From e2d4d2585ffecb2855c855edda31f633ef0e125c Mon Sep 17 00:00:00 2001 From: fbrehm Date: Thu, 31 May 2012 10:23:54 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .etckeeper | 103 +- UPower/UPower.conf | 6 + config-archive/etc/UPower/UPower.conf | 54 + .../etc/UPower/UPower.conf.dist | 0 config-archive/etc/gentoo/gentoorc | 3081 +++++++++++++++++ .../etc/gentoo/gentoorc.dist | 0 config-archive/etc/init.d/consolekit | 24 + .../etc/init.d/consolekit.dist | 0 config-archive/etc/init.d/sysstat | 19 + .../etc/init.d/sysstat.dist | 0 config-archive/etc/layman/layman.cfg | 82 + .../etc/layman/layman.cfg.dist | 0 config-archive/etc/libvirt/libvirt.conf | 12 + .../etc/libvirt/libvirt.conf.dist | 0 config-archive/etc/libvirt/libvirtd.conf | 393 +++ .../etc/libvirt/libvirtd.conf.dist | 0 config-archive/etc/profile | 63 + .../etc/profile.dist | 0 config-archive/etc/xdg/Thunar/uca.xml | 42 + .../etc/xdg/Thunar/uca.xml.dist | 0 .../autostart/user-dirs-update-gtk.desktop | 13 + .../user-dirs-update-gtk.desktop.dist | 0 .../etc/xdg/menus/xfce-applications.menu | 165 + .../etc/xdg/menus/xfce-applications.menu.dist | 0 config-archive/etc/xdg/xfce4/helpers.rc | 9 + .../etc/xdg/xfce4/helpers.rc.dist | 0 .../etc/xdg/xfce4/panel/default.xml | 66 + .../etc/xdg/xfce4/panel/default.xml.dist | 0 .../xfce4-keyboard-shortcuts.xml | 71 + .../xfce4-keyboard-shortcuts.xml.dist | 0 .../xfce-perchannel-xml/xfce4-session.xml | 37 + .../xfce4-session.xml.dist | 0 .../xfconf/xfce-perchannel-xml/xsettings.xml | 11 + .../xfce-perchannel-xml/xsettings.xml.dist | 0 config-archive/etc/xdg/xfce4/xinitrc | 309 ++ .../etc/xdg/xfce4/xinitrc.dist | 0 config-archive/usr/share/config/kdm/kdmrc | 5 +- config-archive/usr/share/config/kdm/kdmrc.1 | 594 ++++ config-archive/usr/share/config/kdm/kdmrc.2 | 593 ++++ .../usr/share/config/kdm/kdmrc.dist | 2 +- .../usr/share/openvpn/easy-rsa/README | 229 ++ .../usr/share/openvpn/easy-rsa/README.dist | 229 ++ .../usr/share/openvpn/easy-rsa/build-ca | 8 + .../usr/share/openvpn/easy-rsa/build-ca.dist | 8 + .../usr/share/openvpn/easy-rsa/build-dh | 11 + .../usr/share/openvpn/easy-rsa/build-dh.dist | 11 + .../usr/share/openvpn/easy-rsa/build-inter | 7 + .../share/openvpn/easy-rsa/build-inter.dist | 7 + .../usr/share/openvpn/easy-rsa/build-key | 7 + .../usr/share/openvpn/easy-rsa/build-key-pass | 7 + .../openvpn/easy-rsa/build-key-pass.dist | 7 + .../share/openvpn/easy-rsa/build-key-pkcs12 | 8 + .../openvpn/easy-rsa/build-key-pkcs12.dist | 8 + .../share/openvpn/easy-rsa/build-key-server | 10 + .../openvpn/easy-rsa/build-key-server.dist | 10 + .../usr/share/openvpn/easy-rsa/build-key.dist | 7 + .../usr/share/openvpn/easy-rsa/build-req | 7 + .../usr/share/openvpn/easy-rsa/build-req-pass | 7 + .../openvpn/easy-rsa/build-req-pass.dist | 7 + .../usr/share/openvpn/easy-rsa/build-req.dist | 7 + .../usr/share/openvpn/easy-rsa/clean-all | 16 + .../usr/share/openvpn/easy-rsa/clean-all.dist | 16 + .../usr/share/openvpn/easy-rsa/inherit-inter | 39 + .../share/openvpn/easy-rsa/inherit-inter.dist | 39 + .../usr/share/openvpn/easy-rsa/list-crl | 13 + .../usr/share/openvpn/easy-rsa/list-crl.dist | 13 + .../usr/share/openvpn/easy-rsa/pkitool | 373 ++ .../usr/share/openvpn/easy-rsa/pkitool.dist | 379 ++ .../usr/share/openvpn/easy-rsa/revoke-full | 40 + .../share/openvpn/easy-rsa/revoke-full.dist | 40 + .../usr/share/openvpn/easy-rsa/sign-req | 7 + .../usr/share/openvpn/easy-rsa/sign-req.dist | 7 + .../usr/share/openvpn/easy-rsa/vars | 68 + .../usr/share/openvpn/easy-rsa/vars.dist | 74 + .../share/openvpn/easy-rsa/whichopensslcnf | 13 + .../openvpn/easy-rsa/whichopensslcnf.dist | 26 + .../usr/share/xsessions/KDE-4.desktop | 20 +- .../usr/share/xsessions/KDE-4.desktop.1 | 83 + .../usr/share/xsessions/KDE-4.desktop.dist | 2 + .../usr/share/xsessions/xfce.desktop | 13 + .../usr/share/xsessions/xfce.desktop.dist | 13 + gentoo/gentoorc | 176 +- init.d/consolekit | 6 +- init.d/sysstat | 6 +- inittab | 2 +- layman/layman.cfg | 14 +- libvirt/libvirt.conf | 6 + libvirt/libvirtd.conf | 4 +- profile | 2 +- xdg/Thunar/uca.xml | 4 +- xdg/autostart/user-dirs-update-gtk.desktop | 2 + xdg/menus/xfce-applications.menu | 4 +- xdg/xfce4/helpers.rc | 1 + xdg/xfce4/panel/default.xml | 18 +- .../xfce4-keyboard-shortcuts.xml | 8 +- .../xfce-perchannel-xml/xfce4-session.xml | 10 +- .../xfconf/xfce-perchannel-xml/xsettings.xml | 42 +- xdg/xfce4/xinitrc | 191 +- 98 files changed, 7846 insertions(+), 300 deletions(-) create mode 100644 config-archive/etc/UPower/UPower.conf rename UPower/._cfg0000_UPower.conf => config-archive/etc/UPower/UPower.conf.dist (100%) create mode 100644 config-archive/etc/gentoo/gentoorc rename gentoo/._cfg0000_gentoorc => config-archive/etc/gentoo/gentoorc.dist (100%) create mode 100755 config-archive/etc/init.d/consolekit rename init.d/._cfg0000_consolekit => config-archive/etc/init.d/consolekit.dist (100%) create mode 100755 config-archive/etc/init.d/sysstat rename init.d/._cfg0000_sysstat => config-archive/etc/init.d/sysstat.dist (100%) create mode 100644 config-archive/etc/layman/layman.cfg rename layman/._cfg0000_layman.cfg => config-archive/etc/layman/layman.cfg.dist (100%) create mode 100644 config-archive/etc/libvirt/libvirt.conf rename libvirt/._cfg0000_libvirt.conf => config-archive/etc/libvirt/libvirt.conf.dist (100%) create mode 100644 config-archive/etc/libvirt/libvirtd.conf rename libvirt/._cfg0000_libvirtd.conf => config-archive/etc/libvirt/libvirtd.conf.dist (100%) create mode 100644 config-archive/etc/profile rename ._cfg0000_profile => config-archive/etc/profile.dist (100%) create mode 100644 config-archive/etc/xdg/Thunar/uca.xml rename xdg/Thunar/._cfg0000_uca.xml => config-archive/etc/xdg/Thunar/uca.xml.dist (100%) create mode 100644 config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop rename xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop => config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist (100%) create mode 100644 config-archive/etc/xdg/menus/xfce-applications.menu rename xdg/menus/._cfg0000_xfce-applications.menu => config-archive/etc/xdg/menus/xfce-applications.menu.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/helpers.rc rename xdg/xfce4/._cfg0000_helpers.rc => config-archive/etc/xdg/xfce4/helpers.rc.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/panel/default.xml rename xdg/xfce4/panel/._cfg0000_default.xml => config-archive/etc/xdg/xfce4/panel/default.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml rename xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml => config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist (100%) create mode 100644 config-archive/etc/xdg/xfce4/xinitrc rename xdg/xfce4/._cfg0000_xinitrc => config-archive/etc/xdg/xfce4/xinitrc.dist (100%) create mode 100644 config-archive/usr/share/config/kdm/kdmrc.1 create mode 100644 config-archive/usr/share/config/kdm/kdmrc.2 create mode 100644 config-archive/usr/share/openvpn/easy-rsa/README create mode 100644 config-archive/usr/share/openvpn/easy-rsa/README.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-ca create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-ca.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-dh create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-dh.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-inter create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-inter.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pass create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-server create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-key.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req-pass create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/build-req.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/clean-all create mode 100755 config-archive/usr/share/openvpn/easy-rsa/clean-all.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/inherit-inter create mode 100755 config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/list-crl create mode 100755 config-archive/usr/share/openvpn/easy-rsa/list-crl.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/pkitool create mode 100755 config-archive/usr/share/openvpn/easy-rsa/pkitool.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/revoke-full create mode 100755 config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/sign-req create mode 100755 config-archive/usr/share/openvpn/easy-rsa/sign-req.dist create mode 100644 config-archive/usr/share/openvpn/easy-rsa/vars create mode 100644 config-archive/usr/share/openvpn/easy-rsa/vars.dist create mode 100755 config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf create mode 100755 config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist create mode 100644 config-archive/usr/share/xsessions/KDE-4.desktop.1 create mode 100644 config-archive/usr/share/xsessions/xfce.desktop create mode 100644 config-archive/usr/share/xsessions/xfce.desktop.dist diff --git a/.etckeeper b/.etckeeper index b9c1c4c..5655948 100755 --- a/.etckeeper +++ b/.etckeeper @@ -38,7 +38,6 @@ mkdir -p './texmf/dvipdfm/config' mkdir -p './texmf/dvips.d' mkdir -p './unixODBC/ODBCDataSources' maybe chmod 0755 '.' -maybe chmod 0644 './._cfg0000_profile' maybe chmod 0700 './.etckeeper' maybe chmod 0600 './.gitignore' maybe chmod 0600 './.pwd.lock' @@ -71,7 +70,6 @@ maybe chmod 0644 './NetworkManager/nm-system-settings.conf' maybe chmod 0755 './NetworkManager/system-connections' maybe chmod 0644 './NetworkManager/system-connections/.keep_net-misc_networkmanager-0' maybe chmod 0755 './UPower' -maybe chmod 0644 './UPower/._cfg0000_UPower.conf' maybe chmod 0644 './UPower/UPower.conf' maybe chmod 0755 './X11' maybe chmod 0755 './X11/Sessions' @@ -300,6 +298,9 @@ maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml' maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml.dist' maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml' maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml.dist' +maybe chmod 0755 './config-archive/etc/UPower' +maybe chmod 0644 './config-archive/etc/UPower/UPower.conf' +maybe chmod 0644 './config-archive/etc/UPower/UPower.conf.dist' maybe chmod 0755 './config-archive/etc/apache2' maybe chmod 0755 './config-archive/etc/apache2/modules.d' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf' @@ -345,6 +346,9 @@ maybe chmod 0644 './config-archive/etc/eselect/postgresql/slots/9.1/docs' maybe chmod 0644 './config-archive/etc/eselect/postgresql/slots/9.1/docs.dist' maybe chmod 0644 './config-archive/etc/eselect/postgresql/slots/9.1/server' maybe chmod 0644 './config-archive/etc/eselect/postgresql/slots/9.1/server.dist' +maybe chmod 0755 './config-archive/etc/gentoo' +maybe chmod 0644 './config-archive/etc/gentoo/gentoorc' +maybe chmod 0644 './config-archive/etc/gentoo/gentoorc.dist' maybe chmod 0644 './config-archive/etc/hosts' maybe chmod 0644 './config-archive/etc/hosts.dist.new' maybe chmod 0755 './config-archive/etc/hp' @@ -355,6 +359,8 @@ maybe chmod 0755 './config-archive/etc/init.d/alsasound' maybe chmod 0755 './config-archive/etc/init.d/alsasound.dist' maybe chmod 0755 './config-archive/etc/init.d/apache2' maybe chmod 0755 './config-archive/etc/init.d/apache2.dist' +maybe chmod 0755 './config-archive/etc/init.d/consolekit' +maybe chmod 0755 './config-archive/etc/init.d/consolekit.dist' maybe chmod 0755 './config-archive/etc/init.d/cupsd' maybe chmod 0755 './config-archive/etc/init.d/cupsd.dist' maybe chmod 0755 './config-archive/etc/init.d/dbus' @@ -367,9 +373,18 @@ maybe chmod 0755 './config-archive/etc/init.d/slapd' maybe chmod 0755 './config-archive/etc/init.d/slapd.dist' maybe chmod 0755 './config-archive/etc/init.d/sshd' maybe chmod 0755 './config-archive/etc/init.d/sshd.dist' +maybe chmod 0755 './config-archive/etc/init.d/sysstat' +maybe chmod 0755 './config-archive/etc/init.d/sysstat.dist' maybe chmod 0644 './config-archive/etc/ksysguarddrc' maybe chmod 0644 './config-archive/etc/ksysguarddrc.dist' +maybe chmod 0755 './config-archive/etc/layman' +maybe chmod 0644 './config-archive/etc/layman/layman.cfg' +maybe chmod 0644 './config-archive/etc/layman/layman.cfg.dist' maybe chmod 0755 './config-archive/etc/libvirt' +maybe chmod 0644 './config-archive/etc/libvirt/libvirt.conf' +maybe chmod 0644 './config-archive/etc/libvirt/libvirt.conf.dist' +maybe chmod 0644 './config-archive/etc/libvirt/libvirtd.conf' +maybe chmod 0644 './config-archive/etc/libvirt/libvirtd.conf.dist' maybe chmod 0644 './config-archive/etc/libvirt/lxc.conf' maybe chmod 0644 './config-archive/etc/libvirt/lxc.conf.dist' maybe chmod 0755 './config-archive/etc/libvirt/nwfilter' @@ -495,6 +510,8 @@ maybe chmod 0644 './config-archive/etc/postfix/main.cf.dist' maybe chmod 0644 './config-archive/etc/ppd.cfg.default' maybe chmod 0644 './config-archive/etc/ppd.cfg.default.1' maybe chmod 0644 './config-archive/etc/ppd.cfg.default.dist' +maybe chmod 0644 './config-archive/etc/profile' +maybe chmod 0644 './config-archive/etc/profile.dist' maybe chmod 0755 './config-archive/etc/pulse' maybe chmod 0644 './config-archive/etc/pulse/client.conf' maybe chmod 0644 './config-archive/etc/pulse/client.conf.dist' @@ -518,11 +535,35 @@ maybe chmod 0440 './config-archive/etc/sudoers.dist.new' maybe chmod 0644 './config-archive/etc/sysstat' maybe chmod 0644 './config-archive/etc/sysstat.dist' maybe chmod 0755 './config-archive/etc/xdg' +maybe chmod 0755 './config-archive/etc/xdg/Thunar' +maybe chmod 0644 './config-archive/etc/xdg/Thunar/uca.xml' +maybe chmod 0644 './config-archive/etc/xdg/Thunar/uca.xml.dist' maybe chmod 0755 './config-archive/etc/xdg/autostart' maybe chmod 0644 './config-archive/etc/xdg/autostart/Gentoo-print-applet.desktop' maybe chmod 0644 './config-archive/etc/xdg/autostart/Gentoo-print-applet.desktop.dist' maybe chmod 0644 './config-archive/etc/xdg/autostart/pulseaudio.desktop' maybe chmod 0644 './config-archive/etc/xdg/autostart/pulseaudio.desktop.dist' +maybe chmod 0644 './config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop' +maybe chmod 0644 './config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist' +maybe chmod 0755 './config-archive/etc/xdg/menus' +maybe chmod 0644 './config-archive/etc/xdg/menus/xfce-applications.menu' +maybe chmod 0644 './config-archive/etc/xdg/menus/xfce-applications.menu.dist' +maybe chmod 0755 './config-archive/etc/xdg/xfce4' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/helpers.rc' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/helpers.rc.dist' +maybe chmod 0755 './config-archive/etc/xdg/xfce4/panel' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/panel/default.xml' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/panel/default.xml.dist' +maybe chmod 0755 './config-archive/etc/xdg/xfce4/xfconf' +maybe chmod 0755 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xinitrc' +maybe chmod 0644 './config-archive/etc/xdg/xfce4/xinitrc.dist' maybe chmod 0755 './config-archive/usr' maybe chmod 0755 './config-archive/usr/share' maybe chmod 0755 './config-archive/usr/share/config' @@ -533,12 +574,55 @@ maybe chmod 0644 './config-archive/usr/share/config/akonadi/mysql-global.conf' maybe chmod 0644 './config-archive/usr/share/config/akonadi/mysql-global.conf.dist' maybe chmod 0755 './config-archive/usr/share/config/kdm' maybe chmod 0644 './config-archive/usr/share/config/kdm/kdmrc' +maybe chmod 0644 './config-archive/usr/share/config/kdm/kdmrc.1' +maybe chmod 0644 './config-archive/usr/share/config/kdm/kdmrc.2' maybe chmod 0644 './config-archive/usr/share/config/kdm/kdmrc.dist' maybe chmod 0644 './config-archive/usr/share/config/libkleopatrarc' maybe chmod 0644 './config-archive/usr/share/config/libkleopatrarc.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/README.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-ca.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-dh.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-inter.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-key.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/build-req.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/clean-all.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/list-crl.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/pkitool.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/sign-req.dist' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars' +maybe chmod 0644 './config-archive/usr/share/openvpn/easy-rsa/vars.dist' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf' +maybe chmod 0755 './config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist' maybe chmod 0755 './config-archive/usr/share/xsessions' maybe chmod 0644 './config-archive/usr/share/xsessions/KDE-4.desktop' +maybe chmod 0644 './config-archive/usr/share/xsessions/KDE-4.desktop.1' maybe chmod 0644 './config-archive/usr/share/xsessions/KDE-4.desktop.dist' +maybe chmod 0644 './config-archive/usr/share/xsessions/xfce.desktop' +maybe chmod 0644 './config-archive/usr/share/xsessions/xfce.desktop.dist' maybe chown mail './courier' maybe chgrp mail './courier' maybe chmod 0755 './courier' @@ -1009,7 +1093,6 @@ maybe chmod 0644 './gconf/schemas/yelp.schemas' maybe chmod 0755 './gentoo' maybe chmod 0644 './gentoo-init.lisp' maybe chmod 0644 './gentoo-release' -maybe chmod 0644 './gentoo/._cfg0000_gentoorc' maybe chmod 0644 './gentoo/gentoogtkrc' maybe chmod 0644 './gentoo/gentoorc' maybe chmod 0755 './ggi' @@ -1090,8 +1173,6 @@ maybe chmod 0644 './imlib/im_palette-tiny.pal' maybe chmod 0644 './imlib/im_palette.pal' maybe chmod 0644 './imlib/imrc' maybe chmod 0755 './init.d' -maybe chmod 0755 './init.d/._cfg0000_consolekit' -maybe chmod 0755 './init.d/._cfg0000_sysstat' maybe chmod 0755 './init.d/NetworkManager' maybe chmod 0755 './init.d/acpid' maybe chmod 0755 './init.d/aiccu' @@ -1239,7 +1320,6 @@ maybe chmod 0644 './kernel/postinst.d/.keep_sys-apps_debianutils-0' maybe chmod 0644 './krb5.conf.example' maybe chmod 0644 './ksysguarddrc' maybe chmod 0755 './layman' -maybe chmod 0644 './layman/._cfg0000_layman.cfg' maybe chmod 0644 './layman/layman.cfg' maybe chmod 0644 './ld.so.cache' maybe chmod 0644 './ld.so.conf' @@ -1251,8 +1331,6 @@ maybe chmod 0755 './lftp' maybe chmod 0644 './lftp/lftp.conf' maybe chmod 0640 './libaudit.conf' maybe chmod 0755 './libvirt' -maybe chmod 0644 './libvirt/._cfg0000_libvirt.conf' -maybe chmod 0644 './libvirt/._cfg0000_libvirtd.conf' maybe chmod 0644 './libvirt/libvirt.conf' maybe chmod 0644 './libvirt/libvirtd.conf' maybe chmod 0644 './libvirt/lxc.conf' @@ -1926,10 +2004,8 @@ maybe chmod 0755 './wpa_supplicant' maybe chmod 0755 './wpa_supplicant/wpa_cli.sh' maybe chmod 0755 './xdg' maybe chmod 0755 './xdg/Thunar' -maybe chmod 0644 './xdg/Thunar/._cfg0000_uca.xml' maybe chmod 0644 './xdg/Thunar/uca.xml' maybe chmod 0755 './xdg/autostart' -maybe chmod 0644 './xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop' maybe chmod 0644 './xdg/autostart/Gentoo-print-applet.desktop' maybe chmod 0644 './xdg/autostart/evolution-alarm-notify.desktop' maybe chmod 0644 './xdg/autostart/gdu-notification-daemon.desktop' @@ -1952,7 +2028,6 @@ maybe chmod 0644 './xdg/autostart/vino-server.desktop' maybe chmod 0644 './xdg/autostart/xfsettingsd.desktop' maybe chmod 0644 './xdg/autostart/xscreensaver.desktop' maybe chmod 0755 './xdg/menus' -maybe chmod 0644 './xdg/menus/._cfg0000_xfce-applications.menu' maybe chmod 0755 './xdg/menus/applications-merged' maybe chmod 0644 './xdg/menus/applications-merged/ggz.merge.menu' maybe chmod 0644 './xdg/menus/ggz.menu' @@ -1967,18 +2042,12 @@ maybe chmod 0644 './xdg/menus/xfce-settings-manager.menu' maybe chmod 0644 './xdg/user-dirs.conf' maybe chmod 0644 './xdg/user-dirs.defaults' maybe chmod 0755 './xdg/xfce4' -maybe chmod 0644 './xdg/xfce4/._cfg0000_helpers.rc' -maybe chmod 0644 './xdg/xfce4/._cfg0000_xinitrc' maybe chmod 0644 './xdg/xfce4/Xft.xrdb' maybe chmod 0644 './xdg/xfce4/helpers.rc' maybe chmod 0755 './xdg/xfce4/panel' -maybe chmod 0644 './xdg/xfce4/panel/._cfg0000_default.xml' maybe chmod 0644 './xdg/xfce4/panel/default.xml' maybe chmod 0755 './xdg/xfce4/xfconf' maybe chmod 0755 './xdg/xfce4/xfconf/xfce-perchannel-xml' -maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml' -maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml' -maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml' maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml' maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml' maybe chmod 0644 './xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml' diff --git a/UPower/UPower.conf b/UPower/UPower.conf index c9da9cd..23f06f8 100644 --- a/UPower/UPower.conf +++ b/UPower/UPower.conf @@ -20,6 +20,12 @@ SleepTimeout=1000 # default=true AllowHibernateEncryptedSwap=true +# This controls whether we want the powersave commands to be run when running +# on battery or plugging AC. +# +# default=true +RunPowersaveCommand=true + # Enable the Watts Up Pro device. # # The Watts Up Pro contains a generic FTDI USB device without a specific diff --git a/config-archive/etc/UPower/UPower.conf b/config-archive/etc/UPower/UPower.conf new file mode 100644 index 0000000..c9da9cd --- /dev/null +++ b/config-archive/etc/UPower/UPower.conf @@ -0,0 +1,54 @@ +# Only the system vendor should modify this file, ordinary users +# should not have to change anything. + +[UPower] + +# This is the smallest amount of time that UPower gives to session and system +# processes after the suspend or hibernate request is given. +# If the session power management component uses AboutToSuspend() then the +# session process can only make this time larger than the value below, never +# smaller. +# +# Reducing this time means the suspend happens quicker, but might also not give +# some processes enough time to save state. +# +# default=1000 +SleepTimeout=1000 + +# This controls whether hibernate is allowed when using encrypted swap. +# +# default=true +AllowHibernateEncryptedSwap=true + +# Enable the Watts Up Pro device. +# +# The Watts Up Pro contains a generic FTDI USB device without a specific +# vendor and product ID. When we probe for WUP devices, we can cause +# the user to get a perplexing "Device or resource busy" error when +# attempting to use their non-WUP device. +# +# The generic FTDI device is known to also be used on: +# +# - Sparkfun FT232 breakout board +# - Parallax Propeller +# +# default=true +EnableWattsUpPro=true + +# Poll the kernel for dock state changes. +# +# Some drivers are still broken, and do not send out uvents when the +# connected state changes. +# +# default=false +PollDockDevices=false + +# Do we ignore the lid state +# +# Some laptops are broken. The lid state is either inverted, or stuck +# on or off. We can't do much to fix these problems, but this is a way +# for users to make the laptop panel vanish and for programs like +# gnome-power-manager to not suspend on system startup. +# +# default=false +IgnoreLid=false diff --git a/UPower/._cfg0000_UPower.conf b/config-archive/etc/UPower/UPower.conf.dist similarity index 100% rename from UPower/._cfg0000_UPower.conf rename to config-archive/etc/UPower/UPower.conf.dist diff --git a/config-archive/etc/gentoo/gentoorc b/config-archive/etc/gentoo/gentoorc new file mode 100644 index 0000000..b39bf9d --- /dev/null +++ b/config-archive/etc/gentoo/gentoorc @@ -0,0 +1,3081 @@ + + + + "0.19.12" + + 2 + + 9 + + 0 + "I" + "icon" + + + 2 + 20 + + + 1 + "Name" + "name" + + FALSE + TRUE + + 0 + 267 + + + 2 + "Size" + "size" + + "bytesnounit" + TRUE + "," + 3 + TRUE + + 1 + 110 + + + 3 + "Mode" + "modenum" + + "%o" + + 1 + 57 + + + 4 + "Mode2" + "modestr" + + + 2 + 96 + + + 5 + "Nlink" + "nlink" + + "%d" + + 2 + 40 + + + 6 + "User" + "uname" + + + 2 + 80 + + + 7 + "Group" + "gname" + + + 2 + 64 + + + 8 + "Modified" + "mtime" + + "%Y-%m-%d %H:%M.%S" + + 2 + 180 + + + "name" + "dirs_first" + FALSE + FALSE + + "@history[0]" + FALSE + TRUE + TRUE + FALSE + TRUE + "Monospace 8" + TRUE + "system" + + + 9 + + 0 + "I" + "icon" + + + 2 + 20 + + + 1 + "Name" + "name" + + TRUE + TRUE + + 0 + 273 + + + 2 + "Size" + "size" + + "bytesnounit" + TRUE + "," + 3 + TRUE + + 1 + 99 + + + 3 + "Mode" + "modenum" + + "%o" + + 1 + 57 + + + 4 + "Mode2" + "modestr" + + + 2 + 96 + + + 5 + "Nlink" + "nlink" + + "%d" + + 2 + 40 + + + 6 + "User" + "uname" + + + 2 + 80 + + + 7 + "Group" + "gname" + + + 2 + 64 + + + 8 + "Modified" + "mtime" + + "%Y-%m-%d %H:%M.%S" + + 2 + 180 + + + "name" + "dirs_first" + FALSE + FALSE + + "@history[0]" + FALSE + TRUE + TRUE + FALSE + TRUE + "Monospace 8" + TRUE + "left" + + + "horizontal" + "ratio" + 0.500000 + + + + TRUE + + + + + "mouse_right" + 0 + + + "Built-In" + "SelectRow action=select" + 0 + + + "Built-In" + "MenuPopup" + 0 + + + + + "test_checkbox" + 0 + + + "External" + "echo {It:"Testing checkboxes"} {Ix:"One"} {Ix:"Two"} {Ix:"Three"}" + 0 + + 0 + 0 + 0 + + + + + + "wrap_about" + 0 + + + "Built-In" + "About" + 0 + + + + + "play_mod" + 0 + + + "External" + "xmp {fup}" + 0 + + 3 + 0 + 0 + + + + + + "test_pipe" + 0 + + + "External" + "bash -c 'echo {Fup} | wc'" + 0 + + 4 + 0 + 0 + + + + + + "run_file" + 0 + + + "External" + "/usr/bin/env bash -c {fup}" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_tar_bzip2" + 0 + + + "External" + "tar --use-compress-program=bzip2 -xf {fup}" + 0 + + 0 + 8 + 2 + + + + + + "test_uri" + 0 + + + "External" + "echo {uq}" + 0 + + 0 + 0 + 0 + + + + + + "unmount" + 0 + + + "External" + "umount {fpu}" + 0 + + 0 + 0 + 0 + + + + + + "view_rpm" + 0 + + + "External" + "rpm -SOME_SMART_OPTION {fup}" + 0 + + 4 + 0 + 0 + + + + + + "print_selected" + 0 + + + "External" + "echo {Fpu}" + 0 + + 0 + 0 + 0 + + + + + + "compress_gzip" + 0 + + + "External" + "gzip -9 {Fup}" + 0 + + 0 + 0 + 1 + + + + + + "view_video" + 0 + + + "External" + "mplayer -quiet -vo x11 {fup}" + 0 + + 0 + 0 + 0 + + + + + + "open_other" + 0 + + + "Built-In" + "DirToOther" + 0 + + + "Built-In" + "ActivateOther" + 0 + + + "Built-In" + "DirEnter" + 0 + + + "Built-In" + "ActivateOther" + 0 + + + "Built-In" + "UnselectFirst" + 0 + + + + + "view_rfc" + 0 + + + "External" + "less {fup}" + 0 + + 4 + 0 + 0 + + + + + + "view_tar_bzip2" + 0 + + + "External" + "tar -tvf {fpu} --use-compress-prog=bunzip2" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_rar" + 0 + + + "External" + "unrar x -inul {fup}" + 0 + + 0 + 8 + 2 + + + + + + "view_tar_gzip" + 0 + + + "External" + "tar -tvzf {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_grab" + 0 + + + "External" + "{$HOME}/data/src/C/spew --delay=5000000" + 0 + + 4 + 0 + 0 + + + + + + "test_exec" + 0 + + + "External" + "nonexistant {fup}" + 0 + + 0 + 0 + 0 + + + + + + "tar_extract" + 1 + + + "External" + "echo Extracting {fp} to {Pd}" + 0 + + 0 + 0 + 0 + + + + "External" + "tar xzf {fup}" + 0 + + 16 + 8 + 2 + + + + + + "view_gzip" + 0 + + + "External" + "zcat {fup}" + 0 + + 4 + 0 + 0 + + + + + + "uncompress_zip" + 0 + + + "External" + "unzip -qq -o {fup}" + 0 + + 0 + 8 + 2 + + + + + + "test_call" + 0 + + + "Built-In" + "wrap_about" + 0 + + + + + "compress_tar" + 0 + + + "External" + "tar {It:"Create tar archive"}{Ic:"Mode"="-cf","-czf","-cyf"} {Pd}/{Is:"Archive Name"} {Ix:"Dereference links?"="-h",""}{Ix:"Compress?"="-z",""} {Fu}" + 0 + + 16 + 4 + 2 + + + + + + "view_man" + 0 + + + "External" + "groff -man -Tascii -P-b -P-u {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_menu" + 0 + + + "External" + "echo {Im:"First"="Hello,:1","Good day,:2","Good evening,:3","Hi,:4","Yo:5"} {Im:"Second"="person","dude","geek"}" + 0 + + 0 + 0 + 0 + + + + + + "view_tar" + 0 + + + "External" + "tar -tvf {fup}" + 0 + + 4 + 0 + 0 + + + + + + "edit_image" + 0 + + + "External" + "gimp {fup}" + 0 + + 3 + 0 + 0 + + + + + + "view_image" + 0 + + + "External" + "gliv {Fup}" + 0 + + 0 + 4 + 0 + + + + + + "view_html" + 0 + + + "External" + "lynx -dump {fup}" + 0 + + 4 + 0 + 0 + + + + + + "view_howto" + 0 + + + "External" + "less {fup}" + 0 + + 4 + 0 + 0 + + + + + + "play_mp3" + 0 + + + "External" + "xmms {Fup}" + 0 + + 1 + 0 + 0 + + + + + + "edit_text" + 0 + + + "External" + "{$EDITOR} {fup}" + 0 + + 1 + 0 + 0 + + + + + + "mkdir_and_enter_selected" + 0 + + + "Built-In" + "MkDir 1" + 0 + + + "Built-In" + "DirEnter dir={fpu}" + 0 + + + + + "run_missing" + 0 + + + "External" + "whatever {Fpu}" + 0 + + 0 + 0 + 0 + + + + + + "test_dirparent" + 0 + + + "Built-In" + "DirParent" + 0 + + + "Built-In" + "About" + 0 + + + + + "view_pdf" + 0 + + + "External" + " evince {fup}" + 0 + + 0 + 0 + 0 + + + + + + "Unnamed" + 0 + + + "External" + "echo {Fu}" + 0 + + 0 + 16 + 0 + + + + + + "diff" + 0 + + + "External" + "diff -pu {fpu} {fdup}" + 0 + + 4 + 16 + 0 + + + + + + "play_sid" + 0 + + + "External" + "sidplay {fup}" + 0 + + 1 + 0 + 0 + + + + + + "convert_mp3" + 1 + + + "External" + "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" + 0 + + 0 + 4 + 1 + + + + + + "view_deb" + 0 + + + "External" + "dpkg-deb -c {fup}" + 0 + + 4 + 0 + 0 + + + + + + "test_input" + 0 + + + "External" + "echo {It:"String input defaults to first selected filename:"} {It:"-"} {Is:"Name:"="prefix-{fQ}-postfix"}" + 0 + + 0 + 0 + 0 + + + + + + "view_bzip2" + 0 + + + "External" + "bzcat {fup}" + 0 + + 4 + 0 + 0 + + + + + + "run_script" + 0 + + + "External" + "/usr/bin/env bash {fup}" + 0 + + 16 + 20 + 0 + + + + + + "view_ps" + 0 + + + "External" + "gv {fut}" + 0 + + 1 + 0 + 0 + + + + + + "uncompress_gzip" + 0 + + + "External" + "gunzip {Fup}" + 0 + + 0 + 0 + 1 + + + + + + "uncompress_tar_gzip" + 1 + + + "External" + "tar xzf {fup}" + 0 + + 0 + 8 + 2 + + + + + + "run_calculator" + 0 + + + "External" + "gnome-calculator" + 0 + + 3 + 0 + 0 + + + + + + "view_zip" + 0 + + + "External" + "unzip -v {fup}" + 0 + + 4 + 0 + 0 + + + + + + "new_shell" + 0 + + + "External" + "xterm" + 0 + + 1 + 4 + 0 + + + + + + "play_sample" + 0 + + + "External" + "aplay {fup}" + 0 + + 0 + 0 + 0 + + + + + + "view_rar" + 0 + + + "External" + "unrar lt {fup}" + 0 + + 4 + 0 + 0 + + + + + + + + FALSE + + + TRUE + TRUE + TRUE + u2097152 + + + u1 + + + FALSE + FALSE + + + FALSE + + + TRUE + TRUE + "%Y-%m-%d %H:%M.%S" + "%Y-%m-%d %H:%M.%S" + "%Y-%m-%d %H:%M.%S" + "," + + + TRUE + FALSE + + + TRUE + u2 + + + u1048576 + u512 + TRUE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "Directory" + 16384 + + + + "Archive, Tar" + 32768 + ".tar" + + + + "Archive, Rar" + 32768 + ".rar" + + + + "Archive, Tar BZip2" + 32768 + "^.+\\.(tbz|tar\\.bz2)$" + FALSE + FALSE + + + + "Archive, Tar Gzip" + 32768 + ".+\\.(tar\\.gz|tgz)" + FALSE + FALSE + + + + "Archive, ZIP" + 32768 + ".zip" + + + + "Archive, Package, Debian" + 32768 + ".deb" + + + + "Archive, Package, RPM" + 32768 + ".rpm" + + + + "Image, BMP" + 32768 + ".bmp" + + + + "Image, GIF" + 32768 + ".gif" + + + + "Image, JPEG" + 32768 + "^.+\\.jpe?g$" + FALSE + TRUE + + + + "Image, IFF-ILBM" + 32768 + "\\.(lbm|iff)$" + FALSE + FALSE + + + + "Image, TARGA" + 32768 + ".tga" + + + + "Image, TIFF" + 32768 + "\\.tiff?$" + FALSE + FALSE + + + + "Image, PNG" + 32768 + ".png" + + + + "Image, XPM" + 32768 + ".xpm" + + + + "Sound, Music, Module" + 32768 + "(^mod\\..+)|(.+\\.mod$)" + FALSE + FALSE + + + + "Sound, Music, MP3" + 32768 + ".mp3" + + + + "Sound, Music, SID" + 32768 + ".sid" + + + + "Sound, Sample, WAV" + 32768 + "WAVE audio" + FALSE + FALSE + + + + "Sound, Sample, au" + 32768 + ".au" + + + + "Source Code, Assembly, ASM-One" + 32768 + "\\.(s|S)$" + FALSE + FALSE + + + + "Source Code, Assembly" + 32768 + "\\.(s|asm)$" + FALSE + FALSE + + + + "Source Code, C Header" + 32768 + ".h" + + + + "Source Code, C Source" + 32768 + ".c" + + + + "Source Code, C++ Source" + 32768 + "\\.(cpp|cc)$" + FALSE + FALSE + + + + "Source Code, Java" + 32768 + ".java" + + + + "Source Code, M4" + 32768 + ".m4" + + + + "Source Code, Perl" + 32768 + ".pl" + + + + "Source Code, PHP" + 32768 + ".php" + + + + "Source Code, Python" + 32768 + ".py" + + + + "Text, COPYING" + 32768 + "^(COPYING|COPYRIGHT|LICENSE)$" + FALSE + FALSE + + + + "Text, Config" + 32768 + "^\\..+rc$" + FALSE + FALSE + + + + "Text, HOWTO" + 32768 + "-HOWTO(\\.gz)?$" + FALSE + FALSE + + + + "Text, MS Word" + 32768 + ".doc" + + + + "Text, HTML" + 32768 + ".+\\.html?$" + FALSE + FALSE + + + + "Text, Makefile" + 32768 + "^Makefile" + FALSE + FALSE + + + + "Text, Man Page" + 32768 + "^[^.]+[^0-9]\\.[0-9][A-Za-z]?(\\.gz)?$" + FALSE + FALSE + + + + "Text, Package Information" + 32768 + "^(BUGS|ChangeLog|INSTALL|README|TODO)" + FALSE + FALSE + + + + "Text, PDF" + 32768 + ".pdf" + + + + "Text, Plain" + 32768 + ".txt" + "ASCII text" + FALSE + FALSE + + + + "Text, PostScript" + 32768 + ".ps" + + + + "Text, RFC" + 32768 + "^rfc[0-9]+(\\.gz)?$" + FALSE + FALSE + + + + "Video, 3GP" + 32768 + ".3gp" + + + + "Video, AVI" + 32768 + ".avi" + + + + "Video, MPEG" + 32768 + "\\.mpe?g$" + FALSE + FALSE + + + + "Video, MOV" + 32768 + ".mov" + + + + "Video, WMV" + 32768 + ".wmv" + + + + "Video, RealMedia" + 32768 + ".rm" + + + + "Executable, Shared Object" + 32768 + "^lib.+\\.so(\\.[0-9.]+)?" + FALSE + FALSE + + + + "Executable" + 32768 + 32 + + + + "Executable, Java Class" + 32768 + ".class" + + + + "Executable, Object" + 32768 + ".o" + + + + "Executable, Windows" + 32768 + ".exe" + + + + "Data, Compressed, GZip" + 32768 + ".gz" + + + + "Data, Compressed, BZip2" + 32768 + ".bz2" + + + + "Special, Link" + 40960 + + + + "Special, Socket" + 49152 + + + + "Special, FIFO" + 4096 + + + + "Unknown" + 0 + + + + + + + + + 1 + + + + + + 1 + + + + + + 1 + + + + + + 1 + + + + + + + + + + + 8 + + + + + + + + + + + + + 8 + + + + + + + + + + + + 8 + + + + + + + + + + + + + + + + + FALSE + 2 + + + + + + 0 + "icons:/usr/share/gentoo/icons" + + + 1 + "~" + + + 2 + "/etc/fstab" + + + 3 + "/proc/mounts" + + + + 1 + "^\\." + FALSE + + + + + u0 + 619 + 123 + 797 + 1112 + FALSE + FALSE + TRUE + TRUE + + + u1 + 32 + 32 + 800 + 600 + FALSE + FALSE + TRUE + TRUE + + + u2 + 32 + 32 + 694 + 600 + FALSE + FALSE + TRUE + TRUE + + + u3 + 32 + 32 + 320 + 480 + FALSE + FALSE + TRUE + TRUE + + + 4 + -24 + + + + "mouse" + + + + + "<Alt><Mod2>1" + "ActivateLeft" + + + "<Alt><Mod2>2" + "ActivateRight" + + + "<Alt>Down" + "DpFocus next" + + + "<Alt>Page_Down" + "DpFocus pagenext" + + + "<Alt>Page_Up" + "DpFocus pageprev" + + + "<Alt>Return" + "DpFocus select=true same" + + + "<Alt>Up" + "DpFocus prev" + + + "<Control><Mod2>F8" + "Rerun" + + + "<Control>Tab" + "DirFromOther" + + + "<Control>g" + "DpGotoRow {It:"Jump To Row Matching"} re=^{Is:"Regular Expression"} focus={Ix:"Focus Destination?"}" + + + "<Control>l" + "DpFocusPath select=true" + + + "<Control>r" + "DpReorient" + + + "<Control>s" + "DpFocusISrch text=" + + + "<Control>space" + "MenuPopup" + + + "<Mod2>c" + "Configure" + + + "<Mod2>q" + "Quit" + + + "<Shift><Mod2>r" + "DpMaximize" + + + "<Shift>Return" + "DpFocusPath select=true" + + + "BackSpace" + "DirParent" + + + "Delete" + "Delete" + + + "F1" + "About" + + + "F5" + "DirRescan" + + + "F8" + "Run" + + + "Left" + "DirParent" + + + "Tab" + "ActivateOther" + + + "c" + "Configure" + + + "h" + "DpHide" + + + "r" + "DpRecenter value=50" + + + + + + u5 + "SelectSuffix action=toggle" + + + + u8 + "SelectType action=toggle" + + + + u0 + "DirParent" + + + + u1 + "SelectRow" + + + + u0 + "MenuPopup" + + + + u1 + "mouse_right" + + + + u4 + "MenuPopup menu=<ActionMenu>" + + + + "FileAction action=ClickMClick" + 0.400000 + + + + "evt-path-rmb" + "About" + + + TRUE + + + 0 + FALSE + + + + + + diff --git a/gentoo/._cfg0000_gentoorc b/config-archive/etc/gentoo/gentoorc.dist similarity index 100% rename from gentoo/._cfg0000_gentoorc rename to config-archive/etc/gentoo/gentoorc.dist diff --git a/config-archive/etc/init.d/consolekit b/config-archive/etc/init.d/consolekit new file mode 100755 index 0000000..d469b46 --- /dev/null +++ b/config-archive/etc/init.d/consolekit @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.1.rc,v 1.2 2009/09/12 19:46:19 nirbheek Exp $ + +depend() { + need dbus + use logger +} + +start() { + ebegin "Starting ConsoleKit daemon" + + start-stop-daemon --start -q \ + --pidfile /var/run/ConsoleKit/pid \ + --exec /usr/sbin/console-kit-daemon -- + eend $? +} + +stop() { + ebegin "Stopping ConsoleKit daemon" + start-stop-daemon --stop -q --pidfile /var/run/ConsoleKit/pid + eend $? +} diff --git a/init.d/._cfg0000_consolekit b/config-archive/etc/init.d/consolekit.dist similarity index 100% rename from init.d/._cfg0000_consolekit rename to config-archive/etc/init.d/consolekit.dist diff --git a/config-archive/etc/init.d/sysstat b/config-archive/etc/init.d/sysstat new file mode 100755 index 0000000..885782a --- /dev/null +++ b/config-archive/etc/init.d/sysstat @@ -0,0 +1,19 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ + +depend() { + use hostname +} + +start() { + ebegin "Writing a dummy startup record using sadc (see sadc(8))..." + /usr/lib/sa/sadc -F -L - + eend $? +} + +stop() { + ebegin "Cannot stop writing a dummy startup record (see sadc(8))..." + eend $? +} diff --git a/init.d/._cfg0000_sysstat b/config-archive/etc/init.d/sysstat.dist similarity index 100% rename from init.d/._cfg0000_sysstat rename to config-archive/etc/init.d/sysstat.dist diff --git a/config-archive/etc/layman/layman.cfg b/config-archive/etc/layman/layman.cfg new file mode 100644 index 0000000..eeeb5a8 --- /dev/null +++ b/config-archive/etc/layman/layman.cfg @@ -0,0 +1,82 @@ +[MAIN] + +#----------------------------------------------------------- +# Defines the directory where overlays should be installed + +storage : /var/lib/layman + +#----------------------------------------------------------- +# Remote overlay lists will be stored here +# layman will append _md5(url).xml to each filename + +cache : %(storage)s/cache + +#----------------------------------------------------------- +# The list of locally installed overlays + +local_list: %(storage)s/overlays.xml + +#----------------------------------------------------------- +# Path to the make.conf file that should be modified by +# layman + +make_conf : %(storage)s/make.conf + +#----------------------------------------------------------- +# URLs of the remote lists of overlays (one per line) or +# local overlay definitions +# +#overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml +# http://dev.gentoo.org/~wrobel/layman/global-overlays.xml +# http://mydomain.org/my-layman-list.xml +# file:///var/lib/layman/my-list.xml + +overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml + http://10.1.1.1/gentoo/overlay-repos.xml + +#----------------------------------------------------------- +# Proxy support +# If unset, layman will use the http_proxy environment variable. +# +#proxy : http://[user:pass@]www.my-proxy.org:3128 + +#----------------------------------------------------------- +# Strict checking of overlay definitions +# +# Set either to "yes" or "no". If "no" layman will issue +# warnings if an overlay definition is missing either +# description or contact information. +# +nocheck : yes + +#----------------------------------------------------------- +# Umask settings +# +# layman should usually work with a umask of 0022. You should +# only change this setting if you are absolutely certain that +# you know what you are doing. +# +#umask : 0022 + +#----------------------------------------------------------- +# Command overrides +# +# You can have commands point to either a binary at a different +# location, e.g. +# +# /home/you/local/bin/git +# +# or just the command, e.g. +# +# git +# +# to use PATH-based resolution of the binary to call. +# +#bzr_command : /usr/bin/bzr +#cvs_command : /usr/bin/cvs +#darcs_command : /usr/bin/darcs +#git_command : /usr/bin/git +#mercurial_command : /usr/bin/hg +#rsync_command : /usr/bin/rsync +#svn_command : /usr/bin/svn +#tar_command : /bin/tar diff --git a/layman/._cfg0000_layman.cfg b/config-archive/etc/layman/layman.cfg.dist similarity index 100% rename from layman/._cfg0000_layman.cfg rename to config-archive/etc/layman/layman.cfg.dist diff --git a/config-archive/etc/libvirt/libvirt.conf b/config-archive/etc/libvirt/libvirt.conf new file mode 100644 index 0000000..c54903c --- /dev/null +++ b/config-archive/etc/libvirt/libvirt.conf @@ -0,0 +1,12 @@ +# +# This can be used to setup URI aliases for frequently +# used connection URIs. Aliases may contain only the +# characters a-Z, 0-9, _, -. +# +# Following the '=' may be any valid libvirt connection +# URI, including arbitrary parameters + +#uri_aliases = [ +# "hail=qemu+ssh://root@hail.cloud.example.com/system", +# "sleet=qemu+ssh://root@sleet.cloud.example.com/system", +#] diff --git a/libvirt/._cfg0000_libvirt.conf b/config-archive/etc/libvirt/libvirt.conf.dist similarity index 100% rename from libvirt/._cfg0000_libvirt.conf rename to config-archive/etc/libvirt/libvirt.conf.dist diff --git a/config-archive/etc/libvirt/libvirtd.conf b/config-archive/etc/libvirt/libvirtd.conf new file mode 100644 index 0000000..3eab2be --- /dev/null +++ b/config-archive/etc/libvirt/libvirtd.conf @@ -0,0 +1,393 @@ +# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html +# +# NOTE: the tests/daemon-conf regression test script requires +# that each "PARAMETER = VALUE" line in this file have the parameter +# name just after a leading "#". + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +#listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +#listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +#tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +#tcp_port = "16509" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +#listen_addr = "192.168.0.1" + + +# Flag toggling mDNS advertizement of the libvirt service. +# +# Alternatively can disable for all services on a host by +# stopping the Avahi daemon +# +# This is enabled by default, uncomment this to disable it +#mdns_adv = 0 + +# Override the default mDNS advertizement name. This must be +# unique on the immediate broadcast network. +# +# The default is "Virtualization Host HOSTNAME", where HOSTNAME +# is subsituted for the short hostname of the machine (without domain) +# +#mdns_name = "Virtualization Host Joe Demo" + + +################################################################# +# +# UNIX socket access controls +# + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This is restricted to 'root' by default. +#unix_sock_group = "libvirt" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# Default allows any user. If setting group ownership may want to +# restrict this to: +#unix_sock_ro_perms = "0777" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control then you may want to relax this to: +#unix_sock_rw_perms = "0770" + +# Set the name of the directory in which sockets will be found/created. +#unix_sock_dir = "/var/run/libvirt" + +################################################################# +# +# Authentication. +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# +# Set an authentication scheme for UNIX read-only sockets +# By default socket permissions allow anyone to connect +# +# To restrict monitoring of domains you may wish to enable +# an authentication mechanism here +#auth_unix_ro = "none" + +# Set an authentication scheme for UNIX read-write sockets +# By default socket permissions only allow root. If PolicyKit +# support was compiled into libvirt, the default will be to +# use 'polkit' auth. +# +# If the unix_sock_rw_perms are changed you may wish to enable +# an authentication mechanism here +#auth_unix_rw = "none" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +#auth_tcp = "sasl" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +#auth_tls = "none" + + + +################################################################# +# +# TLS x509 certificate configuration +# + + +# Override the default server key file path +# +#key_file = "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +#cert_file = "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +#ca_file = "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +#crl_file = "/etc/pki/CA/crl.pem" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always run sanity checks. Uncommenting this +# will disable sanity checks which is not a good idea +#tls_no_sanity_certificate = 1 + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +#tls_no_verify_certificate = 1 + + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +#tls_allowed_dn_list = ["DN1", "DN2"] + + +# A whitelist of allowed SASL usernames. The format for usernames +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# "*@EXAMPLE.COM" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] + + + +################################################################# +# +# Processing controls +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 20 + + +# The minimum limit sets the number of workers to start up +# initially. If the number of active clients exceeds this, +# then more threads are spawned, upto max_workers limit. +# Typically you'd want max_workers to equal maximum number +# of clients allowed +#min_workers = 5 +#max_workers = 20 + + +# The number of priority workers. If all workers from above +# pool will stuck, some calls marked as high priority +# (notably domainDestroy) can be executed in this pool. +#prio_workers = 5 + +# Total global limit on concurrent RPC calls. Should be +# at least as large as max_workers. Beyond this, RPC requests +# will be read into memory and queued. This directly impact +# memory usage, currently each request requires 256 KB of +# memory. So by default upto 5 MB of memory is used +# +# XXX this isn't actually enforced yet, only the per-client +# limit is used so far +#max_requests = 20 + +# Limit on concurrent requests from a single client +# connection. To avoid one client monopolizing the server +# this should be a small fraction of the global max_requests +# and max_workers parameter +#max_client_requests = 5 + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +#log_level = 3 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs +# The format for a filter is: +# x:name +# where name is a match string e.g. remote or qemu +# the x prefix is the minimal level where matching messages should be logged +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filter can be defined in a single @filters, they just need to be +# separated by spaces. +# +# e.g: +# log_filters="3:remote 4:event" +# to only get warning or errors from the remote layer and only errors from +# the event layer. + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# x:stderr +# output goes to stderr +# x:syslog:name +# use syslog for the output and use the given name as the ident +# x:file:file_path +# output to a file, with the given filepath +# In all case the x prefix is the minimal level, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple output can be defined, they just need to be separated by spaces. +# e.g.: +# log_outputs="3:syslog:libvirtd" +# to log all warnings and errors to syslog under the libvirtd ident + +# Log debug buffer size: default 64 +# The daemon keeps an internal debug log buffer which will be dumped in case +# of crash or upon receiving a SIGUSR2 signal. This setting allows to override +# the default buffer size in kilobytes. +# If value is 0 or less the debug log buffer is deactivated +#log_buffer_size = 64 + + +################################################################## +# +# Auditing +# +# This setting allows usage of the auditing subsystem to be altered: +# +# audit_level == 0 -> disable all auditing +# audit_level == 1 -> enable auditing, only if enabled on host (default) +# audit_level == 2 -> enable auditing, and exit if disabled on host +# +#audit_level = 2 +# +# If set to 1, then audit messages will also be sent +# via libvirt logging infrastructure. Defaults to 0 +# +#audit_logging = 1 + +################################################################### +# UUID of the host: +# Provide the UUID of the host here in case the command +# 'dmidecode -s system-uuid' does not provide a valid uuid. In case +# 'dmidecode' does not provide a valid UUID and none is provided here, a +# temporary UUID will be generated. +# Keep the format of the example UUID below. UUID must not have all digits +# be the same. + +# NB This default all-zeros UUID will not work. Replace +# it with the output of the 'uuidgen' command and then +# uncomment this entry +#host_uuid = "00000000-0000-0000-0000-000000000000" + +################################################################### +# Keepalive protocol: +# This allows libvirtd to detect broken client connections or even +# dead client. A keepalive message is sent to a client after +# keepalive_interval seconds of inactivity to check if the client is +# still responding; keepalive_count is a maximum number of keepalive +# messages that are allowed to be sent to the client without getting +# any response before the connection is considered broken. In other +# words, the connection is automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the client. If keepalive_interval is set to +# -1, libvirtd will never send keepalive requests; however clients +# can still send them and the deamon will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 +# +# If set to 1, libvirtd will refuse to talk to clients that do not +# support keepalive protocol. Defaults to 0. +# +#keepalive_required = 1 diff --git a/libvirt/._cfg0000_libvirtd.conf b/config-archive/etc/libvirt/libvirtd.conf.dist similarity index 100% rename from libvirt/._cfg0000_libvirtd.conf rename to config-archive/etc/libvirt/libvirtd.conf.dist diff --git a/config-archive/etc/profile b/config-archive/etc/profile new file mode 100644 index 0000000..3565bab --- /dev/null +++ b/config-archive/etc/profile @@ -0,0 +1,63 @@ +# /etc/profile: login shell setup +# +# That this file is used by any Bourne-shell derivative to setup the +# environment for login shells. +# + +# Load environment settings from profile.env, which is created by +# env-update from the files in /etc/env.d +if [ -e /etc/profile.env ] ; then + . /etc/profile.env +fi + +# You should override these in your ~/.bashrc (or equivalent) for per-user +# settings. For system defaults, you can add a new file in /etc/profile.d/. +export EDITOR=${EDITOR:-/bin/nano} +export PAGER=${PAGER:-/usr/bin/less} + +# 077 would be more secure, but 022 is generally quite realistic +umask 022 + +# Set up PATH depending on whether we're root or a normal user. +# There's no real reason to exclude sbin paths from the normal user, +# but it can make tab-completion easier when they aren't in the +# user's PATH to pollute the executable namespace. +# +# It is intentional in the following line to use || instead of -o. +# This way the evaluation can be short-circuited and calling whoami is +# avoided. +if [ "$EUID" = "0" ] || [ "$USER" = "root" ] ; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${ROOTPATH}" +else + PATH="/usr/local/bin:/usr/bin:/bin:${PATH}" +fi +export PATH +unset ROOTPATH + +if [ -n "${BASH_VERSION}" ] ; then + # Newer bash ebuilds include /etc/bash/bashrc which will setup PS1 + # including color. We leave out color here because not all + # terminals support it. + if [ -f /etc/bash/bashrc ] ; then + # Bash login shells run only /etc/profile + # Bash non-login shells run only /etc/bash/bashrc + # Since we want to run /etc/bash/bashrc regardless, we source it + # from here. It is unfortunate that there is no way to do + # this *after* the user's .bash_profile runs (without putting + # it in the user's dot-files), but it shouldn't make any + # difference. + . /etc/bash/bashrc + else + PS1='\u@\h \w \$ ' + fi +else + # Setup a bland default prompt. Since this prompt should be useable + # on color and non-color terminals, as well as shells that don't + # understand sequences such as \h, don't put anything special in it. + PS1="${USER:-$(type whoami >/dev/null && whoami)}@$(type uname >/dev/null && uname -n) \$ " +fi + +for sh in /etc/profile.d/*.sh ; do + [ -r "$sh" ] && . "$sh" +done +unset sh diff --git a/._cfg0000_profile b/config-archive/etc/profile.dist similarity index 100% rename from ._cfg0000_profile rename to config-archive/etc/profile.dist diff --git a/config-archive/etc/xdg/Thunar/uca.xml b/config-archive/etc/xdg/Thunar/uca.xml new file mode 100644 index 0000000..43d1fd6 --- /dev/null +++ b/config-archive/etc/xdg/Thunar/uca.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + +]> + + + + Terminal + * + Open Terminal Here + Terminal hier öffnen + Open Terminal Here + Открыть терминал + exo-open --working-directory %f --launch TerminalEmulator + Example for a custom action + Beispiel für eine eigene Aktion + Example for a custom action + Пример особого действия + + + + + \ No newline at end of file diff --git a/xdg/Thunar/._cfg0000_uca.xml b/config-archive/etc/xdg/Thunar/uca.xml.dist similarity index 100% rename from xdg/Thunar/._cfg0000_uca.xml rename to config-archive/etc/xdg/Thunar/uca.xml.dist diff --git a/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop new file mode 100644 index 0000000..ea79903 --- /dev/null +++ b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Exec=xdg-user-dirs-gtk-update +Name=User folders update +Name[de]=Aktualisierung der Ordner des Benutzers +Name[en_GB]=User folders update +Comment=Update common folders names to match current locale +Comment[de]=Namen der Standardordner auf die momentan verwendete Sprache aktualisieren +Comment[en_GB]=Update common folders names to match current locale +Terminal=false +NotShowIn=KDE; +Type=Application +StartupNotify=false +X-KDE-autostart-after=panel diff --git a/xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop b/config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist similarity index 100% rename from xdg/autostart/._cfg0000_user-dirs-update-gtk.desktop rename to config-archive/etc/xdg/autostart/user-dirs-update-gtk.desktop.dist diff --git a/config-archive/etc/xdg/menus/xfce-applications.menu b/config-archive/etc/xdg/menus/xfce-applications.menu new file mode 100644 index 0000000..51a27cb --- /dev/null +++ b/config-archive/etc/xdg/menus/xfce-applications.menu @@ -0,0 +1,165 @@ + + + + Xfce + + + + + + + X-Xfce-Toplevel + + + + xfrun4.desktop + xfce4-run.desktop + + exo-terminal-emulator.desktop + exo-file-manager.desktop + exo-mail-reader.desktop + exo-web-browser.desktop + + Settings + + + + xfhelp4.desktop + xfce4-about.desktop + xfce4-session-logout.desktop + + + + Settings + xfce-settings.directory + + Settings + + + + xfce-settings-manager.desktop + + + + + + Screensavers + xfce-screensavers.directory + + Screensaver + + + + + + Accessories + xfce-accessories.directory + + + Accessibility + Core + Legacy + Utility + + + + + exo-file-manager.desktop + exo-terminal-emulator.desktop + xfce4-about.desktop + xfrun4.desktop + + + + + + Development + xfce-development.directory + + Development + + + + + Education + xfce-education.directory + + Education + + + + + Games + xfce-games.directory + + Game + + + + + Graphics + xfce-graphics.directory + + Graphics + + + + + Multimedia + xfce-multimedia.directory + + Audio + Video + AudioVideo + + + + + Network + xfce-network.directory + + Network + + + + exo-mail-reader.desktop + exo-web-browser.desktop + + + + + + Office + xfce-office.directory + + Office + + + + + System + xfce-system.directory + + + Emulator + System + + + + + xfce4-session-logout.desktop + + + + + + Other + xfce-other.directory + + + + + + + diff --git a/xdg/menus/._cfg0000_xfce-applications.menu b/config-archive/etc/xdg/menus/xfce-applications.menu.dist similarity index 100% rename from xdg/menus/._cfg0000_xfce-applications.menu rename to config-archive/etc/xdg/menus/xfce-applications.menu.dist diff --git a/config-archive/etc/xdg/xfce4/helpers.rc b/config-archive/etc/xdg/xfce4/helpers.rc new file mode 100644 index 0000000..74315c0 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/helpers.rc @@ -0,0 +1,9 @@ +# +# Default helpers.rc for Xfce's Preferred Applications +# +# Copyright (c) 2005-2006 Benedikt Meurer +# + +WebBrowser=firefox +MailReader=thunderbird +TerminalEmulator=Terminal diff --git a/xdg/xfce4/._cfg0000_helpers.rc b/config-archive/etc/xdg/xfce4/helpers.rc.dist similarity index 100% rename from xdg/xfce4/._cfg0000_helpers.rc rename to config-archive/etc/xdg/xfce4/helpers.rc.dist diff --git a/config-archive/etc/xdg/xfce4/panel/default.xml b/config-archive/etc/xdg/xfce4/panel/default.xml new file mode 100644 index 0000000..244f0cc --- /dev/null +++ b/config-archive/etc/xdg/xfce4/panel/default.xml @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/panel/._cfg0000_default.xml b/config-archive/etc/xdg/xfce4/panel/default.xml.dist similarity index 100% rename from xdg/xfce4/panel/._cfg0000_default.xml rename to config-archive/etc/xdg/xfce4/panel/default.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml new file mode 100644 index 0000000..47e592c --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist similarity index 100% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-keyboard-shortcuts.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml new file mode 100644 index 0000000..49f19c4 --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist similarity index 100% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xfce4-session.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml new file mode 100644 index 0000000..2460fed --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml b/config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist similarity index 100% rename from xdg/xfce4/xfconf/xfce-perchannel-xml/._cfg0000_xsettings.xml rename to config-archive/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml.dist diff --git a/config-archive/etc/xdg/xfce4/xinitrc b/config-archive/etc/xdg/xfce4/xinitrc new file mode 100644 index 0000000..ebbfcfb --- /dev/null +++ b/config-archive/etc/xdg/xfce4/xinitrc @@ -0,0 +1,309 @@ +#!/bin/sh + +# fix broken $UID on some system... +if test "x$UID" = "x"; then + if test -x /usr/xpg4/bin/id; then + UID=`/usr/xpg4/bin/id -u`; + else + UID=`id -u`; + fi +fi + +# set $XDG_MENU_PREFIX to "xfce-" so that "xfce-applications.menu" is picked +# over "applications.menu" in all Xfce applications. +if test "x$XDG_MENU_PREFIX" = "x"; then + XDG_MENU_PREFIX="xfce-" + export XDG_MENU_PREFIX +fi + +# set DESKTOP_SESSION so that one can detect easily if an Xfce session is running +if test "x$DESKTOP_SESSION" = "x"; then + DESKTOP_SESSION="xfce" + export DESKTOP_SESSION +fi + +# $XDG_CONFIG_HOME defines the base directory relative to which user specific +# configuration files should be stored. If $XDG_CONFIG_HOME is either not set +# or empty, a default equal to $HOME/.config should be used. +if test "x$XDG_CONFIG_HOME" = "x" ; then + XDG_CONFIG_HOME=$HOME/.config +fi +[ -d "$XDG_CONFIG_HOME" ] || mkdir "$XDG_CONFIG_HOME" + +# $XDG_CACHE_HOME defines the base directory relative to which user specific +# non-essential data files should be stored. If $XDG_CACHE_HOME is either not +# set or empty, a default equal to $HOME/.cache should be used. +if test "x$XDG_CACHE_HOME" = "x" ; then + XDG_CACHE_HOME=$HOME/.cache +fi +[ -d "$XDG_CACHE_HOME" ] || mkdir "$XDG_CACHE_HOME" + + +# set up XDG user directores. see +# http://freedesktop.org/wiki/Software/xdg-user-dirs +if which xdg-user-dirs-update >/dev/null 2>&1; then + xdg-user-dirs-update +fi + +if test -f "$XDG_CONFIG_HOME/user-dirs.dirs"; then + . "$XDG_CONFIG_HOME/user-dirs.dirs" + # i'm deliberately not 'export'-ing the XDG_ vars, because you shouldn't + # rely on the env vars inside apps, since the file could be changed at + # any time by the user. this is solely here for migration purposes. + + # a bit of user dir migration... + if test -d "$HOME/Desktop" -a ! -L "$HOME/Desktop" \ + -a "$XDG_DESKTOP_DIR" \ + -a "$HOME/Desktop" != "$XDG_DESKTOP_DIR" + then + echo "Migrating $HOME/Desktop to $XDG_DESKTOP_DIR..." + test -d "$XDG_DESKTOP_DIR" && rmdir "$XDG_DESKTOP_DIR" + mv "$HOME/Desktop" "$XDG_DESKTOP_DIR" || echo "Desktop migration failed" >&2 + fi + + if test -d "$HOME/Templates" -a ! -L "$HOME/Templates" \ + -a "$XDG_TEMPLATES_DIR" \ + -a "$HOME/Templates" != "$XDG_TEMPLATES_DIR" + then + echo "Migrating $HOME/Templates to $XDG_TEMPLATES_DIR..." + test -d "$XDG_TEMPLATES_DIR" && rmdir "$XDG_TEMPLATES_DIR" + mv "$HOME/Templates" "$XDG_TEMPLATES_DIR" || echo "Templates migration failed" >&2 + fi +fi + + +# Modify libglade and glade environment variables so that +# it will find the files installed by Xfce +LIBGLADE_MODULE_PATH="$LIBGLADE_MODULE_PATH:" +GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:" +GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:" +GLADE_MODULE_PATH="$GLADE_MODULE_PATH:" +export LIBGLADE_MODULE_PATH +export GLADE_CATALOG_PATH +export GLADE_PIXMAP_PATH +export GLADE_MODULE_PATH + +# Export GTK_PATH so that GTK+ can find the Xfce theme engine +# https://bugzilla.xfce.org/show_bug.cgi?id=7483 +#GTK_PATH="$GTK_PATH:/usr/lib64/gtk-2.0" +#export GTK_PATH + +# For now, start with an empty list +XRESOURCES="" + +# Has to go prior to merging Xft.xrdb, as its the "Defaults" file +test -r "/etc/xdg/xfce4/Xft.xrdb" && XRESOURCES="$XRESOURCES /etc/xdg/xfce4/Xft.xrdb" +test -r $HOME/.Xdefaults && XRESOURCES="$XRESOURCES $HOME/.Xdefaults" + +BASEDIR=$XDG_CONFIG_HOME/xfce4 +if test -r "$BASEDIR/Xft.xrdb"; then + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +elif test -r "$XFCE4HOME/Xft.xrdb"; then + mkdir -p "$BASEDIR" + cp "$XFCE4HOME/Xft.xrdb" "$BASEDIR"/ + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +fi + +# merge in X cursor settings +test -r "$BASEDIR/Xcursor.xrdb" && XRESOURCES="$XRESOURCES $BASEDIR/Xcursor.xrdb" + +# ~/.Xresources contains overrides to the above +test -r "$HOME/.Xresources" && XRESOURCES="$XRESOURCES $HOME/.Xresources" + +# load all X resources (adds /dev/null to avoid an empty list that would hang the process) +cat /dev/null $XRESOURCES | xrdb -nocpp -merge - + +# load local modmap +test -r $HOME/.Xmodmap && xmodmap $HOME/.Xmodmap + +# Use dbus-launch if installed. +if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then + if which dbus-launch >/dev/null 2>&1; then + eval `dbus-launch --sh-syntax --exit-with-session` + # some older versions of dbus don't export the var properly + export DBUS_SESSION_BUS_ADDRESS + else + echo "Could not find dbus-launch; Xfce will not work properly" >&2 + fi +fi + +# launch gpg-agent or ssh-agent if enabled. +ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null` +if test "$ssh_agent_enabled" != "false"; then + # if the user has pam_ssh installed, it will start ssh-agent for us, but + # of course won't start gpg-agent. so, if ssh-agent is already running, + # but we want gpg-agent (and that's not running yet) start gpg-agent + # without ssh support + + ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null` + if test -z "$ssh_agent_type"; then + if which gpg-agent >/dev/null 2>&1; then + ssh_agent_type=gpg-agent + else + ssh_agent_type=ssh-agent + fi + fi + + # ignore stale ssh-agents + if test "$SSH_AGENT_PID"; then + if ! kill -0 $SSH_AGENT_PID; then + unset SSH_AGENT_PID + unset SSH_AUTH_SOCK + fi + fi + + case "$ssh_agent_type" in + gpg-agent) + if test -z "$SSH_AGENT_PID"; then + eval `gpg-agent --daemon --enable-ssh-support --write-env-file $XDG_CACHE_HOME/gpg-agent-info` + ssh_agent_kill_cmd="kill -INT $SSH_AGENT_PID; rm -f $XDG_CACHE_HOME/gpg-agent-info" + elif test -z "$GPG_AGENT_INFO"; then + echo "ssh-agent is already running; starting gpg-agent without ssh support" + eval `gpg-agent --daemon --write-env-file $XDG_CACHE_HOME/gpg-agent-info` + ssh_agent_kill_cmd="pkill -INT ^gpg-agent\$; rm -f $XDG_CACHE_HOME/gpg-agent-info" + else + echo "gpg-agent is already running" + fi + ;; + + ssh-agent) + if test -z "$SSH_AGENT_PID"; then + eval `ssh-agent -s` + ssh_agent_kill_cmd="ssh-agent -s -k" + else + echo "ssh-agent is already running" + fi + ;; + + *) + echo "Unrecognized agent type '$ssh_agent_type'" >&2 + ;; + esac +fi + + +# launch a screensaver if enabled. do not launch if we're root or if +# we're in a VNC session. +screensaver_enabled=`xfconf-query -c xfce4-session -p /startup/screensaver/enabled 2> /dev/null` +if test $UID -gt 0 -a -z "$VNCSESSION" -a "$screensaver_enabled" != "false"; then + screensaver_type=`xfconf-query -c xfce4-session -p /startup/screensaver/type 2> /dev/null` + + case "$screensaver_type" in + xscreensaver) + xscreensaver -no-splash & + ;; + + gnome-screensaver) + gnome-screensaver & + ;; + + *) + if test x"`which xscreensaver 2>/dev/null`" != x""; then + xscreensaver -no-splash & + elif test x"`which gnome-screensaver 2>/dev/null`" != x""; then + gnome-screensaver & + fi + ;; + esac +fi + + +# Run xfce4-session if installed +if which xfce4-session >/dev/null 2>&1; then + xfce4-session + + if test "$ssh_agent_kill_cmd"; then + echo "running '$ssh_agent_kill_cmd'" + eval "$ssh_agent_kill_cmd" + fi + + exit 0 +fi + + +################## +# IMPORTANT NOTE # +################## + +# Everything below here ONLY gets executed if you are NOT using xfce4-session +# (Xfce's session manager). If you are using the session manager, everything +# below is handled by it, and the code below is not executed at all. If you're +# not sure if you're using the session manager, type 'ps -e|grep xfce4-session' +# in a terminal while Xfce is running. + +################## + + +# this is only necessary when running w/o xfce4-session +xsetroot -solid black -cursor_name watch + +# or use old-fashioned startup script otherwise + +xfsettingsd & +xfwm4 --daemon + +# start up stuff in $XDG_CONFIG_HOME/autostart/, as that looks to be +# the new standard. if that directory doesn't exist, try the old +# ~/Desktop/Autostart method. we're not going to do any migration here. +if test -d "$XDG_CONFIG_HOME/autostart"; then + for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do + grep -q -E "^Hidden=true" "$i" && continue + if grep -q -E "^OnlyShowIn=" "$i"; then + # need to test twice, as lack of the line entirely means we still run it + grep -E "^OnlyShowIn=" "$i" | grep -q 'XFCE;' || continue + fi + grep -E "^NotShowIn=" "$i" | grep -q 'XFCE;' && continue + + # check for TryExec + trycmd=`grep -E "^TryExec=" "$i" | cut -d'=' -f2` + if test "$trycmd"; then + which "$trycmd" >/dev/null 2>&1 || continue + fi + + cmd=`grep -E "^Exec=" "$i" | cut -d'=' -f2` + if test "$cmd" && which "$cmd" >/dev/null 2>&1; then + $cmd & + fi + done +elif test -d "$HOME/Desktop/Autostart"; then + for i in `ls -1 -L ${HOME}/Desktop/Autostart/ 2>/dev/null`; do + if test -x $HOME/Desktop/Autostart/$i; then + $HOME/Desktop/Autostart/$i & + fi + done +fi + +xfdesktop& +orage & + +panel=`which xfce4-panel` +case "x$panel" in + x|xno*) + ;; + *) + $panel + ret=$? + while test $ret -ne 0; do + xmessage -center -file - -timeout 20 -title Error <&2 < current display +# - %u -> current user +# - %r -> empty at first. See below. +# - %% -> a single % +# When the constructed filename cannot be used safely and the specification +# contains %r, other names will be tried - this time expanding %r +# to followed by a random number. +# Default is ".xsession-errors" +ClientLogFile=.xsession-errors-%d +# Fallback when ClientLogFile cannot be used. The same expansions are +# supported. DO NOT use relative paths here. +# Default is "/tmp/xerr-%u-%d%-r" +#ClientLogFallback=/var/log/xsession-errors/%u-%d%-r +# Whether KDM's built-in utmp/wtmp/lastlog registration should be used. +# Default is true +#UseSessReg=false + +# Greeter config for all displays +[X-*-Greeter] +# Specify the widget style for the greeter. Empty means to use the +# built-in default which currently is "Oxygen-air". +# Default is "" +#GUIStyle=Plastique +# Specify the widget color scheme for the greeter. Empty means to use the +# built-in default which currently is "Oxygen-air". +# Default is "" +#ColorScheme=MidnightMeadow +# What should be shown in the greeter's logo are: +# "None" - nothing +# "Logo" - the image specified by LogoPixmap +# "Clock" - a neat analog clock +# Default is Clock +LogoArea=Logo +# The image to show when LogoArea=Logo. +# Default is "" +LogoPixmap=/usr/share/apps/kdm/pics/kdelogo.png +# The relative coordinates (X,Y in percent) of the center of the greeter. +# Default is "50,50" +#GreeterPos=30,40 +# The screen the greeter should be displayed on in multi-headed and Xinerama +# setups. The numbering starts with 0. For Xinerama, it corresponds to the +# listing order in the active ServerLayout section of XF86Config; -1 means +# to use the upper-left screen, -2 means to use the upper-right screen. +# Default is 0 +#GreeterScreen=-1 +# The headline in the greeter. The following character pairs are replaced: +# - %d -> current display +# - %h -> host name, possibly with domain name +# - %n -> node name, most probably the host name without domain name +# - %s -> the operating system +# - %r -> the operating system's version +# - %m -> the machine (hardware) type +# - %% -> a single % +# Default is "Welcome to %s at %n" +#GreetString=K Desktop Environment (%n) +# Whether the fonts used in the greeter should be antialiased. +# Default is false +#AntiAliasing=true +# The font for the greeter headline. The value is encoded. +# Default is "Serif 20pt bold" +#GreetFont=Serif,20,-1,5,50,0,0,0,0,0 +# The normal font used in the greeter. The value is encoded. +# Default is "Sans Serif 10pt" +#StdFont=Sans Serif,10,-1,5,50,0,0,0,0,0 +# The font used for the "Login Failed" message. The value is encoded. +# Default is "Sans Serif 10pt bold" +#FailFont=Sans Serif,10,-1,5,75,0,0,0,0,0 +# What to do with the Num Lock modifier for the time the greeter is running: +# "Off" - turn off +# "On" - turn on +# "Keep" - do not change the state +# Default is Keep +#NumLock=Off +# Language and locale to use in the greeter, encoded like $LANGUAGE. +# If empty, the settings from the environment are used. +# Default is "" +#Language=de_DE +# Enable autocompletion in the username line edit. +# Default is false +#UserCompletion=true +# Enable user list (names along with images) in the greeter. +# Default is true +#UserList=false +# User selection for UserCompletion and UserList: +# "NotHidden" - all users except those listed in HiddenUsers +# "Selected" - only the users listed in SelectedUsers +# Default is NotHidden +#ShowUsers=Selected +# For ShowUsers=Selected. @ means all users in that group. +# Default is "" +#SelectedUsers=root,johndoe +# For ShowUsers=NotHidden. @ means all users in that group. +# Default is "" +#HiddenUsers=root +# Special case of HiddenUsers: users with a non-zero UID less than this number +# will not be shown as well. +# Default is 0 +MinShowUID=1000 +# Complement to MinShowUID: users with a UID greater than this number will +# not be shown as well. +# Default is 65535 +MaxShowUID=65000 +# If false, the users are listed in the order they appear in /etc/passwd. +# If true, they are sorted alphabetically. +# Default is true +#SortUsers=false +# Specify, where the users' pictures should be taken from. +# "AdminOnly" - from /$USER.face[.icon] +# "PreferAdmin" - prefer , fallback on $HOME +# "PreferUser" - ... and the other way round +# "UserOnly" - from the user's $HOME/.face[.icon] +# Default is AdminOnly +#FaceSource=PreferUser +# The directory containing the user images if FaceSource is not UserOnly. +# Default is "/usr/share/apps/kdm/faces" +##FaceDir=/usr/share/faces +FaceDir=/var/lib/kdm/faces +# Specify, if/which user should be preselected for log in. +# "None" - do not preselect any user +# "Previous" - the user which successfully logged in last time +# "Default" - the user specified in the DefaultUser option +# Default is None +#PreselectUser=Previous +# If this is true, the password input line is focused automatically if +# a user is preselected. +# Default is false +#FocusPasswd=true +# If this is true, the entered password is echoed as bullets. Otherwise, +# no feedback is given at all. +# Default is true +#EchoPasswd=false +# If true, krootimage will be automatically started by KDM; otherwise, the +# Setup script should be used to setup the background. +# Default is true +#UseBackground=false +# The configuration file to be used by krootimage. +# Default is "/usr/share/config/kdm/backgroundrc" +#BackgroundCfg= +# Whether to grab keyboard and mouse while the greeter is visible. Grabs +# may improve security, but make on-screen keyboards, etc. unusable. +# "Never" - never grab +# "IfNoAuth" - grab if the display requires no X authorization +# "Always" - always grab +# Default is IfNoAuth +#GrabInput=Always +# Hold the X-server grabbed the whole time the greeter is visible. This +# may be more secure, but it will disable any background and other +# X-clients started from the Setup script. +# Default is false +#GrabServer=true +# How many seconds to wait for grab to succeed. +# Default is 3 +#GrabTimeout=3 +# Warn, if display has no X-authorization (local auth cannot be created, +# XDMCP display wants no auth, or display is foreign from StaticServers). +# Default is true +#AuthComplain=false +# Random seed for forging saved session types, etc. of unknown users. +# This value should be random but constant across the login domain. +# Default is 0 +ForgingSeed=1334084600 +# Specify conversation plugins for the login dialog. Each plugin can be +# specified as a base name (which expands to $kde_modulesdir/kgreet_$base) +# or as a full pathname. +# Default is "classic" +#PluginsLogin=sign +# Same as PluginsLogin, but for the shutdown dialog. +# Default is "classic" +#PluginsShutdown=modern +# A list of options of the form Key=Value. The conversation plugins can query +# these settings; it is up to them what possible keys are. +# Default is "" +#PluginOptions=SomeKey=randomvalue,Foo=bar +# Show the "Console Login" action in the greeter (if ServerTTY/ConsoleTTYs +# is configured). +# Default is true +#AllowConsole=false +# A program to run while the greeter is visible. It is supposed to preload +# as much as possible of the session that is going to be started (most +# probably). +# Default is "" +Preloader=/usr/bin/preloadkde +# Whether the greeter should be themed. +# Default is false +UseTheme=true +# The theme to use for the greeter. Can point to either a directory or an XML +# file. +# Default is "" +Theme=/usr/share/apps/kdm/themes/ariya +# Enable the Alt-Ctrl-D shortcut to toggle greeter theme debugging. +# Default is false +#AllowThemeDebug=true + +# Core config for local displays +[X-:*-Core] +# How often to try to run the X-server. Running includes executing it and +# waiting for it to come up. +# Default is 1 +#ServerAttempts=1 +# How long to wait for a local X-server to come up. +# Default is 30 +ServerTimeout=30 +# The command line to start the X-server, without display number and VT spec. +# This string is subject to word splitting. +# Default is "/usr/bin/X" +ServerCmd=/usr/bin/X -br -novtswitch -quiet +# Additional arguments for the X-servers for local sessions. +# This string is subject to word splitting. +# Default is "" +ServerArgsLocal=-nolisten tcp +# Additional arguments for the X-servers for remote sessions. +# This string is subject to word splitting. +# Default is "" +#ServerArgsRemote= +# The user the X-server should run as. Empty results in root. +# Default is "" +#ServerUID=_x11 +# Restart instead of resetting the local X-server after session exit. +# Use it if the server leaks memory etc. +# Default is false +TerminateServer=true +# Create X-authorizations for local displays. +# Default is true +#Authorize=false +# Which X-authorization mechanisms should be used. +# Default is "MIT-MAGIC-COOKIE-1" +#AuthNames= +# Need to reset the X-server to make it read initial Xauth file. +# Default is false +#ResetForAuth=true +# See above +AllowNullPasswd=true +# See above +AllowShutdown=All +# Enable password-less logins on this display. USE WITH EXTREME CARE! +# Default is false +#NoPassEnable=true +# The users that do not need to provide a password to log in. NEVER list root! +# "*" means all non-root users. @ means all users in that group. +# Default is "" +#NoPassUsers=fred,ethel + +# Greeter config for local displays +[X-:*-Greeter] +# See above +PreselectUser=Previous +# See above +FocusPasswd=true +# Specify whether the greeter of local displays should start up in host chooser +# (remote) or login (local) mode and whether it is allowed to switch to the +# other mode. +# "LocalOnly" - only local login possible +# "DefaultLocal" - start up in local mode, but allow switching to remote mode +# "DefaultRemote" - ... and the other way round +# "RemoteOnly" - only choice of remote host possible +# Default is LocalOnly +LoginMode=DefaultLocal +# A list of hosts to be automatically added to the remote login menu. The +# special name "*" means broadcast. +# Default is "*" +#ChooserHosts=*,host1,host2,host3.local,login.domain.com +# Show the "Restart X Server"/"Close Connection" action in the greeter. +# Default is true +AllowClose=false + +# Core config for 1st local display +[X-:0-Core] +# The VT the X-server should run on; auto-assign if zero, don't assign if -1. +# Better leave it zero and use ServerVTs. +# Default is 0 +#ServerVT=7 +# Enable automatic login. USE WITH EXTREME CARE! +# Default is false +#AutoLoginEnable=true +# If true, auto-login after logout. If false, auto-login is performed only +# when a display session starts up. +# Default is false +#AutoLoginAgain=true +# The delay in seconds before automatic login kicks in. +# Default is 0 +#AutoLoginDelay=10 +# The user to log in automatically. NEVER specify root! +# Default is "" +#AutoLoginUser=fred +# The password for the user to log in automatically. This is NOT required +# unless the user is logged into a NIS or Kerberos domain. If you use this +# option, you should "chmod 600 kdmrc" for obvious reasons. +# Default is "" +#AutoLoginPass=secret! +# Immediately lock the automatically started session. This works only with +# KDE sessions. +# Default is false +#AutoLoginLocked=true +# See above +ClientLogFile=.xsession-errors + +# Greeter config for 1st local display +[X-:0-Greeter] +# See above +#PreselectUser=Default +# The user to preselect if PreselectUser=Default. +# Default is "" +#DefaultUser=johndoe diff --git a/config-archive/usr/share/config/kdm/kdmrc.2 b/config-archive/usr/share/config/kdm/kdmrc.2 new file mode 100644 index 0000000..28d0739 --- /dev/null +++ b/config-archive/usr/share/config/kdm/kdmrc.2 @@ -0,0 +1,593 @@ +# KDM master configuration file +# +# Definition: the greeter is the login dialog, i.e., the part of KDM +# which the user sees. +# +# You can configure every X-display individually. +# Every display has a display name, which consists of a host name +# (which is empty for local displays specified in {Static|Reserve}Servers), +# a colon, and a display number. Additionally, a display belongs to a +# display class (which can be ignored in most cases; the control center +# does not support this feature at all). +# Sections with display-specific settings have the formal syntax +# "[X-" host [":" number [ "_" class ]] "-" sub-section "]" +# You can use the "*" wildcard for host, number, and class. You may omit +# trailing components; they are assumed to be "*" then. +# The host part may be a domain specification like ".inf.tu-dresden.de". +# It may also be "+", which means non-empty, i.e. remote displays only. +# From which section a setting is actually taken is determined by these +# rules: +# - an exact match takes precedence over a partial match (for the host part), +# which in turn takes precedence over a wildcard ("+" taking precedence +# over "*") +# - precedence decreases from left to right for equally exact matches +# Example: display name "myhost:0", class "dpy". +# [X-myhost:0_dpy] precedes +# [X-myhost:0_*] (same as [X-myhost:0]) precedes +# [X-myhost:*_dpy] precedes +# [X-myhost:*_*] (same as [X-myhost]) precedes +# [X-+:0_dpy] precedes +# [X-*:0_dpy] precedes +# [X-*:0_*] (same as [X-*:0]) precedes +# [X-*:*_*] (same as [X-*]) +# These sections do NOT match this display: +# [X-hishost], [X-myhost:0_dec], [X-*:1], [X-:*] +# If a setting is not found in any matching section, the default is used. +# +# Every comment applies to the following section or key. Note that all +# comments will be lost if you change this file with the systemsettings frontend. +# The defaults refer to KDM's built-in values, not anything set in this file. +# +# Special characters need to be backslash-escaped (leading and trailing +# spaces (\s), tab (\t), linefeed (\n), carriage return (\r) and the +# backslash itself (\\)). +# In lists, fields are separated with commas without whitespace in between. +# Some command strings are subject to simplified sh-style word splitting: +# single quotes (') and double quotes (") have the usual meaning; the backslash +# quotes everything (not only special characters). Note that the backslashes +# need to be doubled because of the two levels of quoting. + +[General] +# This option exists solely for the purpose of a clean automatic upgrade. +# Do not even think about changing it! +ConfigVersion=2.4 +# List of permanent displays. Displays with a hostname are foreign. A display +# class may be specified separated by an underscore. +# Default is ":0" +StaticServers=:0 +# List of on-demand displays. See StaticServers for syntax. +# Default is "" +ReserveServers=:1,:2,:3 +# VTs to allocate to X-servers. A negative number means that the VT will be +# used only if it is free. If all VTs in this list are used up, the next free +# one greater than the last one in this list will be allocated. +# Default is "" +ServerVTs=-7 +# TTYs (without /dev/) to monitor for activity while in console mode. +# Default is "" +ConsoleTTYs=tty1,tty2,tty3,tty4,tty5,tty6 +# Where KDM should store its PID (do not store if empty). +# Default is "" +PidFile=/var/run/kdm.pid +# Whether KDM should lock the PID file to prevent having multiple KDM +# instances running at once. Do not change unless you are brave. +# Default is true +#LockPidFile=false +# Where to store authorization files. +# Default is "/var/run/xauth" +#AuthDir=/tmp +# Whether KDM should automatically re-read configuration files, if it +# finds them having changed. +# Default is true +#AutoRescan=false +# Additional environment variables KDM should pass on to all programs it runs. +# LD_LIBRARY_PATH and XCURSOR_THEME are good candidates; +# otherwise, it should not be necessary very often. +# Default is "" +#ExportList=LD_LIBRARY_PATH,ANOTHER_IMPORTANT_VAR +# A character device KDM should read entropy from. +# Empty means use the system's preferred entropy device. +# Default is "" +#RandomDevice=/dev/altrandom +# Where the command sockets should be created; make it empty to disable +# them. +# Default is "/var/run/xdmctl" +#FifoDir=/tmp +# The group to which the global command socket should belong; +# can be either a name or a numerical ID. +# Default is 0 +#FifoGroup=xdmctl +# The user the greeter should run as. Empty results in root. +# Consider the impact on LogSource when setting it. +# Default is "" +GreeterUID=kdm +# The directory in which KDM should store persistent working data. +# Default is "/var/lib/kdm" +##DataDir= +DataDir=/var/lib/kdm +# The directory in which KDM should store users' .dmrc files. This is only +# needed if the home directories are not readable before actually logging in +# (like with AFS). +# Default is "" +#DmrcDir=/nfs-shared/var/dmrcs + +[Xdmcp] +# Whether KDM should listen to incoming XDMCP requests. +# Default is true +Enable=false +# The UDP port on which KDM should listen for XDMCP requests. Do not change. +# Default is 177 +#Port=177 +# File with the private keys of X-terminals. Required for XDM authentication. +# Default is "" +#KeyFile=/usr/share/config/kdm/kdmkeys +# XDMCP access control file in the usual XDM-Xaccess format. +# Default is "/usr/share/config/kdm/Xaccess" +#Xaccess= +# Number of seconds to wait for display to respond after the user has +# selected a host from the chooser. +# Default is 15 +#ChoiceTimeout=10 +# Strip domain name from remote display names if it is equal to the local +# domain. +# Default is true +#RemoveDomainname=false +# Use the numeric IP address of the incoming connection on multihomed hosts +# instead of the host name. +# Default is false +#SourceAddress=true +# The program which is invoked to dynamically generate replies to XDMCP +# DirectQuery or BroadcastQuery requests. +# If empty, no program is invoked and "Willing to manage" is sent. +# Default is "" +Willing=/usr/share/config/kdm/Xwilling + +[Shutdown] +# The command (subject to word splitting) to run to halt the system. +# Default is "/sbin/shutdown -h -P now" +#HaltCmd= +# The command (subject to word splitting) to run to reboot the system. +# Default is "/sbin/shutdown -r now" +#RebootCmd= +# Whether it is allowed to shut down the system via the global command socket. +# Default is false +#AllowFifo=true +# Whether it is allowed to abort active sessions when shutting down the +# system via the global command socket. +# Default is true +#AllowFifoNow=false +# The boot manager KDM should use for offering boot options in the +# shutdown dialog. +# "None" - no boot manager +# "Grub" - Grub boot manager +# "Grub2" - Grub2 boot manager +# "Lilo" - Lilo boot manager (Linux on i386 & x86-64 only) +# Default is None +#BootManager=Grub + +# Rough estimations about how many seconds KDM will spend at most on +# - opening a connection to the X-server (OpenTime) if the attempt +# - times out: OpenTimeout +# - is refused: OpenRepeat * OpenDelay +# - starting a local X-server (ServerTime): +# ServerAttempts * (ServerTimeout + OpenDelay) +# - starting a display: +# - local display: ServerTime + OpenTime +# - foreign display: StartAttempts * OpenTime +# - XDMCP display: OpenTime (repeated indefinitely by client) + +# Core config for all displays +[X-*-Core] +# How long to wait before retrying to connect a display. +# Default is 15 +#OpenDelay=15 +# How long to wait before timing out a display connection attempt. +# Default is 120 +#OpenTimeout=120 +# How many connection attempts to make during a start attempt. Note that +# a timeout aborts the entire start attempt. +# Default is 5 +#OpenRepeat=5 +# Try at most that many times to start a display. If this fails, the display +# is disabled. +# Default is 4 +#StartAttempts=4 +# Ping remote display every that many minutes. +# Default is 5 +#PingInterval=5 +# Wait for a Pong that many minutes. +# Default is 5 +#PingTimeout=5 +# The name of this X-server's Xauth file. +# If empty, a random name in the AuthDir directory will be used. +# Default is "" +#AuthFile= +# Specify a file with X-resources for the greeter, chooser and background. +# The KDE frontend does not use this file, so you do not need it unless you +# use another background generator than krootimage. +# Default is "" +#Resources= +# The xrdb program to use to read the above specified recources. +# Subject to word splitting. +# Default is "/usr/bin/xrdb" +#Xrdb= +# A program to run before the greeter is shown. Can be used to start an +# xconsole or an alternative background generator. Subject to word splitting. +# Default is "" +Setup=/usr/share/config/kdm/Xsetup +# A program to run before a user session starts. Subject to word splitting. +# Default is "" +Startup=/usr/share/config/kdm/Xstartup +# A program to run after a user session exits. Subject to word splitting. +# Default is "" +Reset=/usr/share/config/kdm/Xreset +# The program which is run as the user which logs in. It is supposed to +# interpret the session argument (see SessionsDirs) and start an appropriate +# session according to it. Subject to word splitting. +# Default is "/usr/bin/xterm -ls -T" +Session=/usr/share/config/kdm/Xsession +# The program to run if Session fails. +# Default is "/usr/bin/xterm" +#FailsafeClient= +# The PATH for the Session program. +# Default is "/usr/local/bin:/usr/bin:/bin:/usr/games" +#UserPath= +# The PATH for Setup, Startup and Reset, etc. +# Default is "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +#SystemPath= +# The default system shell. +# Default is "/bin/sh" +#SystemShell=/bin/bash +# Where to put the user's X-server authorization file if ~/.Xauthority +# cannot be created. +# Default is "/tmp" +#UserAuthDir= +# If true, UserAuthDir will be used unconditionally. +# Default is false +#ForceUserAuthDir=true +# Whether to automatically restart sessions after X-server crashes. +# Note that enabling this makes circumventing screen lockers other than +# KDE's built-in one possible! +# Default is false +#AutoReLogin=true +# Allow root logins? +# Default is true +AllowRootLogin=false +# Allow to log in, when user has set an empty password? +# Default is true +AllowNullPasswd=false +# Who is allowed to shut down the system. This applies both to the +# greeter and to the command sockets. +# "None" - no "Shutdown..." menu entry is shown at all +# "Root" - the root password must be entered to shut down +# "All" - everybody can shut down the machine +# Default is All +AllowShutdown=Root +# Who is allowed to abort active sessions when shutting down. +# "None" - no forced shutdown is allowed at all +# "Root" - the root password must be entered to shut down forcibly +# "All" - everybody can shut down the machine forcibly +# Default is All +#AllowSdForceNow=Root +# The default choice for the shutdown condition/timing. +# "Schedule" - shut down after all active sessions exit (possibly at once) +# "TryNow" - shut down, if no active sessions are open; otherwise, do nothing +# "ForceNow" - shut down unconditionally +# Default is Schedule +#DefaultSdMode=ForceNow +# How to offer shutdown scheduling options: +# "Never" - not at all +# "Optional" - as a button in the simple shutdown dialogs +# "Always" - instead of the simple shutdown dialogs +# Default is Never +#ScheduledSd=Optional +# The directories containing session type definitions in .desktop format, +# ordered by falling priority. +# Default is "/usr/share/apps/kdm/sessions" +#SessionsDirs=/usr/share/config/kdm/sessions,/usr/share/apps/kdm/sessions +SessionsDirs=/usr/share/apps/kdm/sessions,/usr/share/xsessions +# The file (relative to $HOME) to redirect the session output to. The +# following character pairs are replaced: +# - %d -> current display +# - %u -> current user +# - %r -> empty at first. See below. +# - %% -> a single % +# When the constructed filename cannot be used safely and the specification +# contains %r, other names will be tried - this time expanding %r +# to followed by a random number. +# Default is ".xsession-errors" +ClientLogFile=.xsession-errors-%d +# Fallback when ClientLogFile cannot be used. The same expansions are +# supported. DO NOT use relative paths here. +# Default is "/tmp/xerr-%u-%d%-r" +#ClientLogFallback=/var/log/xsession-errors/%u-%d%-r +# Whether KDM's built-in utmp/wtmp/lastlog registration should be used. +# Default is true +#UseSessReg=false + +# Greeter config for all displays +[X-*-Greeter] +# Specify the widget style for the greeter. Empty means to use the +# built-in default which currently is "Oxygen-air". +# Default is "" +#GUIStyle=Plastique +# Specify the widget color scheme for the greeter. Empty means to use the +# built-in default which currently is "Oxygen-air". +# Default is "" +#ColorScheme=MidnightMeadow +# What should be shown in the greeter's logo are: +# "None" - nothing +# "Logo" - the image specified by LogoPixmap +# "Clock" - a neat analog clock +# Default is Clock +LogoArea=Logo +# The image to show when LogoArea=Logo. +# Default is "" +LogoPixmap=/usr/share/apps/kdm/pics/kdelogo.png +# The relative coordinates (X,Y in percent) of the center of the greeter. +# Default is "50,50" +#GreeterPos=30,40 +# The screen the greeter should be displayed on in multi-headed and Xinerama +# setups. The numbering starts with 0. For Xinerama, it corresponds to the +# listing order in the active ServerLayout section of XF86Config; -1 means +# to use the upper-left screen, -2 means to use the upper-right screen. +# Default is 0 +#GreeterScreen=-1 +# The headline in the greeter. The following character pairs are replaced: +# - %d -> current display +# - %h -> host name, possibly with domain name +# - %n -> node name, most probably the host name without domain name +# - %s -> the operating system +# - %r -> the operating system's version +# - %m -> the machine (hardware) type +# - %% -> a single % +# Default is "Welcome to %s at %n" +#GreetString=K Desktop Environment (%n) +# Whether the fonts used in the greeter should be antialiased. +# Default is false +#AntiAliasing=true +# The font for the greeter headline. The value is encoded. +# Default is "Serif 20pt bold" +#GreetFont=Serif,20,-1,5,50,0,0,0,0,0 +# The normal font used in the greeter. The value is encoded. +# Default is "Sans Serif 10pt" +#StdFont=Sans Serif,10,-1,5,50,0,0,0,0,0 +# The font used for the "Login Failed" message. The value is encoded. +# Default is "Sans Serif 10pt bold" +#FailFont=Sans Serif,10,-1,5,75,0,0,0,0,0 +# What to do with the Num Lock modifier for the time the greeter is running: +# "Off" - turn off +# "On" - turn on +# "Keep" - do not change the state +# Default is Keep +#NumLock=Off +# Language and locale to use in the greeter, encoded like $LANGUAGE. +# If empty, the settings from the environment are used. +# Default is "" +#Language=de_DE +# Enable autocompletion in the username line edit. +# Default is false +#UserCompletion=true +# Enable user list (names along with images) in the greeter. +# Default is true +#UserList=false +# User selection for UserCompletion and UserList: +# "NotHidden" - all users except those listed in HiddenUsers +# "Selected" - only the users listed in SelectedUsers +# Default is NotHidden +#ShowUsers=Selected +# For ShowUsers=Selected. @ means all users in that group. +# Default is "" +#SelectedUsers=root,johndoe +# For ShowUsers=NotHidden. @ means all users in that group. +# Default is "" +#HiddenUsers=root +# Special case of HiddenUsers: users with a non-zero UID less than this number +# will not be shown as well. +# Default is 0 +MinShowUID=1000 +# Complement to MinShowUID: users with a UID greater than this number will +# not be shown as well. +# Default is 65535 +MaxShowUID=65000 +# If false, the users are listed in the order they appear in /etc/passwd. +# If true, they are sorted alphabetically. +# Default is true +#SortUsers=false +# Specify, where the users' pictures should be taken from. +# "AdminOnly" - from /$USER.face[.icon] +# "PreferAdmin" - prefer , fallback on $HOME +# "PreferUser" - ... and the other way round +# "UserOnly" - from the user's $HOME/.face[.icon] +# Default is AdminOnly +#FaceSource=PreferUser +# The directory containing the user images if FaceSource is not UserOnly. +# Default is "/usr/share/apps/kdm/faces" +##FaceDir=/usr/share/faces +FaceDir=/var/lib/kdm/faces +# Specify, if/which user should be preselected for log in. +# "None" - do not preselect any user +# "Previous" - the user which successfully logged in last time +# "Default" - the user specified in the DefaultUser option +# Default is None +#PreselectUser=Previous +# If this is true, the password input line is focused automatically if +# a user is preselected. +# Default is false +#FocusPasswd=true +# If this is true, the entered password is echoed as bullets. Otherwise, +# no feedback is given at all. +# Default is true +#EchoPasswd=false +# If true, krootimage will be automatically started by KDM; otherwise, the +# Setup script should be used to setup the background. +# Default is true +#UseBackground=false +# The configuration file to be used by krootimage. +# Default is "/usr/share/config/kdm/backgroundrc" +#BackgroundCfg= +# Whether to grab keyboard and mouse while the greeter is visible. Grabs +# may improve security, but make on-screen keyboards, etc. unusable. +# "Never" - never grab +# "IfNoAuth" - grab if the display requires no X authorization +# "Always" - always grab +# Default is IfNoAuth +#GrabInput=Always +# Hold the X-server grabbed the whole time the greeter is visible. This +# may be more secure, but it will disable any background and other +# X-clients started from the Setup script. +# Default is false +#GrabServer=true +# How many seconds to wait for grab to succeed. +# Default is 3 +#GrabTimeout=3 +# Warn, if display has no X-authorization (local auth cannot be created, +# XDMCP display wants no auth, or display is foreign from StaticServers). +# Default is true +#AuthComplain=false +# Random seed for forging saved session types, etc. of unknown users. +# This value should be random but constant across the login domain. +# Default is 0 +ForgingSeed=1329779992 +# Specify conversation plugins for the login dialog. Each plugin can be +# specified as a base name (which expands to $kde_modulesdir/kgreet_$base) +# or as a full pathname. +# Default is "classic" +#PluginsLogin=sign +# Same as PluginsLogin, but for the shutdown dialog. +# Default is "classic" +#PluginsShutdown=modern +# A list of options of the form Key=Value. The conversation plugins can query +# these settings; it is up to them what possible keys are. +# Default is "" +#PluginOptions=SomeKey=randomvalue,Foo=bar +# Show the "Console Login" action in the greeter (if ServerTTY/ConsoleTTYs +# is configured). +# Default is true +#AllowConsole=false +# A program to run while the greeter is visible. It is supposed to preload +# as much as possible of the session that is going to be started (most +# probably). +# Default is "" +Preloader=/usr/bin/preloadkde +# Whether the greeter should be themed. +# Default is false +UseTheme=true +# The theme to use for the greeter. Can point to either a directory or an XML +# file. +# Default is "" +Theme=/usr/share/apps/kdm/themes/horos +# Enable the Alt-Ctrl-D shortcut to toggle greeter theme debugging. +# Default is false +#AllowThemeDebug=true + +# Core config for local displays +[X-:*-Core] +# How often to try to run the X-server. Running includes executing it and +# waiting for it to come up. +# Default is 1 +#ServerAttempts=1 +# How long to wait for a local X-server to come up. +# Default is 30 +ServerTimeout=30 +# The command line to start the X-server, without display number and VT spec. +# This string is subject to word splitting. +# Default is "/usr/bin/X" +ServerCmd=/usr/bin/X -br -novtswitch -quiet +# Additional arguments for the X-servers for local sessions. +# This string is subject to word splitting. +# Default is "" +ServerArgsLocal=-nolisten tcp +# Additional arguments for the X-servers for remote sessions. +# This string is subject to word splitting. +# Default is "" +#ServerArgsRemote= +# The user the X-server should run as. Empty results in root. +# Default is "" +#ServerUID=_x11 +# Restart instead of resetting the local X-server after session exit. +# Use it if the server leaks memory etc. +# Default is false +TerminateServer=true +# Create X-authorizations for local displays. +# Default is true +#Authorize=false +# Which X-authorization mechanisms should be used. +# Default is "MIT-MAGIC-COOKIE-1" +#AuthNames= +# Need to reset the X-server to make it read initial Xauth file. +# Default is false +#ResetForAuth=true +# See above +AllowNullPasswd=true +# See above +AllowShutdown=All +# Enable password-less logins on this display. USE WITH EXTREME CARE! +# Default is false +#NoPassEnable=true +# The users that do not need to provide a password to log in. NEVER list root! +# "*" means all non-root users. @ means all users in that group. +# Default is "" +#NoPassUsers=fred,ethel + +# Greeter config for local displays +[X-:*-Greeter] +# See above +PreselectUser=Previous +# See above +FocusPasswd=true +# Specify whether the greeter of local displays should start up in host chooser +# (remote) or login (local) mode and whether it is allowed to switch to the +# other mode. +# "LocalOnly" - only local login possible +# "DefaultLocal" - start up in local mode, but allow switching to remote mode +# "DefaultRemote" - ... and the other way round +# "RemoteOnly" - only choice of remote host possible +# Default is LocalOnly +LoginMode=DefaultLocal +# A list of hosts to be automatically added to the remote login menu. The +# special name "*" means broadcast. +# Default is "*" +#ChooserHosts=*,host1,host2,host3.local,login.domain.com +# Show the "Restart X Server"/"Close Connection" action in the greeter. +# Default is true +AllowClose=false + +# Core config for 1st local display +[X-:0-Core] +# The VT the X-server should run on; auto-assign if zero, don't assign if -1. +# Better leave it zero and use ServerVTs. +# Default is 0 +#ServerVT=7 +# Enable automatic login. USE WITH EXTREME CARE! +# Default is false +#AutoLoginEnable=true +# If true, auto-login after logout. If false, auto-login is performed only +# when a display session starts up. +# Default is false +#AutoLoginAgain=true +# The delay in seconds before automatic login kicks in. +# Default is 0 +#AutoLoginDelay=10 +# The user to log in automatically. NEVER specify root! +# Default is "" +#AutoLoginUser=fred +# The password for the user to log in automatically. This is NOT required +# unless the user is logged into a NIS or Kerberos domain. If you use this +# option, you should "chmod 600 kdmrc" for obvious reasons. +# Default is "" +#AutoLoginPass=secret! +# Immediately lock the automatically started session. This works only with +# KDE sessions. +# Default is false +#AutoLoginLocked=true +# See above +ClientLogFile=.xsession-errors + +# Greeter config for 1st local display +[X-:0-Greeter] +# See above +#PreselectUser=Default +# The user to preselect if PreselectUser=Default. +# Default is "" +#DefaultUser=johndoe diff --git a/config-archive/usr/share/config/kdm/kdmrc.dist b/config-archive/usr/share/config/kdm/kdmrc.dist index 87bd067..c1e3341 100644 --- a/config-archive/usr/share/config/kdm/kdmrc.dist +++ b/config-archive/usr/share/config/kdm/kdmrc.dist @@ -449,7 +449,7 @@ FaceDir=/var/lib/kdm/faces # Random seed for forging saved session types, etc. of unknown users. # This value should be random but constant across the login domain. # Default is 0 -ForgingSeed=1334084600 +ForgingSeed=1338430572 # Specify conversation plugins for the login dialog. Each plugin can be # specified as a base name (which expands to $kde_modulesdir/kgreet_$base) # or as a full pathname. diff --git a/config-archive/usr/share/openvpn/easy-rsa/README b/config-archive/usr/share/openvpn/easy-rsa/README new file mode 100644 index 0000000..bde0d8c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/README @@ -0,0 +1,229 @@ +EASY-RSA Version 2.0-rc1 + +This is a small RSA key management package, based on the openssl +command line tool, that can be found in the easy-rsa subdirectory +of the OpenVPN distribution. While this tool is primary concerned +with key management for the SSL VPN application space, it can also +be used for building web certificates. + +These are reference notes. For step-by-step instructions, see the +HOWTO: + +http://openvpn.net/howto.html + +This package is based on the ./pkitool script. Run ./pkitool +without arguments for a detailed help message (which is also pasted +below). + +Release Notes for easy-rsa-2.0 + +* Most functionality has been consolidated into the pkitool + script. For compatibility, all previous scripts from 1.0 such + as build-key and build-key-server are provided as stubs + which call pkitool to do the real work. + +* pkitool has a --batch flag (enabled by default) which generates + keys/certs without needing any interactive input. pkitool + can still generate certs/keys using interactive prompting by + using the --interact flag. + +* The inherit-inter script has been provided for creating + a new PKI rooted on an intermediate certificate built within a + higher-level PKI. See comments in the inherit-inter script + for more info. + +* The openssl.cnf file has been modified. pkitool will not + work with the openssl.cnf file included with previous + easy-rsa releases. + +* The vars file has been modified -- the following extra + variables have been added: EASY_RSA, CA_EXPIRE, + KEY_EXPIRE. + +* The make-crl and revoke-crt scripts have been removed and + are replaced by the revoke-full script. + +* The "Organizational Unit" X509 field can be set using + the KEY_OU environmental variable before calling pkitool. + +* This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. + +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the openssl.cnf file + included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/README.dist b/config-archive/usr/share/openvpn/easy-rsa/README.dist new file mode 100644 index 0000000..6f5395c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/README.dist @@ -0,0 +1,229 @@ +EASY-RSA Version 2.0-rc1 + +This is a small RSA key management package, based on the openssl +command line tool, that can be found in the easy-rsa subdirectory +of the OpenVPN distribution. While this tool is primary concerned +with key management for the SSL VPN application space, it can also +be used for building web certificates. + +These are reference notes. For step-by-step instructions, see the +HOWTO: + +http://openvpn.net/howto.html + +This package is based on the ./pkitool script. Run ./pkitool +without arguments for a detailed help message (which is also pasted +below). + +Release Notes for easy-rsa-2.0 + +* Most functionality has been consolidated into the pkitool + script. For compatibility, all previous scripts from 1.0 such + as build-key and build-key-server are provided as stubs + which call pkitool to do the real work. + +* pkitool has a --batch flag (enabled by default) which generates + keys/certs without needing any interactive input. pkitool + can still generate certs/keys using interactive prompting by + using the --interact flag. + +* The inherit-inter script has been provided for creating + a new PKI rooted on an intermediate certificate built within a + higher-level PKI. See comments in the inherit-inter script + for more info. + +* The openssl.cnf file has been modified. pkitool will not + work with the openssl.cnf file included with previous + easy-rsa releases. + +* The vars file has been modified -- the following extra + variables have been added: EASY_RSA, CA_EXPIRE, + KEY_EXPIRE. + +* The make-crl and revoke-crt scripts have been removed and + are replaced by the revoke-full script. + +* The "Organizational Unit" X509 field can be set using + the KEY_OU environmental variable before calling pkitool. + +* This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. + +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + +* PKCS#11 support was added. + +* For those interested in using this tool to generate web certificates, + A variant of the easy-rsa package that allows the creation of multi-domain + certificates with subjectAltName can be obtained from here: + + http://www.bisente.com/proyectos/easy-rsa-subjectaltname/ + +INSTALL easy-rsa + +1. Edit vars. +2. Set KEY_CONFIG to point to the correct openssl-.cnf + file included in this distribution. +3. Set KEY_DIR to point to a directory which will + contain all keys, certificates, etc. This + directory need not exist, and if it does, + it will be deleted with rm -rf, so BE + CAREFUL how you set KEY_DIR. +4. (Optional) Edit other fields in vars + per your site data. You may want to + increase KEY_SIZE to 2048 if you are + paranoid and don't mind slower key + processing, but certainly 1024 is + fine for testing purposes. KEY_SIZE + must be compatible across both peers + participating in a secure SSL/TLS + connection. +5. (Optional) If you intend to use PKCS#11, + install openssl >= 0.9.7, install the + following components from www.opensc.org: + - opensc >= 0.10.0 + - engine_pkcs11 >= 0.1.3 + Update the openssl.cnf to load the engine: + - Uncomment pkcs11 under engine_section. + - Validate path at dynamic_path under pkcs11_section. +6. . vars +7. ./clean-all +8. As you create certificates, keys, and + certificate signing requests, understand that + only .key files should be kept confidential. + .crt and .csr files can be sent over insecure + channels such as plaintext email. + +IMPORTANT + +To avoid a possible Man-in-the-Middle attack where an authorized +client tries to connect to another client by impersonating the +server, make sure to enforce some kind of server certificate +verification by clients. There are currently four different ways +of accomplishing this, listed in the order of preference: + +(1) Build your server certificates with specific key usage and + extended key usage. The RFC3280 determine that the following + attributes should be provided for TLS connections: + + Mode Key usage Extended key usage + --------------------------------------------------------------------------- + Client digitalSignature TLS Web Client Authentication + keyAgreement + digitalSignature, keyAgreement + + Server digitalSignature, keyEncipherment TLS Web Server Authentication + digitalSignature, keyAgreement + + Now add the following line to your client configuration: + + remote-cert-tls server + + This will block clients from connecting to any + server which lacks the required extension designation + in its certificate, even if the certificate has been + signed by the CA which is cited in the OpenVPN configuration + file (--ca directive). + +(3) Use the --tls-remote directive on the client to + accept/reject the server connection based on the common + name of the server certificate. + +(3) Use a --tls-verify script or plugin to accept/reject the + server connection based on a custom test of the server + certificate's embedded X509 subject details. + +(4) Sign server certificates with one CA and client certificates + with a different CA. The client config "ca" directive should + reference the server-signing CA while the server config "ca" + directive should reference the client-signing CA. + +NOTES + +Show certificate fields: + openssl x509 -in cert.crt -text + +PKITOOL documentation + +pkitool 2.0 +Usage: pkitool [options...] [common-name] +Options: + --batch : batch mode (default) + --keysize : Set keysize + size : size (default=1024) + --interact : interactive mode + --server : build server cert + --initca : build root CA + --inter : build intermediate CA + --pass : encrypt private key with password + --csr : only generate a CSR, do not sign + --sign : sign an existing CSR + --pkcs12 : generate a combined PKCS#12 file + --pkcs11 : generate certificate on PKCS#11 token + lib : PKCS#11 library + slot : PKCS#11 slot + id : PKCS#11 object id (hex string) + label : PKCS#11 object label +Standalone options: + --pkcs11-slots : list PKCS#11 slots + lib : PKCS#11 library + --pkcs11-objects : list PKCS#11 token objects + lib : PKCS#11 library + slot : PKCS#11 slot + --pkcs11-init : initialize PKCS#11 token DANGEROUS!!! + lib : PKCS#11 library + slot : PKCS#11 slot + label : PKCS#11 token label +Notes: + Please edit the vars script to reflect your configuration, + then source it with "source ./vars". + Next, to start with a fresh PKI configuration and to delete any + previous certificates and keys, run "./clean-all". + Finally, you can run this tool (pkitool) to build certificates/keys. + In order to use PKCS#11 interface you must have opensc-0.10.0 or higher. +Generated files and corresponding OpenVPN directives: +(Files will be placed in the $KEY_DIR directory, defined in ./vars) + ca.crt -> root certificate (--ca) + ca.key -> root key, keep secure (not directly used by OpenVPN) + .crt files -> client/server certificates (--cert) + .key files -> private keys, keep secure (--key) + .csr files -> certificate signing request (not directly used by OpenVPN) + dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) +Examples: + pkitool --initca -> Build root certificate + pkitool --initca --pass -> Build root certificate with password-protected key + pkitool --server server1 -> Build "server1" certificate/key + pkitool client1 -> Build "client1" certificate/key + pkitool --pass client2 -> Build password-protected "client2" certificate/key + pkitool --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format + pkitool --csr client4 -> Build "client4" CSR to be signed by another CA + pkitool --sign client4 -> Sign "client4" CSR + pkitool --inter interca -> Build an intermediate key-signing certificate/key + Also see ./inherit-inter script. + pkitool --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 + -> Build "client5" certificate/key in PKCS#11 token +Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. +Protect client2 key with a password. Build DH parms. Generated files in ./keys : + [edit vars with your site-specific info] + source ./vars + ./clean-all + ./build-dh -> takes a long time, consider backgrounding + ./pkitool --initca + ./pkitool --server myserver + ./pkitool client1 + ./pkitool --pass client2 +Typical usage for adding client cert to existing PKI: + source ./vars + ./pkitool client-new diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca b/config-archive/usr/share/openvpn/easy-rsa/build-ca new file mode 100755 index 0000000..fb1e2ca --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca @@ -0,0 +1,8 @@ +#!/bin/bash + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist new file mode 100755 index 0000000..bce29a6 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-ca.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# +# Build a root certificate +# + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --initca $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh b/config-archive/usr/share/openvpn/easy-rsa/build-dh new file mode 100755 index 0000000..f019222 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist new file mode 100755 index 0000000..4beb127 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-dh.dist @@ -0,0 +1,11 @@ +#!/bin/sh + +# Build Diffie-Hellman parameters for the server side +# of an SSL/TLS connection. + +if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then + $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter b/config-archive/usr/share/openvpn/easy-rsa/build-inter new file mode 100755 index 0000000..f831d6f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist new file mode 100755 index 0000000..87bf98d --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-inter.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make an intermediate CA certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --inter $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key b/config-archive/usr/share/openvpn/easy-rsa/build-key new file mode 100755 index 0000000..6196308 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key @@ -0,0 +1,7 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass new file mode 100755 index 0000000..35543e0 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist new file mode 100755 index 0000000..8ef8307 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Similar to build-key, but protect the private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 new file mode 100755 index 0000000..5ef064f --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12 @@ -0,0 +1,8 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist new file mode 100755 index 0000000..ba90e6a --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-pkcs12.dist @@ -0,0 +1,8 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server b/config-archive/usr/share/openvpn/easy-rsa/build-key-server new file mode 100755 index 0000000..5502675 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server @@ -0,0 +1,10 @@ +#!/bin/bash + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist new file mode 100755 index 0000000..fee0194 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key-server.dist @@ -0,0 +1,10 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --server $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-key.dist b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist new file mode 100755 index 0000000..6c0fed8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-key.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Make a certificate/private key pair using a locally generated +# root certificate. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req b/config-archive/usr/share/openvpn/easy-rsa/build-req new file mode 100755 index 0000000..26587d1 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass new file mode 100755 index 0000000..6e6c863 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass @@ -0,0 +1,7 @@ +#!/bin/bash + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist new file mode 100755 index 0000000..b73ee1b --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req-pass.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Like build-req, but protect your private key +# with a password. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/build-req.dist b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist new file mode 100755 index 0000000..559d512 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/build-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Build a certificate signing request and private key. Use this +# when your root certificate and key is not available locally. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --csr $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all b/config-archive/usr/share/openvpn/easy-rsa/clean-all new file mode 100755 index 0000000..0576db5 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all @@ -0,0 +1,16 @@ +#!/bin/bash + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist new file mode 100755 index 0000000..cc6e3b2 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/clean-all.dist @@ -0,0 +1,16 @@ +#!/bin/sh + +# Initialize the $KEY_DIR directory. +# Note that this script does a +# rm -rf on $KEY_DIR so be careful! + +if [ "$KEY_DIR" ]; then + rm -rf "$KEY_DIR" + mkdir "$KEY_DIR" && \ + chmod go-rwx "$KEY_DIR" && \ + touch "$KEY_DIR/index.txt" && \ + echo 01 >"$KEY_DIR/serial" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter new file mode 100755 index 0000000..2101951 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter @@ -0,0 +1,39 @@ +#!/bin/bash + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist new file mode 100755 index 0000000..aaa5168 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/inherit-inter.dist @@ -0,0 +1,39 @@ +#!/bin/sh + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl b/config-archive/usr/share/openvpn/easy-rsa/list-crl new file mode 100755 index 0000000..afc0cd6 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl @@ -0,0 +1,13 @@ +#!/bin/bash + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist new file mode 100755 index 0000000..d1d8a69 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/list-crl.dist @@ -0,0 +1,13 @@ +#!/bin/sh + +# list revoked certificates + +CRL="${1:-crl.pem}" + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" && \ + $OPENSSL crl -text -noout -in "$CRL" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool b/config-archive/usr/share/openvpn/easy-rsa/pkitool new file mode 100755 index 0000000..7266988 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool @@ -0,0 +1,373 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist new file mode 100755 index 0000000..49588f5 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/pkitool.dist @@ -0,0 +1,379 @@ +#!/bin/sh + +# OpenVPN -- An application to securely tunnel IP networks +# over a single TCP/UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# pkitool is a front-end for the openssl tool. + +# Calling scripts can set the certificate organizational +# unit with the KEY_OU environmental variable. + +# Calling scripts can also set the KEY_NAME environmental +# variable to set the "name" X509 subject field. + +PROGNAME=pkitool +VERSION=2.0 +DEBUG=0 + +die() +{ + local m="$1" + + echo "$m" >&2 + exit 1 +} + +need_vars() +{ + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' + echo ' Next, to start with a fresh PKI configuration and to delete any' + echo ' previous certificates and keys, run "./clean-all".' + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." +} + +usage() +{ + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" + echo "Options:" + echo " --batch : batch mode (default)" + echo " --keysize : Set keysize" + echo " size : size (default=1024)" + echo " --interact : interactive mode" + echo " --server : build server cert" + echo " --initca : build root CA" + echo " --inter : build intermediate CA" + echo " --pass : encrypt private key with password" + echo " --csr : only generate a CSR, do not sign" + echo " --sign : sign an existing CSR" + echo " --pkcs12 : generate a combined PKCS#12 file" + echo " --pkcs11 : generate certificate on PKCS#11 token" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " id : PKCS#11 object id (hex string)" + echo " label : PKCS#11 object label" + echo "Standalone options:" + echo " --pkcs11-slots : list PKCS#11 slots" + echo " lib : PKCS#11 library" + echo " --pkcs11-objects : list PKCS#11 token objects" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " --pkcs11-init : initialize PKCS#11 token DANGEROUS!!!" + echo " lib : PKCS#11 library" + echo " slot : PKCS#11 slot" + echo " label : PKCS#11 token label" + echo "Notes:" + need_vars + echo " In order to use PKCS#11 interface you must have opensc-0.10.0 or higher." + echo "Generated files and corresponding OpenVPN directives:" + echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)' + echo " ca.crt -> root certificate (--ca)" + echo " ca.key -> root key, keep secure (not directly used by OpenVPN)" + echo " .crt files -> client/server certificates (--cert)" + echo " .key files -> private keys, keep secure (--key)" + echo " .csr files -> certificate signing request (not directly used by OpenVPN)" + echo " dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)" + echo "Examples:" + echo " $PROGNAME --initca -> Build root certificate" + echo " $PROGNAME --initca --pass -> Build root certificate with password-protected key" + echo " $PROGNAME --server server1 -> Build \"server1\" certificate/key" + echo " $PROGNAME client1 -> Build \"client1\" certificate/key" + echo " $PROGNAME --pass client2 -> Build password-protected \"client2\" certificate/key" + echo " $PROGNAME --pkcs12 client3 -> Build \"client3\" certificate/key in PKCS#12 format" + echo " $PROGNAME --csr client4 -> Build \"client4\" CSR to be signed by another CA" + echo " $PROGNAME --sign client4 -> Sign \"client4\" CSR" + echo " $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key" + echo " Also see ./inherit-inter script." + echo " $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5" + echo " -> Build \"client5\" certificate/key in PKCS#11 token" + echo "Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys." + echo "Protect client2 key with a password. Build DH parms. Generated files in ./keys :" + echo " [edit vars with your site-specific info]" + echo " source ./vars" + echo " ./clean-all" + echo " ./build-dh -> takes a long time, consider backgrounding" + echo " ./$PROGNAME --initca" + echo " ./$PROGNAME --server myserver" + echo " ./$PROGNAME client1" + echo " ./$PROGNAME --pass client2" + echo "Typical usage for adding client cert to existing PKI:" + echo " source ./vars" + echo " ./$PROGNAME client-new" +} + +# Set tool defaults +[ -n "$OPENSSL" ] || export OPENSSL="openssl" +[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" +[ -n "$GREP" ] || export GREP="grep" + +# Set defaults +DO_REQ="1" +REQ_EXT="" +DO_CA="1" +CA_EXT="" +DO_P12="0" +DO_P11="0" +DO_ROOT="0" +NODES_REQ="-nodes" +NODES_P12="" +BATCH="-batch" +CA="ca" +# must be set or errors of openssl.cnf +PKCS11_MODULE_PATH="dummy" +PKCS11_PIN="dummy" + +# Process options +while [ $# -gt 0 ]; do + case "$1" in + --keysize ) KEY_SIZE=$2 + shift;; + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; + --batch ) BATCH="-batch" ;; + --interact ) BATCH="" ;; + --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; + --initca ) DO_ROOT="1" ;; + --pass ) NODES_REQ="" ;; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; + --pkcs11 ) DO_P11="1" + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_ID="$4" + PKCS11_LABEL="$5" + shift 4;; + + # standalone + --pkcs11-init) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + PKCS11_LABEL="$4" + if [ -z "$PKCS11_LABEL" ]; then + die "Please specify library name, slot and label" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ + --label "$PKCS11_LABEL" && + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" + exit $?;; + --pkcs11-slots) + PKCS11_MODULE_PATH="$2" + if [ -z "$PKCS11_MODULE_PATH" ]; then + die "Please specify library name" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots + exit 0;; + --pkcs11-objects) + PKCS11_MODULE_PATH="$2" + PKCS11_SLOT="$3" + if [ -z "$PKCS11_SLOT" ]; then + die "Please specify library name and slot" + fi + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" + exit 0;; + + --help|--usage) + usage + exit ;; + --version) + echo "$PROGNAME $VERSION" + exit ;; + # errors + --* ) die "$PROGNAME: unknown option: $1" ;; + * ) break ;; + esac + shift +done + +if ! [ -z "$BATCH" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + die "Batch mode is unsupported in openssl<0.9.7" + fi +fi + +if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then + die "PKCS#11 and PKCS#12 cannot be specified together" +fi + +if [ $DO_P11 -eq 1 ]; then + if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then + die "Please edit $KEY_CONFIG and setup PKCS#11 engine" + fi +fi + +# If we are generating pkcs12, only encrypt the final step +if [ $DO_P12 -eq 1 ]; then + NODES_P12="$NODES_REQ" + NODES_REQ="-nodes" +fi + +if [ $DO_P11 -eq 1 ]; then + if [ -z "$PKCS11_LABEL" ]; then + die "PKCS#11 arguments incomplete" + fi +fi + +# If undefined, set default key expiration intervals +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 +fi +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 +fi + +# Set organizational unit to empty string if undefined +if [ -z "$KEY_OU" ]; then + KEY_OU="" +fi + +# Set X509 Name string to empty string if undefined +if [ -z "$KEY_NAME" ]; then + KEY_NAME="" +fi + +# Set KEY_CN, FN +if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then + KEY_CN="$1" + elif [ "$KEY_ORG" ]; then + KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using CA Common Name:" "$KEY_CN" + fi + FN="$KEY_CN" +elif [ $BATCH ] && [ "$KEY_CN" ]; then + echo "Using Common Name:" "$KEY_CN" + FN="$KEY_CN" + if [ "$1" ]; then + FN="$1" + fi +else + if [ $# -ne 1 ]; then + usage + exit 1 + else + KEY_CN="$1" + fi + FN="$KEY_CN" +fi + +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN + +# Show parameters (debugging) +if [ $DEBUG -eq 1 ]; then + echo DO_REQ $DO_REQ + echo REQ_EXT $REQ_EXT + echo DO_CA $DO_CA + echo CA_EXT $CA_EXT + echo NODES_REQ $NODES_REQ + echo NODES_P12 $NODES_P12 + echo DO_P12 $DO_P12 + echo KEY_CN $KEY_CN + echo BATCH $BATCH + echo DO_ROOT $DO_ROOT + echo KEY_EXPIRE $KEY_EXPIRE + echo CA_EXPIRE $CA_EXPIRE + echo KEY_OU $KEY_OU + echo KEY_NAME $KEY_NAME + echo DO_P11 $DO_P11 + echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH + echo PKCS11_SLOT $PKCS11_SLOT + echo PKCS11_ID $PKCS11_ID + echo PKCS11_LABEL $PKCS11_LABEL +fi + +# Make sure ./vars was sourced beforehand +if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then + cd "$KEY_DIR" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; + exit 1; + fi + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \ + -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else + # Make sure CA key/cert is available + if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then + if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then + echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" + echo "Try $PROGNAME --initca to build a root certificate/key." + exit 1 + fi + fi + + # Generate key for PKCS#11 token + PKCS11_ARGS= + if [ $DO_P11 -eq 1 ]; then + stty -echo + echo -n "User PIN: " + read -r PKCS11_PIN + stty echo + export PKCS11_PIN + + echo "Generating key pair on PKCS#11 token..." + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ + --login --pin "$PKCS11_PIN" \ + --key-type rsa:1024 \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 + PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" + fi + + # Build cert/key + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ + -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ + -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ + -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) + + # Load certificate into PKCS#11 token + if [ $DO_P11 -eq 1 ]; then + $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ + $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ + --login --pin "$PKCS11_PIN" \ + --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" + [ -e "$FN.crt.der" ]; rm "$FN.crt.der" + fi + + fi + +# Need definitions +else + need_vars +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full b/config-archive/usr/share/openvpn/easy-rsa/revoke-full new file mode 100755 index 0000000..efc94e8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full @@ -0,0 +1,40 @@ +#!/bin/bash + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist new file mode 100755 index 0000000..4169c4c --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/revoke-full.dist @@ -0,0 +1,40 @@ +#!/bin/sh + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full "; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + export KEY_NAME="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req b/config-archive/usr/share/openvpn/easy-rsa/sign-req new file mode 100755 index 0000000..38655d3 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req @@ -0,0 +1,7 @@ +#!/bin/bash + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist new file mode 100755 index 0000000..6cae7b4 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/sign-req.dist @@ -0,0 +1,7 @@ +#!/bin/sh + +# Sign a certificate signing request (a .csr file) +# with a local root certificate and key. + +export EASY_RSA="${EASY_RSA:-.}" +"$EASY_RSA/pkitool" --interact --sign $* diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars b/config-archive/usr/share/openvpn/easy-rsa/vars new file mode 100644 index 0000000..cded885 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars @@ -0,0 +1,68 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" diff --git a/config-archive/usr/share/openvpn/easy-rsa/vars.dist b/config-archive/usr/share/openvpn/easy-rsa/vars.dist new file mode 100644 index 0000000..2ea1ced --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/vars.dist @@ -0,0 +1,74 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="`pwd`" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=1024 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" +export KEY_EMAIL=mail@host.domain +export KEY_CN=changeme +export KEY_NAME=changeme +export KEY_OU=changeme +export PKCS11_MODULE_PATH=changeme +export PKCS11_PIN=1234 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf new file mode 100755 index 0000000..2260aa8 --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf @@ -0,0 +1,13 @@ +#!/bin/sh + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep 0.9.6 > /dev/null; then + echo "$1/openssl-0.9.6.cnf" + else + echo "$1/openssl.cnf" + fi +else + echo "$1/openssl.cnf" +fi + +exit 0 diff --git a/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist new file mode 100755 index 0000000..2226a8e --- /dev/null +++ b/config-archive/usr/share/openvpn/easy-rsa/whichopensslcnf.dist @@ -0,0 +1,26 @@ +#!/bin/sh + +cnf="$1/openssl.cnf" + +if [ "$OPENSSL" ]; then + if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.6.cnf" + elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then + cnf="$1/openssl-0.9.8.cnf" + elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then + cnf="$1/openssl-1.0.0.cnf" + else + cnf="$1/openssl.cnf" + fi +fi + +echo $cnf + +if [ ! -r $cnf ]; then + echo "**************************************************************" >&2 + echo " No $cnf file could be found" >&2 + echo " Further invocations will fail" >&2 + echo "**************************************************************" >&2 +fi + +exit 0 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop b/config-archive/usr/share/xsessions/KDE-4.desktop index a03d170..011ca71 100644 --- a/config-archive/usr/share/xsessions/KDE-4.desktop +++ b/config-archive/usr/share/xsessions/KDE-4.desktop @@ -4,7 +4,10 @@ Type=XSession Exec=/usr/bin/startkde TryExec=/usr/bin/startkde Name=KDE Plasma Workspace +Name[ar]=مساحة عمل بلازما كدي +Name[bg]=Работно пространство Plasma на KDE Name[ca]=Espai de treball del Plasma del KDE +Name[ca@valencia]=Espai de treball del Plasma del KDE Name[cs]=Pracovní plocha Plasma Name[da]=KDE Plasma arbejdsområde Name[de]=KDE-Plasma-Arbeitsbereich @@ -13,13 +16,13 @@ Name[et]=KDE Plasma töötsoon Name[eu]=KDE Plasma langunea Name[fi]=KDE Plasma-työtila Name[fr]=Espace de travail Plasma de KDE +Name[ga]=Spás Oibre KDE Plasma Name[he]=סביבת עבודה של KDE Plasma Name[hu]=KDE Plasma munkaterület Name[ia]=Spatio de labor de Plasma de KDE Name[is]=KDE Plasma-vinnurými Name[it]=Spazio di lavoro di KDE Plasma Name[kk]=KDE Plasma жұмыс орны -Name[km]=តំបន់​ការងារ​ផ្ទៃតុ​របស់​ប្លាស្មា​ Name[ko]=KDE Plasma 작업 공간 Name[lt]=KDE Plasma darbastalio erdvė Name[lv]=KDE Plasma darba vide @@ -27,23 +30,26 @@ Name[nb]=KDE Plasma arbeidsflate Name[nds]=KDE-Arbeitrebeet Plasma Name[nl]=KDE Plasma-werkruimte Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ -Name[pl]=Przestrzeń robocza KDE Name[pt]=Área de Trabalho Plasma do KDE -Name[pt_BR]=Espaço de trabalho Plasma do KDE +Name[pt_BR]=Espaço de trabalho do Plasma do KDE Name[ro]=Spațiu de lucru Plasma KDE Name[ru]=Рабочий стол Plasma +Name[sk]=KDE pracovná plocha Plasma Name[sr]=КДЕ‑ов плазма радни простор Name[sr@ijekavian]=КДЕ‑ов плазма радни простор Name[sr@ijekavianlatin]=KDE‑ov plasma radni prostor Name[sr@latin]=KDE‑ov plasma radni prostor Name[sv]=KDE Plasma arbetsyta -Name[tr]=KDE Plasma Çalışma Alanı Name[ug]=ك د ئې(KDE) پلازما خىزمەت بوشلۇقى Name[uk]=Робочий простір Плазми KDE Name[x-test]=xxKDE Plasma Workspacexx +Name[zh_CN]=KDE 离子工作空间 Name[zh_TW]=KDE Plasma 工作空間 Comment=The desktop made by KDE +Comment[ar]=سطح المكتب الذي أنتجته كدي +Comment[bg]=Настолна среда KDE Comment[ca]=L'escriptori creat pel KDE +Comment[ca@valencia]=L'escriptori creat pel KDE Comment[cs]=Prostředí od KDE Comment[da]=Skrivebordet fra KDE Comment[de]=Die von KDE erstellte Arbeitsfläche @@ -59,25 +65,25 @@ Comment[ia]=Le scriptorio facite per KDE Comment[is]=KDE Skjáborð Comment[it]=Il desktop fatto da KDE Comment[kk]=KDE үстелі -Comment[km]=ផ្ទៃ​តុ​បាន​បង្កើត​ដោយ​ KDE Comment[ko]=KDE에서 만든 데스크톱 Comment[lt]=Darbastalis sukurtas su KDE Comment[lv]=KDE veidota darbvirsma Comment[nb]=Skrivebordet som KDE laget Comment[nds]=KDE-Schriefdisch Comment[nl]=Het bureaublad gemaakt door KDE -Comment[pl]=Pulpit KDE +Comment[pa]=KDE ਵਲੋਂ ਬਣਾਇਆ ਡੈਸਕਟਾਪ Comment[pt]=O ambiente de trabalho feito pelo KDE Comment[pt_BR]=O ambiente de trabalho feito pelo KDE Comment[ro]=Biroul creat de KDE Comment[ru]=Окружение рабочего стола от команды KDE +Comment[sk]=Pracovná plocha vytvorená KDE Comment[sr]=Радна површ у изведби КДЕ‑а Comment[sr@ijekavian]=Радна површ у изведби КДЕ‑а Comment[sr@ijekavianlatin]=Radna površ u izvedbi KDE‑a Comment[sr@latin]=Radna površ u izvedbi KDE‑a Comment[sv]=Skrivbordet skapat av KDE -Comment[tr]=KDE masaüstü Comment[ug]=بۇ ئۈستەلئۈستى KDE دا ياسالغان Comment[uk]=Стільниця, створена командою KDE Comment[x-test]=xxThe desktop made by KDExx +Comment[zh_CN]=KDE 制作的桌面 Comment[zh_TW]=KDE 製作的桌面 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop.1 b/config-archive/usr/share/xsessions/KDE-4.desktop.1 new file mode 100644 index 0000000..a03d170 --- /dev/null +++ b/config-archive/usr/share/xsessions/KDE-4.desktop.1 @@ -0,0 +1,83 @@ +[Desktop Entry] +Encoding=UTF-8 +Type=XSession +Exec=/usr/bin/startkde +TryExec=/usr/bin/startkde +Name=KDE Plasma Workspace +Name[ca]=Espai de treball del Plasma del KDE +Name[cs]=Pracovní plocha Plasma +Name[da]=KDE Plasma arbejdsområde +Name[de]=KDE-Plasma-Arbeitsbereich +Name[es]=Espacio de trabajo Plasma de KDE +Name[et]=KDE Plasma töötsoon +Name[eu]=KDE Plasma langunea +Name[fi]=KDE Plasma-työtila +Name[fr]=Espace de travail Plasma de KDE +Name[he]=סביבת עבודה של KDE Plasma +Name[hu]=KDE Plasma munkaterület +Name[ia]=Spatio de labor de Plasma de KDE +Name[is]=KDE Plasma-vinnurými +Name[it]=Spazio di lavoro di KDE Plasma +Name[kk]=KDE Plasma жұмыс орны +Name[km]=តំបន់​ការងារ​ផ្ទៃតុ​របស់​ប្លាស្មា​ +Name[ko]=KDE Plasma 작업 공간 +Name[lt]=KDE Plasma darbastalio erdvė +Name[lv]=KDE Plasma darba vide +Name[nb]=KDE Plasma arbeidsflate +Name[nds]=KDE-Arbeitrebeet Plasma +Name[nl]=KDE Plasma-werkruimte +Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ +Name[pl]=Przestrzeń robocza KDE +Name[pt]=Área de Trabalho Plasma do KDE +Name[pt_BR]=Espaço de trabalho Plasma do KDE +Name[ro]=Spațiu de lucru Plasma KDE +Name[ru]=Рабочий стол Plasma +Name[sr]=КДЕ‑ов плазма радни простор +Name[sr@ijekavian]=КДЕ‑ов плазма радни простор +Name[sr@ijekavianlatin]=KDE‑ov plasma radni prostor +Name[sr@latin]=KDE‑ov plasma radni prostor +Name[sv]=KDE Plasma arbetsyta +Name[tr]=KDE Plasma Çalışma Alanı +Name[ug]=ك د ئې(KDE) پلازما خىزمەت بوشلۇقى +Name[uk]=Робочий простір Плазми KDE +Name[x-test]=xxKDE Plasma Workspacexx +Name[zh_TW]=KDE Plasma 工作空間 +Comment=The desktop made by KDE +Comment[ca]=L'escriptori creat pel KDE +Comment[cs]=Prostředí od KDE +Comment[da]=Skrivebordet fra KDE +Comment[de]=Die von KDE erstellte Arbeitsfläche +Comment[es]=El escritorio diseñado por KDE +Comment[et]=KDE loodud töölaud +Comment[eu]=KDE-k eginiko mahaigaina +Comment[fi]=KDE:n tekemä työpöytä +Comment[fr]=Le bureau réalisé par KDE +Comment[he]=שולחן העבודה של KDE +Comment[hr]=Radna površina koju je napravio KDE +Comment[hu]=A KDE által készített munkaasztal +Comment[ia]=Le scriptorio facite per KDE +Comment[is]=KDE Skjáborð +Comment[it]=Il desktop fatto da KDE +Comment[kk]=KDE үстелі +Comment[km]=ផ្ទៃ​តុ​បាន​បង្កើត​ដោយ​ KDE +Comment[ko]=KDE에서 만든 데스크톱 +Comment[lt]=Darbastalis sukurtas su KDE +Comment[lv]=KDE veidota darbvirsma +Comment[nb]=Skrivebordet som KDE laget +Comment[nds]=KDE-Schriefdisch +Comment[nl]=Het bureaublad gemaakt door KDE +Comment[pl]=Pulpit KDE +Comment[pt]=O ambiente de trabalho feito pelo KDE +Comment[pt_BR]=O ambiente de trabalho feito pelo KDE +Comment[ro]=Biroul creat de KDE +Comment[ru]=Окружение рабочего стола от команды KDE +Comment[sr]=Радна површ у изведби КДЕ‑а +Comment[sr@ijekavian]=Радна површ у изведби КДЕ‑а +Comment[sr@ijekavianlatin]=Radna površ u izvedbi KDE‑a +Comment[sr@latin]=Radna površ u izvedbi KDE‑a +Comment[sv]=Skrivbordet skapat av KDE +Comment[tr]=KDE masaüstü +Comment[ug]=بۇ ئۈستەلئۈستى KDE دا ياسالغان +Comment[uk]=Стільниця, створена командою KDE +Comment[x-test]=xxThe desktop made by KDExx +Comment[zh_TW]=KDE 製作的桌面 diff --git a/config-archive/usr/share/xsessions/KDE-4.desktop.dist b/config-archive/usr/share/xsessions/KDE-4.desktop.dist index 011ca71..3fc6cc1 100644 --- a/config-archive/usr/share/xsessions/KDE-4.desktop.dist +++ b/config-archive/usr/share/xsessions/KDE-4.desktop.dist @@ -30,6 +30,7 @@ Name[nb]=KDE Plasma arbeidsflate Name[nds]=KDE-Arbeitrebeet Plasma Name[nl]=KDE Plasma-werkruimte Name[pa]=KDE ਪਲਾਜ਼ਮਾ ਵਰਕਸਪੇਸ +Name[pl]=Przestrzeń robocza plazmy KDE Name[pt]=Área de Trabalho Plasma do KDE Name[pt_BR]=Espaço de trabalho do Plasma do KDE Name[ro]=Spațiu de lucru Plasma KDE @@ -72,6 +73,7 @@ Comment[nb]=Skrivebordet som KDE laget Comment[nds]=KDE-Schriefdisch Comment[nl]=Het bureaublad gemaakt door KDE Comment[pa]=KDE ਵਲੋਂ ਬਣਾਇਆ ਡੈਸਕਟਾਪ +Comment[pl]=Pulpit wyprodukowany przez KDE Comment[pt]=O ambiente de trabalho feito pelo KDE Comment[pt_BR]=O ambiente de trabalho feito pelo KDE Comment[ro]=Biroul creat de KDE diff --git a/config-archive/usr/share/xsessions/xfce.desktop b/config-archive/usr/share/xsessions/xfce.desktop new file mode 100644 index 0000000..5de3842 --- /dev/null +++ b/config-archive/usr/share/xsessions/xfce.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Name=Xfce Session +Name[de]=Xfce-Sitzung +Name[en_GB]=Xfce Session +Name[ru]=Сеанс Xfce +Comment=Use this session to run Xfce as your desktop environment +Comment[de]=Verwenden Sie diese Sitzung, um Xfce als Ihre Arbeitsumgebung laufen zu lassen +Comment[en_GB]=Use this session to run Xfce as your desktop environment +Comment[ru]=Используйте данный сеанс для запуска Xfce как своей рабочей среды +Exec=startxfce4 +Icon= +Type=Application diff --git a/config-archive/usr/share/xsessions/xfce.desktop.dist b/config-archive/usr/share/xsessions/xfce.desktop.dist new file mode 100644 index 0000000..29ed966 --- /dev/null +++ b/config-archive/usr/share/xsessions/xfce.desktop.dist @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Name=Xfce Session +Name[de]=Xfce-Sitzung +Name[en_GB]=Xfce Session +Name[ru]=Сеанс +Comment=Use this session to run Xfce as your desktop environment +Comment[de]=Wählen Sie diese Sitzung, um Xfce als Ihre Arbeitsumgebung auszuführen +Comment[en_GB]=Use this session to run Xfce as your desktop environment +Comment[ru]=Используйте этот сеанс, чтобы сделать Xfce вашим окружением +Exec=startxfce4 +Icon= +Type=Application diff --git a/gentoo/gentoorc b/gentoo/gentoorc index b39bf9d..37f74c9 100644 --- a/gentoo/gentoorc +++ b/gentoo/gentoorc @@ -1,7 +1,7 @@ - "0.19.12" + "0.19.13" 2 @@ -234,18 +234,18 @@ - "mouse_right" + "run_script" 0 - "Built-In" - "SelectRow action=select" - 0 - - - "Built-In" - "MenuPopup" + "External" + "/usr/bin/env bash {fup}" 0 + + 16 + 20 + 0 + @@ -277,15 +277,15 @@ - "play_mod" + "view_rar" 0 "External" - "xmp {fup}" + "unrar lt {fup}" 0 - 3 + 4 0 0 @@ -325,44 +325,44 @@ - "uncompress_tar_bzip2" + "view_ps" 0 "External" - "tar --use-compress-program=bzip2 -xf {fup}" + "gv {fut}" 0 - 0 - 8 - 2 + 1 + 0 + 0 - "test_uri" + "uncompress_tar_bzip2" 0 "External" - "echo {uq}" + "tar --use-compress-program=bzip2 -xf {fup}" 0 0 - 0 - 0 + 8 + 2 - "unmount" + "test_uri" 0 "External" - "umount {fpu}" + "echo {uq}" 0 0 @@ -373,15 +373,15 @@ - "view_rpm" + "play_sample" 0 "External" - "rpm -SOME_SMART_OPTION {fup}" + "aplay {fup}" 0 - 4 + 0 0 0 @@ -389,12 +389,12 @@ - "print_selected" + "unmount" 0 "External" - "echo {Fpu}" + "umount {fpu}" 0 0 @@ -421,16 +421,16 @@ - "view_video" + "new_shell" 0 "External" - "mplayer -quiet -vo x11 {fup}" + "xterm" 0 - 0 - 0 + 1 + 4 0 @@ -905,33 +905,33 @@ - "convert_mp3" - 1 + "print_selected" + 0 "External" - "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" + "echo {Fpu}" 0 0 - 4 - 1 + 0 + 0 - "view_deb" - 0 + "convert_mp3" + 1 "External" - "dpkg-deb -c {fup}" + "bash -c 'mpg123 -q -w $(basename {f} .mp3).wav {fup}'" 0 - 4 - 0 - 0 + 0 + 4 + 1 @@ -953,12 +953,28 @@ - "view_bzip2" + "mouse_right" + 0 + + + "Built-In" + "SelectRow action=select" + 0 + + + "Built-In" + "MenuPopup" + 0 + + + + + "view_rpm" 0 "External" - "bzcat {fup}" + "rpm -SOME_SMART_OPTION {fup}" 0 4 @@ -969,31 +985,31 @@ - "run_script" + "view_bzip2" 0 "External" - "/usr/bin/env bash {fup}" + "bzcat {fup}" 0 - 16 - 20 + 4 + 0 0 - "view_ps" + "play_mod" 0 "External" - "gv {fut}" + "xmp {fup}" 0 - 1 + 3 0 0 @@ -1033,15 +1049,15 @@ - "run_calculator" + "view_video" 0 "External" - "gnome-calculator" + "mplayer -quiet -vo x11 {fup}" 0 - 3 + 0 0 0 @@ -1049,12 +1065,12 @@ - "view_zip" + "view_deb" 0 "External" - "unzip -v {fup}" + "dpkg-deb -c {fup}" 0 4 @@ -1065,31 +1081,15 @@ - "new_shell" - 0 - - - "External" - "xterm" - 0 - - 1 - 4 - 0 - - - - - - "play_sample" + "run_calculator" 0 "External" - "aplay {fup}" + "gnome-calculator" 0 - 0 + 3 0 0 @@ -1097,12 +1097,12 @@ - "view_rar" + "view_zip" 0 "External" - "unrar lt {fup}" + "unzip -v {fup}" 0 4 @@ -1358,6 +1358,10 @@ "uFG" C8080,0000,3333 + + "View" + "view_image" + "uIcon" "Image.xpm" @@ -1366,10 +1370,6 @@ "Edit" "edit_image" - - "View" - "view_image" - diff --git a/init.d/consolekit b/init.d/consolekit index d469b46..b202267 100755 --- a/init.d/consolekit +++ b/init.d/consolekit @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2006 Gentoo Foundation +# Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.1.rc,v 1.2 2009/09/12 19:46:19 nirbheek Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/consolekit/files/consolekit-0.2.rc,v 1.1 2011/10/20 19:14:47 axs Exp $ depend() { need dbus @@ -11,6 +11,8 @@ depend() { start() { ebegin "Starting ConsoleKit daemon" + checkpath -q -d -m 0755 /var/run/ConsoleKit + start-stop-daemon --start -q \ --pidfile /var/run/ConsoleKit/pid \ --exec /usr/sbin/console-kit-daemon -- diff --git a/init.d/sysstat b/init.d/sysstat index 885782a..7875fcd 100755 --- a/init.d/sysstat +++ b/init.d/sysstat @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.3 2011/05/18 02:21:33 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysstat/files/sysstat.init.d,v 1.4 2012/05/14 20:01:19 jer Exp $ depend() { use hostname @@ -9,7 +9,7 @@ depend() { start() { ebegin "Writing a dummy startup record using sadc (see sadc(8))..." - /usr/lib/sa/sadc -F -L - + /usr/lib/sa/sa1 --boot eend $? } diff --git a/inittab b/inittab index a6a04f3..fe9bd62 100644 --- a/inittab +++ b/inittab @@ -36,7 +36,7 @@ su0:S:wait:/sbin/rc single su1:S:wait:/sbin/sulogin # TERMINALS -c1:12345:respawn:/sbin/agetty 38400 tty1 linux +c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux c2:2345:respawn:/sbin/agetty 38400 tty2 linux c3:2345:respawn:/sbin/agetty 38400 tty3 linux c4:2345:respawn:/sbin/agetty 38400 tty4 linux diff --git a/layman/layman.cfg b/layman/layman.cfg index eeeb5a8..caa49ec 100644 --- a/layman/layman.cfg +++ b/layman/layman.cfg @@ -43,9 +43,17 @@ overlays : http://www.gentoo.org/proj/en/overlays/repositories.xml #----------------------------------------------------------- # Strict checking of overlay definitions # -# Set either to "yes" or "no". If "no" layman will issue -# warnings if an overlay definition is missing either -# description or contact information. +# The nocheck option is a bit confusing, for historical reasons. +# Hopefully this description eases the double negation trouble: +# +# nocheck : yes +# - Accepts completene overlay entries without warnings +# - Lists overlays of type foo (say Git) even with no foo installed +# +# nocheck : no +# - Checks overlay entries for missing description or contact +# information and issue warnings as needed +# - Hides overlays of type foo (say Git) if foo not not installed # nocheck : yes diff --git a/libvirt/libvirt.conf b/libvirt/libvirt.conf index c54903c..016cd24 100644 --- a/libvirt/libvirt.conf +++ b/libvirt/libvirt.conf @@ -10,3 +10,9 @@ # "hail=qemu+ssh://root@hail.cloud.example.com/system", # "sleet=qemu+ssh://root@sleet.cloud.example.com/system", #] + +# +# This can be used to prevent probing of the hypervisor +# driver when no URI is supplied by the application. + +#uri_default = "qemu:///system" diff --git a/libvirt/libvirtd.conf b/libvirt/libvirtd.conf index 3eab2be..50eda1b 100644 --- a/libvirt/libvirtd.conf +++ b/libvirt/libvirtd.conf @@ -56,8 +56,8 @@ # Alternatively can disable for all services on a host by # stopping the Avahi daemon # -# This is enabled by default, uncomment this to disable it -#mdns_adv = 0 +# This is disabled by default, uncomment this to enable it +#mdns_adv = 1 # Override the default mDNS advertizement name. This must be # unique on the immediate broadcast network. diff --git a/profile b/profile index 3565bab..2dee463 100644 --- a/profile +++ b/profile @@ -54,7 +54,7 @@ else # Setup a bland default prompt. Since this prompt should be useable # on color and non-color terminals, as well as shells that don't # understand sequences such as \h, don't put anything special in it. - PS1="${USER:-$(type whoami >/dev/null && whoami)}@$(type uname >/dev/null && uname -n) \$ " + PS1="${USER:-$(whoami 2>/dev/null)}@$(uname -n 2>/dev/null) \$ " fi for sh in /etc/profile.d/*.sh ; do diff --git a/xdg/Thunar/uca.xml b/xdg/Thunar/uca.xml index 43d1fd6..7f768be 100644 --- a/xdg/Thunar/uca.xml +++ b/xdg/Thunar/uca.xml @@ -14,6 +14,8 @@ + + @@ -35,7 +37,7 @@ Beispiel für eine eigene Aktion Example for a custom action Пример особого действия - + diff --git a/xdg/autostart/user-dirs-update-gtk.desktop b/xdg/autostart/user-dirs-update-gtk.desktop index ea79903..0399355 100644 --- a/xdg/autostart/user-dirs-update-gtk.desktop +++ b/xdg/autostart/user-dirs-update-gtk.desktop @@ -3,9 +3,11 @@ Exec=xdg-user-dirs-gtk-update Name=User folders update Name[de]=Aktualisierung der Ordner des Benutzers Name[en_GB]=User folders update +Name[ru]=Обновление папок пользователя Comment=Update common folders names to match current locale Comment[de]=Namen der Standardordner auf die momentan verwendete Sprache aktualisieren Comment[en_GB]=Update common folders names to match current locale +Comment[ru]=Обновить имена общих папок для соответствия текущему языку Terminal=false NotShowIn=KDE; Type=Application diff --git a/xdg/menus/xfce-applications.menu b/xdg/menus/xfce-applications.menu index 51a27cb..dc3056b 100644 --- a/xdg/menus/xfce-applications.menu +++ b/xdg/menus/xfce-applications.menu @@ -13,7 +13,6 @@ - xfrun4.desktop xfce4-run.desktop exo-terminal-emulator.desktop @@ -25,7 +24,6 @@ - xfhelp4.desktop xfce4-about.desktop xfce4-session-logout.desktop @@ -68,7 +66,7 @@ exo-file-manager.desktop exo-terminal-emulator.desktop xfce4-about.desktop - xfrun4.desktop + xfce4-run.desktop diff --git a/xdg/xfce4/helpers.rc b/xdg/xfce4/helpers.rc index 74315c0..0c77f07 100644 --- a/xdg/xfce4/helpers.rc +++ b/xdg/xfce4/helpers.rc @@ -7,3 +7,4 @@ WebBrowser=firefox MailReader=thunderbird TerminalEmulator=Terminal +FileManager=Thunar diff --git a/xdg/xfce4/panel/default.xml b/xdg/xfce4/panel/default.xml index 244f0cc..8c540f6 100644 --- a/xdg/xfce4/panel/default.xml +++ b/xdg/xfce4/panel/default.xml @@ -1,23 +1,27 @@ - - + + + + + + - + + - + - @@ -35,6 +39,10 @@ + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml index 47e592c..cf1978d 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml @@ -3,7 +3,13 @@ - + + + + + + + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml index 49f19c4..a200a37 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml @@ -13,20 +13,20 @@ - + - - + - + + - + diff --git a/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml b/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml index 2460fed..8f9e2eb 100644 --- a/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml +++ b/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml @@ -1,11 +1,45 @@ - + + - - + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xdg/xfce4/xinitrc b/xdg/xfce4/xinitrc index ebbfcfb..9d20e8c 100644 --- a/xdg/xfce4/xinitrc +++ b/xdg/xfce4/xinitrc @@ -2,11 +2,11 @@ # fix broken $UID on some system... if test "x$UID" = "x"; then - if test -x /usr/xpg4/bin/id; then - UID=`/usr/xpg4/bin/id -u`; - else - UID=`id -u`; - fi + if test -x /usr/xpg4/bin/id; then + UID=`/usr/xpg4/bin/id -u`; + else + UID=`id -u`; + fi fi # set $XDG_MENU_PREFIX to "xfce-" so that "xfce-applications.menu" is picked @@ -38,56 +38,21 @@ if test "x$XDG_CACHE_HOME" = "x" ; then fi [ -d "$XDG_CACHE_HOME" ] || mkdir "$XDG_CACHE_HOME" - # set up XDG user directores. see # http://freedesktop.org/wiki/Software/xdg-user-dirs if which xdg-user-dirs-update >/dev/null 2>&1; then xdg-user-dirs-update fi -if test -f "$XDG_CONFIG_HOME/user-dirs.dirs"; then - . "$XDG_CONFIG_HOME/user-dirs.dirs" - # i'm deliberately not 'export'-ing the XDG_ vars, because you shouldn't - # rely on the env vars inside apps, since the file could be changed at - # any time by the user. this is solely here for migration purposes. - - # a bit of user dir migration... - if test -d "$HOME/Desktop" -a ! -L "$HOME/Desktop" \ - -a "$XDG_DESKTOP_DIR" \ - -a "$HOME/Desktop" != "$XDG_DESKTOP_DIR" - then - echo "Migrating $HOME/Desktop to $XDG_DESKTOP_DIR..." - test -d "$XDG_DESKTOP_DIR" && rmdir "$XDG_DESKTOP_DIR" - mv "$HOME/Desktop" "$XDG_DESKTOP_DIR" || echo "Desktop migration failed" >&2 - fi - - if test -d "$HOME/Templates" -a ! -L "$HOME/Templates" \ - -a "$XDG_TEMPLATES_DIR" \ - -a "$HOME/Templates" != "$XDG_TEMPLATES_DIR" - then - echo "Migrating $HOME/Templates to $XDG_TEMPLATES_DIR..." - test -d "$XDG_TEMPLATES_DIR" && rmdir "$XDG_TEMPLATES_DIR" - mv "$HOME/Templates" "$XDG_TEMPLATES_DIR" || echo "Templates migration failed" >&2 - fi -fi - - # Modify libglade and glade environment variables so that # it will find the files installed by Xfce -LIBGLADE_MODULE_PATH="$LIBGLADE_MODULE_PATH:" -GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:" -GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:" -GLADE_MODULE_PATH="$GLADE_MODULE_PATH:" -export LIBGLADE_MODULE_PATH +GLADE_CATALOG_PATH="$GLADE_CATALOG_PATH:/usr/share/glade3/catalogs" +GLADE_PIXMAP_PATH="$GLADE_PIXMAP_PATH:/usr/lib64/glade3/modules" +GLADE_MODULE_PATH="$GLADE_MODULE_PATH:/usr/share/glade3/pixmaps" export GLADE_CATALOG_PATH export GLADE_PIXMAP_PATH export GLADE_MODULE_PATH -# Export GTK_PATH so that GTK+ can find the Xfce theme engine -# https://bugzilla.xfce.org/show_bug.cgi?id=7483 -#GTK_PATH="$GTK_PATH:/usr/lib64/gtk-2.0" -#export GTK_PATH - # For now, start with an empty list XRESOURCES="" @@ -116,111 +81,31 @@ cat /dev/null $XRESOURCES | xrdb -nocpp -merge - # load local modmap test -r $HOME/.Xmodmap && xmodmap $HOME/.Xmodmap -# Use dbus-launch if installed. -if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then - if which dbus-launch >/dev/null 2>&1; then - eval `dbus-launch --sh-syntax --exit-with-session` - # some older versions of dbus don't export the var properly - export DBUS_SESSION_BUS_ADDRESS - else - echo "Could not find dbus-launch; Xfce will not work properly" >&2 - fi -fi - -# launch gpg-agent or ssh-agent if enabled. -ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null` -if test "$ssh_agent_enabled" != "false"; then - # if the user has pam_ssh installed, it will start ssh-agent for us, but - # of course won't start gpg-agent. so, if ssh-agent is already running, - # but we want gpg-agent (and that's not running yet) start gpg-agent - # without ssh support +# run xfce4-session if installed +if which xfce4-session >/dev/null 2>&1; then - ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null` - if test -z "$ssh_agent_type"; then - if which gpg-agent >/dev/null 2>&1; then - ssh_agent_type=gpg-agent - else - ssh_agent_type=ssh-agent - fi - fi + # check if we start xfce4-session with ck-launch-session. this is only + # required for starting from a console, not a login manager + if test "x$XFCE4_SESSION_WITH_CK" = "x1"; then + if which ck-launch-session >/dev/null 2>&1; then + ck-launch-session xfce4-session + else + echo + echo "You have tried to start Xfce with consolekit support, but" + echo "ck-launch-session is not installed." + echo "Aborted startup..." + echo - # ignore stale ssh-agents - if test "$SSH_AGENT_PID"; then - if ! kill -0 $SSH_AGENT_PID; then - unset SSH_AGENT_PID - unset SSH_AUTH_SOCK - fi + exit 1 fi - - case "$ssh_agent_type" in - gpg-agent) - if test -z "$SSH_AGENT_PID"; then - eval `gpg-agent --daemon --enable-ssh-support --write-env-file $XDG_CACHE_HOME/gpg-agent-info` - ssh_agent_kill_cmd="kill -INT $SSH_AGENT_PID; rm -f $XDG_CACHE_HOME/gpg-agent-info" - elif test -z "$GPG_AGENT_INFO"; then - echo "ssh-agent is already running; starting gpg-agent without ssh support" - eval `gpg-agent --daemon --write-env-file $XDG_CACHE_HOME/gpg-agent-info` - ssh_agent_kill_cmd="pkill -INT ^gpg-agent\$; rm -f $XDG_CACHE_HOME/gpg-agent-info" - else - echo "gpg-agent is already running" - fi - ;; - - ssh-agent) - if test -z "$SSH_AGENT_PID"; then - eval `ssh-agent -s` - ssh_agent_kill_cmd="ssh-agent -s -k" - else - echo "ssh-agent is already running" - fi - ;; - - *) - echo "Unrecognized agent type '$ssh_agent_type'" >&2 - ;; - esac -fi - - -# launch a screensaver if enabled. do not launch if we're root or if -# we're in a VNC session. -screensaver_enabled=`xfconf-query -c xfce4-session -p /startup/screensaver/enabled 2> /dev/null` -if test $UID -gt 0 -a -z "$VNCSESSION" -a "$screensaver_enabled" != "false"; then - screensaver_type=`xfconf-query -c xfce4-session -p /startup/screensaver/type 2> /dev/null` - - case "$screensaver_type" in - xscreensaver) - xscreensaver -no-splash & - ;; - - gnome-screensaver) - gnome-screensaver & - ;; - - *) - if test x"`which xscreensaver 2>/dev/null`" != x""; then - xscreensaver -no-splash & - elif test x"`which gnome-screensaver 2>/dev/null`" != x""; then - gnome-screensaver & - fi - ;; - esac -fi - - -# Run xfce4-session if installed -if which xfce4-session >/dev/null 2>&1; then + else + # start xfce4-session normally xfce4-session + fi - if test "$ssh_agent_kill_cmd"; then - echo "running '$ssh_agent_kill_cmd'" - eval "$ssh_agent_kill_cmd" - fi - - exit 0 + exit 0 fi - ################## # IMPORTANT NOTE # ################## @@ -233,6 +118,16 @@ fi ################## +# Use dbus-launch if installed. +if test x"$DBUS_SESSION_BUS_ADDRESS" = x""; then + if which dbus-launch >/dev/null 2>&1; then + eval `dbus-launch --sh-syntax --exit-with-session` + # some older versions of dbus don't export the var properly + export DBUS_SESSION_BUS_ADDRESS + else + echo "Could not find dbus-launch; Xfce will not work properly" >&2 + fi +fi # this is only necessary when running w/o xfce4-session xsetroot -solid black -cursor_name watch @@ -242,9 +137,7 @@ xsetroot -solid black -cursor_name watch xfsettingsd & xfwm4 --daemon -# start up stuff in $XDG_CONFIG_HOME/autostart/, as that looks to be -# the new standard. if that directory doesn't exist, try the old -# ~/Desktop/Autostart method. we're not going to do any migration here. +# start up stuff in $XDG_CONFIG_HOME/autostart/ if test -d "$XDG_CONFIG_HOME/autostart"; then for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do grep -q -E "^Hidden=true" "$i" && continue @@ -265,12 +158,6 @@ if test -d "$XDG_CONFIG_HOME/autostart"; then $cmd & fi done -elif test -d "$HOME/Desktop/Autostart"; then - for i in `ls -1 -L ${HOME}/Desktop/Autostart/ 2>/dev/null`; do - if test -x $HOME/Desktop/Autostart/$i; then - $HOME/Desktop/Autostart/$i & - fi - done fi xfdesktop& @@ -302,8 +189,4 @@ EOF ;; esac -if test "$ssh_agent_kill_cmd"; then - eval "$ssh_agent_kill_cmd" -fi - xsetroot -bg white -fg red -solid black -cursor_name watch -- 2.39.5