment + # option. + data_alignment_detection = 1 + + # Configuration option devices/data_alignment. + # Align the start of a PV data area with this number of KiB. + # When non-zero, this setting overrides default_data_alignment. + # Set to 0 to disable, in which case default_data_alignment + # is used to align the first PE in units of MiB. + # This setting is overriden by the --dataalignment option. + data_alignment = 0 + + # Configuration option devices/data_alignment_offset_detection. + # Shift the start of an aligned PV data area based on sysfs information. + # After a PV data area is aligned, it will be shifted by the + # alignment_offset exposed in sysfs. This offset is often 0, but may + # be non-zero. Certain 4KiB sector drives that compensate for windows + # partitioning will have an alignment_offset of 3584 bytes (sector 7 + # is the lowest aligned logical block, the 4KiB sectors start at + # LBA -1, and consequently sector 63 is aligned on a 4KiB boundary). + # This setting is overriden by the --dataalignmentoffset option. + data_alignment_offset_detection = 1 + + # Configuration option devices/ignore_suspended_devices. + # Ignore DM devices that have I/O suspended while scanning devices. + # Otherwise, LVM waits for a suspended device to become accessible. + # This should only be needed in recovery situations. + ignore_suspended_devices = 0 + + # Configuration option devices/ignore_lvm_mirrors. + # Do not scan 'mirror' LVs to avoid possible deadlocks. + # This avoids possible deadlocks when using the 'mirror' segment type. + # This setting determines whether LVs using the 'mirror' segment type + # are scanned for LVM labels. This affects the ability of mirrors to + # be used as physical volumes. If this setting is enabled, it is + # impossible to create VGs on top of mirror LVs, i.e. to stack VGs on + # mirror LVs. If this setting is disabled, allowing mirror LVs to be + # scanned, it may cause LVM processes and I/O to the mirror to become + # blocked. This is due to the way that the mirror segment type handles + # failures. In order for the hang to occur, an LVM command must be run + # just after a failure and before the automatic LVM repair process + # takes place, or there must be failures in multiple mirrors in the + # same VG at the same time with write failures occurring moments before + # a scan of the mirror's labels. The 'mirror' scanning problems do not + # apply to LVM RAID types like 'raid1' which handle failures in a + # different way, making them a better choice for VG stacking. + ignore_lvm_mirrors = 1 + + # Configuration option devices/require_restorefile_with_uuid. + # Allow use of pvcreate --uuid without requiring --restorefile. + require_restorefile_with_uuid = 1 + + # Configuration option devices/pv_min_size. + # Minimum size in KiB of block devices which can be used as PVs. + # In a clustered environment all nodes must use the same value. + # Any value smaller than 512KiB is ignored. The previous built-in + # value was 512. + pv_min_size = 2048 + + # Configuration option devices/issue_discards. + # Issue discards to PVs that are no longer used by an LV. + # Discards are sent to an LV's underlying physical volumes when the LV + # is no longer using the physical volumes' space, e.g. lvremove, + # lvreduce. Discards inform the storage that a region is no longer + # used. Storage that supports discards advertise the protocol-specific + # way discards should be issued by the kernel (TRIM, UNMAP, or + # WRITE SAME with UNMAP bit set). Not all storage will support or + # benefit from discards, but SSDs and thinly provisioned LUNs + # generally do. If enabled, discards will only be issued if both the + # storage and kernel provide support. + issue_discards = 1 + + # Configuration option devices/allow_changes_with_duplicate_pvs. + # Allow VG modification while a PV appears on multiple devices. + # When a PV appears on multiple devices, LVM attempts to choose the + # best device to use for the PV. If the devices represent the same + # underlying storage, the choice has minimal consequence. If the + # devices represent different underlying storage, the wrong choice + # can result in data loss if the VG is modified. Disabling this + # setting is the safest option because it prevents modifying a VG + # or activating LVs in it while a PV appears on multiple devices. + # Enabling this setting allows the VG to be used as usual even with + # uncertain devices. + allow_changes_with_duplicate_pvs = 0 + + # Configuration option devices/allow_mixed_block_sizes. + # Allow PVs in the same VG with different logical block sizes. + # When allowed, the user is responsible to ensure that an LV is + # using PVs with matching block sizes when necessary. + allow_mixed_block_sizes = 0 +} + +# Configuration section allocation. +# How LVM selects space and applies properties to LVs. +allocation { + + # Configuration option allocation/cling_tag_list. + # Advise LVM which PVs to use when searching for new space. + # When searching for free space to extend an LV, the 'cling' allocation + # policy will choose space on the same PVs as the last segment of the + # existing LV. If there is insufficient space and a list of tags is + # defined here, it will check whether any of them are attached to the + # PVs concerned and then seek to match those PV tags between existing + # extents and new extents. + # + # Example + # Use the special tag "@*" as a wildcard to match any PV tag: + # cling_tag_list = [ "@*" ] + # LVs are mirrored between two sites within a single VG, and + # PVs are tagged with either @site1 or @site2 to indicate where + # they are situated: + # cling_tag_list = [ "@site1", "@site2" ] + # + # This configuration option does not have a default value defined. + + # Configuration option allocation/maximise_cling. + # Use a previous allocation algorithm. + # Changes made in version 2.02.85 extended the reach of the 'cling' + # policies to detect more situations where data can be grouped onto + # the same disks. This setting can be used to disable the changes + # and revert to the previous algorithm. + maximise_cling = 1 + + # Configuration option allocation/use_blkid_wiping. + # Use blkid to detect and erase existing signatures on new PVs and LVs. + # The blkid library can detect more signatures than the native LVM + # detection code, but may take longer. LVM needs to be compiled with + # blkid wiping support for this setting to apply. LVM native detection + # code is currently able to recognize: MD device signatures, + # swap signature, and LUKS signatures. To see the list of signatures + # recognized by blkid, check the output of the 'blkid -k' command. + use_blkid_wiping = 1 + + # Configuration option allocation/wipe_signatures_when_zeroing_new_lvs. + # Look for and erase any signatures while zeroing a new LV. + # The --wipesignatures option overrides this setting. + # Zeroing is controlled by the -Z/--zero option, and if not specified, + # zeroing is used by default if possible. Zeroing simply overwrites the + # first 4KiB of a new LV with zeroes and does no signature detection or + # wiping. Signature wiping goes beyond zeroing and detects exact types + # and positions of signatures within the whole LV. It provides a + # cleaner LV after creation as all known signatures are wiped. The LV + # is not claimed incorrectly by other tools because of old signatures + # from previous use. The number of signatures that LVM can detect + # depends on the detection code that is selected (see + # use_blkid_wiping.) Wiping each detected signature must be confirmed. + # When this setting is disabled, signatures on new LVs are not detected + # or erased unless the --wipesignatures option is used directly. + wipe_signatures_when_zeroing_new_lvs = 1 + + # Configuration option allocation/mirror_logs_require_separate_pvs. + # Mirror logs and images will always use different PVs. + # The default setting changed in version 2.02.85. + mirror_logs_require_separate_pvs = 0 + + # Configuration option allocation/raid_stripe_all_devices. + # Stripe across all PVs when RAID stripes are not specified. + # If enabled, all PVs in the VG or on the command line are used for + # raid0/4/5/6/10 when the command does not specify the number of + # stripes to use. + # This was the default behaviour until release 2.02.162. + # This configuration option has an automatic default value. + # raid_stripe_all_devices = 0 + + # Configuration option allocation/cache_pool_metadata_require_separate_pvs. + # Cache pool metadata and data will always use different PVs. + cache_pool_metadata_require_separate_pvs = 0 + + # Configuration option allocation/cache_metadata_format. + # Sets default metadata format for new cache. + # + # Accepted values: + # 0 Automatically detected best available format + # 1 Original format + # 2 Improved 2nd. generation format + # + # This configuration option has an automatic default value. + # cache_metadata_format = 0 + + # Configuration option allocation/cache_mode. + # The default cache mode used for new cache. + # + # Accepted values: + # writethrough + # Data blocks are immediately written from the cache to disk. + # writeback + # Data blocks are written from the cache back to disk after some + # delay to improve performance. + # + # This setting replaces allocation/cache_pool_cachemode. + # This configuration option has an automatic default value. + # cache_mode = "writethrough" + + # Configuration option allocation/cache_policy. + # The default cache policy used for new cache volume. + # Since kernel 4.2 the default policy is smq (Stochastic multiqueue), + # otherwise the older mq (Multiqueue) policy is selected. + # This configuration option does not have a default value defined. + + # Configuration section allocation/cache_settings. + # Settings for the cache policy. + # See documentation for individual cache policies for more info. + # This configuration section has an automatic default value. + # cache_settings { + # } + + # Configuration option allocation/cache_pool_chunk_size. + # The minimal chunk size in KiB for cache pool volumes. + # Using a chunk_size that is too large can result in wasteful use of + # the cache, where small reads and writes can cause large sections of + # an LV to be mapped into the cache. However, choosing a chunk_size + # that is too small can result in more overhead trying to manage the + # numerous chunks that become mapped into the cache. The former is + # more of a problem than the latter in most cases, so the default is + # on the smaller end of the spectrum. Supported values range from + # 32KiB to 1GiB in multiples of 32. + # This configuration option does not have a default value defined. + + # Configuration option allocation/cache_pool_max_chunks. + # The maximum number of chunks in a cache pool. + # For cache target v1.9 the recommended maximumm is 1000000 chunks. + # Using cache pool with more chunks may degrade cache performance. + # This configuration option does not have a default value defined. + + # Configuration option allocation/thin_pool_metadata_require_separate_pvs. + # Thin pool metdata and data will always use different PVs. + thin_pool_metadata_require_separate_pvs = 0 + + # Configuration option allocation/thin_pool_zero. + # Thin pool data chunks are zeroed before they are first used. + # Zeroing with a larger thin pool chunk size reduces performance. + # This configuration option has an automatic default value. + # thin_pool_zero = 1 + + # Configuration option allocation/thin_pool_discards. + # The discards behaviour of thin pool volumes. + # + # Accepted values: + # ignore + # nopassdown + # passdown + # + # This configuration option has an automatic default value. + # thin_pool_discards = "passdown" + + # Configuration option allocation/thin_pool_chunk_size_policy. + # The chunk size calculation policy for thin pool volumes. + # + # Accepted values: + # generic + # If thin_pool_chunk_size is defined, use it. Otherwise, calculate + # the chunk size based on estimation and device hints exposed in + # sysfs - the minimum_io_size. The chunk size is always at least + # 64KiB. + # performance + # If thin_pool_chunk_size is defined, use it. Otherwise, calculate + # the chunk size for performance based on device hints exposed in + # sysfs - the optimal_io_size. The chunk size is always at least + # 512KiB. + # + # This configuration option has an automatic default value. + # thin_pool_chunk_size_policy = "generic" + + # Configuration option allocation/thin_pool_chunk_size. + # The minimal chunk size in KiB for thin pool volumes. + # Larger chunk sizes may improve performance for plain thin volumes, + # however using them for snapshot volumes is less efficient, as it + # consumes more space and takes extra time for copying. When unset, + # lvm tries to estimate chunk size starting from 64KiB. Supported + # values are in the range 64KiB to 1GiB. + # This configuration option does not have a default value defined. + + # Configuration option allocation/physical_extent_size. + # Default physical extent size in KiB to use for new VGs. + # This configuration option has an automatic default value. + # physical_extent_size = 4096 + + # Configuration option allocation/vdo_use_compression. + # Enables or disables compression when creating a VDO volume. + # Compression may be disabled if necessary to maximize performance + # or to speed processing of data that is unlikely to compress. + # This configuration option has an automatic default value. + # vdo_use_compression = 1 + + # Configuration option allocation/vdo_use_deduplication. + # Enables or disables deduplication when creating a VDO volume. + # Deduplication may be disabled in instances where data is not expected + # to have good deduplication rates but compression is still desired. + # This configuration option has an automatic default value. + # vdo_use_deduplication = 1 + + # Configuration option allocation/vdo_use_metadata_hints. + # Enables or disables whether VDO volume should tag its latency-critical + # writes with the REQ_SYNC flag. Some device mapper targets such as dm-raid5 + # process writes with this flag at a higher priority. + # Default is enabled. + # This configuration option has an automatic default value. + # vdo_use_metadata_hints = 1 + + # Configuration option allocation/vdo_minimum_io_size. + # The minimum IO size for VDO volume to accept, in bytes. + # Valid values are 512 or 4096. The recommended and default value is 4096. + # This configuration option has an automatic default value. + # vdo_minimum_io_size = 4096 + + # Configuration option allocation/vdo_block_map_cache_size_mb. + # Specifies the amount of memory in MiB allocated for caching block map + # pages for VDO volume. The value must be a multiple of 4096 and must be + # at least 128MiB and less than 16TiB. The cache must be at least 16MiB + # per logical thread. Note that there is a memory overhead of 15%. + # This configuration option has an automatic default value. + # vdo_block_map_cache_size_mb = 128 + + # Configuration option allocation/vdo_block_map_period. + # The speed with which the block map cache writes out modified block map pages. + # A smaller era length is likely to reduce the amount time spent rebuilding, + # at the cost of increased block map writes during normal operation. + # The maximum and recommended value is 16380; the minimum value is 1. + # This configuration option has an automatic default value. + # vdo_block_map_period = 16380 + + # Configuration option allocation/vdo_check_point_frequency. + # The default check point frequency for VDO volume. + # This configuration option has an automatic default value. + # vdo_check_point_frequency = 0 + + # Configuration option allocation/vdo_use_sparse_index. + # Enables sparse indexing for VDO volume. + # This configuration option has an automatic default value. + # vdo_use_sparse_index = 0 + + # Configuration option allocation/vdo_index_memory_size_mb. + # Specifies the amount of index memory in MiB for VDO volume. + # The value must be at least 256MiB and at most 1TiB. + # This configuration option has an automatic default value. + # vdo_index_memory_size_mb = 256 + + # Configuration option allocation/vdo_slab_size_mb. + # Specifies the size in MiB of the increment by which a VDO is grown. + # Using a smaller size constrains the total maximum physical size + # that can be accommodated. Must be a power of two between 128MiB and 32GiB. + # This configuration option has an automatic default value. + # vdo_slab_size_mb = 2048 + + # Configuration option allocation/vdo_ack_threads. + # Specifies the number of threads to use for acknowledging + # completion of requested VDO I/O operations. + # The value must be at in range [0..100]. + # This configuration option has an automatic default value. + # vdo_ack_threads = 1 + + # Configuration option allocation/vdo_bio_threads. + # Specifies the number of threads to use for submitting I/O + # operations to the storage device of VDO volume. + # The value must be in range [1..100] + # Each additional thread after the first will use an additional 18MiB of RAM, + # plus 1.12 MiB of RAM per megabyte of configured read cache size. + # This configuration option has an automatic default value. + # vdo_bio_threads = 4 + + # Configuration option allocation/vdo_bio_rotation. + # Specifies the number of I/O operations to enqueue for each bio-submission + # thread before directing work to the next. The value must be in range [1..1024]. + # This configuration option has an automatic default value. + # vdo_bio_rotation = 64 + + # Configuration option allocation/vdo_cpu_threads. + # Specifies the number of threads to use for CPU-intensive work such as + # hashing or compression for VDO volume. The value must be in range [1..100] + # This configuration option has an automatic default value. + # vdo_cpu_threads = 2 + + # Configuration option allocation/vdo_hash_zone_threads. + # Specifies the number of threads across which to subdivide parts of the VDO + # processing based on the hash value computed from the block data. + # The value must be at in range [0..100]. + # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be + # either all zero or all non-zero. + # This configuration option has an automatic default value. + # vdo_hash_zone_threads = 1 + + # Configuration option allocation/vdo_logical_threads. + # Specifies the number of threads across which to subdivide parts of the VDO + # processing based on the hash value computed from the block data. + # A logical thread count of 9 or more will require explicitly specifying + # a sufficiently large block map cache size, as well. + # The value must be in range [0..100]. + # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be + # either all zero or all non-zero. + # This configuration option has an automatic default value. + # vdo_logical_threads = 1 + + # Configuration option allocation/vdo_physical_threads. + # Specifies the number of threads across which to subdivide parts of the VDO + # processing based on physical block addresses. + # Each additional thread after the first will use an additional 10MiB of RAM. + # The value must be in range [0..16]. + # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be + # either all zero or all non-zero. + # This configuration option has an automatic default value. + # vdo_physical_threads = 1 + + # Configuration option allocation/vdo_write_policy. + # Specifies the write policy: + # auto - VDO will check the storage device and determine whether it supports flushes. + # If it does, VDO will run in async mode, otherwise it will run in sync mode. + # sync - Writes are acknowledged only after data is stably written. + # This policy is not supported if the underlying storage is not also synchronous. + # async - Writes are acknowledged after data has been cached for writing to stable storage. + # Data which has not been flushed is not guaranteed to persist in this mode. + # This configuration option has an automatic default value. + # vdo_write_policy = "auto" + + # Configuration option allocation/vdo_max_discard. + # Specified te maximum size of discard bio accepted, in 4096 byte blocks. + # I/O requests to a VDO volume are normally split into 4096-byte blocks, + # and processed up to 2048 at a time. However, discard requests to a VDO volume + # can be automatically split to a larger size, up to 4096-byte blocks + # in a single bio, and are limited to 1500 at a time. + # Increasing this value may provide better overall performance, at the cost of + # increased latency for the individual discard requests. + # The default and minimum is 1. The maximum is UINT_MAX / 4096. + # This configuration option has an automatic default value. + # vdo_max_discard = 1 +} + +# Configuration section log. +# How LVM log information is reported. +log { + + # Configuration option log/report_command_log. + # Enable or disable LVM log reporting. + # If enabled, LVM will collect a log of operations, messages, + # per-object return codes with object identification and associated + # error numbers (errnos) during LVM command processing. Then the + # log is either reported solely or in addition to any existing + # reports, depending on LVM command used. If it is a reporting command + # (e.g. pvs, vgs, lvs, lvm fullreport), then the log is reported in + # addition to any existing reports. Otherwise, there's only log report + # on output. For all applicable LVM commands, you can request that + # the output has only log report by using --logonly command line + # option. Use log/command_log_cols and log/command_log_sort settings + # to define fields to display and sort fields for the log report. + # You can also use log/command_log_selection to define selection + # criteria used each time the log is reported. + # This configuration option has an automatic default value. + # report_command_log = 0 + + # Configuration option log/command_log_sort. + # List of columns to sort by when reporting command log. + # See --logonly --configreport log -o help + # for the list of possible fields. + # This configuration option has an automatic default value. + # command_log_sort = "log_seq_num" + + # Configuration option log/command_log_cols. + # List of columns to report when reporting command log. + # See --logonly --configreport log -o help + # for the list of possible fields. + # This configuration option has an automatic default value. + # command_log_cols = "log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code" + + # Configuration option log/command_log_selection. + # Selection criteria used when reporting command log. + # You can define selection criteria that are applied each + # time log is reported. This way, it is possible to control the + # amount of log that is displayed on output and you can select + # only parts of the log that are important for you. To define + # selection criteria, use fields from log report. See also + # --logonly --configreport log -S help for the + # list of possible fields and selection operators. You can also + # define selection criteria for log report on command line directly + # using --configreport log -S + # which has precedence over log/command_log_selection setting. + # For more information about selection criteria in general, see + # lvm(8) man page. + # This configuration option has an automatic default value. + # command_log_selection = "!(log_type=status && message=success)" + + # Configuration option log/verbose. + # Controls the messages sent to stdout or stderr. + verbose = 0 + + # Configuration option log/silent. + # Suppress all non-essential messages from stdout. + # This has the same effect as -qq. When enabled, the following commands + # still produce output: dumpconfig, lvdisplay, lvmdiskscan, lvs, pvck, + # pvdisplay, pvs, version, vgcfgrestore -l, vgdisplay, vgs. + # Non-essential messages are shifted from log level 4 to log level 5 + # for syslog and lvm2_log_fn purposes. + # Any 'yes' or 'no' questions not overridden by other arguments are + # suppressed and default to 'no'. + silent = 0 + + # Configuration option log/syslog. + # Send log messages through syslog. + syslog = 1 + + # Configuration option log/file. + # Write error and debug log messages to a file specified here. + # This configuration option does not have a default value defined. + + # Configuration option log/overwrite. + # Overwrite the log file each time the program is run. + overwrite = 0 + + # Configuration option log/level. + # The level of log messages that are sent to the log file or syslog. + # There are 6 syslog-like log levels currently in use: 2 to 7 inclusive. + # 7 is the most verbose (LOG_DEBUG). + level = 0 + + # Configuration option log/indent. + # Indent messages according to their severity. + # This configuration option has an automatic default value. + # indent = 0 + + # Configuration option log/command_names. + # Display the command name on each line of output. + command_names = 0 + + # Configuration option log/prefix. + # A prefix to use before the log message text. + # (After the command name, if selected). + # Two spaces allows you to see/grep the severity of each message. + # To make the messages look similar to the original LVM tools use: + # indent = 0, command_names = 1, prefix = " -- " + prefix = " " + + # Configuration option log/activation. + # Log messages during activation. + # Don't use this in low memory situations (can deadlock). + activation = 0 + + # Configuration option log/debug_classes. + # Select log messages by class. + # Some debugging messages are assigned to a class and only appear in + # debug output if the class is listed here. Classes currently + # available: memory, devices, io, activation, allocation, + # metadata, cache, locking, lvmpolld. Use "all" to see everything. + debug_classes = [ "memory", "devices", "io", "activation", "allocation", "metadata", "cache", "locking", "lvmpolld", "dbus" ] + + # Configuration option log/debug_file_fields. + # The fields included in debug output written to log file. + # Use "all" to include everything (the default). + # This configuration option is advanced. + # This configuration option has an automatic default value. + # debug_file_fields = [ "time", "command", "fileline", "message" ] + + # Configuration option log/debug_output_fields. + # The fields included in debug output written to stderr. + # Use "all" to include everything (the default). + # This configuration option is advanced. + # This configuration option has an automatic default value. + # debug_output_fields = [ "time", "command", "fileline", "message" ] +} + +# Configuration section backup. +# How LVM metadata is backed up and archived. +# In LVM, a 'backup' is a copy of the metadata for the current system, +# and an 'archive' contains old metadata configurations. They are +# stored in a human readable text format. +backup { + + # Configuration option backup/backup. + # Maintain a backup of the current metadata configuration. + # Think very hard before turning this off! + backup = 1 + + # Configuration option backup/backup_dir. + # Location of the metadata backup files. + # Remember to back up this directory regularly! + backup_dir = "/etc/lvm/backup" + + # Configuration option backup/archive. + # Maintain an archive of old metadata configurations. + # Think very hard before turning this off. + archive = 1 + + # Configuration option backup/archive_dir. + # Location of the metdata archive files. + # Remember to back up this directory regularly! + archive_dir = "/etc/lvm/archive" + + # Configuration option backup/retain_min. + # Minimum number of archives to keep. + retain_min = 10 + + # Configuration option backup/retain_days. + # Minimum number of days to keep archive files. + retain_days = 30 +} + +# Configuration section shell. +# Settings for running LVM in shell (readline) mode. +shell { + + # Configuration option shell/history_size. + # Number of lines of history to store in ~/.lvm_history. + history_size = 100 +} + +# Configuration section global. +# Miscellaneous global LVM settings. +global { + + # Configuration option global/umask. + # The file creation mask for any files and directories created. + # Interpreted as octal if the first digit is zero. + umask = 077 + + # Configuration option global/test. + # No on-disk metadata changes will be made in test mode. + # Equivalent to having the -t option on every command. + test = 0 + + # Configuration option global/units. + # Default value for --units argument. + units = "r" + + # Configuration option global/si_unit_consistency. + # Distinguish between powers of 1024 and 1000 bytes. + # The LVM commands distinguish between powers of 1024 bytes, + # e.g. KiB, MiB, GiB, and powers of 1000 bytes, e.g. KB, MB, GB. + # If scripts depend on the old behaviour, disable this setting + # temporarily until they are updated. + si_unit_consistency = 1 + + # Configuration option global/suffix. + # Display unit suffix for sizes. + # This setting has no effect if the units are in human-readable form + # (global/units = "h") in which case the suffix is always displayed. + suffix = 1 + + # Configuration option global/activation. + # Enable/disable communication with the kernel device-mapper. + # Disable to use the tools to manipulate LVM metadata without + # activating any logical volumes. If the device-mapper driver + # is not present in the kernel, disabling this should suppress + # the error messages. + activation = 1 + + # Configuration option global/proc. + # Location of proc filesystem. + # This configuration option is advanced. + proc = "/proc" + + # Configuration option global/etc. + # Location of /etc system configuration directory. + etc = "/etc" + + # Configuration option global/wait_for_locks. + # When disabled, fail if a lock request would block. + wait_for_locks = 1 + + # Configuration option global/locking_dir. + # Directory to use for LVM command file locks. + # Local non-LV directory that holds file-based locks while commands are + # in progress. A directory like /tmp that may get wiped on reboot is OK. + locking_dir = "/run/lock/lvm" + + # Configuration option global/prioritise_write_locks. + # Allow quicker VG write access during high volume read access. + # When there are competing read-only and read-write access requests for + # a volume group's metadata, instead of always granting the read-only + # requests immediately, delay them to allow the read-write requests to + # be serviced. Without this setting, write access may be stalled by a + # high volume of read-only requests. This option only affects + # locking_type 1 viz. local file-based locking. + prioritise_write_locks = 1 + + # Configuration option global/library_dir. + # Search this directory first for shared libraries. + # This configuration option does not have a default value defined. + + # Configuration option global/abort_on_internal_errors. + # Abort a command that encounters an internal error. + # Treat any internal errors as fatal errors, aborting the process that + # encountered the internal error. Please only enable for debugging. + abort_on_internal_errors = 0 + + # Configuration option global/metadata_read_only. + # No operations that change on-disk metadata are permitted. + # Additionally, read-only commands that encounter metadata in need of + # repair will still be allowed to proceed exactly as if the repair had + # been performed (except for the unchanged vg_seqno). Inappropriate + # use could mess up your system, so seek advice first! + metadata_read_only = 0 + + # Configuration option global/mirror_segtype_default. + # The segment type used by the short mirroring option -m. + # The --type mirror|raid1 option overrides this setting. + # + # Accepted values: + # mirror + # The original RAID1 implementation from LVM/DM. It is + # characterized by a flexible log solution (core, disk, mirrored), + # and by the necessity to block I/O while handling a failure. + # There is an inherent race in the dmeventd failure handling logic + # with snapshots of devices using this type of RAID1 that in the + # worst case could cause a deadlock. (Also see + # devices/ignore_lvm_mirrors.) + # raid1 + # This is a newer RAID1 implementation using the MD RAID1 + # personality through device-mapper. It is characterized by a + # lack of log options. (A log is always allocated for every + # device and they are placed on the same device as the image, + # so no separate devices are required.) This mirror + # implementation does not require I/O to be blocked while + # handling a failure. This mirror implementation is not + # cluster-aware and cannot be used in a shared (active/active) + # fashion in a cluster. + # + mirror_segtype_default = "raid1" + + # Configuration option global/support_mirrored_mirror_log. + # Enable mirrored 'mirror' log type for testing. + # + # This type is deprecated to create or convert to but can + # be enabled to test that activation of existing mirrored + # logs and conversion to disk/core works. + # + # Not supported for regular operation! + support_mirrored_mirror_log = 0 + + # Configuration option global/raid10_segtype_default. + # The segment type used by the -i -m combination. + # The --type raid10|mirror option overrides this setting. + # The --stripes/-i and --mirrors/-m options can both be specified + # during the creation of a logical volume to use both striping and + # mirroring for the LV. There are two different implementations. + # + # Accepted values: + # raid10 + # LVM uses MD's RAID10 personality through DM. This is the + # preferred option. + # mirror + # LVM layers the 'mirror' and 'stripe' segment types. The layering + # is done by creating a mirror LV on top of striped sub-LVs, + # effectively creating a RAID 0+1 array. The layering is suboptimal + # in terms of providing redundancy and performance. + # + raid10_segtype_default = "raid10" + + # Configuration option global/sparse_segtype_default. + # The segment type used by the -V -L combination. + # The --type snapshot|thin option overrides this setting. + # The combination of -V and -L options creates a sparse LV. There are + # two different implementations. + # + # Accepted values: + # snapshot + # The original snapshot implementation from LVM/DM. It uses an old + # snapshot that mixes data and metadata within a single COW + # storage volume and performs poorly when the size of stored data + # passes hundreds of MB. + # thin + # A newer implementation that uses thin provisioning. It has a + # bigger minimal chunk size (64KiB) and uses a separate volume for + # metadata. It has better performance, especially when more data + # is used. It also supports full snapshots. + # + sparse_segtype_default = "thin" + + # Configuration option global/lvdisplay_shows_full_device_path. + # Enable this to reinstate the previous lvdisplay name format. + # The default format for displaying LV names in lvdisplay was changed + # in version 2.02.89 to show the LV name and path separately. + # Previously this was always shown as /dev/vgname/lvname even when that + # was never a valid path in the /dev filesystem. + # This configuration option has an automatic default value. + # lvdisplay_shows_full_device_path = 0 + + # Configuration option global/event_activation. + # Activate LVs based on system-generated device events. + # When a device appears on the system, a system-generated event runs + # the pvscan command to activate LVs if the new PV completes the VG. + # Use auto_activation_volume_list to select which LVs should be + # activated from these events (the default is all.) + # When event_activation is disabled, the system will generally run + # a direct activation command to activate LVs in complete VGs. + event_activation = 1 + + # Configuration option global/use_aio. + # Use async I/O when reading and writing devices. + # This configuration option has an automatic default value. + # use_aio = 1 + + # Configuration option global/use_lvmlockd. + # Use lvmlockd for locking among hosts using LVM on shared storage. + # Applicable only if LVM is compiled with lockd support in which + # case there is also lvmlockd(8) man page available for more + # information. + use_lvmlockd = 0 + + # Configuration option global/lvmlockd_lock_retries. + # Retry lvmlockd lock requests this many times. + # Applicable only if LVM is compiled with lockd support + # This configuration option has an automatic default value. + # lvmlockd_lock_retries = 3 + + # Configuration option global/sanlock_lv_extend. + # Size in MiB to extend the internal LV holding sanlock locks. + # The internal LV holds locks for each LV in the VG, and after enough + # LVs have been created, the internal LV needs to be extended. lvcreate + # will automatically extend the internal LV when needed by the amount + # specified here. Setting this to 0 disables the automatic extension + # and can cause lvcreate to fail. Applicable only if LVM is compiled + # with lockd support + # This configuration option has an automatic default value. + # sanlock_lv_extend = 256 + + # Configuration option global/thin_check_executable. + # The full path to the thin_check command. + # LVM uses this command to check that a thin metadata device is in a + # usable state. When a thin pool is activated and after it is + # deactivated, this command is run. Activation will only proceed if + # the command has an exit status of 0. Set to "" to skip this check. + # (Not recommended.) Also see thin_check_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_check_executable = "/usr/sbin/thin_check" + + # Configuration option global/thin_dump_executable. + # The full path to the thin_dump command. + # LVM uses this command to dump thin pool metadata. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_dump_executable = "/usr/sbin/thin_dump" + + # Configuration option global/thin_repair_executable. + # The full path to the thin_repair command. + # LVM uses this command to repair a thin metadata device if it is in + # an unusable state. Also see thin_repair_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_repair_executable = "/usr/sbin/thin_repair" + + # Configuration option global/thin_check_options. + # List of options passed to the thin_check command. + # With thin_check version 2.1 or newer you can add the option + # --ignore-non-fatal-errors to let it pass through ignorable errors + # and fix them later. With thin_check version 3.2 or newer you should + # include the option --clear-needs-check-flag. + # This configuration option has an automatic default value. + # thin_check_options = [ "-q", "--clear-needs-check-flag" ] + + # Configuration option global/thin_repair_options. + # List of options passed to the thin_repair command. + # This configuration option has an automatic default value. + # thin_repair_options = [ "" ] + + # Configuration option global/thin_disabled_features. + # Features to not use in the thin driver. + # This can be helpful for testing, or to avoid using a feature that is + # causing problems. Features include: block_size, discards, + # discards_non_power_2, external_origin, metadata_resize, + # external_origin_extend, error_if_no_space. + # + # Example + # thin_disabled_features = [ "discards", "block_size" ] + # + # This configuration option does not have a default value defined. + + # Configuration option global/cache_disabled_features. + # Features to not use in the cache driver. + # This can be helpful for testing, or to avoid using a feature that is + # causing problems. Features include: policy_mq, policy_smq, metadata2. + # + # Example + # cache_disabled_features = [ "policy_smq" ] + # + # This configuration option does not have a default value defined. + + # Configuration option global/cache_check_executable. + # The full path to the cache_check command. + # LVM uses this command to check that a cache metadata device is in a + # usable state. When a cached LV is activated and after it is + # deactivated, this command is run. Activation will only proceed if the + # command has an exit status of 0. Set to "" to skip this check. + # (Not recommended.) Also see cache_check_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_check_executable = "/usr/sbin/cache_check" + + # Configuration option global/cache_dump_executable. + # The full path to the cache_dump command. + # LVM uses this command to dump cache pool metadata. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_dump_executable = "/usr/sbin/cache_dump" + + # Configuration option global/cache_repair_executable. + # The full path to the cache_repair command. + # LVM uses this command to repair a cache metadata device if it is in + # an unusable state. Also see cache_repair_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_repair_executable = "/usr/sbin/cache_repair" + + # Configuration option global/cache_check_options. + # List of options passed to the cache_check command. + # With cache_check version 5.0 or newer you should include the option + # --clear-needs-check-flag. + # This configuration option has an automatic default value. + # cache_check_options = [ "-q", "--clear-needs-check-flag" ] + + # Configuration option global/cache_repair_options. + # List of options passed to the cache_repair command. + # This configuration option has an automatic default value. + # cache_repair_options = [ "" ] + + # Configuration option global/vdo_format_executable. + # The full path to the vdoformat command. + # LVM uses this command to initial data volume for VDO type logical volume + # This configuration option has an automatic default value. + # vdo_format_executable = "autodetect" + + # Configuration option global/vdo_format_options. + # List of options passed added to standard vdoformat command. + # This configuration option has an automatic default value. + # vdo_format_options = [ "" ] + + # Configuration option global/fsadm_executable. + # The full path to the fsadm command. + # LVM uses this command to help with lvresize -r operations. + # This configuration option has an automatic default value. + # fsadm_executable = "/sbin/fsadm" + + # Configuration option global/system_id_source. + # The method LVM uses to set the local system ID. + # Volume Groups can also be given a system ID (by vgcreate, vgchange, + # or vgimport.) A VG on shared storage devices is accessible only to + # the host with a matching system ID. See 'man lvmsystemid' for + # information on limitations and correct usage. + # + # Accepted values: + # none + # The host has no system ID. + # lvmlocal + # Obtain the system ID from the system_id setting in the 'local' + # section of an lvm configuration file, e.g. lvmlocal.conf. + # uname + # Set the system ID from the hostname (uname) of the system. + # System IDs beginning localhost are not permitted. + # machineid + # Use the contents of the machine-id file to set the system ID. + # Some systems create this file at installation time. + # See 'man machine-id' and global/etc. + # file + # Use the contents of another file (system_id_file) to set the + # system ID. + # + system_id_source = "none" + + # Configuration option global/system_id_file. + # The full path to the file containing a system ID. + # This is used when system_id_source is set to 'file'. + # Comments starting with the character # are ignored. + # This configuration option does not have a default value defined. + + # Configuration option global/use_lvmpolld. + # Use lvmpolld to supervise long running LVM commands. + # When enabled, control of long running LVM commands is transferred + # from the original LVM command to the lvmpolld daemon. This allows + # the operation to continue independent of the original LVM command. + # After lvmpolld takes over, the LVM command displays the progress + # of the ongoing operation. lvmpolld itself runs LVM commands to + # manage the progress of ongoing operations. lvmpolld can be used as + # a native systemd service, which allows it to be started on demand, + # and to use its own control group. When this option is disabled, LVM + # commands will supervise long running operations by forking themselves. + # Applicable only if LVM is compiled with lvmpolld support. + use_lvmpolld = 1 + + # Configuration option global/notify_dbus. + # Enable D-Bus notification from LVM commands. + # When enabled, an LVM command that changes PVs, changes VG metadata, + # or changes the activation state of an LV will send a notification. + notify_dbus = 1 + + # Configuration option global/io_memory_size. + # The amount of memory in KiB that LVM allocates to perform disk io. + # LVM performance may benefit from more io memory when there are many + # disks or VG metadata is large. Increasing this size may be necessary + # when a single copy of VG metadata is larger than the current setting. + # This value should usually not be decreased from the default; setting + # it too low can result in lvm failing to read VGs. + # This configuration option has an automatic default value. + # io_memory_size = 8192 +} + +# Configuration section activation. +activation { + + # Configuration option activation/checks. + # Perform internal checks of libdevmapper operations. + # Useful for debugging problems with activation. Some of the checks may + # be expensive, so it's best to use this only when there seems to be a + # problem. + checks = 0 + + # Configuration option activation/udev_sync. + # Use udev notifications to synchronize udev and LVM. + # The --nodevsync option overrides this setting. + # When disabled, LVM commands will not wait for notifications from + # udev, but continue irrespective of any possible udev processing in + # the background. Only use this if udev is not running or has rules + # that ignore the devices LVM creates. If enabled when udev is not + # running, and LVM processes are waiting for udev, run the command + # 'dmsetup udevcomplete_all' to wake them up. + udev_sync = 1 + + # Configuration option activation/udev_rules. + # Use udev rules to manage LV device nodes and symlinks. + # When disabled, LVM will manage the device nodes and symlinks for + # active LVs itself. Manual intervention may be required if this + # setting is changed while LVs are active. + udev_rules = 1 + + # Configuration option activation/verify_udev_operations. + # Use extra checks in LVM to verify udev operations. + # This enables additional checks (and if necessary, repairs) on entries + # in the device directory after udev has completed processing its + # events. Useful for diagnosing problems with LVM/udev interactions. + verify_udev_operations = 0 + + # Configuration option activation/retry_deactivation. + # Retry failed LV deactivation. + # If LV deactivation fails, LVM will retry for a few seconds before + # failing. This may happen because a process run from a quick udev rule + # temporarily opened the device. + retry_deactivation = 1 + + # Configuration option activation/missing_stripe_filler. + # Method to fill missing stripes when activating an incomplete LV. + # Using 'error' will make inaccessible parts of the device return I/O + # errors on access. Using 'zero' will return success (and zero) on I/O + # You can instead use a device path, in which case, + # that device will be used in place of missing stripes. Using anything + # other than 'error' with mirrored or snapshotted volumes is likely to + # result in data corruption. + # This configuration option is advanced. + missing_stripe_filler = "error" + + # Configuration option activation/use_linear_target. + # Use the linear target to optimize single stripe LVs. + # When disabled, the striped target is used. The linear target is an + # optimised version of the striped target that only handles a single + # stripe. + use_linear_target = 1 + + # Configuration option activation/reserved_stack. + # Stack size in KiB to reserve for use while devices are suspended. + # Insufficent reserve risks I/O deadlock during device suspension. + reserved_stack = 64 + + # Configuration option activation/reserved_memory. + # Memory size in KiB to reserve for use while devices are suspended. + # Insufficent reserve risks I/O deadlock during device suspension. + reserved_memory = 8192 + + # Configuration option activation/process_priority. + # Nice value used while devices are suspended. + # Use a high priority so that LVs are suspended + # for the shortest possible time. + process_priority = -18 + + # Configuration option activation/volume_list. + # Only LVs selected by this list are activated. + # If this list is defined, an LV is only activated if it matches an + # entry in this list. If this list is undefined, it imposes no limits + # on LV activation (all are allowed). + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/auto_activation_volume_list. + # Only LVs selected by this list are auto-activated. + # This list works like volume_list, but it is used only by + # auto-activation commands. It does not apply to direct activation + # commands. If this list is defined, an LV is only auto-activated + # if it matches an entry in this list. If this list is undefined, it + # imposes no limits on LV auto-activation (all are allowed.) If this + # list is defined and empty, i.e. "[]", then no LVs are selected for + # auto-activation. An LV that is selected by this list for + # auto-activation, must also be selected by volume_list (if defined) + # before it is activated. Auto-activation is an activation command that + # includes the 'a' argument: --activate ay or -a ay. The 'a' (auto) + # argument for auto-activation is meant to be used by activation + # commands that are run automatically by the system, as opposed to LVM + # commands run directly by a user. A user may also use the 'a' flag + # directly to perform auto-activation. Also see pvscan(8) for more + # information about auto-activation. + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # auto_activation_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/read_only_volume_list. + # LVs in this list are activated in read-only mode. + # If this list is defined, each LV that is to be activated is checked + # against this list, and if it matches, it is activated in read-only + # mode. This overrides the permission setting stored in the metadata, + # e.g. from --permission rw. + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # read_only_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/raid_region_size. + # Size in KiB of each raid or mirror synchronization region. + # The clean/dirty state of data is tracked for each region. + # The value is rounded down to a power of two if necessary, and + # is ignored if it is not a multiple of the machine memory page size. + raid_region_size = 2048 + + # Configuration option activation/error_when_full. + # Return errors if a thin pool runs out of space. + # The --errorwhenfull option overrides this setting. + # When enabled, writes to thin LVs immediately return an error if the + # thin pool is out of data space. When disabled, writes to thin LVs + # are queued if the thin pool is out of space, and processed when the + # thin pool data space is extended. New thin pools are assigned the + # behavior defined here. + # This configuration option has an automatic default value. + # error_when_full = 0 + + # Configuration option activation/readahead. + # Setting to use when there is no readahead setting in metadata. + # + # Accepted values: + # none + # Disable readahead. + # auto + # Use default value chosen by kernel. + # + readahead = "auto" + + # Configuration option activation/raid_fault_policy. + # Defines how a device failure in a RAID LV is handled. + # This includes LVs that have the following segment types: + # raid1, raid4, raid5*, and raid6*. + # If a device in the LV fails, the policy determines the steps + # performed by dmeventd automatically, and the steps perfomed by the + # manual command lvconvert --repair --use-policies. + # Automatic handling requires dmeventd to be monitoring the LV. + # + # Accepted values: + # warn + # Use the system log to warn the user that a device in the RAID LV + # has failed. It is left to the user to run lvconvert --repair + # manually to remove or replace the failed device. As long as the + # number of failed devices does not exceed the redundancy of the LV + # (1 device for raid4/5, 2 for raid6), the LV will remain usable. + # allocate + # Attempt to use any extra physical volumes in the VG as spares and + # replace faulty devices. + # + raid_fault_policy = "warn" + + # Configuration option activation/mirror_image_fault_policy. + # Defines how a device failure in a 'mirror' LV is handled. + # An LV with the 'mirror' segment type is composed of mirror images + # (copies) and a mirror log. A disk log ensures that a mirror LV does + # not need to be re-synced (all copies made the same) every time a + # machine reboots or crashes. If a device in the LV fails, this policy + # determines the steps perfomed by dmeventd automatically, and the steps + # performed by the manual command lvconvert --repair --use-policies. + # Automatic handling requires dmeventd to be monitoring the LV. + # + # Accepted values: + # remove + # Simply remove the faulty device and run without it. If the log + # device fails, the mirror would convert to using an in-memory log. + # This means the mirror will not remember its sync status across + # crashes/reboots and the entire mirror will be re-synced. If a + # mirror image fails, the mirror will convert to a non-mirrored + # device if there is only one remaining good copy. + # allocate + # Remove the faulty device and try to allocate space on a new + # device to be a replacement for the failed device. Using this + # policy for the log is fast and maintains the ability to remember + # sync state through crashes/reboots. Using this policy for a + # mirror device is slow, as it requires the mirror to resynchronize + # the devices, but it will preserve the mirror characteristic of + # the device. This policy acts like 'remove' if no suitable device + # and space can be allocated for the replacement. + # allocate_anywhere + # Not yet implemented. Useful to place the log device temporarily + # on the same physical volume as one of the mirror images. This + # policy is not recommended for mirror devices since it would break + # the redundant nature of the mirror. This policy acts like + # 'remove' if no suitable device and space can be allocated for the + # replacement. + # + mirror_image_fault_policy = "remove" + + # Configuration option activation/mirror_log_fault_policy. + # Defines how a device failure in a 'mirror' log LV is handled. + # The mirror_image_fault_policy description for mirrored LVs also + # applies to mirrored log LVs. + mirror_log_fault_policy = "allocate" + + # Configuration option activation/snapshot_autoextend_threshold. + # Auto-extend a snapshot when its usage exceeds this percent. + # Setting this to 100 disables automatic extension. + # The minimum value is 50 (a smaller value is treated as 50.) + # Also see snapshot_autoextend_percent. + # Automatic extension requires dmeventd to be monitoring the LV. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # snapshot_autoextend_threshold = 70 + # + snapshot_autoextend_threshold = 100 + + # Configuration option activation/snapshot_autoextend_percent. + # Auto-extending a snapshot adds this percent extra space. + # The amount of additional space added to a snapshot is this + # percent of its current size. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # snapshot_autoextend_percent = 20 + # + snapshot_autoextend_percent = 20 + + # Configuration option activation/thin_pool_autoextend_threshold. + # Auto-extend a thin pool when its usage exceeds this percent. + # Setting this to 100 disables automatic extension. + # The minimum value is 50 (a smaller value is treated as 50.) + # Also see thin_pool_autoextend_percent. + # Automatic extension requires dmeventd to be monitoring the LV. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # thin_pool_autoextend_threshold = 70 + # + thin_pool_autoextend_threshold = 100 + + # Configuration option activation/thin_pool_autoextend_percent. + # Auto-extending a thin pool adds this percent extra space. + # The amount of additional space added to a thin pool is this + # percent of its current size. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # thin_pool_autoextend_percent = 20 + # + thin_pool_autoextend_percent = 20 + + # Configuration option activation/vdo_pool_autoextend_threshold. + # Auto-extend a VDO pool when its usage exceeds this percent. + # Setting this to 100 disables automatic extension. + # The minimum value is 50 (a smaller value is treated as 50.) + # Also see vdo_pool_autoextend_percent. + # Automatic extension requires dmeventd to be monitoring the LV. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 10G + # VDO pool exceeds 7G, it is extended to 12G, and when it exceeds + # 8.4G, it is extended to 14.4G: + # vdo_pool_autoextend_threshold = 70 + # + vdo_pool_autoextend_threshold = 100 + + # Configuration option activation/vdo_pool_autoextend_percent. + # Auto-extending a VDO pool adds this percent extra space. + # The amount of additional space added to a VDO pool is this + # percent of its current size. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 10G + # VDO pool exceeds 7G, it is extended to 12G, and when it exceeds + # 8.4G, it is extended to 14.4G: + # This configuration option has an automatic default value. + # vdo_pool_autoextend_percent = 20 + + # Configuration option activation/mlock_filter. + # Do not mlock these memory areas. + # While activating devices, I/O to devices being (re)configured is + # suspended. As a precaution against deadlocks, LVM pins memory it is + # using so it is not paged out, and will not require I/O to reread. + # Groups of pages that are known not to be accessed during activation + # do not need to be pinned into memory. Each string listed in this + # setting is compared against each line in /proc/self/maps, and the + # pages corresponding to lines that match are not pinned. On some + # systems, locale-archive was found to make up over 80% of the memory + # used by the process. + # + # Example + # mlock_filter = [ "locale/locale-archive", "gconv/gconv-modules.cache" ] + # + # This configuration option is advanced. + # This configuration option does not have a default value defined. + + # Configuration option activation/use_mlockall. + # Use the old behavior of mlockall to pin all memory. + # Prior to version 2.02.62, LVM used mlockall() to pin the whole + # process's memory while activating devices. + use_mlockall = 0 + + # Configuration option activation/monitoring. + # Monitor LVs that are activated. + # The --ignoremonitoring option overrides this setting. + # When enabled, LVM will ask dmeventd to monitor activated LVs. + monitoring = 1 + + # Configuration option activation/polling_interval. + # Check pvmove or lvconvert progress at this interval (seconds). + # When pvmove or lvconvert must wait for the kernel to finish + # synchronising or merging data, they check and report progress at + # intervals of this number of seconds. If this is set to 0 and there + # is only one thing to wait for, there are no progress reports, but + # the process is awoken immediately once the operation is complete. + polling_interval = 15 + + # Configuration option activation/auto_set_activation_skip. + # Set the activation skip flag on new thin snapshot LVs. + # The --setactivationskip option overrides this setting. + # An LV can have a persistent 'activation skip' flag. The flag causes + # the LV to be skipped during normal activation. The lvchange/vgchange + # -K option is required to activate LVs that have the activation skip + # flag set. When this setting is enabled, the activation skip flag is + # set on new thin snapshot LVs. + # This configuration option has an automatic default value. + # auto_set_activation_skip = 1 + + # Configuration option activation/activation_mode. + # How LVs with missing devices are activated. + # The --activationmode option overrides this setting. + # + # Accepted values: + # complete + # Only allow activation of an LV if all of the Physical Volumes it + # uses are present. Other PVs in the Volume Group may be missing. + # degraded + # Like complete, but additionally RAID LVs of segment type raid1, + # raid4, raid5, radid6 and raid10 will be activated if there is no + # data loss, i.e. they have sufficient redundancy to present the + # entire addressable range of the Logical Volume. + # partial + # Allows the activation of any LV even if a missing or failed PV + # could cause data loss with a portion of the LV inaccessible. + # This setting should not normally be used, but may sometimes + # assist with data recovery. + # + activation_mode = "degraded" + + # Configuration option activation/lock_start_list. + # Locking is started only for VGs selected by this list. + # The rules are the same as those for volume_list. + # This configuration option does not have a default value defined. + + # Configuration option activation/auto_lock_start_list. + # Locking is auto-started only for VGs selected by this list. + # The rules are the same as those for auto_activation_volume_list. + # This configuration option does not have a default value defined. +} + +# Configuration section metadata. +# This configuration section has an automatic default value. +# metadata { + + # Configuration option metadata/check_pv_device_sizes. + # Check device sizes are not smaller than corresponding PV sizes. + # If device size is less than corresponding PV size found in metadata, + # there is always a risk of data loss. If this option is set, then LVM + # issues a warning message each time it finds that the device size is + # less than corresponding PV size. You should not disable this unless + # you are absolutely sure about what you are doing! + # This configuration option is advanced. + # This configuration option has an automatic default value. + # check_pv_device_sizes = 1 + + # Configuration option metadata/record_lvs_history. + # When enabled, LVM keeps history records about removed LVs in + # metadata. The information that is recorded in metadata for + # historical LVs is reduced when compared to original + # information kept in metadata for live LVs. Currently, this + # feature is supported for thin and thin snapshot LVs only. + # This configuration option has an automatic default value. + # record_lvs_history = 0 + + # Configuration option metadata/lvs_history_retention_time. + # Retention time in seconds after which a record about individual + # historical logical volume is automatically destroyed. + # A value of 0 disables this feature. + # This configuration option has an automatic default value. + # lvs_history_retention_time = 0 + + # Configuration option metadata/pvmetadatacopies. + # Number of copies of metadata to store on each PV. + # The --pvmetadatacopies option overrides this setting. + # + # Accepted values: + # 2 + # Two copies of the VG metadata are stored on the PV, one at the + # front of the PV, and one at the end. + # 1 + # One copy of VG metadata is stored at the front of the PV. + # 0 + # No copies of VG metadata are stored on the PV. This may be + # useful for VGs containing large numbers of PVs. + # + # This configuration option is advanced. + # This configuration option has an automatic default value. + # pvmetadatacopies = 1 + + # Configuration option metadata/vgmetadatacopies. + # Number of copies of metadata to maintain for each VG. + # The --vgmetadatacopies option overrides this setting. + # If set to a non-zero value, LVM automatically chooses which of the + # available metadata areas to use to achieve the requested number of + # copies of the VG metadata. If you set a value larger than the the + # total number of metadata areas available, then metadata is stored in + # them all. The value 0 (unmanaged) disables this automatic management + # and allows you to control which metadata areas are used at the + # individual PV level using pvchange --metadataignore y|n. + # This configuration option has an automatic default value. + # vgmetadatacopies = 0 + + # Configuration option metadata/pvmetadatasize. + # The default size of the metadata area in units of 512 byte sectors. + # The metadata area begins at an offset of the page size from the start + # of the device. The first PE is by default at 1 MiB from the start of + # the device. The space between these is the default metadata area size. + # The actual size of the metadata area may be larger than what is set + # here due to default_data_alignment making the first PE a MiB multiple. + # The metadata area begins with a 512 byte header and is followed by a + # circular buffer used for VG metadata text. The maximum size of the VG + # metadata is about half the size of the metadata buffer. VGs with large + # numbers of PVs or LVs, or VGs containing complex LV structures, may need + # additional space for VG metadata. The --metadatasize option overrides + # this setting. + # This configuration option does not have a default value defined. + + # Configuration option metadata/pvmetadataignore. + # Ignore metadata areas on a new PV. + # The --metadataignore option overrides this setting. + # If metadata areas on a PV are ignored, LVM will not store metadata + # in them. + # This configuration option is advanced. + # This configuration option has an automatic default value. + # pvmetadataignore = 0 + + # Configuration option metadata/stripesize. + # This configuration option is advanced. + # This configuration option has an automatic default value. + # stripesize = 64 +# } + +# Configuration section report. +# LVM report command output formatting. +# This configuration section has an automatic default value. +# report { + + # Configuration option report/output_format. + # Format of LVM command's report output. + # If there is more than one report per command, then the format + # is applied for all reports. You can also change output format + # directly on command line using --reportformat option which + # has precedence over log/output_format setting. + # Accepted values: + # basic + # Original format with columns and rows. If there is more than + # one report per command, each report is prefixed with report's + # name for identification. + # json + # JSON format. + # This configuration option has an automatic default value. + # output_format = "basic" + + # Configuration option report/compact_output. + # Do not print empty values for all report fields. + # If enabled, all fields that don't have a value set for any of the + # rows reported are skipped and not printed. Compact output is + # applicable only if report/buffered is enabled. If you need to + # compact only specified fields, use compact_output=0 and define + # report/compact_output_cols configuration setting instead. + # This configuration option has an automatic default value. + # compact_output = 0 + + # Configuration option report/compact_output_cols. + # Do not print empty values for specified report fields. + # If defined, specified fields that don't have a value set for any + # of the rows reported are skipped and not printed. Compact output + # is applicable only if report/buffered is enabled. If you need to + # compact all fields, use compact_output=1 instead in which case + # the compact_output_cols setting is then ignored. + # This configuration option has an automatic default value. + # compact_output_cols = "" + + # Configuration option report/aligned. + # Align columns in report output. + # This configuration option has an automatic default value. + # aligned = 1 + + # Configuration option report/buffered. + # Buffer report output. + # When buffered reporting is used, the report's content is appended + # incrementally to include each object being reported until the report + # is flushed to output which normally happens at the end of command + # execution. Otherwise, if buffering is not used, each object is + # reported as soon as its processing is finished. + # This configuration option has an automatic default value. + # buffered = 1 + + # Configuration option report/headings. + # Show headings for columns on report. + # This configuration option has an automatic default value. + # headings = 1 + + # Configuration option report/separator. + # A separator to use on report after each field. + # This configuration option has an automatic default value. + # separator = " " + + # Configuration option report/list_item_separator. + # A separator to use for list items when reported. + # This configuration option has an automatic default value. + # list_item_separator = "," + + # Configuration option report/prefixes. + # Use a field name prefix for each field reported. + # This configuration option has an automatic default value. + # prefixes = 0 + + # Configuration option report/quoted. + # Quote field values when using field name prefixes. + # This configuration option has an automatic default value. + # quoted = 1 + + # Configuration option report/columns_as_rows. + # Output each column as a row. + # If set, this also implies report/prefixes=1. + # This configuration option has an automatic default value. + # columns_as_rows = 0 + + # Configuration option report/binary_values_as_numeric. + # Use binary values 0 or 1 instead of descriptive literal values. + # For columns that have exactly two valid values to report + # (not counting the 'unknown' value which denotes that the + # value could not be determined). + # This configuration option has an automatic default value. + # binary_values_as_numeric = 0 + + # Configuration option report/time_format. + # Set time format for fields reporting time values. + # Format specification is a string which may contain special character + # sequences and ordinary character sequences. Ordinary character + # sequences are copied verbatim. Each special character sequence is + # introduced by the '%' character and such sequence is then + # substituted with a value as described below. + # + # Accepted values: + # %a + # The abbreviated name of the day of the week according to the + # current locale. + # %A + # The full name of the day of the week according to the current + # locale. + # %b + # The abbreviated month name according to the current locale. + # %B + # The full month name according to the current locale. + # %c + # The preferred date and time representation for the current + # locale (alt E) + # %C + # The century number (year/100) as a 2-digit integer. (alt E) + # %d + # The day of the month as a decimal number (range 01 to 31). + # (alt O) + # %D + # Equivalent to %m/%d/%y. (For Americans only. Americans should + # note that in other countries%d/%m/%y is rather common. This + # means that in international context this format is ambiguous and + # should not be used. + # %e + # Like %d, the day of the month as a decimal number, but a leading + # zero is replaced by a space. (alt O) + # %E + # Modifier: use alternative local-dependent representation if + # available. + # %F + # Equivalent to %Y-%m-%d (the ISO 8601 date format). + # %G + # The ISO 8601 week-based year with century as adecimal number. + # The 4-digit year corresponding to the ISO week number (see %V). + # This has the same format and value as %Y, except that if the + # ISO week number belongs to the previous or next year, that year + # is used instead. + # %g + # Like %G, but without century, that is, with a 2-digit year + # (00-99). + # %h + # Equivalent to %b. + # %H + # The hour as a decimal number using a 24-hour clock + # (range 00 to 23). (alt O) + # %I + # The hour as a decimal number using a 12-hour clock + # (range 01 to 12). (alt O) + # %j + # The day of the year as a decimal number (range 001 to 366). + # %k + # The hour (24-hour clock) as a decimal number (range 0 to 23); + # single digits are preceded by a blank. (See also %H.) + # %l + # The hour (12-hour clock) as a decimal number (range 1 to 12); + # single digits are preceded by a blank. (See also %I.) + # %m + # The month as a decimal number (range 01 to 12). (alt O) + # %M + # The minute as a decimal number (range 00 to 59). (alt O) + # %O + # Modifier: use alternative numeric symbols. + # %p + # Either "AM" or "PM" according to the given time value, + # or the corresponding strings for the current locale. Noon is + # treated as "PM" and midnight as "AM". + # %P + # Like %p but in lowercase: "am" or "pm" or a corresponding + # string for the current locale. + # %r + # The time in a.m. or p.m. notation. In the POSIX locale this is + # equivalent to %I:%M:%S %p. + # %R + # The time in 24-hour notation (%H:%M). For a version including + # the seconds, see %T below. + # %s + # The number of seconds since the Epoch, + # 1970-01-01 00:00:00 +0000 (UTC) + # %S + # The second as a decimal number (range 00 to 60). (The range is + # up to 60 to allow for occasional leap seconds.) (alt O) + # %t + # A tab character. + # %T + # The time in 24-hour notation (%H:%M:%S). + # %u + # The day of the week as a decimal, range 1 to 7, Monday being 1. + # See also %w. (alt O) + # %U + # The week number of the current year as a decimal number, + # range 00 to 53, starting with the first Sunday as the first + # day of week 01. See also %V and %W. (alt O) + # %V + # The ISO 8601 week number of the current year as a decimal number, + # range 01 to 53, where week 1 is the first week that has at least + # 4 days in the new year. See also %U and %W. (alt O) + # %w + # The day of the week as a decimal, range 0 to 6, Sunday being 0. + # See also %u. (alt O) + # %W + # The week number of the current year as a decimal number, + # range 00 to 53, starting with the first Monday as the first day + # of week 01. (alt O) + # %x + # The preferred date representation for the current locale without + # the time. (alt E) + # %X + # The preferred time representation for the current locale without + # the date. (alt E) + # %y + # The year as a decimal number without a century (range 00 to 99). + # (alt E, alt O) + # %Y + # The year as a decimal number including the century. (alt E) + # %z + # The +hhmm or -hhmm numeric timezone (that is, the hour and minute + # offset from UTC). + # %Z + # The timezone name or abbreviation. + # %% + # A literal '%' character. + # + # This configuration option has an automatic default value. + # time_format = "%Y-%m-%d %T %z" + + # Configuration option report/devtypes_sort. + # List of columns to sort by when reporting 'lvm devtypes' command. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_sort = "devtype_name" + + # Configuration option report/devtypes_cols. + # List of columns to report for 'lvm devtypes' command. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_cols = "devtype_name,devtype_max_partitions,devtype_description" + + # Configuration option report/devtypes_cols_verbose. + # List of columns to report for 'lvm devtypes' command in verbose mode. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_cols_verbose = "devtype_name,devtype_max_partitions,devtype_description" + + # Configuration option report/lvs_sort. + # List of columns to sort by when reporting 'lvs' command. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_sort = "vg_name,lv_name" + + # Configuration option report/lvs_cols. + # List of columns to report for 'lvs' command. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols = "lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv" + + # Configuration option report/lvs_cols_verbose. + # List of columns to report for 'lvs' command in verbose mode. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols_verbose = "lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile" + + # Configuration option report/vgs_sort. + # List of columns to sort by when reporting 'vgs' command. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_sort = "vg_name" + + # Configuration option report/vgs_cols. + # List of columns to report for 'vgs' command. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols = "vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free" + + # Configuration option report/vgs_cols_verbose. + # List of columns to report for 'vgs' command in verbose mode. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols_verbose = "vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile" + + # Configuration option report/pvs_sort. + # List of columns to sort by when reporting 'pvs' command. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_sort = "pv_name" + + # Configuration option report/pvs_cols. + # List of columns to report for 'pvs' command. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free" + + # Configuration option report/pvs_cols_verbose. + # List of columns to report for 'pvs' command in verbose mode. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid" + + # Configuration option report/segs_sort. + # List of columns to sort by when reporting 'lvs --segments' command. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_sort = "vg_name,lv_name,seg_start" + + # Configuration option report/segs_cols. + # List of columns to report for 'lvs --segments' command. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols = "lv_name,vg_name,lv_attr,stripes,segtype,seg_size" + + # Configuration option report/segs_cols_verbose. + # List of columns to report for 'lvs --segments' command in verbose mode. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols_verbose = "lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize" + + # Configuration option report/pvsegs_sort. + # List of columns to sort by when reporting 'pvs --segments' command. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_sort = "pv_name,pvseg_start" + + # Configuration option report/pvsegs_cols. + # List of columns to sort by when reporting 'pvs --segments' command. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size" + + # Configuration option report/pvsegs_cols_verbose. + # List of columns to sort by when reporting 'pvs --segments' command in verbose mode. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges" + + # Configuration option report/vgs_cols_full. + # List of columns to report for lvm fullreport's 'vgs' subreport. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols_full = "vg_all" + + # Configuration option report/pvs_cols_full. + # List of columns to report for lvm fullreport's 'vgs' subreport. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols_full = "pv_all" + + # Configuration option report/lvs_cols_full. + # List of columns to report for lvm fullreport's 'lvs' subreport. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols_full = "lv_all" + + # Configuration option report/pvsegs_cols_full. + # List of columns to report for lvm fullreport's 'pvseg' subreport. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols_full = "pvseg_all,pv_uuid,lv_uuid" + + # Configuration option report/segs_cols_full. + # List of columns to report for lvm fullreport's 'seg' subreport. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols_full = "seg_all,lv_uuid" + + # Configuration option report/vgs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_sort_full = "vg_name" + + # Configuration option report/pvs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_sort_full = "pv_name" + + # Configuration option report/lvs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'lvs' subreport. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_sort_full = "vg_name,lv_name" + + # Configuration option report/pvsegs_sort_full. + # List of columns to sort by when reporting for lvm fullreport's 'pvseg' subreport. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_sort_full = "pv_uuid,pvseg_start" + + # Configuration option report/segs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'seg' subreport. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_sort_full = "lv_uuid,seg_start" + + # Configuration option report/mark_hidden_devices. + # Use brackets [] to mark hidden devices. + # This configuration option has an automatic default value. + # mark_hidden_devices = 1 + + # Configuration option report/two_word_unknown_device. + # Use the two words 'unknown device' in place of '[unknown]'. + # This is displayed when the device for a PV is not known. + # This configuration option has an automatic default value. + # two_word_unknown_device = 0 +# } + +# Configuration section dmeventd. +# Settings for the LVM event daemon. +dmeventd { + + # Configuration option dmeventd/mirror_library. + # The library dmeventd uses when monitoring a mirror device. + # libdevmapper-event-lvm2mirror.so attempts to recover from + # failures. It removes failed devices from a volume group and + # reconfigures a mirror as necessary. If no mirror library is + # provided, mirrors are not monitored through dmeventd. + mirror_library = "libdevmapper-event-lvm2mirror.so" + + # Configuration option dmeventd/raid_library. + # This configuration option has an automatic default value. + # raid_library = "libdevmapper-event-lvm2raid.so" + + # Configuration option dmeventd/snapshot_library. + # The library dmeventd uses when monitoring a snapshot device. + # libdevmapper-event-lvm2snapshot.so monitors the filling of snapshots + # and emits a warning through syslog when the usage exceeds 80%. The + # warning is repeated when 85%, 90% and 95% of the snapshot is filled. + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + + # Configuration option dmeventd/thin_library. + # The library dmeventd uses when monitoring a thin device. + # libdevmapper-event-lvm2thin.so monitors the filling of a pool + # and emits a warning through syslog when the usage exceeds 80%. The + # warning is repeated when 85%, 90% and 95% of the pool is filled. + thin_library = "libdevmapper-event-lvm2thin.so" + + # Configuration option dmeventd/thin_command. + # The plugin runs command with each 5% increment when thin-pool data volume + # or metadata volume gets above 50%. + # Command which starts with 'lvm ' prefix is internal lvm command. + # You can write your own handler to customise behaviour in more details. + # User handler is specified with the full path starting with '/'. + # This configuration option has an automatic default value. + # thin_command = "lvm lvextend --use-policies" + + # Configuration option dmeventd/vdo_library. + # The library dmeventd uses when monitoring a VDO pool device. + # libdevmapper-event-lvm2vdo.so monitors the filling of a pool + # and emits a warning through syslog when the usage exceeds 80%. The + # warning is repeated when 85%, 90% and 95% of the pool is filled. + # This configuration option has an automatic default value. + # vdo_library = "libdevmapper-event-lvm2vdo.so" + + # Configuration option dmeventd/vdo_command. + # The plugin runs command with each 5% increment when VDO pool volume + # gets above 50%. + # Command which starts with 'lvm ' prefix is internal lvm command. + # You can write your own handler to customise behaviour in more details. + # User handler is specified with the full path starting with '/'. + # This configuration option has an automatic default value. + # vdo_command = "lvm lvextend --use-policies" + + # Configuration option dmeventd/executable. + # The full path to the dmeventd binary. + # This configuration option has an automatic default value. + # executable = "/sbin/dmeventd" +} + +# Configuration section tags. +# Host tag settings. +# This configuration section has an automatic default value. +# tags { + + # Configuration option tags/hosttags. + # Create a host tag using the machine name. + # The machine name is nodename returned by uname(2). + # This configuration option has an automatic default value. + # hosttags = 0 + + # Configuration section tags/. + # Replace this subsection name with a custom tag name. + # Multiple subsections like this can be created. The '@' prefix for + # tags is optional. This subsection can contain host_list, which is a + # list of machine names. If the name of the local machine is found in + # host_list, then the name of this subsection is used as a tag and is + # applied to the local machine as a 'host tag'. If this subsection is + # empty (has no host_list), then the subsection name is always applied + # as a 'host tag'. + # + # Example + # The host tag foo is given to all hosts, and the host tag + # bar is given to the hosts named machine1 and machine2. + # tags { foo { } bar { host_list = [ "machine1", "machine2" ] } } + # + # This configuration section has variable name. + # This configuration section has an automatic default value. + # tag { + + # Configuration option tags//host_list. + # A list of machine names. + # These machine names are compared to the nodename returned + # by uname(2). If the local machine name matches an entry in + # this list, the name of the subsection is applied to the + # machine as a 'host tag'. + # This configuration option does not have a default value defined. + # } +# } diff --git a/etc/lvm/lvmlocal.conf b/etc/lvm/lvmlocal.conf new file mode 100644 index 0000000..2fe6446 --- /dev/null +++ b/etc/lvm/lvmlocal.conf @@ -0,0 +1,57 @@ +# This is a local configuration file template for the LVM2 system +# which should be installed as /etc/lvm/lvmlocal.conf . +# +# Refer to 'man lvm.conf' for information about the file layout. +# +# To put this file in a different directory and override +# /etc/lvm set the environment variable LVM_SYSTEM_DIR before +# running the tools. +# +# The lvmlocal.conf file is normally expected to contain only the +# "local" section which contains settings that should not be shared or +# repeated among different hosts. (But if other sections are present, +# they *will* get processed. Settings in this file override equivalent +# ones in lvm.conf and are in turn overridden by ones in any enabled +# lvm_.conf files.) +# +# Please take care that each setting only appears once if uncommenting +# example settings in this file and never copy this file between hosts. + + +# Configuration section local. +# LVM settings that are specific to the local host. +local { + + # Configuration option local/system_id. + # Defines the local system ID for lvmlocal mode. + # This is used when global/system_id_source is set to 'lvmlocal' in the + # main configuration file, e.g. lvm.conf. When used, it must be set to + # a unique value among all hosts sharing access to the storage, + # e.g. a host name. + # + # Example + # Set no system ID: + # system_id = "" + # Set the system_id to a specific name: + # system_id = "host1" + # + # This configuration option has an automatic default value. + # system_id = "" + + # Configuration option local/extra_system_ids. + # A list of extra VG system IDs the local host can access. + # VGs with the system IDs listed here (in addition to the host's own + # system ID) can be fully accessed by the local host. (These are + # system IDs that the host sees in VGs, not system IDs that identify + # the local host, which is determined by system_id_source.) + # Use this only after consulting 'man lvmsystemid' to be certain of + # correct usage and possible dangers. + # This configuration option does not have a default value defined. + + # Configuration option local/host_id. + # The lvmlockd sanlock host_id. + # This must be unique among all hosts, and must be between 1 and 2000. + # Applicable only if LVM is compiled with lockd support + # This configuration option has an automatic default value. + # host_id = 0 +} diff --git a/etc/lvm/profile/cache-mq.profile b/etc/lvm/profile/cache-mq.profile new file mode 100644 index 0000000..3c90331 --- /dev/null +++ b/etc/lvm/profile/cache-mq.profile @@ -0,0 +1,20 @@ +# Demo configuration 'mq' cache policy +# +# Note: This policy has been deprecated in favor of the smq policy +# keyword "default" means, setting is left with kernel defaults. +# + +allocation { + cache_pool_chunk_size = 64 + cache_mode = "writethrough" + cache_policy = "mq" + cache_settings { + mq { + sequential_threshold = "default" # #nr_sequential_ios + random_threshold = "default" # #nr_random_ios + read_promote_adjustment = "default" + write_promote_adjustment = "default" + discard_promote_adjustment = "default" + } + } +} diff --git a/etc/lvm/profile/cache-smq.profile b/etc/lvm/profile/cache-smq.profile new file mode 100644 index 0000000..c457481 --- /dev/null +++ b/etc/lvm/profile/cache-smq.profile @@ -0,0 +1,14 @@ +# Demo configuration 'smq' cache policy +# +# The stochastic multi-queue (smq) policy addresses some of the problems +# with the multiqueue (mq) policy and uses less memory. +# + +allocation { + cache_pool_chunk_size = 64 + cache_mode = "writethrough" + cache_policy = "smq" + cache_settings { + # currently no settings for "smq" policy + } +} diff --git a/etc/lvm/profile/command_profile_template.profile b/etc/lvm/profile/command_profile_template.profile new file mode 100644 index 0000000..bf56799 --- /dev/null +++ b/etc/lvm/profile/command_profile_template.profile @@ -0,0 +1,74 @@ +# This is a command profile template for the LVM2 system. +# +# It contains all configuration settings that are customizable by command +# profiles. To create a new command profile, select the settings you want +# to customize and add them in a new file named .profile. +# Then install the new profile in a directory as defined by config/profile_dir +# setting found in /etc/lvm/lvm.conf file. +# +# Command profiles can be referenced by using the --commandprofile option then. +# +# Refer to 'man lvm.conf' for further information about profiles and +# general configuration file layout. +# +allocation { + cache_mode="writethrough" + cache_settings { + } +} +log { + report_command_log=0 + command_log_sort="log_seq_num" + command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code" + command_log_selection="!(log_type=status && message=success)" +} +global { + units="h" + si_unit_consistency=1 + suffix=1 + lvdisplay_shows_full_device_path=0 +} +report { + output_format="basic" + compact_output=0 + compact_output_cols="" + aligned=1 + buffered=1 + headings=1 + separator=" " + list_item_separator="," + prefixes=0 + quoted=1 + columns_as_rows=0 + binary_values_as_numeric=0 + time_format="%Y-%m-%d %T %z" + devtypes_sort="devtype_name" + devtypes_cols="devtype_name,devtype_max_partitions,devtype_description" + devtypes_cols_verbose="devtype_name,devtype_max_partitions,devtype_description" + lvs_sort="vg_name,lv_name" + lvs_cols="lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv" + lvs_cols_verbose="lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile" + vgs_sort="vg_name" + vgs_cols="vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free" + vgs_cols_verbose="vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile" + pvs_sort="pv_name" + pvs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free" + pvs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid" + segs_sort="vg_name,lv_name,seg_start" + segs_cols="lv_name,vg_name,lv_attr,stripes,segtype,seg_size" + segs_cols_verbose="lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize" + pvsegs_sort="pv_name,pvseg_start" + pvsegs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size" + pvsegs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges" + vgs_cols_full="vg_all" + pvs_cols_full="pv_all" + lvs_cols_full="lv_all" + pvsegs_cols_full="pvseg_all,pv_uuid,lv_uuid" + segs_cols_full="seg_all,lv_uuid" + vgs_sort_full="vg_name" + pvs_sort_full="pv_name" + lvs_sort_full="vg_name,lv_name" + pvsegs_sort_full="pv_uuid,pvseg_start" + segs_sort_full="lv_uuid,seg_start" + mark_hidden_devices=1 +} diff --git a/etc/lvm/profile/lvmdbusd.profile b/etc/lvm/profile/lvmdbusd.profile new file mode 100644 index 0000000..2cdc6da --- /dev/null +++ b/etc/lvm/profile/lvmdbusd.profile @@ -0,0 +1,50 @@ +# +# DO NOT EDIT THIS FILE! +# +# LVM configuration profile used by lvmdbusd daemon. +# +# This sets up LVM to produce output in the most suitable format for processing +# by lvmdbusd daemon which utilizes LVM shell to execute LVM commands. +# +# Do not edit this file in any way. This profile is distributed together with +# lvmdbusd and it contains configuration that is important for lvmdbusd to +# cooperate and interface with LVM correctly. +# + +global { + # use bytes for expected and deterministic output + units=b + # no need for suffix if we have units set + suffix=0 +} + +report { + compact_output=0 + compact_output_cols="" + binary_values_as_numeric=0 + # time in number of seconds since the Epoch + time_format="%s" + mark_hidden_devices=1 + # lvmdbusd expects JSON output + output_format=json + # *_cols_full for lvm fullreport's fields which lvmdbusd relies on to update its state + vgs_cols_full="vg_name,vg_uuid,vg_fmt,vg_size,vg_free,vg_sysid,vg_extent_size,vg_extent_count,vg_free_count,vg_profile,max_lv,max_pv,pv_count,lv_count,snap_count,vg_seqno,vg_mda_count,vg_mda_free,vg_mda_size,vg_mda_used_count,vg_attr,vg_tags" + pvs_cols_full="pv_name,pv_uuid,pv_fmt,pv_size,pv_free,pv_used,dev_size,pv_mda_size,pv_mda_free,pv_ba_start,pv_ba_size,pe_start,pv_pe_count,pv_pe_alloc_count,pv_attr,pv_tags,vg_name,vg_uuid" + lvs_cols_full="lv_uuid,lv_name,lv_path,lv_size,vg_name,pool_lv_uuid,pool_lv,origin_uuid,origin,data_percent,lv_attr,lv_tags,vg_uuid,lv_active,data_lv,metadata_lv,lv_parent,lv_role,lv_layout" + pvsegs_cols_full="pvseg_start,pvseg_size,segtype,pv_uuid,lv_uuid,pv_name" + segs_cols_full="seg_pe_ranges,segtype,lv_uuid" + vgs_sort_full="vg_name" + pvs_sort_full="pv_name" + lvs_sort_full="vg_name,lv_name" + pvsegs_sort_full="pv_uuid,pvseg_start" + segs_sort_full="lv_uuid,seg_start" +} + +log { + # lvmdbusd relies on command log report to inspect LVM command's execution status + report_command_log=1 + # display only outermost LVM shell-related log that lvmdbusd inspects first after LVM command execution (it calls 'lastlog' for more detailed log afterwards if needed) + command_log_selection="log_context=shell" + command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code" + command_log_sort="log_seq_num" +} diff --git a/etc/lvm/profile/metadata_profile_template.profile b/etc/lvm/profile/metadata_profile_template.profile new file mode 100644 index 0000000..5836a63 --- /dev/null +++ b/etc/lvm/profile/metadata_profile_template.profile @@ -0,0 +1,24 @@ +# This is a metadata profile template for the LVM2 system. +# +# It contains all configuration settings that are customizable by metadata +# profiles. To create a new metadata profile, select the settings you want +# to customize and add them in a new file named .profile. +# Then install the new profile in a directory as defined by config/profile_dir +# setting found in /etc/lvm/lvm.conf file. +# +# Metadata profiles can be referenced by using the --metadataprofile LVM2 +# command line option. +# +# Refer to 'man lvm.conf' for further information about profiles and +# general configuration file layout. +# +allocation { + thin_pool_zero=1 + thin_pool_discards="passdown" + thin_pool_chunk_size_policy="generic" +# thin_pool_chunk_size=128 +} +activation { + thin_pool_autoextend_threshold=100 + thin_pool_autoextend_percent=20 +} diff --git a/etc/lvm/profile/thin-generic.profile b/etc/lvm/profile/thin-generic.profile new file mode 100644 index 0000000..229a7fc --- /dev/null +++ b/etc/lvm/profile/thin-generic.profile @@ -0,0 +1,4 @@ +allocation { + thin_pool_chunk_size_policy = "generic" + thin_pool_zero = 1 +} diff --git a/etc/lvm/profile/thin-performance.profile b/etc/lvm/profile/thin-performance.profile new file mode 100644 index 0000000..2914de2 --- /dev/null +++ b/etc/lvm/profile/thin-performance.profile @@ -0,0 +1,4 @@ +allocation { + thin_pool_chunk_size_policy = "performance" + thin_pool_zero = 0 +} diff --git a/etc/lvm/profile/vdo-small.profile b/etc/lvm/profile/vdo-small.profile new file mode 100644 index 0000000..2044fc2 --- /dev/null +++ b/etc/lvm/profile/vdo-small.profile @@ -0,0 +1,24 @@ +# Demo configuration for 'VDO' using less memory. +# ~lvmconfig --type full | grep vdo + +allocation { + vdo_use_compression=1 + vdo_use_deduplication=1 + vdo_use_metadata_hints=1 + vdo_minimum_io_size=4096 + vdo_block_map_cache_size_mb=128 + vdo_block_map_period=16380 + vdo_check_point_frequency=0 + vdo_use_sparse_index=0 + vdo_index_memory_size_mb=256 + vdo_slab_size_mb=2048 + vdo_ack_threads=1 + vdo_bio_threads=1 + vdo_bio_rotation=64 + vdo_cpu_threads=2 + vdo_hash_zone_threads=1 + vdo_logical_threads=1 + vdo_physical_threads=1 + vdo_write_policy="auto" + vdo_max_discard=1 +} diff --git a/etc/machine-id b/etc/machine-id new file mode 100644 index 0000000..fd6f700 --- /dev/null +++ b/etc/machine-id @@ -0,0 +1 @@ +2d2af241f7a8487eb0c9b8fad347cb9f diff --git a/etc/magic b/etc/magic new file mode 100644 index 0000000..283a863 --- /dev/null +++ b/etc/magic @@ -0,0 +1,3 @@ +# Magic local data for file(1) command. +# Insert here your local magic data. Format is described in magic(5). + diff --git a/etc/magic.mime b/etc/magic.mime new file mode 100644 index 0000000..283a863 --- /dev/null +++ b/etc/magic.mime @@ -0,0 +1,3 @@ +# Magic local data for file(1) command. +# Insert here your local magic data. Format is described in magic(5). + diff --git a/etc/mailcap b/etc/mailcap new file mode 100644 index 0000000..ad26a5a --- /dev/null +++ b/etc/mailcap @@ -0,0 +1,66 @@ +############################################################################### +# +# MIME media types and programs that process those types +# +# Much of this file is generated automatically by the program "update-mime". +# Please see the "update-mime" man page for more information. +# +# Users can add their own rules if they wish by creating a ".mailcap" +# file in their home directory. Entries included there will take +# precedence over those listed here. +# +############################################################################### + + +############################################################################### +# +# User section follows: Any entries included in this section will take +# precedence over those created by "update-mime". DO NOT CHANGE the +# "User Section Begins" and "User Section Ends" lines, or anything outside +# of this section! +# + +# ----- User Section Begins ----- # +# ----- User Section Ends ----- # + +############################################################################### + +text/plain; less '%s'; needsterminal +application/x-troff-man; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page +text/troff; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page +application/x-troff-man; /usr/bin/man -l '%s'; needsterminal; description=Man page +text/troff; /usr/bin/man -l '%s'; needsterminal; description=Man page +text/html; /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s.html +application/x-troff-man; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- +text/troff; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- +application/x-info; /usr/bin/info -f '%s'; needsterminal; description=GNU Info document +text/plain; more %s; needsterminal +x-scheme-handler/snap; /usr/bin/snap handle-link %s; test=test -n "$DISPLAY" +text/english; vim %s; needsterminal +text/plain; vim %s; needsterminal +text/x-makefile; vim %s; needsterminal +text/x-c++hdr; vim %s; needsterminal +text/x-c++src; vim %s; needsterminal +text/x-chdr; vim %s; needsterminal +text/x-csrc; vim %s; needsterminal +text/x-java; vim %s; needsterminal +text/x-moc; vim %s; needsterminal +text/x-pascal; vim %s; needsterminal +text/x-tcl; vim %s; needsterminal +text/x-tex; vim %s; needsterminal +application/x-shellscript; vim %s; needsterminal +text/x-c; vim %s; needsterminal +text/x-c++; vim %s; needsterminal +text/plain; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal +text/plain; view %s; edit=vi %s; compose=vi %s; needsterminal +application/x-troff-man; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page +text/troff; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page +text/*; less '%s'; needsterminal +text/*; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal +application/x-info; /usr/bin/info --subnodes -o /dev/stdout -f '%s' 2>/dev/null; copiousoutput; description=GNU Info document +application/x-tar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-gtar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-ustar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput +text/*; more %s; needsterminal +text/*; view %s; edit=vi %s; compose=vi %s; needsterminal +application/vnd.debian.binary-package; /usr/lib/mime/debian-view %s; needsterminal; description=Debian GNU/Linux Package; nametemplate=%s.deb diff --git a/etc/mailcap.order b/etc/mailcap.order new file mode 100644 index 0000000..7f38c23 --- /dev/null +++ b/etc/mailcap.order @@ -0,0 +1,10 @@ +############################################################################### +# +# Mailcap.order: This file allows a system-wide override of MIME program +# preferences. See the mailcap.order(5) man page for more information. +# +# After modifying this file, be sure to run /usr/sbin/update-mime (as root) +# to propagate the changes into the /etc/mailcap file. +# +################################################################################ + diff --git a/etc/manpath.config b/etc/manpath.config new file mode 100644 index 0000000..7c2792e --- /dev/null +++ b/etc/manpath.config @@ -0,0 +1,132 @@ +# manpath.config +# +# This file is used by the man-db package to configure the man and cat paths. +# It is also used to provide a manpath for those without one by examining +# their PATH environment variable. For details see the manpath(5) man page. +# +# Lines beginning with `#' are comments and are ignored. Any combination of +# tabs or spaces may be used as `whitespace' separators. +# +# There are three mappings allowed in this file: +# -------------------------------------------------------- +# MANDATORY_MANPATH manpath_element +# MANPATH_MAP path_element manpath_element +# MANDB_MAP global_manpath [relative_catpath] +#--------------------------------------------------------- +# every automatically generated MANPATH includes these fields +# +#MANDATORY_MANPATH /usr/src/pvm3/man +# +MANDATORY_MANPATH /usr/man +MANDATORY_MANPATH /usr/share/man +MANDATORY_MANPATH /usr/local/share/man +#--------------------------------------------------------- +# set up PATH to MANPATH mapping +# ie. what man tree holds man pages for what binary directory. +# +# *PATH* -> *MANPATH* +# +MANPATH_MAP /bin /usr/share/man +MANPATH_MAP /usr/bin /usr/share/man +MANPATH_MAP /sbin /usr/share/man +MANPATH_MAP /usr/sbin /usr/share/man +MANPATH_MAP /usr/local/bin /usr/local/man +MANPATH_MAP /usr/local/bin /usr/local/share/man +MANPATH_MAP /usr/local/sbin /usr/local/man +MANPATH_MAP /usr/local/sbin /usr/local/share/man +MANPATH_MAP /usr/X11R6/bin /usr/X11R6/man +MANPATH_MAP /usr/bin/X11 /usr/X11R6/man +MANPATH_MAP /usr/games /usr/share/man +MANPATH_MAP /opt/bin /opt/man +MANPATH_MAP /opt/sbin /opt/man +#--------------------------------------------------------- +# For a manpath element to be treated as a system manpath (as most of those +# above should normally be), it must be mentioned below. Each line may have +# an optional extra string indicating the catpath associated with the +# manpath. If no catpath string is used, the catpath will default to the +# given manpath. +# +# You *must* provide all system manpaths, including manpaths for alternate +# operating systems, locale specific manpaths, and combinations of both, if +# they exist, otherwise the permissions of the user running man/mandb will +# be used to manipulate the manual pages. Also, mandb will not initialise +# the database cache for any manpaths not mentioned below unless explicitly +# requested to do so. +# +# In a per-user configuration file, this directive only controls the +# location of catpaths and the creation of database caches; it has no effect +# on privileges. +# +# Any manpaths that are subdirectories of other manpaths must be mentioned +# *before* the containing manpath. E.g. /usr/man/preformat must be listed +# before /usr/man. +# +# *MANPATH* -> *CATPATH* +# +MANDB_MAP /usr/man /var/cache/man/fsstnd +MANDB_MAP /usr/share/man /var/cache/man +MANDB_MAP /usr/local/man /var/cache/man/oldlocal +MANDB_MAP /usr/local/share/man /var/cache/man/local +MANDB_MAP /usr/X11R6/man /var/cache/man/X11R6 +MANDB_MAP /opt/man /var/cache/man/opt +MANDB_MAP /snap/man /var/cache/man/snap +# +#--------------------------------------------------------- +# Program definitions. These are commented out by default as the value +# of the definition is already the default. To change: uncomment a +# definition and modify it. +# +#DEFINE pager pager +#DEFINE cat cat +#DEFINE tr tr '\255\267\264\327' '\055\157\047\170' +#DEFINE grep grep +#DEFINE troff groff -mandoc +#DEFINE nroff nroff -mandoc +#DEFINE eqn eqn +#DEFINE neqn neqn +#DEFINE tbl tbl +#DEFINE col col +#DEFINE vgrind vgrind +#DEFINE refer refer +#DEFINE grap grap +#DEFINE pic pic -S +# +#DEFINE compressor gzip -c7 +#--------------------------------------------------------- +# Misc definitions: same as program definitions above. +# +#DEFINE whatis_grep_flags -i +#DEFINE apropos_grep_flags -iEw +#DEFINE apropos_regex_grep_flags -iE +#--------------------------------------------------------- +# Section names. Manual sections will be searched in the order listed here; +# the default is 1, n, l, 8, 3, 0, 2, 5, 4, 9, 6, 7. Multiple SECTION +# directives may be given for clarity, and will be concatenated together in +# the expected way. +# If a particular extension is not in this list (say, 1mh), it will be +# displayed with the rest of the section it belongs to. The effect of this +# is that you only need to explicitly list extensions if you want to force a +# particular order. Sections with extensions should usually be adjacent to +# their main section (e.g. "1 1mh 8 ..."). +# +SECTION 1 n l 8 3 2 3posix 3pm 3perl 3am 5 4 9 6 7 +# +#--------------------------------------------------------- +# Range of terminal widths permitted when displaying cat pages. If the +# terminal falls outside this range, cat pages will not be created (if +# missing) or displayed. +# +#MINCATWIDTH 80 +#MAXCATWIDTH 80 +# +# If CATWIDTH is set to a non-zero number, cat pages will always be +# formatted for a terminal of the given width, regardless of the width of +# the terminal actually being used. This should generally be within the +# range set by MINCATWIDTH and MAXCATWIDTH. +# +#CATWIDTH 0 +# +#--------------------------------------------------------- +# Flags. +# NOCACHE keeps man from creating cat pages. +#NOCACHE diff --git a/etc/mdadm/mdadm.conf b/etc/mdadm/mdadm.conf new file mode 100644 index 0000000..481c472 --- /dev/null +++ b/etc/mdadm/mdadm.conf @@ -0,0 +1,22 @@ +# mdadm.conf +# +# !NB! Run update-initramfs -u after updating this file. +# !NB! This will ensure that initramfs has an uptodate copy. +# +# Please refer to mdadm.conf(5) for information about this file. +# + +# by default (built-in), scan all partitions (/proc/partitions) and all +# containers for MD superblocks. alternatively, specify devices to scan, using +# wildcards if desired. +#DEVICE partitions containers + +# automatically tag new arrays as belonging to the local system +HOMEHOST + +# instruct the monitoring daemon where to send mail alerts +MAILADDR root + +# definitions of existing MD arrays + +# This configuration was auto-generated on Fri, 31 Jul 2020 16:29:35 +0000 by mkconf diff --git a/etc/mime.types b/etc/mime.types new file mode 100644 index 0000000..8e26dee --- /dev/null +++ b/etc/mime.types @@ -0,0 +1,846 @@ +############################################################################### +# +# MIME media types and the extensions that represent them. +# +# The format of this file is a media type on the left and zero or more +# filename extensions on the right. Programs using this file will map +# files ending with those extensions to the associated type. +# +# This file is part of the "mime-support" package. Please report a bug using +# the "reportbug" command of the "reportbug" package if you would like new +# types or extensions to be added. +# +# The reason that all types are managed by the mime-support package instead +# allowing individual packages to install types in much the same way as they +# add entries in to the mailcap file is so these types can be referenced by +# other programs (such as a web server) even if the specific support package +# for that type is not installed. +# +# Users can add their own types if they wish by creating a ".mime.types" +# file in their home directory. Definitions included there will take +# precedence over those listed here. +# +############################################################################### + + +application/activemessage +application/andrew-inset ez +application/annodex anx +application/applefile +application/atom+xml atom +application/atomcat+xml atomcat +application/atomicmail +application/atomserv+xml atomsrv +application/batch-SMTP +application/bbolin lin +application/beep+xml +application/cals-1840 +application/commonground +application/cu-seeme cu +application/cybercash +application/davmount+xml davmount +application/dca-rft +application/dec-dx +application/dicom dcm +application/docbook+xml +application/dsptype tsp +application/dvcs +application/ecmascript es +application/edi-consent +application/edi-x12 +application/edifact +application/epub+zip epub +application/eshop +application/font-sfnt otf ttf +application/font-tdpfr pfr +application/font-woff woff +application/futuresplash spl +application/ghostview +application/gzip gz +application/hta hta +application/http +application/hyperstudio +application/iges +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/iotp +application/ipp +application/isup +application/java-archive jar +application/java-serialized-object ser +application/java-vm class +application/javascript js mjs +application/json json +application/ld+json jsonld +application/m3g m3g +application/mac-binhex40 hqx +application/mac-compactpro cpt +application/macwriteii +application/marc +application/mathematica nb nbp +application/mbox mbox +application/ms-tnef +application/msaccess mdb +application/msword doc dot +application/mxf mxf +application/news-message-id +application/news-transmission +application/ocsp-request +application/ocsp-response +application/octet-stream bin deploy msu msp +application/oda oda +application/oebps-package+xml opf +application/ogg ogx +application/onenote one onetoc2 onetmp onepkg +application/parityfec +application/pdf pdf +application/pgp-encrypted pgp +application/pgp-keys key +application/pgp-signature sig +application/pics-rules prf +application/pkcs10 +application/pkcs7-mime +application/pkcs7-signature +application/pkix-cert +application/pkix-crl +application/pkixcmp +application/postscript ps ai eps epsi epsf eps2 eps3 +application/prs.alvestrand.titrax-sheet +application/prs.cww +application/prs.nprend +application/qsig +application/rar rar +application/rdf+xml rdf +application/remote-printing +application/riscos +application/rtf rtf +application/sdp +application/set-payment +application/set-payment-initiation +application/set-registration +application/set-registration-initiation +application/sgml +application/sgml-open-catalog +application/sieve +application/sla stl +application/slate +application/smil+xml smi smil +application/timestamp-query +application/timestamp-reply +application/vemmi +application/wasm wasm +application/whoispp-query +application/whoispp-response +application/wita +application/x400-bp +application/xhtml+xml xhtml xht +application/xml xml xsd +application/xml-dtd +application/xml-external-parsed-entity +application/xslt+xml xsl xslt +application/xspf+xml xspf +application/zip zip +application/vnd.3M.Post-it-Notes +application/vnd.accpac.simply.aso +application/vnd.accpac.simply.imp +application/vnd.acucobol +application/vnd.aether.imp +application/vnd.android.package-archive apk +application/vnd.anser-web-certificate-issue-initiation +application/vnd.anser-web-funds-transfer-initiation +application/vnd.audiograph +application/vnd.bmi +application/vnd.businessobjects +application/vnd.canon-cpdl +application/vnd.canon-lips +application/vnd.cinderella cdy +application/vnd.claymore +application/vnd.commerce-battelle +application/vnd.commonspace +application/vnd.comsocaller +application/vnd.contact.cmsg +application/vnd.cosmocaller +application/vnd.ctc-posml +application/vnd.cups-postscript +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.cybank +application/vnd.debian.binary-package deb ddeb udeb +application/vnd.dna +application/vnd.dpgraph +application/vnd.dxr +application/vnd.ecdis-update +application/vnd.ecowin.chart +application/vnd.ecowin.filerequest +application/vnd.ecowin.fileupdate +application/vnd.ecowin.series +application/vnd.ecowin.seriesrequest +application/vnd.ecowin.seriesupdate +application/vnd.enliven +application/vnd.epson.esf +application/vnd.epson.msf +application/vnd.epson.quickanime +application/vnd.epson.salt +application/vnd.epson.ssf +application/vnd.ericsson.quickcall +application/vnd.eudora.data +application/vnd.fdf +application/vnd.ffsns +application/vnd.flographit +application/vnd.font-fontforge-sfd sfd +application/vnd.framemaker +application/vnd.fsc.weblaunch +application/vnd.fujitsu.oasys +application/vnd.fujitsu.oasys2 +application/vnd.fujitsu.oasys3 +application/vnd.fujitsu.oasysgp +application/vnd.fujitsu.oasysprs +application/vnd.fujixerox.ddd +application/vnd.fujixerox.docuworks +application/vnd.fujixerox.docuworks.binder +application/vnd.fut-misnet +application/vnd.google-earth.kml+xml kml +application/vnd.google-earth.kmz kmz +application/vnd.grafeq +application/vnd.groove-account +application/vnd.groove-identity-message +application/vnd.groove-injector +application/vnd.groove-tool-message +application/vnd.groove-tool-template +application/vnd.groove-vcard +application/vnd.hhe.lesson-player +application/vnd.hp-HPGL +application/vnd.hp-PCL +application/vnd.hp-PCLXL +application/vnd.hp-hpid +application/vnd.hp-hps +application/vnd.httphone +application/vnd.hzn-3d-crossword +application/vnd.ibm.MiniPay +application/vnd.ibm.afplinedata +application/vnd.ibm.modcap +application/vnd.informix-visionary +application/vnd.intercon.formnet +application/vnd.intertrust.digibox +application/vnd.intertrust.nncp +application/vnd.intu.qbo +application/vnd.intu.qfx +application/vnd.irepository.package+xml +application/vnd.is-xpr +application/vnd.japannet-directory-service +application/vnd.japannet-jpnstore-wakeup +application/vnd.japannet-payment-wakeup +application/vnd.japannet-registration +application/vnd.japannet-registration-wakeup +application/vnd.japannet-setstore-wakeup +application/vnd.japannet-verification +application/vnd.japannet-verification-wakeup +application/vnd.koan +application/vnd.lotus-1-2-3 +application/vnd.lotus-approach +application/vnd.lotus-freelance +application/vnd.lotus-notes +application/vnd.lotus-organizer +application/vnd.lotus-screencam +application/vnd.lotus-wordpro +application/vnd.mcd +application/vnd.mediastation.cdkey +application/vnd.meridian-slingshot +application/vnd.mif +application/vnd.minisoft-hp3000-save +application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf +application/vnd.mobius.dis +application/vnd.mobius.msl +application/vnd.mobius.plc +application/vnd.mobius.txf +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem +application/vnd.mozilla.xul+xml xul +application/vnd.ms-artgalry +application/vnd.ms-asf +application/vnd.ms-excel xls xlb xlt +application/vnd.ms-excel.addin.macroEnabled.12 xlam +application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb +application/vnd.ms-excel.sheet.macroEnabled.12 xlsm +application/vnd.ms-excel.template.macroEnabled.12 xltm +application/vnd.ms-fontobject eot +application/vnd.ms-lrm +application/vnd.ms-officetheme thmx +application/vnd.ms-pki.seccat cat +#application/vnd.ms-pki.stl stl +application/vnd.ms-powerpoint ppt pps +application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam +application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm +application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm +application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm +application/vnd.ms-powerpoint.template.macroEnabled.12 potm +application/vnd.ms-project +application/vnd.ms-tnef +application/vnd.ms-word.document.macroEnabled.12 docm +application/vnd.ms-word.template.macroEnabled.12 dotm +application/vnd.ms-works +application/vnd.mseq +application/vnd.msign +application/vnd.music-niff +application/vnd.musician +application/vnd.netfpx +application/vnd.noblenet-directory +application/vnd.noblenet-sealer +application/vnd.noblenet-web +application/vnd.novadigm.EDM +application/vnd.novadigm.EDX +application/vnd.novadigm.EXT +application/vnd.oasis.opendocument.chart odc +application/vnd.oasis.opendocument.database odb +application/vnd.oasis.opendocument.formula odf +application/vnd.oasis.opendocument.graphics odg +application/vnd.oasis.opendocument.graphics-template otg +application/vnd.oasis.opendocument.image odi +application/vnd.oasis.opendocument.presentation odp +application/vnd.oasis.opendocument.presentation-template otp +application/vnd.oasis.opendocument.spreadsheet ods +application/vnd.oasis.opendocument.spreadsheet-template ots +application/vnd.oasis.opendocument.text odt +application/vnd.oasis.opendocument.text-master odm +application/vnd.oasis.opendocument.text-template ott +application/vnd.oasis.opendocument.text-web oth +application/vnd.openxmlformats-officedocument.presentationml.presentation pptx +application/vnd.openxmlformats-officedocument.presentationml.slide sldx +application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx +application/vnd.openxmlformats-officedocument.presentationml.template potx +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx +application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx +application/vnd.openxmlformats-officedocument.wordprocessingml.document docx +application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx +application/vnd.osa.netdeploy +application/vnd.palm +application/vnd.pg.format +application/vnd.pg.osasli +application/vnd.powerbuilder6 +application/vnd.powerbuilder6-s +application/vnd.powerbuilder7 +application/vnd.powerbuilder7-s +application/vnd.powerbuilder75 +application/vnd.powerbuilder75-s +application/vnd.previewsystems.box +application/vnd.publishare-delta-tree +application/vnd.pvi.ptid1 +application/vnd.pwg-xhtml-print+xml +application/vnd.rapid +application/vnd.rim.cod cod +application/vnd.s3sms +application/vnd.seemail +application/vnd.shana.informed.formdata +application/vnd.shana.informed.formtemplate +application/vnd.shana.informed.interchange +application/vnd.shana.informed.package +application/vnd.smaf mmf +application/vnd.sss-cod +application/vnd.sss-dtf +application/vnd.sss-ntf +application/vnd.stardivision.calc sdc +application/vnd.stardivision.chart sds +application/vnd.stardivision.draw sda +application/vnd.stardivision.impress sdd +application/vnd.stardivision.math sdf +application/vnd.stardivision.writer sdw +application/vnd.stardivision.writer-global sgl +application/vnd.street-stream +application/vnd.sun.xml.calc sxc +application/vnd.sun.xml.calc.template stc +application/vnd.sun.xml.draw sxd +application/vnd.sun.xml.draw.template std +application/vnd.sun.xml.impress sxi +application/vnd.sun.xml.impress.template sti +application/vnd.sun.xml.math sxm +application/vnd.sun.xml.writer sxw +application/vnd.sun.xml.writer.global sxg +application/vnd.sun.xml.writer.template stw +application/vnd.svd +application/vnd.swiftview-ics +application/vnd.symbian.install sis +application/vnd.tcpdump.pcap cap pcap +application/vnd.triscape.mxs +application/vnd.trueapp +application/vnd.truedoc +application/vnd.tve-trigger +application/vnd.ufdl +application/vnd.uplanet.alert +application/vnd.uplanet.alert-wbxml +application/vnd.uplanet.bearer-choice +application/vnd.uplanet.bearer-choice-wbxml +application/vnd.uplanet.cacheop +application/vnd.uplanet.cacheop-wbxml +application/vnd.uplanet.channel +application/vnd.uplanet.channel-wbxml +application/vnd.uplanet.list +application/vnd.uplanet.list-wbxml +application/vnd.uplanet.listcmd +application/vnd.uplanet.listcmd-wbxml +application/vnd.uplanet.signal +application/vnd.vcx +application/vnd.vectorworks +application/vnd.vidsoft.vidconference +application/vnd.visio vsd vst vsw vss +application/vnd.vividence.scriptfile +application/vnd.wap.sic +application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo +application/vnd.wordperfect wpd +application/vnd.wordperfect5.1 wp5 +application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf +application/vnd.xara +application/vnd.xfdl +application/vnd.yellowriver-custom-menu +application/zlib +application/x-123 wk +application/x-7z-compressed 7z +application/x-abiword abw +application/x-apple-diskimage dmg +application/x-bcpio bcpio +application/x-bittorrent torrent +application/x-cab cab +application/x-cbr cbr +application/x-cbz cbz +application/x-cdf cdf cda +application/x-cdlink vcd +application/x-chess-pgn pgn +application/x-comsol mph +application/x-core +application/x-cpio cpio +application/x-csh csh +application/x-debian-package deb udeb +application/x-director dcr dir dxr +application/x-dms dms +application/x-doom wad +application/x-dvi dvi +application/x-executable +application/x-font pfa pfb gsf +application/x-font-pcf pcf pcf.Z +application/x-freemind mm +application/x-futuresplash spl +application/x-ganttproject gan +application/x-gnumeric gnumeric +application/x-go-sgf sgf +application/x-graphing-calculator gcf +application/x-gtar gtar +application/x-gtar-compressed tgz taz +application/x-hdf hdf +#application/x-httpd-eruby rhtml +#application/x-httpd-php phtml pht php +#application/x-httpd-php-source phps +#application/x-httpd-php3 php3 +#application/x-httpd-php3-preprocessed php3p +#application/x-httpd-php4 php4 +#application/x-httpd-php5 php5 +application/x-hwp hwp +application/x-ica ica +application/x-info info +application/x-internet-signup ins isp +application/x-iphone iii +application/x-iso9660-image iso +application/x-jam jam +application/x-java-applet +application/x-java-bean +application/x-java-jnlp-file jnlp +application/x-jmol jmz +application/x-kchart chrt +application/x-kdelnk +application/x-killustrator kil +application/x-koan skp skd skt skm +application/x-kpresenter kpr kpt +application/x-kspread ksp +application/x-kword kwd kwt +application/x-latex latex +application/x-lha lha +application/x-lyx lyx +application/x-lzh lzh +application/x-lzx lzx +application/x-maker frm maker frame fm fb book fbdoc +application/x-mif mif +application/x-mpegURL m3u8 +application/x-ms-application application +application/x-ms-manifest manifest +application/x-ms-wmd wmd +application/x-ms-wmz wmz +application/x-msdos-program com exe bat dll +application/x-msi msi +application/x-netcdf nc +application/x-ns-proxy-autoconfig pac +application/x-nwc nwc +application/x-object o +application/x-oz-application oza +application/x-pkcs7-certreqresp p7r +application/x-pkcs7-crl crl +application/x-python-code pyc pyo +application/x-qgis qgs shp shx +application/x-quicktimeplayer qtl +application/x-rdp rdp +application/x-redhat-package-manager rpm +application/x-rss+xml rss +application/x-ruby rb +application/x-rx +application/x-scilab sci sce +application/x-scilab-xcos xcos +application/x-sh sh +application/x-shar shar +application/x-shellscript +application/x-shockwave-flash swf swfl +application/x-silverlight scr +application/x-sql sql +application/x-stuffit sit sitx +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-tar tar +application/x-tcl tcl +application/x-tex-gf gf +application/x-tex-pk pk +application/x-texinfo texinfo texi +application/x-trash ~ % bak old sik +application/x-troff t tr roff +application/x-troff-man man +application/x-troff-me me +application/x-troff-ms ms +application/x-ustar ustar +application/x-videolan +application/x-wais-source src +application/x-wingz wz +application/x-x509-ca-cert crt +application/x-xcf xcf +application/x-xfig fig +application/x-xpinstall xpi +application/x-xz xz + +audio/32kadpcm +audio/3gpp +audio/amr amr +audio/amr-wb awb +audio/annodex axa +audio/basic au snd +audio/csound csd orc sco +audio/flac flac +audio/g.722.1 +audio/l16 +audio/midi mid midi kar +audio/mp4a-latm +audio/mpa-robust +audio/mpeg mpga mpega mp2 mp3 m4a +audio/mpegurl m3u +audio/ogg oga ogg opus spx +audio/parityfec +audio/prs.sid sid +audio/telephone-event +audio/tone +audio/vnd.cisco.nse +audio/vnd.cns.anp1 +audio/vnd.cns.inf1 +audio/vnd.digital-winds +audio/vnd.everad.plj +audio/vnd.lucent.voice +audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 +audio/vnd.nuera.ecelp7470 +audio/vnd.nuera.ecelp9600 +audio/vnd.octel.sbc +audio/vnd.qcelp +audio/vnd.rhetorex.32kadpcm +audio/vnd.vmx.cvsd +audio/x-aiff aif aiff aifc +audio/x-gsm gsm +audio/x-mpegurl m3u +audio/x-ms-wma wma +audio/x-ms-wax wax +audio/x-pn-realaudio-plugin +audio/x-pn-realaudio ra rm ram +audio/x-realaudio ra +audio/x-scpls pls +audio/x-sd2 sd2 +audio/x-wav wav + +chemical/x-alchemy alc +chemical/x-cache cac cache +chemical/x-cache-csf csf +chemical/x-cactvs-binary cbin cascii ctab +chemical/x-cdx cdx +chemical/x-cerius cer +chemical/x-chem3d c3d +chemical/x-chemdraw chm +chemical/x-cif cif +chemical/x-cmdf cmdf +chemical/x-cml cml +chemical/x-compass cpa +chemical/x-crossfire bsd +chemical/x-csml csml csm +chemical/x-ctx ctx +chemical/x-cxf cxf cef +#chemical/x-daylight-smiles smi +chemical/x-embl-dl-nucleotide emb embl +chemical/x-galactic-spc spc +chemical/x-gamess-input inp gam gamin +chemical/x-gaussian-checkpoint fch fchk +chemical/x-gaussian-cube cub +chemical/x-gaussian-input gau gjc gjf +chemical/x-gaussian-log gal +chemical/x-gcg8-sequence gcg +chemical/x-genbank gen +chemical/x-hin hin +chemical/x-isostar istr ist +chemical/x-jcamp-dx jdx dx +chemical/x-kinemage kin +chemical/x-macmolecule mcm +chemical/x-macromodel-input mmd mmod +chemical/x-mdl-molfile mol +chemical/x-mdl-rdfile rd +chemical/x-mdl-rxnfile rxn +chemical/x-mdl-sdfile sd sdf +chemical/x-mdl-tgf tgf +#chemical/x-mif mif +chemical/x-mmcif mcif +chemical/x-mol2 mol2 +chemical/x-molconn-Z b +chemical/x-mopac-graph gpt +chemical/x-mopac-input mop mopcrt mpc zmt +chemical/x-mopac-out moo +chemical/x-mopac-vib mvb +chemical/x-ncbi-asn1 asn +chemical/x-ncbi-asn1-ascii prt ent +chemical/x-ncbi-asn1-binary val aso +chemical/x-ncbi-asn1-spec asn +chemical/x-pdb pdb ent +chemical/x-rosdal ros +chemical/x-swissprot sw +chemical/x-vamas-iso14976 vms +chemical/x-vmd vmd +chemical/x-xtel xtel +chemical/x-xyz xyz + +font/collection ttc +font/otf ttf otf +font/sfnt ttf otf +font/ttf ttf otf +font/woff woff +font/woff2 woff2 + +image/cgm +image/g3fax +image/gif gif +image/ief ief +image/jp2 jp2 jpg2 +image/jpeg jpeg jpg jpe +image/jpm jpm +image/jpx jpx jpf +image/naplps +image/pcx pcx +image/png png +image/prs.btif +image/prs.pti +image/svg+xml svg svgz +image/tiff tiff tif +image/vnd.cns.inf2 +image/vnd.djvu djvu djv +image/vnd.dwg +image/vnd.dxf +image/vnd.fastbidsheet +image/vnd.fpx +image/vnd.fst +image/vnd.fujixerox.edmics-mmr +image/vnd.fujixerox.edmics-rlc +image/vnd.microsoft.icon ico +image/vnd.mix +image/vnd.net-fpx +image/vnd.svf +image/vnd.wap.wbmp wbmp +image/vnd.xiff +image/x-canon-cr2 cr2 +image/x-canon-crw crw +image/x-cmu-raster ras +image/x-coreldraw cdr +image/x-coreldrawpattern pat +image/x-coreldrawtemplate cdt +image/x-corelphotopaint cpt +image/x-epson-erf erf +image/x-icon +image/x-jg art +image/x-jng jng +image/x-ms-bmp bmp +image/x-nikon-nef nef +image/x-olympus-orf orf +image/x-photoshop psd +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd + +inode/chardevice +inode/blockdevice +inode/directory-locked +inode/directory +inode/fifo +inode/socket + +message/delivery-status +message/disposition-notification +message/external-body +message/http +message/s-http +message/news +message/partial +message/rfc822 eml + +model/iges igs iges +model/mesh msh mesh silo +model/vnd.dwf +model/vnd.flatland.3dml +model/vnd.gdl +model/vnd.gs-gdl +model/vnd.gtw +model/vnd.mts +model/vnd.vtu +model/vrml wrl vrml +model/x3d+vrml x3dv +model/x3d+xml x3d +model/x3d+binary x3db + +multipart/alternative +multipart/appledouble +multipart/byteranges +multipart/digest +multipart/encrypted +multipart/form-data +multipart/header-set +multipart/mixed +multipart/parallel +multipart/related +multipart/report +multipart/signed +multipart/voice-message + +text/cache-manifest appcache +text/calendar ics icz +text/css css +text/csv csv +text/directory +text/english +text/enriched +text/h323 323 +text/html html htm shtml +text/iuls uls +text/mathml mml +text/markdown md markdown +text/parityfec +text/plain asc txt text pot brf srt +text/prs.lines.tag +text/rfc822-headers +text/richtext rtx +text/rtf +text/scriptlet sct wsc +text/t140 +text/texmacs tm +text/tab-separated-values tsv +text/turtle ttl +text/uri-list +text/vcard vcf vcard +text/vnd.abc +text/vnd.curl +text/vnd.debian.copyright +text/vnd.DMClientScript +text/vnd.flatland.3dml +text/vnd.fly +text/vnd.fmi.flexstor +text/vnd.in3d.3dml +text/vnd.in3d.spot +text/vnd.IPTC.NewsML +text/vnd.IPTC.NITF +text/vnd.latex-z +text/vnd.motorola.reflex +text/vnd.ms-mediapackage +text/vnd.sun.j2me.app-descriptor jad +text/vnd.wap.si +text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-bibtex bib +text/x-boo boo +text/x-c++hdr h++ hpp hxx hh +text/x-c++src c++ cpp cxx cc +text/x-chdr h +text/x-component htc +text/x-crontab +text/x-csh csh +text/x-csrc c +text/x-dsrc d +text/x-diff diff patch +text/x-haskell hs +text/x-java java +text/x-lilypond ly +text/x-literate-haskell lhs +text/x-makefile +text/x-moc moc +text/x-pascal p pas +text/x-pcs-gcd gcd +text/x-perl pl pm +text/x-python py +text/x-scala scala +text/x-server-parsed-html +text/x-setext etx +text/x-sfv sfv +text/x-sh sh +text/x-tcl tcl tk +text/x-tex tex ltx sty cls +text/x-vcalendar vcs + +video/3gpp 3gp +video/annodex axv +video/dl dl +video/dv dif dv +video/fli fli +video/gl gl +video/mpeg mpeg mpg mpe +video/MP2T ts +video/mp4 mp4 +video/quicktime qt mov +video/mp4v-es +video/ogg ogv +video/parityfec +video/pointer +video/webm webm +video/vnd.fvt +video/vnd.motorola.video +video/vnd.motorola.videop +video/vnd.mpegurl mxu +video/vnd.mts +video/vnd.nokia.interleaved-multimedia +video/vnd.vivo +video/x-flv flv +video/x-la-asf lsf lsx +video/x-mng mng +video/x-ms-asf asf asx +video/x-ms-wm wm +video/x-ms-wmv wmv +video/x-ms-wmx wmx +video/x-ms-wvx wvx +video/x-msvideo avi +video/x-sgi-movie movie +video/x-matroska mpv mkv + +x-conference/x-cooltalk ice + +x-epoc/x-sisx-app sisx +x-world/x-vrml vrm vrml wrl diff --git a/etc/mke2fs.conf b/etc/mke2fs.conf new file mode 100644 index 0000000..d99dc70 --- /dev/null +++ b/etc/mke2fs.conf @@ -0,0 +1,48 @@ +[defaults] + base_features = sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr + default_mntopts = acl,user_xattr + enable_periodic_fsck = 0 + blocksize = 4096 + inode_size = 256 + inode_ratio = 16384 + +[fs_types] + ext3 = { + features = has_journal + } + ext4 = { + features = has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize + inode_size = 256 + } + small = { + inode_size = 128 + inode_ratio = 4096 + } + floppy = { + inode_size = 128 + inode_ratio = 8192 + } + big = { + inode_ratio = 32768 + } + huge = { + inode_ratio = 65536 + } + news = { + inode_ratio = 4096 + } + largefile = { + inode_ratio = 1048576 + blocksize = -1 + } + largefile4 = { + inode_ratio = 4194304 + blocksize = -1 + } + hurd = { + blocksize = 4096 + inode_size = 128 + } + +[options] + fname_encoding = utf8 diff --git a/etc/modprobe.d/amd64-microcode-blacklist.conf b/etc/modprobe.d/amd64-microcode-blacklist.conf new file mode 100644 index 0000000..1dc2c23 --- /dev/null +++ b/etc/modprobe.d/amd64-microcode-blacklist.conf @@ -0,0 +1,3 @@ +# The microcode module attempts to apply a microcode update when +# it autoloads. This is not always safe, so we block it by default. +blacklist microcode diff --git a/etc/modprobe.d/blacklist-ath_pci.conf b/etc/modprobe.d/blacklist-ath_pci.conf new file mode 100644 index 0000000..bb1a85b --- /dev/null +++ b/etc/modprobe.d/blacklist-ath_pci.conf @@ -0,0 +1,7 @@ +# For some Atheros 5K RF MACs, the madwifi driver loads buts fails to +# correctly initialize the hardware, leaving it in a state from +# which ath5k cannot recover. To prevent this condition, stop +# madwifi from loading by default. Use Jockey to select one driver +# or the other. (Ubuntu: #315056, #323830) +blacklist ath_pci + diff --git a/etc/modprobe.d/blacklist-firewire.conf b/etc/modprobe.d/blacklist-firewire.conf new file mode 100644 index 0000000..ae591b3 --- /dev/null +++ b/etc/modprobe.d/blacklist-firewire.conf @@ -0,0 +1,10 @@ +# Select the legacy firewire stack over the new CONFIG_FIREWIRE one. + +blacklist ohci1394 +blacklist sbp2 +blacklist dv1394 +blacklist raw1394 +blacklist video1394 + +#blacklist firewire-ohci +#blacklist firewire-sbp2 diff --git a/etc/modprobe.d/blacklist-framebuffer.conf b/etc/modprobe.d/blacklist-framebuffer.conf new file mode 100644 index 0000000..9fd5eca --- /dev/null +++ b/etc/modprobe.d/blacklist-framebuffer.conf @@ -0,0 +1,31 @@ +# Framebuffer drivers are generally buggy and poorly-supported, and cause +# suspend failures, kernel panics and general mayhem. For this reason we +# never load them automatically. +blacklist aty128fb +blacklist atyfb +blacklist radeonfb +blacklist cirrusfb +blacklist cyber2000fb +blacklist cyblafb +blacklist gx1fb +blacklist hgafb +blacklist i810fb +blacklist intelfb +blacklist kyrofb +blacklist lxfb +blacklist matroxfb_base +blacklist neofb +blacklist nvidiafb +blacklist pm2fb +blacklist rivafb +blacklist s1d13xxxfb +blacklist savagefb +blacklist sisfb +blacklist sstfb +blacklist tdfxfb +blacklist tridentfb +#blacklist vesafb +blacklist vfb +blacklist viafb +blacklist vt8623fb +blacklist udlfb diff --git a/etc/modprobe.d/blacklist-rare-network.conf b/etc/modprobe.d/blacklist-rare-network.conf new file mode 100644 index 0000000..6c30188 --- /dev/null +++ b/etc/modprobe.d/blacklist-rare-network.conf @@ -0,0 +1,22 @@ +# Many less commonly used network protocols have recently had various +# security flaws discovered. In an effort to reduce the scope of future +# vulnerability exploitations, they are being blacklisted here so that +# unprivileged users cannot use them by default. System owners can still +# either modify this file, or specifically modprobe any needed protocols. + +# ax25 +alias net-pf-3 off +# netrom +alias net-pf-6 off +# x25 +alias net-pf-9 off +# rose +alias net-pf-11 off +# decnet +alias net-pf-12 off +# econet +alias net-pf-19 off +# rds +alias net-pf-21 off +# af_802154 +alias net-pf-36 off diff --git a/etc/modprobe.d/blacklist.conf b/etc/modprobe.d/blacklist.conf new file mode 100644 index 0000000..eecdf12 --- /dev/null +++ b/etc/modprobe.d/blacklist.conf @@ -0,0 +1,52 @@ +# This file lists those modules which we don't want to be loaded by +# alias expansion, usually so some other driver will be loaded for the +# device instead. + +# evbug is a debug tool that should be loaded explicitly +blacklist evbug + +# these drivers are very simple, the HID drivers are usually preferred +blacklist usbmouse +blacklist usbkbd + +# replaced by e100 +blacklist eepro100 + +# replaced by tulip +blacklist de4x5 + +# causes no end of confusion by creating unexpected network interfaces +blacklist eth1394 + +# snd_intel8x0m can interfere with snd_intel8x0, doesn't seem to support much +# hardware on its own (Ubuntu bug #2011, #6810) +blacklist snd_intel8x0m + +# Conflicts with dvb driver (which is better for handling this device) +blacklist snd_aw2 + +# replaced by p54pci +blacklist prism54 + +# replaced by b43 and ssb. +blacklist bcm43xx + +# most apps now use garmin usb driver directly (Ubuntu: #114565) +blacklist garmin_gps + +# replaced by asus-laptop (Ubuntu: #184721) +blacklist asus_acpi + +# low-quality, just noise when being used for sound playback, causes +# hangs at desktop session start (Ubuntu: #246969) +blacklist snd_pcsp + +# ugly and loud noise, getting on everyone's nerves; this should be done by a +# nice pulseaudio bing (Ubuntu: #77010) +blacklist pcspkr + +# EDAC driver for amd76x clashes with the agp driver preventing the aperture +# from being initialised (Ubuntu: #297750). Blacklist so that the driver +# continues to build and is installable for the few cases where its +# really needed. +blacklist amd76x_edac diff --git a/etc/modprobe.d/intel-microcode-blacklist.conf b/etc/modprobe.d/intel-microcode-blacklist.conf new file mode 100644 index 0000000..1dc2c23 --- /dev/null +++ b/etc/modprobe.d/intel-microcode-blacklist.conf @@ -0,0 +1,3 @@ +# The microcode module attempts to apply a microcode update when +# it autoloads. This is not always safe, so we block it by default. +blacklist microcode diff --git a/etc/modprobe.d/iwlwifi.conf b/etc/modprobe.d/iwlwifi.conf new file mode 100644 index 0000000..5a83edd --- /dev/null +++ b/etc/modprobe.d/iwlwifi.conf @@ -0,0 +1,7 @@ +# /etc/modprobe.d/iwlwifi.conf +# iwlwifi will dyamically load either iwldvm or iwlmvm depending on the +# microcode file installed on the system. When removing iwlwifi, first +# remove the iwl?vm module and then iwlwifi. +remove iwlwifi \ +(/sbin/lsmod | grep -o -e ^iwlmvm -e ^iwldvm -e ^iwlwifi | xargs /sbin/rmmod) \ +&& /sbin/modprobe -r mac80211 diff --git a/etc/modprobe.d/mdadm.conf b/etc/modprobe.d/mdadm.conf new file mode 100644 index 0000000..5ad1249 --- /dev/null +++ b/etc/modprobe.d/mdadm.conf @@ -0,0 +1,8 @@ +# mdadm module configuration file +# set start_ro=1 to make newly assembled arrays read-only initially, +# to prevent metadata writes. This is needed in order to allow +# resume-from-disk to work - new boot should not perform writes +# because it will be done behind the back of the system being +# resumed. See http://bugs.debian.org/415441 for details. + +options md_mod start_ro=1 diff --git a/etc/modules b/etc/modules new file mode 100644 index 0000000..a88e208 --- /dev/null +++ b/etc/modules @@ -0,0 +1,5 @@ +# /etc/modules: kernel modules to load at boot time. +# +# This file contains the names of kernel modules that should be loaded +# at boot time, one per line. Lines beginning with "#" are ignored. + diff --git a/etc/modules-load.d/modules.conf b/etc/modules-load.d/modules.conf new file mode 120000 index 0000000..464b823 --- /dev/null +++ b/etc/modules-load.d/modules.conf @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/etc/mtab b/etc/mtab new file mode 120000 index 0000000..5c4677a --- /dev/null +++ b/etc/mtab @@ -0,0 +1 @@ +../proc/self/mounts \ No newline at end of file diff --git a/etc/multipath.conf b/etc/multipath.conf new file mode 100644 index 0000000..d19039f --- /dev/null +++ b/etc/multipath.conf @@ -0,0 +1,3 @@ +defaults { + user_friendly_names yes +} diff --git a/etc/multipath/wwids b/etc/multipath/wwids new file mode 100644 index 0000000..9a427a6 --- /dev/null +++ b/etc/multipath/wwids @@ -0,0 +1,5 @@ +# Multipath wwids, Version : 1.0 +# NOTE: This file is automatically maintained by multipath and multipathd. +# You should not need to edit this file in normal circumstances. +# +# Valid WWIDs: diff --git a/etc/nanorc b/etc/nanorc new file mode 100644 index 0000000..9104c9b --- /dev/null +++ b/etc/nanorc @@ -0,0 +1,300 @@ +## Sample initialization file for GNU nano. +## +## This file should not be in DOS or Mac format, and characters +## specially interpreted by the shell should not be escaped here. +## +## To make sure an option is disabled, use "unset