From 365dfaa7929793f141ea739ea115a6573db65aba Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 30 Aug 2013 17:07:57 +0200 Subject: [vbox] addon-init missing fi --- remote/modules/vbox/data/addon-init | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/data/addon-init b/remote/modules/vbox/data/addon-init index 9f0e4e55..0c77c3fc 100755 --- a/remote/modules/vbox/data/addon-init +++ b/remote/modules/vbox/data/addon-init @@ -6,7 +6,8 @@ addgroup demo vboxusers if grep -q usb_device /proc/devices; then mkdir -p -m 0750 /dev/vboxusb 2>/dev/null -chown root:vboxusers /dev/vboxusb 2>/dev/null + chown root:vboxusers /dev/vboxusb 2>/dev/null +fi systemctl daemon-reload systemctl start vbox.service -- cgit v1.2.3-55-g7522 From 899413178d8abe4adb659781995e0a84c729265c Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 30 Aug 2013 17:51:42 +0200 Subject: [dnbd3] cmake / ubuntu --- remote/modules/dnbd3/dnbd3.conf.ubuntu | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 remote/modules/dnbd3/dnbd3.conf.ubuntu diff --git a/remote/modules/dnbd3/dnbd3.conf.ubuntu b/remote/modules/dnbd3/dnbd3.conf.ubuntu new file mode 100644 index 00000000..c26fd833 --- /dev/null +++ b/remote/modules/dnbd3/dnbd3.conf.ubuntu @@ -0,0 +1,7 @@ +REQUIRED_CONTENT_PACKAGES=" + cmake +" + +REQUIRED_INSTALLED_PACKAGES=" + cmake +" -- cgit v1.2.3-55-g7522 From 3578f6a21abf499a1376c3059122df959cdd939f Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 30 Aug 2013 17:52:17 +0200 Subject: [dnbd3] cmake / opensuse --- remote/modules/dnbd3/dnbd3.conf.opensuse | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 remote/modules/dnbd3/dnbd3.conf.opensuse diff --git a/remote/modules/dnbd3/dnbd3.conf.opensuse b/remote/modules/dnbd3/dnbd3.conf.opensuse new file mode 100644 index 00000000..c26fd833 --- /dev/null +++ b/remote/modules/dnbd3/dnbd3.conf.opensuse @@ -0,0 +1,7 @@ +REQUIRED_CONTENT_PACKAGES=" + cmake +" + +REQUIRED_INSTALLED_PACKAGES=" + cmake +" -- cgit v1.2.3-55-g7522 From bc93250c109e5af2d85fb8ed885a236ccd6254bb Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 30 Aug 2013 18:53:18 +0200 Subject: [vbox] Ubuntu configuration --- remote/modules/vbox/vbox.conf.ubuntu | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 remote/modules/vbox/vbox.conf.ubuntu diff --git a/remote/modules/vbox/vbox.conf.ubuntu b/remote/modules/vbox/vbox.conf.ubuntu new file mode 100644 index 00000000..f01529eb --- /dev/null +++ b/remote/modules/vbox/vbox.conf.ubuntu @@ -0,0 +1,19 @@ +REQUIRED_VBOXBASEURL="http://download.virtualbox.org/virtualbox/4.2.16/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}" + +# Just for local usage, development: +# REQUIRED_VBOXBASEURL="http://132.230.8.69/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}.deb" + +REQUIRED_CONTENT_PACKAGES=" + libsdl1.2debian + libpng12-0 +" + +REQUIRED_INSTALLED_PACKAGES=" + libsdl1.2debian + libpng12-0 +" + +REQUIRED_LIBRARIES=" + libsdl1.2debian + libpng12 +" -- cgit v1.2.3-55-g7522 From 1c76338e4831b3d9141cdd09e5ff740cdd054e3b Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 30 Aug 2013 18:58:07 +0200 Subject: [vbox] ubuntu conf. --- remote/modules/vbox/vbox.conf.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/vbox/vbox.conf.ubuntu b/remote/modules/vbox/vbox.conf.ubuntu index f01529eb..bf8ff4f1 100644 --- a/remote/modules/vbox/vbox.conf.ubuntu +++ b/remote/modules/vbox/vbox.conf.ubuntu @@ -1,4 +1,4 @@ -REQUIRED_VBOXBASEURL="http://download.virtualbox.org/virtualbox/4.2.16/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}" +REQUIRED_VBOXBASEURL="http://download.virtualbox.org/virtualbox/4.2.16/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}.deb" # Just for local usage, development: # REQUIRED_VBOXBASEURL="http://132.230.8.69/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}.deb" -- cgit v1.2.3-55-g7522 From 7db166e05ea7dd62f3ca5053dfa683d75e53ce1f Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 30 Aug 2013 18:58:31 +0200 Subject: [vbox] conf for Ubuntu 13.04 --- remote/modules/vbox/vbox.conf.ubuntu.13.04 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 remote/modules/vbox/vbox.conf.ubuntu.13.04 diff --git a/remote/modules/vbox/vbox.conf.ubuntu.13.04 b/remote/modules/vbox/vbox.conf.ubuntu.13.04 new file mode 100644 index 00000000..fca3e55e --- /dev/null +++ b/remote/modules/vbox/vbox.conf.ubuntu.13.04 @@ -0,0 +1,19 @@ +REQUIRED_VBOXBASEURL="http://download.virtualbox.org/virtualbox/4.2.16/virtualbox-4.2_4.2.16-86992~Ubuntu~raring_${AMD64_I386}.deb" + +# Just for local usage, development: +# REQUIRED_VBOXBASEURL="http://132.230.8.69/virtualbox-4.2_4.2.16-86992~Ubuntu~precise_${AMD64_I386}.deb" + +REQUIRED_CONTENT_PACKAGES=" + libsdl1.2debian + libpng12-0 +" + +REQUIRED_INSTALLED_PACKAGES=" + libsdl1.2debian + libpng12-0 +" + +REQUIRED_LIBRARIES=" + libsdl1.2debian + libpng12 +" -- cgit v1.2.3-55-g7522 From 00bbe6f8b4448eef637e6cd486fae1224456726d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 30 Aug 2013 19:01:50 +0200 Subject: [clone_stage4] Extend and refine filterlist and filtering process --- scripts/clone_stage4 | 26 +++++++++++++--- server/blacklists/essential/console-kit | 8 +++++ server/blacklists/essential/dbus | 47 +++++++++++++++++++++++++++++ server/blacklists/essential/linux-base | 47 ++++++++++++++++------------- server/blacklists/essential/linux-extended | 5 ++- server/blacklists/essential/policykit | 7 +++++ server/blacklists/essential/pulseaudio | 5 +++ server/blacklists/package-managers/apt | 3 +- server/blacklists/package-managers/yum | 1 - server/blacklists/package-managers/zypper | 1 - server/blacklists/pam/gnome | 4 +++ server/blacklists/x-autostart/kde-autostart | 8 ++--- server/blacklists/x-autostart/xdg-autostart | 5 +-- 13 files changed, 131 insertions(+), 36 deletions(-) create mode 100644 server/blacklists/essential/console-kit create mode 100644 server/blacklists/essential/dbus create mode 100644 server/blacklists/essential/policykit create mode 100644 server/blacklists/essential/pulseaudio create mode 100644 server/blacklists/pam/gnome diff --git a/scripts/clone_stage4 b/scripts/clone_stage4 index ad468f4f..e24fd416 100755 --- a/scripts/clone_stage4 +++ b/scripts/clone_stage4 @@ -29,12 +29,29 @@ TARGET_DIR="$3" mkdir -p "$TARGET_DIR" mkdir -p "$BOOT_DIR" +EXCLUDE="$BOOT_DIR/exclude-stage4" +INCLUDE="$BOOT_DIR/include-stage4" + pinfo "Building rsync exclude-file for building stage 4...." -cp "${ROOT_DIR}/data/basic.nocopy" "${BOOT_DIR}/exclude-stage4" +echo "## Exclude file for stage4 of $1" > "$EXCLUDE" +echo "## Include file for stage4 of $1" > "$INCLUDE" +for FILE in $(find "$ROOT_DIR"/server/blacklists/*/ -type f); do + echo "## From $FILE" >> "$EXCLUDE" + echo "## From $FILE" >> "$INCLUDE" + grep '^-' "$FILE" >> "$EXCLUDE" + grep '^+' "$FILE" >> "$INCLUDE" +done + +echo "## From cloned $2 of $1" >> "$EXCLUDE" +# this next command lists all files found in BASE_DIR and removes the prefix BASE_DIR +IFS=$'\n' +for FILE in $(find "${BASE_DIR}" -type f | cut -c $[${#BASE_DIR} + 1]-); do + echo "- $FILE" >> "$EXCLUDE" +done +unset IFS -# this next command lists all files found in BASE_DIR and removed the prefix BASE_DIR -find "${BASE_DIR}" -type f | cut -c $[${#BASE_DIR} + 1]- >> "${BOOT_DIR}/exclude-stage4" pinfo "Done." +[ "y$UID" == "y0" ] || perror "You're not root. Cannot continue with rsync." # prepare rsync's options depending on whether the source is local or remote RSYNC_OPTS="" @@ -47,4 +64,5 @@ else fi pinfo "Cloning via rsync" -rsync -a --delete --numeric-ids -v --exclude-from="${BOOT_DIR}/exclude-stage4" "${RSYNC_OPTS}" "${RSYNC_SOURCE}" "${TARGET_DIR}" || perror "rsync from '${RSYNC_SOURCE}' to '${TARGET_DIR}' failed." +cat "$INCLUDE" "$EXCLUDE" | rsync -a --delete --delete-excluded --numeric-ids -v --exclude-from=- "${RSYNC_OPTS}" "${RSYNC_SOURCE}" "${TARGET_DIR}" || perror "rsync from '${RSYNC_SOURCE}' to '${TARGET_DIR}' failed." + diff --git a/server/blacklists/essential/console-kit b/server/blacklists/essential/console-kit new file mode 100644 index 00000000..a176cac9 --- /dev/null +++ b/server/blacklists/essential/console-kit @@ -0,0 +1,8 @@ +# Consolekit is removed and replaced by a dummy in stage32 +- console-kit* +- consolekit* +- libck-connector* +- *-ck-connector* +- *Console-Kit* +- *ConsoleKit* + diff --git a/server/blacklists/essential/dbus b/server/blacklists/essential/dbus new file mode 100644 index 00000000..42afc286 --- /dev/null +++ b/server/blacklists/essential/dbus @@ -0,0 +1,47 @@ +# system.d +- dbus-1**avahi-dbus.conf +- dbus-1**bluetooth.conf +- dbus-1**com.hp.hplip.conf +- dbus-1**com.redhat.NewPrinterNotification.conf +- dbus-1**com.redhat.PrinterDriversInstaller.conf +- dbus-1**dnsmasq.conf +- dbus-1**Mountall.Server.conf +- dbus-1**nm-* +- dbus-1**org.debian.apt.conf +- dbus-1**org.debian.AptXapianIndex.conf +- dbus-1**org.freedesktop.hostname1.conf +- dbus-1**org.freedesktop.locale1.conf +- dbus-1**org.freedesktop.login1.conf +- dbus-1**org.freedesktop.ModemManager.conf +- dbus-1**org.freedesktop.NetworkManager.conf +- dbus-1**org.freedesktop.PolicyKit1.conf +- dbus-1**org.freedesktop.PackageKit-aptd.conf +- dbus-1**org.freedesktop.systemd1.conf +- dbus-1**org.freedesktop.timedate1.conf +- dbus-1**org.opensuse.CupsPkHelper.Mechanism.conf +- dbus-1**pulseaudio-system.conf +- dbus-1**Upstart.conf +- dbus-1**wpa_supplicant.conf +# interfaces +- dbus-1**mm-* +- dbus-1**org.fedoraproject.Config.Printing.xml +- dbus-1**org.freedesktop.Avahi.* +- dbus-1**org.freedesktop.hostname1.xml +- dbus-1**org.freedesktop.locale1.xml +- dbus-1**org.freedesktop.ModemManager.* +- dbus-1**org.freedesktop.timedate1.xml +- dbus-1**com.ubuntuone.* +- dbus-1**musicstore-scope.service +- dbus-1**org.freedesktop.Geoclue.* +- dbus-1**org.gnome.zeitgeist.* +- dbus-1**unity-lens-shopping.service +# systen-services +- dbus-1**fi.epitest.hostap.WPASupplicant.service +- dbus-1**fi.w1.wpa_supplicant1.service +- dbus-1**org.freedesktop.hostname1.service +- dbus-1**org.freedesktop.locale1.service +- dbus-1**org.freedesktop.ModemManager.service +- dbus-1**org.freedesktop.nm_dispatcher.service +- dbus-1**org.freedesktop.systemd1.service +- dbus-1**org.freedesktop.timedate1.service + diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base index a00dee78..522ae191 100644 --- a/server/blacklists/essential/linux-base +++ b/server/blacklists/essential/linux-base @@ -1,27 +1,32 @@ -- /boot -- /cdrom -- /dev -- /lib/modules -- /lost+found -- /media -- /mnt -- /opt/openslx -- /proc -- /run -- /srv -- /sys -- /tmp -- /usr/src -- /var/log +- /boot/ +- /cdrom/ +- /dev/ +- /lib/modules/ +- /lost+found/ +- /media/ +- /mnt/ +- /opt/openslx/ +- /proc/ +- /run/ +- /srv/ +- /sys/ +- /tmp/ +- /usr/src/ +- /var/log/ - /var/run -- /var/www -- /var/tmp -- /var/cache/nscd +- /var/www/ +- /var/tmp/ ++ /var/cache/**/ +- /var/cache/** +- /var/lock ++ /var/spool/**/ +- /var/spool/** - /etc/resolv.conf -- /etc/resolvconf -- */tm-scripts +- /etc/resolvconf/ +- **/tm-scripts/ - /initrd.img - /initrd.img.old - /vmlinuz - /vmlinuz.old - +# This is where the bind-mount of mltk resides... +- /export/build diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended index c558c16e..d9d7ef97 100644 --- a/server/blacklists/essential/linux-extended +++ b/server/blacklists/essential/linux-extended @@ -1,4 +1,3 @@ -- /export - /home - /root - /usr/src @@ -6,4 +5,8 @@ - /etc/init - /var/lib/init.d - /usr/share/upstart +- /lib/systemd +- /usr/lib/systemd +- /etc/systemd +- /var/lib/NetworkManager diff --git a/server/blacklists/essential/policykit b/server/blacklists/essential/policykit new file mode 100644 index 00000000..68ff5a44 --- /dev/null +++ b/server/blacklists/essential/policykit @@ -0,0 +1,7 @@ +# Also get rid of polkit +- libpolkit* +- polkit* +- policykit* +- *PolicyKit* +- *PolKit* + diff --git a/server/blacklists/essential/pulseaudio b/server/blacklists/essential/pulseaudio new file mode 100644 index 00000000..7c1c1337 --- /dev/null +++ b/server/blacklists/essential/pulseaudio @@ -0,0 +1,5 @@ +- *pulseaudio* +- libpulse* +- *sound**pulse* +- *alsa**pulse* + diff --git a/server/blacklists/package-managers/apt b/server/blacklists/package-managers/apt index b4e2c9ba..5e019138 100644 --- a/server/blacklists/package-managers/apt +++ b/server/blacklists/package-managers/apt @@ -1,3 +1,2 @@ -- /var/cache/apt/archives/* -+ /var/cache/apt/archives/partial ++ /var/cache/apt/archives/partial/** diff --git a/server/blacklists/package-managers/yum b/server/blacklists/package-managers/yum index 2ddd04d9..8b137891 100644 --- a/server/blacklists/package-managers/yum +++ b/server/blacklists/package-managers/yum @@ -1,2 +1 @@ -- /var/cache/yum diff --git a/server/blacklists/package-managers/zypper b/server/blacklists/package-managers/zypper index 6999340d..fbab85d7 100644 --- a/server/blacklists/package-managers/zypper +++ b/server/blacklists/package-managers/zypper @@ -1,3 +1,2 @@ - /var/lib/zypp -- /var/cache/zypp diff --git a/server/blacklists/pam/gnome b/server/blacklists/pam/gnome new file mode 100644 index 00000000..d1c85b72 --- /dev/null +++ b/server/blacklists/pam/gnome @@ -0,0 +1,4 @@ ++ /etc/pam.d/gdm ++ /etc/pam.d/gdm-* ++ /etc/pam.d/gnome-* + diff --git a/server/blacklists/x-autostart/kde-autostart b/server/blacklists/x-autostart/kde-autostart index 64294578..4d384303 100644 --- a/server/blacklists/x-autostart/kde-autostart +++ b/server/blacklists/x-autostart/kde-autostart @@ -1,5 +1,5 @@ -- /usr/share/autostart/* -+ /usr/share/autostart -- /opt/kde3/share/autostart/* -+ /opt/kde3/share/autostart ++ /usr/share/autostart/**/ +- /usr/share/autostart/** ++ /opt/kde3/share/autostart/**/ +- /opt/kde3/share/autostart/** diff --git a/server/blacklists/x-autostart/xdg-autostart b/server/blacklists/x-autostart/xdg-autostart index 2160919f..bd4dd467 100644 --- a/server/blacklists/x-autostart/xdg-autostart +++ b/server/blacklists/x-autostart/xdg-autostart @@ -1,3 +1,4 @@ -- /etc/xdg/autostart/* -+ /usr/share/autostart ++ /etc/xdg/autostart/**/ ++ /etc/xdg/autostart/gnome-settings-daemon.desktop +- /etc/xdg/autostart/** -- cgit v1.2.3-55-g7522 From 72752558683c0bc387e85d1499ce61bffae47620 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 2 Sep 2013 15:43:29 +0200 Subject: [vbox] Readme file with notes on pathced scripts --- remote/modules/vbox/README | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 remote/modules/vbox/README diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README new file mode 100644 index 00000000..999f048f --- /dev/null +++ b/remote/modules/vbox/README @@ -0,0 +1,13 @@ +Notabene: + +Some virtualbox script are patched to accomodate some changes in system +environment: As openSLX uses predominantly busybox, paths to busybox exe- +cutables (respective links) are inserted. These insertions are made at the +end of paths, as sometimes there are system binaries predomninantly used, +for example ps, as busybox ps does not offer needed options. + +This patched scripts include virtualbox and vboxmanage, originally links +to VBox. Please note these patched scripts are unlinked, thus solitary, +please note there is also a (linked) scripts named VBoxManage (note capitals). + +It is therefore recommended to use the lower case version (vboxmanage). -- cgit v1.2.3-55-g7522 From 2533551dd0c8f24974f1366fc0bb591d43db622e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 2 Sep 2013 15:57:26 +0200 Subject: [helper/useradd] Make sure /etc/shadow has group shadow (Also fix indentation on the file) --- helper/useradd.inc | 52 +++++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/helper/useradd.inc b/helper/useradd.inc index 3f54a24a..1e35c571 100644 --- a/helper/useradd.inc +++ b/helper/useradd.inc @@ -106,7 +106,7 @@ add_user() { # do the same for the group local _GID=$(grep -E "^${GROUP}:[^:]*:[0-9]+:" "${_GROUP}" | head -1 | awk -F ':' '{print $3}') [ ! -z "${_GID}" ] && [ "x${_GID}" != "x${GROUPID}" ] && perror "Group ${GROUP}(${GROUPID}) already exists with GID ${_GID}" - # if user already exists, check if he is in another group than the one requested. if so, bail out + # if user already exists, check if he is in another group than the one requested. if so, bail out # (TODO: don't bail out and add user to the new group) if [ ! -z "${_UID}" ] then @@ -183,31 +183,33 @@ add_group () { } init_users_and_groups() { - [ -z "${TARGET_BUILD_DIR}" ] && perror "Almost wrecked your local passwd, group and shadow file. phew." - local PASSWD=${TARGET_BUILD_DIR}/etc/passwd - local GROUP=${TARGET_BUILD_DIR}/etc/group - local SHADOW=${TARGET_BUILD_DIR}/etc/shadow + [ -z "$TARGET_BUILD_DIR" -o "$TARGET_BUILD_DIR" == "/" ] && perror "Almost wrecked your local passwd, group and shadow file. phew." + local PASSWD="$TARGET_BUILD_DIR/etc/passwd" + local GROUP="$TARGET_BUILD_DIR/etc/group" + local SHADOW="$TARGET_BUILD_DIR/etc/shadow" [ -s "${PASSWD}" -a -s "${GROUP}" -a -s "${SHADOW}" ] && return pinfo "Creating users and groups based on local system...." - cp "/etc/passwd" "$PASSWD" - cp "/etc/group" "$GROUP" - cp "/etc/shadow" "$SHADOW" - # remove local users from group file (TODO: currently assumes users have ids 1000-1999) - local LOCALUSERS=$(grep -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" | awk -F ':' '{print $1}') - for USER in $LOCALUSERS; do - sed -r -i "s/([:,])${USER}/\1/g" "${GROUP}" - done - # fix syntax: remove trailing ',' in group file - sed -r -i 's/,+$//g' "${GROUP}" - sed -r -i 's/,+/,/g' "${GROUP}" - sed -i 's/:,/:/g' "${GROUP}" - # remove all non-system groups (also assumes users have 1000-1999, so nogroup will be kept) - grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${GROUP}" > "${GROUP}.tmp" - mv "${GROUP}.tmp" "${GROUP}" - # same for users... - grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" > "${PASSWD}.tmp" - mv "${PASSWD}.tmp" "${PASSWD}" - # generate fresh shadow file - awk -F ':' '{print $1":*:15555:0:99999:7:::"}' "${PASSWD}" > "${SHADOW}" + cp -a "/etc/passwd" "$PASSWD" || perror "Could not copy /etc/passwd" + cp -a "/etc/group" "$GROUP" || perror "Could not copy /etc/group" + cp -a "/etc/shadow" "$SHADOW" || perror "Could not copy /etc/shadow" + # make sure shadow has group shadow (should be handled by cp -a but hey) + chgrp shadow "$SHADOW" + # remove local users from group file (TODO: currently assumes users have ids 1000-1999) + local LOCALUSERS=$(grep -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" | awk -F ':' '{print $1}') + for USER in $LOCALUSERS; do + sed -r -i "s/([:,])${USER}/\1/g" "${GROUP}" + done + # fix syntax: remove trailing ',' in group file + sed -r -i 's/,+$//g' "${GROUP}" + sed -r -i 's/,+/,/g' "${GROUP}" + sed -i 's/:,/:/g' "${GROUP}" + # remove all non-system groups (also assumes users have 1000-1999, so nogroup will be kept) + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${GROUP}" > "${GROUP}.tmp" + mv "${GROUP}.tmp" "${GROUP}" + # same for users... + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" > "${PASSWD}.tmp" + mv "${PASSWD}.tmp" "${PASSWD}" + # generate fresh shadow file + awk -F ':' '{print $1":*:15555:0:99999:7:::"}' "${PASSWD}" > "${SHADOW}" } -- cgit v1.2.3-55-g7522 From e290867b025a531f2e895fcbae84cf1e3796ddbd Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 2 Sep 2013 16:40:38 +0200 Subject: [vbox] vbox.build: suid VirtualBox in Debian/Ubuntu branch --- remote/modules/vbox/vbox.build | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index fd2e0b0b..4ee2b2b9 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -102,6 +102,8 @@ build() { pinfo "Unpacking deb ..." cd build || perror "Cannot cd to build directory!" dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" + # VirtualBox needs to be suid-root: + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/VirtualBox ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From e1fabaccb73228fa0c1c0e9aef586f819415d7a0 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 2 Sep 2013 16:51:46 +0200 Subject: [debug] +su, +file --- remote/modules/debug/debug.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index ba1f065e..7b040326 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -9,5 +9,7 @@ REQUIRED_BINARIES=" fc-query xset locale + su + file @htop " -- cgit v1.2.3-55-g7522 From 3fb3b58fab80b438312cc433ea5681f656e858c4 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 2 Sep 2013 18:41:16 +0200 Subject: [vbox] suid VirtualBox Path, +perror --- remote/modules/vbox/vbox.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index 4ee2b2b9..48cfe8c2 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -103,7 +103,7 @@ build() { cd build || perror "Cannot cd to build directory!" dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" # VirtualBox needs to be suid-root: - chmod u+s ${MODULE_BUILD_DIR}/usr/lib/VirtualBox + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VirtualBox || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From 89fe73872324255f6b6b2bb1a428506f89c037b7 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 2 Sep 2013 19:04:03 +0200 Subject: [vbox] udev-rule with ENV-PATH --- remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules index 2b82a0fc..f2b99721 100644 --- a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules +++ b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules @@ -1,6 +1,6 @@ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" -SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb_device", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb_device", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -- cgit v1.2.3-55-g7522 From 5511c3e3394138f780ef03d0e29435fdb2272960 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Tue, 3 Sep 2013 13:56:33 +0200 Subject: [pam-hso] server config module for the pam configuration for the hochschule offenburg --- server/modules/pam-hso/etc/ldap.conf | 297 +++++++++++++++++++++ .../pam-hso/etc/pam-script/pam_script_ses_close | 7 + .../pam-hso/etc/pam-script/pam_script_ses_open | 25 ++ .../pam-hso/etc/pam-script/pam_script_ses_open.bak | 30 +++ .../etc/pam-script/pam_script_ses_open.save | 47 ++++ server/modules/pam-hso/etc/pam.d/common-account | 26 ++ server/modules/pam-hso/etc/pam.d/common-auth | 26 ++ server/modules/pam-hso/etc/pam.d/common-password | 33 +++ server/modules/pam-hso/etc/pam.d/common-session | 36 +++ .../etc/pam.d/common-session-noninteractive | 30 +++ server/modules/pam-hso/etc/pam.d/kdm | 10 + server/modules/pam-hso/etc/pam.d/kdm-np | 11 + server/modules/pam-hso/etc/pam.d/login | 101 +++++++ server/modules/pam-hso/etc/pam.d/other | 10 + server/modules/pam-hso/etc/pam.d/passwd | 6 + server/modules/pam-hso/etc/pam.d/sshd | 41 +++ server/modules/pam-hso/etc/pam.d/vmware-authd | 6 + server/modules/pam-hso/etc/pam.d/xdm | 6 + 18 files changed, 748 insertions(+) create mode 100644 server/modules/pam-hso/etc/ldap.conf create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_close create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save create mode 100644 server/modules/pam-hso/etc/pam.d/common-account create mode 100644 server/modules/pam-hso/etc/pam.d/common-auth create mode 100644 server/modules/pam-hso/etc/pam.d/common-password create mode 100644 server/modules/pam-hso/etc/pam.d/common-session create mode 100644 server/modules/pam-hso/etc/pam.d/common-session-noninteractive create mode 100644 server/modules/pam-hso/etc/pam.d/kdm create mode 100644 server/modules/pam-hso/etc/pam.d/kdm-np create mode 100644 server/modules/pam-hso/etc/pam.d/login create mode 100644 server/modules/pam-hso/etc/pam.d/other create mode 100644 server/modules/pam-hso/etc/pam.d/passwd create mode 100644 server/modules/pam-hso/etc/pam.d/sshd create mode 100644 server/modules/pam-hso/etc/pam.d/vmware-authd create mode 100644 server/modules/pam-hso/etc/pam.d/xdm diff --git a/server/modules/pam-hso/etc/ldap.conf b/server/modules/pam-hso/etc/ldap.conf new file mode 100644 index 00000000..086e58c1 --- /dev/null +++ b/server/modules/pam-hso/etc/ldap.conf @@ -0,0 +1,297 @@ +###DEBCONF### +## +## Configuration of this file will be managed by debconf as long as the +## first line of the file says '###DEBCONF###' +## +## You should use dpkg-reconfigure to configure this file via debconf +## + +# +# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $ +# +# This is the configuration file for the LDAP nameservice +# switch library and the LDAP PAM module. +# +# PADL Software +# http://www.padl.com +# + +# Your LDAP server. Must be resolvable without using LDAP. +# Multiple hosts may be specified, each separated by a +# space. How long nss_ldap takes to failover depends on +# whether your LDAP client library supports configurable +# network or connect timeouts (see bind_timelimit). +#host 127.0.0.1 + +# The distinguished name of the search base. +base o=fho + +# Another way to specify your LDAP server is to provide an +uri ldaps://fs3.rz.hs-offenburg.de +# Unix Domain Sockets to connect to a local LDAP Server. +#uri ldap://127.0.0.1/ +#uri ldaps://127.0.0.1/ +#uri ldapi://%2fvar%2frun%2fldapi_sock/ +# Note: %2f encodes the '/' used as directory separator + +# The LDAP version to use (defaults to 3 +# if supported by client library) +ldap_version 3 + +# The distinguished name to bind to the server with. +# Optional: default is to bind anonymously. +binddn cn=ldap_proxy_openslx,ou=misc,o=fho + +# The credentials to bind with. +# Optional: default is no credential. +bindpw !N4ye,04u.!N4ye,04u.!N4ye,04u. + +# The distinguished name to bind to the server with +# if the effective user ID is root. Password is +# stored in /etc/ldap.secret (mode 600) +#rootbinddn cn=manager,dc=padl,dc=com + +# The port. +# Optional: default is 389. +#port 389 + +# The search scope. +#scope sub +#scope one +#scope base + +# Search timelimit +#timelimit 30 + +# Bind/connect timelimit +#bind_timelimit 30 + +# Reconnect policy: hard (default) will retry connecting to +# the software with exponential backoff, soft will fail +# immediately. +#bind_policy hard + +# Idle timelimit; client will close connections +# (nss_ldap only) if the server has not been contacted +# for the number of seconds specified below. +#idle_timelimit 3600 + +# Filter to AND with uid=%s +#pam_filter objectclass=account + +# The user ID attribute (defaults to uid) +#pam_login_attribute uid + +# Search the root DSE for the password policy (works +# with Netscape Directory Server) +#pam_lookup_policy yes + +# Check the 'host' attribute for access control +# Default is no; if set to yes, and user has no +# value for the host attribute, and pam_ldap is +# configured for account management (authorization) +# then the user will not be allowed to login. +#pam_check_host_attr yes + +# Check the 'authorizedService' attribute for access +# control +# Default is no; if set to yes, and the user has no +# value for the authorizedService attribute, and +# pam_ldap is configured for account management +# (authorization) then the user will not be allowed +# to login. +#pam_check_service_attr yes + +# Group to enforce membership of +#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com + +# Group member attribute +#pam_member_attribute uniquemember + +# Specify a minium or maximum UID number allowed +#pam_min_uid 0 +#pam_max_uid 0 + +# Template login attribute, default template user +# (can be overriden by value of former attribute +# in user's entry) +#pam_login_attribute userPrincipalName +#pam_template_login_attribute uid +#pam_template_login nobody + +# HEADS UP: the pam_crypt, pam_nds_passwd, +# and pam_ad_passwd options are no +# longer supported. +# +# Do not hash the password at all; presume +# the directory server will do it, if +# necessary. This is the default. +pam_password md5 + +# Hash password locally; required for University of +# Michigan LDAP server, and works with Netscape +# Directory Server if you're using the UNIX-Crypt +# hash mechanism and not using the NT Synchronization +# service. +#pam_password crypt + +# Remove old password first, then update in +# cleartext. Necessary for use with Novell +# Directory Services (NDS) +#pam_password clear_remove_old +#pam_password nds + +# RACF is an alias for the above. For use with +# IBM RACF +#pam_password racf + +# Update Active Directory password, by +# creating Unicode password and updating +# unicodePwd attribute. +#pam_password ad + +# Use the OpenLDAP password change +# extended operation to update the password. +#pam_password exop + +# Redirect users to a URL or somesuch on password +# changes. +#pam_password_prohibit_message Please visit http://internal to change your password. + +# RFC2307bis naming contexts +# Syntax: +# nss_base_XXX base?scope?filter +# where scope is {base,one,sub} +# and filter is a filter to be &'d with the +# default filter. +# You can omit the suffix eg: +# nss_base_passwd ou=People, +# to append the default base DN but this +# may incur a small performance impact. +#nss_base_passwd ou=People,dc=padl,dc=com?one +#nss_base_shadow ou=People,dc=padl,dc=com?one +#nss_base_group ou=Group,dc=padl,dc=com?one +#nss_base_hosts ou=Hosts,dc=padl,dc=com?one +#nss_base_services ou=Services,dc=padl,dc=com?one +#nss_base_networks ou=Networks,dc=padl,dc=com?one +#nss_base_protocols ou=Protocols,dc=padl,dc=com?one +#nss_base_rpc ou=Rpc,dc=padl,dc=com?one +#nss_base_ethers ou=Ethers,dc=padl,dc=com?one +#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne +#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one +#nss_base_aliases ou=Aliases,dc=padl,dc=com?one +#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one + +# attribute/objectclass mapping +# Syntax: +#nss_map_attribute rfc2307attribute mapped_attribute +#nss_map_objectclass rfc2307objectclass mapped_objectclass + +# configure --enable-nds is no longer supported. +# NDS mappings +#nss_map_attribute uniqueMember member + +# Services for UNIX 3.5 mappings +#nss_map_objectclass posixAccount User +#nss_map_objectclass shadowAccount User +#nss_map_attribute uid msSFU30Name +#nss_map_attribute uniqueMember msSFU30PosixMember +#nss_map_attribute userPassword msSFU30Password +#nss_map_attribute homeDirectory msSFU30HomeDirectory +#nss_map_attribute homeDirectory msSFUHomeDirectory +#nss_map_objectclass posixGroup Group +#pam_login_attribute msSFU30Name +#pam_filter objectclass=User +#pam_password ad + +# configure --enable-mssfu-schema is no longer supported. +# Services for UNIX 2.0 mappings +#nss_map_objectclass posixAccount User +#nss_map_objectclass shadowAccount user +#nss_map_attribute uid msSFUName +#nss_map_attribute uniqueMember posixMember +#nss_map_attribute userPassword msSFUPassword +#nss_map_attribute homeDirectory msSFUHomeDirectory +#nss_map_attribute shadowLastChange pwdLastSet +#nss_map_objectclass posixGroup Group +#nss_map_attribute cn msSFUName +#pam_login_attribute msSFUName +#pam_filter objectclass=User +#pam_password ad + +# RFC 2307 (AD) mappings +#nss_map_objectclass posixAccount user +#nss_map_objectclass shadowAccount user +#nss_map_attribute uid sAMAccountName +#nss_map_attribute homeDirectory unixHomeDirectory +#nss_map_attribute shadowLastChange pwdLastSet +#nss_map_objectclass posixGroup group +#nss_map_attribute uniqueMember member +#pam_login_attribute sAMAccountName +#pam_filter objectclass=User +#pam_password ad + +# configure --enable-authpassword is no longer supported +# AuthPassword mappings +#nss_map_attribute userPassword authPassword + +# AIX SecureWay mappings +#nss_map_objectclass posixAccount aixAccount +#nss_base_passwd ou=aixaccount,?one +#nss_map_attribute uid userName +#nss_map_attribute gidNumber gid +#nss_map_attribute uidNumber uid +#nss_map_attribute userPassword passwordChar +#nss_map_objectclass posixGroup aixAccessGroup +#nss_base_group ou=aixgroup,?one +#nss_map_attribute cn groupName +#nss_map_attribute uniqueMember member +#pam_login_attribute userName +#pam_filter objectclass=aixAccount +#pam_password clear + +# Netscape SDK LDAPS +#ssl on + +# Netscape SDK SSL options +#sslpath /etc/ssl/certs + +# OpenLDAP SSL mechanism +# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 +#ssl start_tls +#ssl on + +# OpenLDAP SSL options +# Require and verify server certificate (yes/no) +# Default is to use libldap's default behavior, which can be configured in +# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for +# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". +#tls_checkpeer yes + +# CA certificates for server certificate verification +# At least one of these are required if tls_checkpeer is "yes" +#tls_cacertfile /etc/ssl/ca.cert +#tls_cacertdir /etc/ssl/certs + +# Seed the PRNG if /dev/urandom is not provided +#tls_randfile /var/run/egd-pool + +# SSL cipher suite +# See man ciphers for syntax +#tls_ciphers TLSv1 + +# Client certificate and key +# Use these, if your server requires client authentication. +#tls_cert +#tls_key + +# Disable SASL security layers. This is needed for AD. +#sasl_secprops maxssf=0 + +# Override the default Kerberos ticket cache location. +#krb5_ccname FILE:/etc/.ldapcache + +# SASL mechanism for PAM authentication - use is experimental +# at present and does not support password policy control +#pam_sasl_mech DIGEST-MD5 +nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,proxy,pulse,root,rtkit,saned,speech-dispatcher,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close new file mode 100755 index 00000000..8bc8d3bb --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close @@ -0,0 +1,7 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +echo "[$PAM_TYPE] Closing session for $PAM_USER" + +[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open new file mode 100755 index 00000000..2189c347 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open @@ -0,0 +1,25 @@ +#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/users/$loggedInUser ]; then + mkdir -p /home/users/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser + + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak new file mode 100755 index 00000000..79a94169 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak @@ -0,0 +1,30 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +echo "[$PAM_TYPE] Opening session for $PAM_USER" + +if [ $(id -g $PAM_USER) -eq 1001 ]; then + echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" + + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab + chmod 600 /etc/krb5.keytab + + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + + FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + + # now we can mount the home directory + mkdir -p /home/$PAM_USER + if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then + exit 0 + else + echo "Failed to mount home directory for $PAM_USER" + exit 1 + fi + +fi + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save new file mode 100755 index 00000000..1bbb9d81 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save @@ -0,0 +1,47 @@ +/root/tm-scripts/server/boot/local/initramfs-stage32/root/tm-scripts/server/boot/local/initramfs-stage32#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/$loggedInUser ]; then + mkdir -p /home/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/$loggedInUser ]; then + mkdir -p /home/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser + + diff --git a/server/modules/pam-hso/etc/pam.d/common-account b/server/modules/pam-hso/etc/pam.d/common-account new file mode 100644 index 00000000..3a5d5a14 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-account @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-auth b/server/modules/pam-hso/etc/pam.d/common-auth new file mode 100644 index 00000000..8a2d4c86 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-auth @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +auth [success=2 default=ignore] pam_unix.so try_first_pass +auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-password b/server/modules/pam-hso/etc/pam.d/common-password new file mode 100644 index 00000000..cb8c7b71 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session b/server/modules/pam-hso/etc/pam.d/common-session new file mode 100644 index 00000000..4c4a7e95 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-session @@ -0,0 +1,36 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_systemd.so +session optional pam_env.so readenv=1 +session optional pam_env.so readenv=1 envfile=/etc/default/locale +session [success=1] pam_unix.so +session [success=ok] pam_ldap.so +session sufficient pam_script.so +session optional pam_mkhomedir.so skel=/etc/skel umask=0022 +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive new file mode 100644 index 00000000..1fee2c4f --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/kdm b/server/modules/pam-hso/etc/pam.d/kdm new file mode 100644 index 00000000..e6a4ec9b --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/kdm @@ -0,0 +1,10 @@ +# +# /etc/pam.d/kdm - specify the PAM behaviour of kdm +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/server/modules/pam-hso/etc/pam.d/kdm-np b/server/modules/pam-hso/etc/pam.d/kdm-np new file mode 100644 index 00000000..dc10e5b5 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/kdm-np @@ -0,0 +1,11 @@ +# +# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +session required pam_limits.so +account include common-account +password include common-password +session include common-session +auth required pam_permit.so diff --git a/server/modules/pam-hso/etc/pam.d/login b/server/modules/pam-hso/etc/pam.d/login new file mode 100644 index 00000000..1065f351 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/login @@ -0,0 +1,101 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +# OpenSLX: Not Needed? +#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# TODO do we need this? +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +#auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# TODO do we need this? +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +#session required pam_limits.so + +# TODO check if this is needed +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the motd upon succesful login +# (Replaces the `MOTD_FILE' option in login.defs) +session optional pam_motd.so + +# Standard Un*x account and session +account include common-account +session include common-session +password include common-password + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) diff --git a/server/modules/pam-hso/etc/pam.d/other b/server/modules/pam-hso/etc/pam.d/other new file mode 100644 index 00000000..840eb77f --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/other @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/server/modules/pam-hso/etc/pam.d/passwd b/server/modules/pam-hso/etc/pam.d/passwd new file mode 100644 index 00000000..32eaa3c6 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/passwd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `passwd' service +# + +password include common-password + diff --git a/server/modules/pam-hso/etc/pam.d/sshd b/server/modules/pam-hso/etc/pam.d/sshd new file mode 100644 index 00000000..8954d639 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/sshd @@ -0,0 +1,41 @@ +# PAM configuration for the Secure Shell service + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +auth required pam_env.so # [1] +# In Debian 4.0 (etch), locale-related environment variables were moved to +# /etc/default/locale, so read that as well. +auth required pam_env.so envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +account include common-account + +# Standard Un*x session setup and teardown. +session include common-session + +# Print the message of the day upon successful login. +session optional pam_motd.so # [1] + +# TODO do we need this? +# Print the status of the user's mailbox upon successful login. +#session optional pam_mail.so standard noenv # [1] + +# TODO do we need this? +# Set up user limits from /etc/security/limits.conf. +#session required pam_limits.so + +# Set up SELinux capabilities (need modified pam) +# session required pam_selinux.so multiple + +# Standard Un*x password updating. +password include common-password diff --git a/server/modules/pam-hso/etc/pam.d/vmware-authd b/server/modules/pam-hso/etc/pam.d/vmware-authd new file mode 100644 index 00000000..1f9b60f9 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/vmware-authd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session + diff --git a/server/modules/pam-hso/etc/pam.d/xdm b/server/modules/pam-hso/etc/pam.d/xdm new file mode 100644 index 00000000..d21651db --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/xdm @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session -- cgit v1.2.3-55-g7522 From 6401e456cc419fc0edc8c0f535e7ae98113b4ec1 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Tue, 3 Sep 2013 13:57:37 +0200 Subject: [pam-hso] activated pam-hso in configs of server --- server/configs/offenburg/pam-hso | 1 + 1 file changed, 1 insertion(+) create mode 120000 server/configs/offenburg/pam-hso diff --git a/server/configs/offenburg/pam-hso b/server/configs/offenburg/pam-hso new file mode 120000 index 00000000..700c42e0 --- /dev/null +++ b/server/configs/offenburg/pam-hso @@ -0,0 +1 @@ +../../modules/pam-hso \ No newline at end of file -- cgit v1.2.3-55-g7522 From b41d8ec2e258beaf90b472ea9089e0cd1ba4d19e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 3 Sep 2013 17:42:51 +0200 Subject: Add consolekit and polkit --- remote/modules/consolekit/consolekit.conf | 23 ++++++------- remote/modules/consolekit/consolekit.conf.opensuse | 2 ++ remote/modules/consolekit/consolekit.conf.ubuntu | 2 ++ remote/modules/consolekit/consolekit.conf.zypper | 11 ------- .../basic.target.wants/console-kit-daemon.service | 1 + .../etc/systemd/system/console-kit-daemon.service | 8 +++++ .../org.freedesktop.ConsoleKit.service | 6 ++++ remote/modules/policykit-src/TODO | 1 - remote/modules/policykit-src/policykit.build | 38 ---------------------- remote/modules/policykit-src/policykit.conf | 10 ------ .../data/etc/systemd/system/polkitd.service | 7 ---- remote/modules/policykit/policykit.build | 24 -------------- remote/modules/policykit/policykit.conf | 11 ------- remote/modules/policykit/policykit.conf.opensuse | 12 ------- remote/modules/policykit/policykit.conf.ubuntu | 13 -------- .../system/basic.target.wants/polkit.service | 1 + remote/modules/polkit/polkit.build | 26 +++++++++++++++ remote/modules/polkit/polkit.conf | 13 ++++++++ remote/modules/polkit/polkit.conf.opensuse | 11 +++++++ remote/modules/polkit/polkit.conf.ubuntu | 12 +++++++ remote/modules/polkit/templates/dbus.service | 6 ++++ remote/modules/polkit/templates/systemd.service | 8 +++++ remote/setup_target | 19 ----------- remote/targets/stage32/consolekit | 1 + remote/targets/stage32/polkit | 1 + 25 files changed, 110 insertions(+), 157 deletions(-) create mode 100644 remote/modules/consolekit/consolekit.conf.opensuse create mode 100644 remote/modules/consolekit/consolekit.conf.ubuntu delete mode 100644 remote/modules/consolekit/consolekit.conf.zypper create mode 120000 remote/modules/consolekit/data/etc/systemd/system/basic.target.wants/console-kit-daemon.service create mode 100644 remote/modules/consolekit/data/etc/systemd/system/console-kit-daemon.service create mode 100644 remote/modules/consolekit/data/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service delete mode 100644 remote/modules/policykit-src/TODO delete mode 100644 remote/modules/policykit-src/policykit.build delete mode 100644 remote/modules/policykit-src/policykit.conf delete mode 100644 remote/modules/policykit/data/etc/systemd/system/polkitd.service delete mode 100644 remote/modules/policykit/policykit.build delete mode 100644 remote/modules/policykit/policykit.conf delete mode 100644 remote/modules/policykit/policykit.conf.opensuse delete mode 100644 remote/modules/policykit/policykit.conf.ubuntu create mode 120000 remote/modules/polkit/data/etc/systemd/system/basic.target.wants/polkit.service create mode 100644 remote/modules/polkit/polkit.build create mode 100644 remote/modules/polkit/polkit.conf create mode 100644 remote/modules/polkit/polkit.conf.opensuse create mode 100644 remote/modules/polkit/polkit.conf.ubuntu create mode 100644 remote/modules/polkit/templates/dbus.service create mode 100644 remote/modules/polkit/templates/systemd.service create mode 120000 remote/targets/stage32/consolekit create mode 120000 remote/targets/stage32/polkit diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index afb573ce..4f128c62 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -1,11 +1,12 @@ -REQUIRED_CONTENT_PACKAGES="consolekit" -REQUIRED_BINARIES=" ck-history - ck-launch-session - ck-list-sessions - ck-log-system-start - ck-log-system-restart - ck-log-system-stop - console-kit-daemon" -REQUIRED_DIRECTORIES=" /usr/lib/ConsoleKit /etc /lib/systemd/system" -REQUIRED_FILES=" /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service - /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy" +REQUIRED_BINARIES=" + console-kit-daemon +" +REQUIRED_DIRECTORIES=" + /usr + /etc + /lib +" +REQUIRED_LIBRARIES=" + pam_ck_connector +" + diff --git a/remote/modules/consolekit/consolekit.conf.opensuse b/remote/modules/consolekit/consolekit.conf.opensuse new file mode 100644 index 00000000..74c694a1 --- /dev/null +++ b/remote/modules/consolekit/consolekit.conf.opensuse @@ -0,0 +1,2 @@ +REQUIRED_CONTENT_PACKAGES="ConsoleKit" + diff --git a/remote/modules/consolekit/consolekit.conf.ubuntu b/remote/modules/consolekit/consolekit.conf.ubuntu new file mode 100644 index 00000000..c0fffffa --- /dev/null +++ b/remote/modules/consolekit/consolekit.conf.ubuntu @@ -0,0 +1,2 @@ +REQUIRED_CONTENT_PACKAGES="consolekit" + diff --git a/remote/modules/consolekit/consolekit.conf.zypper b/remote/modules/consolekit/consolekit.conf.zypper deleted file mode 100644 index 394ee0da..00000000 --- a/remote/modules/consolekit/consolekit.conf.zypper +++ /dev/null @@ -1,11 +0,0 @@ -REQUIRED_CONTENT_PACKAGES="ConsoleKit" -REQUIRED_BINARIES=" ck-history - ck-launch-session - ck-list-sessions - ck-log-system-start - ck-log-system-restart - ck-log-system-stop - console-kit-daemon" -REQUIRED_DIRECTORIES=" /usr/lib/ConsoleKit /etc /lib/systemd/system" -REQUIRED_FILES=" /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service - /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy" diff --git a/remote/modules/consolekit/data/etc/systemd/system/basic.target.wants/console-kit-daemon.service b/remote/modules/consolekit/data/etc/systemd/system/basic.target.wants/console-kit-daemon.service new file mode 120000 index 00000000..2b34a3f6 --- /dev/null +++ b/remote/modules/consolekit/data/etc/systemd/system/basic.target.wants/console-kit-daemon.service @@ -0,0 +1 @@ +../console-kit-daemon.service \ No newline at end of file diff --git a/remote/modules/consolekit/data/etc/systemd/system/console-kit-daemon.service b/remote/modules/consolekit/data/etc/systemd/system/console-kit-daemon.service new file mode 100644 index 00000000..bc2a0de9 --- /dev/null +++ b/remote/modules/consolekit/data/etc/systemd/system/console-kit-daemon.service @@ -0,0 +1,8 @@ +[Unit] +Description=ConsoleKit + +[Service] +Type=dbus +BusName=org.freedesktop.ConsoleKit +ExecStart=/usr/sbin/console-kit-daemon --no-daemon + diff --git a/remote/modules/consolekit/data/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service b/remote/modules/consolekit/data/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service new file mode 100644 index 00000000..cbefc9a4 --- /dev/null +++ b/remote/modules/consolekit/data/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.ConsoleKit +Exec=/usr/sbin/console-kit-daemon --no-daemon +User=root +SystemdService=console-kit-daemon.service + diff --git a/remote/modules/policykit-src/TODO b/remote/modules/policykit-src/TODO deleted file mode 100644 index 6203c18f..00000000 --- a/remote/modules/policykit-src/TODO +++ /dev/null @@ -1 +0,0 @@ -update to new config scheme diff --git a/remote/modules/policykit-src/policykit.build b/remote/modules/policykit-src/policykit.build deleted file mode 100644 index 26d1e27a..00000000 --- a/remote/modules/policykit-src/policykit.build +++ /dev/null @@ -1,38 +0,0 @@ -#tool/distro specific functions for fetching, building and installing dependencies - - -fetch_source () { - download_untar "$URL" "src/" -} - -build () { - cd src/$VERSION - - [ ! -d "${MODULES_DIR}/systemd/build" ] && perror "systemd build directory not found. Build it first." - SYSTEMD_BUILD_DIR="${MODULES_DIR}/systemd/build" - pinfo "configuring..." - LIBSYSTEMD_LOGIN_LIBS="-L${SYSTEMD_BUILD_DIR}/usr/lib/" \ - LIBSYSTEMD_LOGIN_CFLAGS="-I${SYSTEMD_BUILD_DIR}/usr/include -I${SYSTEMD_BUILD_DIR}/usr/include/systemd -lsystemd-login -lsystemd-daemon" \ - ./configure --enable-libsystemd-login=yes --with-systemdsystemunitdir=/etc/systemd/system -prefix="/" --datarootdir="/usr/share" --enable-man-pages=no --enable-gtk-doc-html=no --enable-examples=no --enable-static=no - pinfo "calling make..." - make || perror "make failed." - [ ! -d "${MODULE_BUILD_DIR}" ] && mkdir -p "${MODULE_BUILD_DIR}" - pinfo "installing to ${MODULE_BUILD_DIR}..." - DESTDIR="${MODULE_BUILD_DIR}" make install || perror "make install failed..." - - COPYLIST="list_dpkg_output" - [ -e "$COPYLIST" ] && rm "$COPYLIST" - - list_packet_files >> "$COPYLIST" - tarcopy "$(cat "$COPYLIST" | sort -u)" "${MODULE_BUILD_DIR}" - - cd - -} - -post_copy() { - - #Add Polkit User/Group/Shadow to Stage3.2 - pinfo "Adding polkitd user to target system..." - add_user "polkitd" -} - diff --git a/remote/modules/policykit-src/policykit.conf b/remote/modules/policykit-src/policykit.conf deleted file mode 100644 index 3e74c383..00000000 --- a/remote/modules/policykit-src/policykit.conf +++ /dev/null @@ -1,10 +0,0 @@ -VERSION=polkit-0.110 -URL=http://www.freedesktop.org/software/polkit/releases/polkit-0.110.tar.gz -REQUIRED_INSTALLED_PACKAGES="libmozjs185-1.0" -REQUIRED_CONTENT_PACKAGES="libmozjs185-1.0" -REQUIRED_BINARIES="" -REQUIRED_DIRECTORIES="/bin /etc /lib /usr/share/dbus-1 /usr/share/polkit-1" -REQUIRED_FILES="" -REQUIRED_LIBRARIES="libmozjs185" -REQUIRED_MODULES="systemd" - diff --git a/remote/modules/policykit/data/etc/systemd/system/polkitd.service b/remote/modules/policykit/data/etc/systemd/system/polkitd.service deleted file mode 100644 index 2aeb3c48..00000000 --- a/remote/modules/policykit/data/etc/systemd/system/polkitd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Authenticate and Authorize Users to Run Privileged Tasks - -[Service] -Type=dbus -BusName=org.freedesktop.PolicyKit1 -ExecStart=%%POLKITD%% --no-debug diff --git a/remote/modules/policykit/policykit.build b/remote/modules/policykit/policykit.build deleted file mode 100644 index 52be1221..00000000 --- a/remote/modules/policykit/policykit.build +++ /dev/null @@ -1,24 +0,0 @@ -#tool/distro specific functions for fetching, building and installing dependencies - - -fetch_source () { - pinfo "Extracting from running system..." -} - -build () { - COPYLIST="$MODULE_DIR/list_dpkg_output" - [ -e "${COPYLIST}" ] && rm "${COPYLIST}" - - list_packet_files >> "${COPYLIST}" - tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" -} - -post_copy() { - COPYLIST="$MODULE_DIR/list_dpkg_output" - local POLPATH="$(grep '/polkitd$' "$COPYLIST" | head -1 | sed -e 's/[\/&]/\\&/g')" - [ -n "$POLPATH" ] && sed -i "s/%%POLKITD%%/${POLPATH}/g" "$TARGET_BUILD_DIR/etc/systemd/system/polkitd.service" - #Add Polkit User/Group/Shadow to Stage3.2 - pinfo "Adding polkitd user to target system..." - add_user "polkitd" -} - diff --git a/remote/modules/policykit/policykit.conf b/remote/modules/policykit/policykit.conf deleted file mode 100644 index d1f5269e..00000000 --- a/remote/modules/policykit/policykit.conf +++ /dev/null @@ -1,11 +0,0 @@ -REQUIRED_BINARIES="" -REQUIRED_DIRECTORIES=" - /etc/pam.d - /etc/dbus-1 - /etc/polkit-1 - /usr/bin - /usr/share/dbus-1 - /usr/share/polkit-1 -" -REQUIRED_FILES="" -REQUIRED_LIBRARIES="libmozjs185" diff --git a/remote/modules/policykit/policykit.conf.opensuse b/remote/modules/policykit/policykit.conf.opensuse deleted file mode 100644 index f0a7d385..00000000 --- a/remote/modules/policykit/policykit.conf.opensuse +++ /dev/null @@ -1,12 +0,0 @@ -REQUIRED_INSTALLED_PACKAGES=" - libmozjs185-1_0 -" -REQUIRED_CONTENT_PACKAGES=" - libmozjs185-1_0 - polkit -" -REQUIRED_BINARIES="" -REQUIRED_DIRECTORIES+=" - /usr/lib/polkit-1 -" -REQUIRED_FILES="" diff --git a/remote/modules/policykit/policykit.conf.ubuntu b/remote/modules/policykit/policykit.conf.ubuntu deleted file mode 100644 index 4bdd625d..00000000 --- a/remote/modules/policykit/policykit.conf.ubuntu +++ /dev/null @@ -1,13 +0,0 @@ -REQUIRED_INSTALLED_PACKAGES=" - libmozjs185-1.0 -" -REQUIRED_CONTENT_PACKAGES=" - libmozjs185-1.0 - policykit-1 -" -REQUIRED_BINARIES="" -REQUIRED_FILES="" -REQUIRED_DIRECTORIES+=" - /usr/lib/policykit-1 - /usr${ARCH_LIB_DIR}/polkit-1 -" diff --git a/remote/modules/polkit/data/etc/systemd/system/basic.target.wants/polkit.service b/remote/modules/polkit/data/etc/systemd/system/basic.target.wants/polkit.service new file mode 120000 index 00000000..b766f9ab --- /dev/null +++ b/remote/modules/polkit/data/etc/systemd/system/basic.target.wants/polkit.service @@ -0,0 +1 @@ +../polkit.service \ No newline at end of file diff --git a/remote/modules/polkit/polkit.build b/remote/modules/polkit/polkit.build new file mode 100644 index 00000000..eeae1e32 --- /dev/null +++ b/remote/modules/polkit/polkit.build @@ -0,0 +1,26 @@ +#tool/distro specific functions for fetching, building and installing dependencies + + +fetch_source () { + pinfo "Extracting from running system..." +} + +build () { + COPYLIST="$MODULE_DIR/list_dpkg_output" + [ -e "${COPYLIST}" ] && rm "${COPYLIST}" + + list_packet_files >> "${COPYLIST}" + tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" + local POLPATH=$(find "$MODULE_BUILD_DIR" -name polkitd -executable | head -n 1) + POLPATH="/${POLPATH#$MODULE_BUILD_DIR}" + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + sed "s,%POLKITD%,${POLPATH},g" "templates/systemd.service" > "$MODULE_BUILD_DIR/etc/systemd/system/polkit.service" || perror "Could not generate polkit.service for systemd" + sed "s,%POLKITD%,${POLPATH},g" "templates/dbus.service" > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service" || perror "Could not generate polkit.service for dbus" +} + +post_copy() { + #Add Polkit User/Group/Shadow to Stage3.2, required on opensuse + pinfo "Adding polkitd user to target system..." + add_user "polkitd" +} + diff --git a/remote/modules/polkit/polkit.conf b/remote/modules/polkit/polkit.conf new file mode 100644 index 00000000..97d4b892 --- /dev/null +++ b/remote/modules/polkit/polkit.conf @@ -0,0 +1,13 @@ +REQUIRED_DIRECTORIES=" + /etc/pam.d + /etc/polkit-1 + /usr/bin + /usr/share/polkit-1 + /etc/dbus-1/system.d +" +REQUIRED_FILES=" + /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service + /etc/systemd/system/polkit.service +" +REQUIRED_LIBRARIES="libmozjs185" + diff --git a/remote/modules/polkit/polkit.conf.opensuse b/remote/modules/polkit/polkit.conf.opensuse new file mode 100644 index 00000000..10cedbe9 --- /dev/null +++ b/remote/modules/polkit/polkit.conf.opensuse @@ -0,0 +1,11 @@ +REQUIRED_INSTALLED_PACKAGES=" + libmozjs185-1_0 +" +REQUIRED_CONTENT_PACKAGES=" + libmozjs185-1_0 + polkit +" +REQUIRED_DIRECTORIES+=" + /usr/lib/polkit-1 +" + diff --git a/remote/modules/polkit/polkit.conf.ubuntu b/remote/modules/polkit/polkit.conf.ubuntu new file mode 100644 index 00000000..76d31b9e --- /dev/null +++ b/remote/modules/polkit/polkit.conf.ubuntu @@ -0,0 +1,12 @@ +REQUIRED_INSTALLED_PACKAGES=" + libmozjs185-1.0 +" +REQUIRED_CONTENT_PACKAGES=" + libmozjs185-1.0 + policykit-1 +" +REQUIRED_DIRECTORIES+=" + /usr/lib/policykit-1 + /usr${ARCH_LIB_DIR}/polkit-1 +" + diff --git a/remote/modules/polkit/templates/dbus.service b/remote/modules/polkit/templates/dbus.service new file mode 100644 index 00000000..c9ee6c8b --- /dev/null +++ b/remote/modules/polkit/templates/dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.PolicyKit1 +Exec=%POLKITD% --no-debug +User=root +SystemdService=polkit.service + diff --git a/remote/modules/polkit/templates/systemd.service b/remote/modules/polkit/templates/systemd.service new file mode 100644 index 00000000..747fd7eb --- /dev/null +++ b/remote/modules/polkit/templates/systemd.service @@ -0,0 +1,8 @@ +[Unit] +Description=the cancer that is called PolKit + +[Service] +Type=dbus +BusName=org.freedesktop.PolicyKit1 +ExecStart=%POLKITD% --no-debug + diff --git a/remote/setup_target b/remote/setup_target index 9db5ba20..b783729f 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -355,25 +355,6 @@ post_process_target() { rm -r "${TARGET_BUILD_DIR}/lib/systemd" fi - # replace ck connector with fake one - # CAVE: On Scientific Lunux (6.4) and perhaps others: - # If include dbus/dbus-arch-deps.h is missing (file not found) either set a symb. link: - # /usr/include/dbus-1.0/dbus/dbus-arch-deps.h -> /usr/lib(64)/dbus-1.0/include/dbus/dbus-arch-deps.h - # or execute "pkg-config dbus-1 --cflags". - - local CK_LIBS=$(find "$TARGET_BUILD_DIR" -name "libck-connector.so*") - if [ -n "$CK_LIBS" ]; then - pinfo "Replacing libck-connector with dummy" - local SRC="$ROOT_DIR/remote/post-patch/ck-connector/fake-ck-connector.c" - local BIN="$ROOT_DIR/remote/post-patch/ck-connector/libck-connector.so" - if [ ! -s "$BIN" ]; then - gcc -O3 -shared -o "$BIN" "-I/usr/include/dbus-1.0" "-I/usr/lib/$ARCH_TRIPLET/dbus-1.0/include" "$SRC" || perror "Compiling fake libck-connector.so failed. Make sure libdbus-1-dev is installed." - fi - for OCCURENCE in $CK_LIBS; do - cp "$BIN" "$OCCURENCE" || perror "Frickeling ck-connector to $OCCURENCE failed." - done - fi - # figure out all relevant ld-paths pinfo "Running ldconfig" local LDTEMP="$TARGET_BUILD_DIR/ldconf-temp" diff --git a/remote/targets/stage32/consolekit b/remote/targets/stage32/consolekit new file mode 120000 index 00000000..261968c7 --- /dev/null +++ b/remote/targets/stage32/consolekit @@ -0,0 +1 @@ +../../modules/consolekit \ No newline at end of file diff --git a/remote/targets/stage32/polkit b/remote/targets/stage32/polkit new file mode 120000 index 00000000..0ad0b111 --- /dev/null +++ b/remote/targets/stage32/polkit @@ -0,0 +1 @@ +../../modules/polkit \ No newline at end of file -- cgit v1.2.3-55-g7522 From ae7b40545f85245d8325616aa789b726f3cd6756 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 3 Sep 2013 21:36:58 +0200 Subject: Add udisks module --- .../usr/share/polkit-1/rules.d/10-drives.rules | 6 ++++ .../modules/udisks/templates/udisks.dbus.service | 6 ++++ .../udisks/templates/udisks.systemd.service | 9 +++++ .../modules/udisks/templates/udisks2.dbus.service | 6 ++++ .../udisks/templates/udisks2.systemd.service | 9 +++++ remote/modules/udisks/udisks.build | 38 ++++++++++++++++++++++ remote/modules/udisks/udisks.conf | 14 ++++++++ remote/modules/udisks/udisks.conf.opensuse | 7 ++++ remote/modules/udisks/udisks.conf.ubuntu | 7 ++++ remote/modules/udisks/udisks.conf.ubuntu.12 | 7 ++++ remote/targets/stage32/udisks | 1 + 11 files changed, 110 insertions(+) create mode 100644 remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules create mode 100644 remote/modules/udisks/templates/udisks.dbus.service create mode 100644 remote/modules/udisks/templates/udisks.systemd.service create mode 100644 remote/modules/udisks/templates/udisks2.dbus.service create mode 100644 remote/modules/udisks/templates/udisks2.systemd.service create mode 100644 remote/modules/udisks/udisks.build create mode 100644 remote/modules/udisks/udisks.conf create mode 100644 remote/modules/udisks/udisks.conf.opensuse create mode 100644 remote/modules/udisks/udisks.conf.ubuntu create mode 100644 remote/modules/udisks/udisks.conf.ubuntu.12 create mode 120000 remote/targets/stage32/udisks diff --git a/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules b/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules new file mode 100644 index 00000000..72c4fb16 --- /dev/null +++ b/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules @@ -0,0 +1,6 @@ +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.udisks") == 0) { + return polkit.Result.YES; + } +}); + diff --git a/remote/modules/udisks/templates/udisks.dbus.service b/remote/modules/udisks/templates/udisks.dbus.service new file mode 100644 index 00000000..f48b064b --- /dev/null +++ b/remote/modules/udisks/templates/udisks.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.UDisks +Exec=%UDISKSD% --no-debug +User=root +SystemdService=udisks.service + diff --git a/remote/modules/udisks/templates/udisks.systemd.service b/remote/modules/udisks/templates/udisks.systemd.service new file mode 100644 index 00000000..d0c41438 --- /dev/null +++ b/remote/modules/udisks/templates/udisks.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Documentation=man:udisks(8) + +[Service] +Type=dbus +BusName=org.freedesktop.UDisks +ExecStart=%UDISKSD% --no-debug + diff --git a/remote/modules/udisks/templates/udisks2.dbus.service b/remote/modules/udisks/templates/udisks2.dbus.service new file mode 100644 index 00000000..2761a67c --- /dev/null +++ b/remote/modules/udisks/templates/udisks2.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.UDisks2 +Exec=%UDISKSD% --no-debug +User=root +SystemdService=udisks2.service + diff --git a/remote/modules/udisks/templates/udisks2.systemd.service b/remote/modules/udisks/templates/udisks2.systemd.service new file mode 100644 index 00000000..47105a71 --- /dev/null +++ b/remote/modules/udisks/templates/udisks2.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Documentation=man:udisks(8) + +[Service] +Type=dbus +BusName=org.freedesktop.UDisks2 +ExecStart=%UDISKSD% --no-debug + diff --git a/remote/modules/udisks/udisks.build b/remote/modules/udisks/udisks.build new file mode 100644 index 00000000..1e9e73b0 --- /dev/null +++ b/remote/modules/udisks/udisks.build @@ -0,0 +1,38 @@ + +fetch_source () { + : +} + +build () { + COPYLIST="list_dpkg_output" + rm -f "$COPYLIST" + + list_packet_files >> "$COPYLIST" + tarcopy "$(cat "$COPYLIST" | sort -u)" "$MODULE_BUILD_DIR" + if [ -d "$MODULE_BUILD_DIR/lib/udev" ]; then + cp -a "$MODULE_BUILD_DIR/lib/udev" "$MODULE_BUILD_DIR/usr/lib/" || perror "Could not move /lib/udev to /usr/lib/udev" + fi + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + local BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks2d -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd2 -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) + [ -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" + BINARY="/${BINARY#$MODULE_BUILD_DIR}" + if [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]]; then + # assume udisks v2 + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks2.service" || perror "Error creating dbus service for udisks2" + ln -s "../udisks2.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks2.service" + else + # assume udisks v1 + sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" + ln -s "../udisks.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks.service" + fi +} + +post_copy () { + : +} + diff --git a/remote/modules/udisks/udisks.conf b/remote/modules/udisks/udisks.conf new file mode 100644 index 00000000..8ef6f29c --- /dev/null +++ b/remote/modules/udisks/udisks.conf @@ -0,0 +1,14 @@ +# This module is a little special, as it's supposed to be compatible +# with udisks 1 and 2. suse 12.3 and ubuntu 13.04 use udisks2, ubuntu 12.04 +# uses udisks1. The build script looks a little hacky +REQUIRED_DIRECTORIES=" + /etc/dbus-1 + /usr/lib/udev/rules.d + /usr/share/dbus-1 + /usr/share/polkit-1 + /etc/systemd/system +" +REQUIRED_BINARIES=" + udisksd +" + diff --git a/remote/modules/udisks/udisks.conf.opensuse b/remote/modules/udisks/udisks.conf.opensuse new file mode 100644 index 00000000..abf12be7 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.opensuse @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks2 +" +REQUIRED_CONTENT_PACKAGES=" + udisks2 +" + diff --git a/remote/modules/udisks/udisks.conf.ubuntu b/remote/modules/udisks/udisks.conf.ubuntu new file mode 100644 index 00000000..abf12be7 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.ubuntu @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks2 +" +REQUIRED_CONTENT_PACKAGES=" + udisks2 +" + diff --git a/remote/modules/udisks/udisks.conf.ubuntu.12 b/remote/modules/udisks/udisks.conf.ubuntu.12 new file mode 100644 index 00000000..0b8690bd --- /dev/null +++ b/remote/modules/udisks/udisks.conf.ubuntu.12 @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks +" +REQUIRED_CONTENT_PACKAGES=" + udisks +" + diff --git a/remote/targets/stage32/udisks b/remote/targets/stage32/udisks new file mode 120000 index 00000000..06e7da5f --- /dev/null +++ b/remote/targets/stage32/udisks @@ -0,0 +1 @@ +../../modules/udisks \ No newline at end of file -- cgit v1.2.3-55-g7522 From 05f3937dd21a1af252b95f010256de757bec71ce Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 4 Sep 2013 13:06:59 +0200 Subject: [vbox] README file updated: systemd-udevd limitation ENV{DEVTYPE}=="usb_device" --- remote/modules/vbox/README | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README index 999f048f..94566785 100644 --- a/remote/modules/vbox/README +++ b/remote/modules/vbox/README @@ -1,4 +1,4 @@ -Notabene: +Patched scripts: Some virtualbox script are patched to accomodate some changes in system environment: As openSLX uses predominantly busybox, paths to busybox exe- @@ -11,3 +11,9 @@ to VBox. Please note these patched scripts are unlinked, thus solitary, please note there is also a (linked) scripts named VBoxManage (note capitals). It is therefore recommended to use the lower case version (vboxmanage). + +systemd capabilites: +The systemd-udevd compiled within the module systemd lacks a capability in +the environment variable DEVTYPE at least in regard to USB devices, so an +entry ENV{DEVTYPE}=="usb_device" in an udev rule file rule will not work. +This applies at least to systemd version 204. -- cgit v1.2.3-55-g7522 From 1ea4c3444c01e9fb0d237bdbce595370997bcccb Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:33:12 +0200 Subject: [polkit] Fix integration with gnome/udisks2, fixes usb mount on Ubuntu 13.04 --- remote/modules/polkit/polkit.conf.opensuse | 1 + remote/modules/polkit/polkit.conf.ubuntu | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/remote/modules/polkit/polkit.conf.opensuse b/remote/modules/polkit/polkit.conf.opensuse index 10cedbe9..e7c1f369 100644 --- a/remote/modules/polkit/polkit.conf.opensuse +++ b/remote/modules/polkit/polkit.conf.opensuse @@ -7,5 +7,6 @@ REQUIRED_CONTENT_PACKAGES=" " REQUIRED_DIRECTORIES+=" /usr/lib/polkit-1 + /var/lib/polkit " diff --git a/remote/modules/polkit/polkit.conf.ubuntu b/remote/modules/polkit/polkit.conf.ubuntu index 76d31b9e..eb2f88d1 100644 --- a/remote/modules/polkit/polkit.conf.ubuntu +++ b/remote/modules/polkit/polkit.conf.ubuntu @@ -4,9 +4,16 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libmozjs185-1.0 policykit-1 + policykit-desktop-privileges " REQUIRED_DIRECTORIES+=" /usr/lib/policykit-1 /usr${ARCH_LIB_DIR}/polkit-1 + /var/lib/polkit-1 +" +# Module specific: Root of dirstructs we need directly from system +REQUIRED_DIR_STRUCT=" + /var/lib/polkit-1 + /etc/polkit-1 " -- cgit v1.2.3-55-g7522 From 242c56ad189e4ce71811bcfaecd4dea42bd4fc04 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:34:44 +0200 Subject: [SERVER] Update stage4 filter --- server/blacklists/essential/console-kit | 8 -------- server/blacklists/essential/dbus | 4 +++- server/blacklists/essential/linux-extended | 1 + server/blacklists/essential/policykit | 7 +------ server/blacklists/x-autostart/xdg-autostart | 1 + 5 files changed, 6 insertions(+), 15 deletions(-) delete mode 100644 server/blacklists/essential/console-kit diff --git a/server/blacklists/essential/console-kit b/server/blacklists/essential/console-kit deleted file mode 100644 index a176cac9..00000000 --- a/server/blacklists/essential/console-kit +++ /dev/null @@ -1,8 +0,0 @@ -# Consolekit is removed and replaced by a dummy in stage32 -- console-kit* -- consolekit* -- libck-connector* -- *-ck-connector* -- *Console-Kit* -- *ConsoleKit* - diff --git a/server/blacklists/essential/dbus b/server/blacklists/essential/dbus index 42afc286..f8748c13 100644 --- a/server/blacklists/essential/dbus +++ b/server/blacklists/essential/dbus @@ -35,7 +35,8 @@ - dbus-1**org.freedesktop.Geoclue.* - dbus-1**org.gnome.zeitgeist.* - dbus-1**unity-lens-shopping.service -# systen-services +- dbus-1**org.freedesktop.UPower.* +# system-services - dbus-1**fi.epitest.hostap.WPASupplicant.service - dbus-1**fi.w1.wpa_supplicant1.service - dbus-1**org.freedesktop.hostname1.service @@ -44,4 +45,5 @@ - dbus-1**org.freedesktop.nm_dispatcher.service - dbus-1**org.freedesktop.systemd1.service - dbus-1**org.freedesktop.timedate1.service +- dbus-1**org.freedesktop.UPower.service diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended index d9d7ef97..ab39fda0 100644 --- a/server/blacklists/essential/linux-extended +++ b/server/blacklists/essential/linux-extended @@ -3,6 +3,7 @@ - /usr/src - /etc/init.d - /etc/init +- /etc/cups - /var/lib/init.d - /usr/share/upstart - /lib/systemd diff --git a/server/blacklists/essential/policykit b/server/blacklists/essential/policykit index 68ff5a44..c46a050a 100644 --- a/server/blacklists/essential/policykit +++ b/server/blacklists/essential/policykit @@ -1,7 +1,2 @@ -# Also get rid of polkit -- libpolkit* -- polkit* -- policykit* -- *PolicyKit* -- *PolKit* +- /usr/share/pol*/actions/org.freedesktop.upower.* diff --git a/server/blacklists/x-autostart/xdg-autostart b/server/blacklists/x-autostart/xdg-autostart index bd4dd467..64593d31 100644 --- a/server/blacklists/x-autostart/xdg-autostart +++ b/server/blacklists/x-autostart/xdg-autostart @@ -1,4 +1,5 @@ + /etc/xdg/autostart/**/ + /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - /etc/xdg/autostart/** -- cgit v1.2.3-55-g7522 From 69ffda539bf0540d6fd2ca7cc02d458c299ccffd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:36:27 +0200 Subject: [pam-freiburg] Add pam_ck_connector again Which is required by consolekit, which is required by policykit, which is required by udisks2, which is required to mount usb sticks etc. as normal user in a desktop session --- server/modules/pam-freiburg/etc/pam.d/common-session | 1 + 1 file changed, 1 insertion(+) diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 6182d470..1eb564a3 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -27,6 +27,7 @@ session required pam_permit.so session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_systemd.so +session optional pam_ck_connector.so nox11 session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale session optional pam_krb5.so minimum_uid=1000 -- cgit v1.2.3-55-g7522 From 18e92693d05a7fafffe76bb17fc4f58821fcc8c7 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:32:19 +0200 Subject: [systemd] README file annotated, ENV limitation --- remote/modules/systemd/README | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/remote/modules/systemd/README b/remote/modules/systemd/README index c374b45b..f84283d8 100644 --- a/remote/modules/systemd/README +++ b/remote/modules/systemd/README @@ -1,3 +1,12 @@ To activate debug level, add to units under [Service] this line - Environment=SYSTEMD_LOG_LEVEL=debug + +Note on systemd-versions: Some systemds below 204 (verified in +systemd-195) seem to need libpci-dev (or the openSuse equivalent). + + +Another note on our compiled systemd-udevd: +So far it has not been possible to reach a fully functional udev +system in view of the perceived systemd-udevd limitation about +evaluating the variable ENV{DEVTYPE}=="usb_device" in udev rule +scripts. -- cgit v1.2.3-55-g7522 From e8bc9219dedfa50c2938810969a4d5b072870985 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:37:09 +0200 Subject: [vbox] Readme further elaborated: systemd-udev-problem ENV. --- remote/modules/vbox/README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README index 94566785..41e7d219 100644 --- a/remote/modules/vbox/README +++ b/remote/modules/vbox/README @@ -16,4 +16,6 @@ systemd capabilites: The systemd-udevd compiled within the module systemd lacks a capability in the environment variable DEVTYPE at least in regard to USB devices, so an entry ENV{DEVTYPE}=="usb_device" in an udev rule file rule will not work. -This applies at least to systemd version 204. +This applies to several versions, tested so far 195, 204, 206. +In contrast to this a hand-copied distribution binary will work flawlessly +within the openSLX biotope. -- cgit v1.2.3-55-g7522 From 8207385adf5c505277bf51389ea21afa87c6f72a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:39:06 +0200 Subject: [vbox] CAVE, ugly hack: udev-rule without offending ENV{DEVTYPE}=="usb_device" limitation. --- remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules index f2b99721..a94f2165 100644 --- a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules +++ b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules @@ -1,6 +1,6 @@ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" SUBSYSTEM=="usb_device", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb_device", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -- cgit v1.2.3-55-g7522 From e5b2efb7de0e1f435445b0ec6bbdcbae5512a056 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 13:53:08 +0200 Subject: [rootfs-stage32] Fix issue indentation --- remote/rootfs/rootfs-stage32/templates/issue.template | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/templates/issue.template b/remote/rootfs/rootfs-stage32/templates/issue.template index e200c1c0..a79797ad 100644 --- a/remote/rootfs/rootfs-stage32/templates/issue.template +++ b/remote/rootfs/rootfs-stage32/templates/issue.template @@ -1,9 +1,9 @@ - WELCOME TO %space% \n (\l) - _____ ______ ______ __ __ _______ __ __ __ - / _ | _ | ___| | | | | ____| | | | | | - | | | | |_| | |_ | | | | |___ | | / / - | | | | ___/| _| | | ____ | | | | - | |_| | | | |___| | | | ____| | |___ / / - _____/|__| |______|__| |__| |_______|______|__| |__| - NG + WELCOME TO %space% \n (\l) + _____ ______ ______ __ __ _______ __ __ __ + / _ | _ | ___| | | | | ____| | | | | | + | | | | |_| | |_ | | | | |___ | | / / + | | | | ___/| _| | | ____ | | | | + | |_| | | | |___| | | | ____| | |___ / / + _____/|__| |______|__| |__| |_______|______|__| |__| - NG - %version% (c) + %version% (c) -- cgit v1.2.3-55-g7522 From f12607b990c7fea530b2c73d7bbb62a38f49d713 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 18:05:25 +0200 Subject: [stage4] Allow basic kde autostart files --- server/blacklists/x-autostart/kde-autostart | 5 +++++ server/modules/pam-freiburg/etc/pam.d/common-session | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/server/blacklists/x-autostart/kde-autostart b/server/blacklists/x-autostart/kde-autostart index 4d384303..131a8563 100644 --- a/server/blacklists/x-autostart/kde-autostart +++ b/server/blacklists/x-autostart/kde-autostart @@ -1,5 +1,10 @@ + /usr/share/autostart/**/ - /usr/share/autostart/** ++ /usr/share/autostart/kdesktop.desktop ++ /usr/share/autostart/krunner.desktop ++ /usr/share/autostart/plasma.desktop ++ /usr/share/autostart/plasma-desktop.desktop ++ /usr/share/autostart/polkit-kde-authentication-agent-1.desktop + /opt/kde3/share/autostart/**/ - /opt/kde3/share/autostart/** diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 1eb564a3..9a8b73e1 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -27,7 +27,7 @@ session required pam_permit.so session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_systemd.so -session optional pam_ck_connector.so nox11 +session optional pam_ck_connector.so session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale session optional pam_krb5.so minimum_uid=1000 -- cgit v1.2.3-55-g7522 From af2197204e8ee90e3f485a1a9af80a9371268adf Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 19:23:50 +0200 Subject: [udisks] Include udisks and udisks2 in Ubuntu 13.04 Apparently, Unity (and gnome?) use udisks2, while KDE depends on udisks1 .... --- .../udisks/templates/udisks2.systemd.service | 2 +- remote/modules/udisks/udisks.build | 37 +++++++++++++++------- remote/modules/udisks/udisks.conf.ubuntu | 27 ++++++++++++++++ remote/modules/udisks/udisks.conf.ubuntu.12 | 24 ++++++++++++++ 4 files changed, 78 insertions(+), 12 deletions(-) diff --git a/remote/modules/udisks/templates/udisks2.systemd.service b/remote/modules/udisks/templates/udisks2.systemd.service index 47105a71..d96bd69f 100644 --- a/remote/modules/udisks/templates/udisks2.systemd.service +++ b/remote/modules/udisks/templates/udisks2.systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Description=Gnomes bloated 1000 dependency monster aka Disk Manager 2 Documentation=man:udisks(8) [Service] diff --git a/remote/modules/udisks/udisks.build b/remote/modules/udisks/udisks.build index 1e9e73b0..ab9df016 100644 --- a/remote/modules/udisks/udisks.build +++ b/remote/modules/udisks/udisks.build @@ -13,26 +13,41 @@ build () { cp -a "$MODULE_BUILD_DIR/lib/udev" "$MODULE_BUILD_DIR/usr/lib/" || perror "Could not move /lib/udev to /usr/lib/udev" fi mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + local FOUND=no local BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd -executable | head -n 1) [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks2d -executable | head -n 1) [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd2 -executable | head -n 1) - [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) - [ -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" - BINARY="/${BINARY#$MODULE_BUILD_DIR}" - if [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]]; then + VER=none + if [ -n "$BINARY" ]; then + VER=udisks + [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]] && VER=udisks2 + create_udisks_service "$VER" "$BINARY" + FOUND=yes + fi + if [ "$VER" != "udisks" ]; then + BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) + [ "$VER" == "none" -a -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" + [ -n "$BINARY" ] && create_udisks_service "udisks" "$BINARY" + fi +} + +post_copy () { + : +} + +create_udisks_service () { + [ $# -ne 2 ] && perror "Call create_udisks_service with TWO params!" + local BINARY="/${2#$MODULE_BUILD_DIR}" + if [ "$1" == "udisks2" ]; then # assume udisks v2 - sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2 $BINARY" sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks2.service" || perror "Error creating dbus service for udisks2" ln -s "../udisks2.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks2.service" else # assume udisks v1 - sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks" - sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks $BINARY" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" ln -s "../udisks.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks.service" fi } -post_copy () { - : -} - diff --git a/remote/modules/udisks/udisks.conf.ubuntu b/remote/modules/udisks/udisks.conf.ubuntu index abf12be7..3d127619 100644 --- a/remote/modules/udisks/udisks.conf.ubuntu +++ b/remote/modules/udisks/udisks.conf.ubuntu @@ -1,7 +1,34 @@ REQUIRED_INSTALLED_PACKAGES=" + udisks udisks2 " REQUIRED_CONTENT_PACKAGES=" + udisks udisks2 " +# Add these for udisks 1 (required by kde) +REQUIRED_BINARIES+=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" diff --git a/remote/modules/udisks/udisks.conf.ubuntu.12 b/remote/modules/udisks/udisks.conf.ubuntu.12 index 0b8690bd..b962ec65 100644 --- a/remote/modules/udisks/udisks.conf.ubuntu.12 +++ b/remote/modules/udisks/udisks.conf.ubuntu.12 @@ -4,4 +4,28 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" udisks " +REQUIRED_BINARIES=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" -- cgit v1.2.3-55-g7522 From d23cb9a5363c163eb0a5141dc42af27cf439b945 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 6 Sep 2013 12:59:51 +0200 Subject: [export_target] Added two trailing slashes at mksquashfs calls. --- server/export_target | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/export_target b/server/export_target index 92b6fdcb..52f87942 100755 --- a/server/export_target +++ b/server/export_target @@ -57,7 +57,7 @@ generate_stage32() { local TOOL_STR="${TOOL_STR} generate_stage32:" rm -f "${SERVER_BOOT_DIR}/${TARGET}.sqfs" pinfo "Writing '${TARGET}.sqfs' to '${SERVER_BOOT_DIR}/${TARGET}.sqfs'" - mksquashfs "${SERVER_BUILD_DIR}/${TARGET}" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." + mksquashfs "${SERVER_BUILD_DIR}/${TARGET}/" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." pinfo "Created '${SERVER_BOOT_DIR}/${TARGET}.sqfs'." #pinfo "Wrapping squashFS in initramfs-stage32" #generate_initramfs "${SERVER_BOOT_DIR}/stage32_sqfs" "./mnt/${TARGET}.sqfs" "${SERVER_BOOT_DIR}/initramfs-${TARGET}" @@ -75,7 +75,7 @@ generate_addons() { local TOOL_STR="${TOOL_STR} generate_addons:" pinfo "Writing '${TARGET}.sqfs' to '${SERVER_BOOT_DIR}/${TARGET}.sqfs'" [ -e "${SERVER_BOOT_DIR}/${TARGET}.sqfs" ] && rm "${SERVER_BOOT_DIR}/${TARGET}.sqfs" - mksquashfs "${SERVER_BUILD_DIR}/${TARGET}" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." + mksquashfs "${SERVER_BUILD_DIR}/${TARGET}/" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." } generate_config() { -- cgit v1.2.3-55-g7522 From 6f9a7bdf5ccfaf2495938ff457de098f3ef7132d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 6 Sep 2013 13:02:15 +0200 Subject: [dnbd3] Remove invalid parameter from service file --- remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service b/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service index 97f6703d..8f737395 100644 --- a/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service +++ b/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service @@ -5,7 +5,6 @@ Before=shutdown.target DefaultDependencies=no [Service] -Type=service ExecStart=/opt/openslx/scripts/systemd-setup_dnbd3 ExecStop=/opt/openslx/bin/dnbd3-client --kill ExecStopPost=/bin/rm /var/run/dnbd3.socket -- cgit v1.2.3-55-g7522 From e07266a57fb0d932617c9cd26b948511d3ee8964 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 6 Sep 2013 15:18:35 +0200 Subject: [DEMOSERVER] Update install and update script - Check for updated scripts first, then update minilinux - Add defaults for NTP - Create pxe menuconfig in new format (config.tgz & addon support) - Minor tweaks and refactoring --- data/openslx-install | 2 + data/openslx-update | 182 ++++++++++++++++++++++++++++----------------------- 2 files changed, 103 insertions(+), 81 deletions(-) diff --git a/data/openslx-install b/data/openslx-install index b712aa3e..d511e88d 100755 --- a/data/openslx-install +++ b/data/openslx-install @@ -293,6 +293,8 @@ else # external NFS Server for VM Images is used. Disable NFS + Samba fi print "Dienste konfiguriert." +[ ! -e "/srv/openslx/www/config.tgz" ] && openslx-settings + # # ---- Create boottime system config ---- # diff --git a/data/openslx-update b/data/openslx-update index cb46b258..10ee3d7e 100755 --- a/data/openslx-update +++ b/data/openslx-update @@ -1,6 +1,6 @@ #!/bin/bash -### Funktionen ################################### +### Functions ################################### function print () { @@ -17,42 +17,104 @@ function warning () { echo -e "\033[01;33m$@\033[00m" } + +function download () +{ + [ $# -ne 2 ] && error "Script-Fehler: download (2 Params, habe $#!)" + # Download + wget -nv -O "$WWWDIR/$1" "$2" && DLFLAG=1 || { warning "Download von $2 fehlgeschlagen"; return 1; } + # Download md5 value + wget -nv -O "$WWWTEMP/$1.$CRCEXTENSION" "$2.$CRCEXTENSION" || { warning "Download von $2.$CRCEXTENSION fehlgeschlagen. Kann Dateiintegrität nicht prüfen."; return 0; } + # Check file checksums + if [ "$($CRCCOMMAND "$WWWDIR/$1" | cut -f 1 -d " ")" != "$(cat "$WWWTEMP/$1.$CRCEXTENSION")" ]; then + warning "$CRCCOMMAND: $WWWDIR/$1: Prüfsummendiskrepanz! Übertragungsfehler oder Laufwerk voll." + error "Beende Skript aufgrund Prüfsummendiskrepanz!" + else + print "Prüfsummencheck Datei $1 ok." + fi + return 0 +} -### Variablen ################################### +### Constants ################################### # Web MIRROR="http://mltk.boot.openslx.org" MIRRORDIR="files" -# Dateien und Verzeichnisse +# Files/Dirs PXEDIR="/srv/openslx/tftp/pxelinux.cfg" PXECONFIG="$PXEDIR/default" PXETEMPLATE="/opt/openslx/templates/pxemenu-header" -FILEPRAEFIX="openslx-" +FILEPREFIX="openslx-" WWWDIR="/srv/openslx/www" -SLXSCRIPTS="openslx-install openslx-update" SCRIPTPATH=$(dirname "$0") -SCRIPTBACKUPDIR=/root/backup -# Konfigurationsdateien +SCRIPTBACKUPDIR="/root/backup" SERVERDEFAULTS="/opt/openslx/server-defaults" -# Temporäres +LOCALINDEX="/opt/openslx/local_version" +WWWTEMP="/srv/openslx/www-temp" +# Other +SLXSCRIPTS="openslx-install openslx-update" +NOW=$(date +%Y%m%d) +# Temporary REMOTEINDEX=$(mktemp /tmp/mlversionXXX) LOCALINDEX="/opt/openslx/local_version" WWWTEMP="/srv/openslx/www-temp" +# Checksumming +CRCCOMMAND=md5sum +CRCEXTENSION=md5 +CRCLEN=32 +# Minimum free disk space +MINSPACE=409600 # 400MiB +### Variables ################################## DLFLAG=0 # if something was downloaded -# Vars zum Überladen LOCAL_STABLE=0 LOCAL_TESTING=0 -# Vars für Prüfsummen -CRCCOMMAND=md5sum -CRCEXTENSION=md5 -# Mindestens freier Plattenplatz in Kilobytes -MINSPACE=409600 # 400MB -# Allgemein -DATUM=$(date +%Y%m%d) -trap "{ rm -f $REMOTEINDEX $WWWTEMP/* $WWWDIR/*.$CRCEXTENSION; }" SIGINT SIGTERM EXIT +trap "{ rm -f \"$REMOTEINDEX\" \"$WWWTEMP\"/* \"$WWWDIR\"/*.\"$CRCEXTENSION\"; }" SIGINT SIGTERM EXIT -# Warnung ausgeben, wenn Raum für $WWWTEMP eventuell zu klein -if [ $(df -Pk $WWWTEMP|tail -1| tr -s ' '|cut -d " " -f 4) -lt $MINSPACE ]; then +mkdir -p "$WWWTEMP" + +# Update Scripts openslx-install and openslx-update, if possible. +if [ ! -d "$SCRIPTBACKUPDIR" ]; then + print "Erzeuge Sicherungsverzeichnis für Skripte $SCRIPTBACKUPDIR" + mkdir -p "$SCRIPTBACKUPDIR" || error "Kann Sicherungsverzeichnis für Skripte nicht erstellen!" +fi +print "Prüfe auf neue openslx-ng Script-Versionen..." +SLXCHANGED=no +for FILE in $SLXSCRIPTS; do + if ! wget -nv -O "$WWWTEMP/$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION"; then + warning "Fehler bei Update-Prüfung für $FILE" + continue + fi + CRCVALNEW=$(cat "$WWWTEMP/$FILE.$CRCEXTENSION" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]') + CRCVALOLD=$($CRCCOMMAND "$SCRIPTPATH/$FILE" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]') + if [ "${#CRCVALNEW}" -ne "$CRCLEN" ]; then + warning "Fehler beim herunterladen der Prüfsumme von $FILE - erwartewte Länge $CRCLEN, tatsächliche Länge ${#CRCVALNEW}" + continue + fi + if [ "$CRCVALNEW" == "$CRCVALOLD" ]; then + print "$SCRIPTPATH/$FILE - kein Update notwendig." + continue + fi + wget -nv -O "$WWWTEMP/$FILE" "$MIRROR/$MIRRORDIR/$FILE" + if [ "$($CRCCOMMAND "$WWWTEMP/$FILE" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]')" != "$CRCVALNEW" ]; then + warning "$SCRIPTPATH/$FILE konnte nicht upgedatet werden ($CRCEXTENSION-Fehler)!" + continue + fi + print "$SCRIPTPATH/$FILE wird upgedatet - $CRCEXTENSION ok." + print "Alte Version $SCRIPTPATH/$FILE gesichert nach: $SCRIPTBACKUPDIR/$FILE.$NOW." + mv "$SCRIPTPATH/$FILE" "$SCRIPTBACKUPDIR/$FILE.$NOW" + chmod u+x "$WWWTEMP/$FILE" # wget doesn't set exec :) + mv "$WWWTEMP/$FILE" "$SCRIPTPATH" + SLXCHANGED=yes +done +if [ "$SLXCHANGED" == "yes" ]; then + print "OpenSLX-Scripte aktualisiert. Starte neu..." + $0 $@ + RET=$? + exit $RET +fi + +# Warn if there's not enough space left... +if [ "$(df -Pk "$WWWDIR" | tail -1 | tr -s ' ' | cut -d " " -f 4)" -lt "$MINSPACE" ]; then warning "Achtung: Eventuell zu wenig freier Speicherplatz verfügbar." fi @@ -64,7 +126,7 @@ fi print "" print "Lade Liste aktuell verfügbarer Versionen..." -wget -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Releases nicht herunterladen." +wget -nv -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Releases nicht herunterladen." . "$REMOTEINDEX" || error "Liste verfügbarer Releases Fehlerhaft (konnte $REMOTEINDEX nicht sourcen)" # Regenerate pxemenu @@ -72,10 +134,7 @@ wget -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Relea cp "$PXETEMPLATE" "$PXECONFIG" ERR=$?; [ $ERR -ne 0 ] && error "Kann PXE-Vorlage nicht umkopieren!" -mkdir -p "$WWWTEMP" -print "Kopiere bestehende Dateien sicherheitshalber um..." -cp -p "$WWWDIR/$FILEPRAEFIX"* "$WWWTEMP/" -ERR=$?; [ $ERR -ne 0 ] && error "Kann bestehende Dateien nicht nach $WWWTEMP kopieren!" +mv "$WWWDIR/$FILEPREFIX"* "$WWWTEMP/" for REL in ${!AVAILABLE_*}; do BRANCH="${REL#AVAILABLE_}" @@ -85,35 +144,25 @@ for REL in ${!AVAILABLE_*}; do for FILE in ${!REL}; do # Handle pxelinux.cfg if [[ "$FILE" == kernel* ]]; then - KERNEL="KERNEL http://$SLX_LOCAL_ADDR/$FILEPRAEFIX$FILE" + KERNEL="KERNEL http://$SLX_LOCAL_ADDR/$FILEPREFIX$FILE" else if [ -z "$PXELINE" ]; then PXELINE="INITRD " else PXELINE+="," fi - PXELINE+="http://$SLX_LOCAL_ADDR/$FILEPRAEFIX$FILE" + PXELINE+="http://$SLX_LOCAL_ADDR/$FILEPREFIX$FILE" fi # If file is available locally, don't download again - if [ -s "$WWWTEMP/$FILEPRAEFIX$FILE" ]; then - continue + if [ -s "$WWWTEMP/$FILEPREFIX$FILE" ]; then + mv "$WWWTEMP/$FILEPREFIX$FILE" "$WWWDIR/" && continue + warning "Konnte bestehende Datei $WWWTEMP/$FILEPREFIX$FILE nicht nach $WWWDIR/ verschieben, lade erneut herunter..." fi # Download - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" && DLFLAG=1 || { warning "Could not download $FILE"; continue; } - # Download md5 value - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION" \ - || { warning "Could not download $FILE.$CRCEXTENSION!"; continue; } - # check file checksums - if [ $($CRCCOMMAND "$WWWTEMP/$FILEPRAEFIX$FILE"|cut -f 1 -d " ") != "$(cat $WWWTEMP/$FILEPRAEFIX$FILE.$CRCEXTENSION)" ]; then - warning "$CRCCOMMAND: $FILE: checksum mismatch! Transmission error or disk full." - warning "$CRCCOMMAND: $FILE: Prüfsummendiskrepanz! Übertragungsfehler oder Laufwerk voll." - error "Beende Skript aufgrund Prüfsummendiskrepanz!" - else - print "Prüfsummencheck Datei $FILE ok." - fi + download "$FILEPREFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" done if [ -z "$PXELINE" -o -z "$KERNEL" ]; then - warning "Incomplete entry. KERNEL or INITRD missing." + warning "Unvollständiger Eintrag. KERNEL oder INITRD fehlen." continue fi # Append to pxeconfig @@ -123,57 +172,28 @@ for REL in ${!AVAILABLE_*}; do echo " $KERNEL" >> "$PXECONFIG" echo " $PXELINE" >> "$PXECONFIG" echo " IPAPPEND 3" >> "$PXECONFIG" - echo " APPEND slxconfig=http://$SLX_LOCAL_ADDR/config" >> "$PXECONFIG" - # Extra files (e.g. vmplayer in it's own sqfs that gets downloaded later) + echo " APPEND slxsrv=$SLX_LOCAL_ADDR slxbase=/" >> "$PXECONFIG" + # Extra files (e.g. vmplayer in its own sqfs that gets downloaded later) EXTRA="${BRANCH}_EXTRA" for FILE in ${!EXTRA}; do # If file is available locally, don't download again - if [ -s "$WWWTEMP/$FILEPRAEFIX$FILE" ]; then - # mv "$WWWTEMP/$FILEPRAEFIX$FILE" "$WWWDIR/" - continue + if [ -s "$WWWTEMP/$FILEPREFIX$FILE" ]; then + mv "$WWWTEMP/$FILEPREFIX$FILE" "$WWWDIR/" && continue + warning "Konnte bestehende Datei $WWWTEMP/$FILEPREFIX$FILE nicht nach $WWWDIR/ verschieben, lade erneut herunter..." fi # Download - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" || warning "Could not download $FILE" + download "$FILEPREFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" done done # If we are here, then we can assume everything went either right, or at least no fatal error happened. -# So, we will move the stuff in $WWWTEMP to $WWWDIR. if [ "$DLFLAG" -ne 0 ]; then - print "Alles scheint ok - Bewege neue Abbilder zum Webserver." - mv "$WWWTEMP/"* "$WWWDIR/" - print "Neue Abbilder bewegt." + print "Alles scheint ok." else - print "Keine Abbilder heruntergeladen - leere temporäres Verzeichnis $WWWTEMP." - rm -f "$WWWTEMP/"* + print "Keine neuen Abbilder heruntergeladen." fi +rm -f "$WWWTEMP/"* + +exit 0 -# Update Scripts openslx-install and openslx-update, if possible. -if [ ! -d "$SCRIPTBACKUPDIR" ]; then - print "Erzeuge Sicherungsverzeichnis für Skripte $SCRIPTBACKUPDIR" - mkdir -p "$SCRIPTBACKUPDIR" || error "Kann Sicherungsverzeichnis für Skripte nicht erstellen!" -fi - -for FILE in $SLXSCRIPTS; do - wget -O "$WWWTEMP/$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION" - CRCVALNEW=$(cat "$WWWTEMP/$FILE.$CRCEXTENSION"|cut -f 1 -d " ") - CRCVALOLD=$($CRCCOMMAND "$SCRIPTPATH/$FILE"|cut -f 1 -d " ") - if [ "$CRCVALNEW" == "$CRCVALOLD" ]; then - print "$SCRIPTPATH/$FILE - kein Update notwendig." - continue - else - wget -O "$WWWTEMP/$FILE" "$MIRROR/$MIRRORDIR/$FILE" - if [ $($CRCCOMMAND "$WWWTEMP/$FILE"|cut -f 1 -d " ") != "$CRCVALNEW" ]; then - warning "$SCRIPTPATH/$FILE konnte nicht upgedatet werden ($CRCEXTENSION-Fehler)!" - continue - else - print "$SCRIPTPATH/$FILE wird upgedatet - $CRCEXTENSION ok." - print "Alte Version $SCRIPTPATH/$FILE gesichert nach: $SCRIPTBACKUPDIR/$FILE.$DATUM." - mv "$SCRIPTPATH/$FILE" "$SCRIPTBACKUPDIR/$FILE.$DATUM" - chmod u+x "$WWWTEMP/$FILE" # sonst wg. wget keine exec-bit - mv "$WWWTEMP/$FILE" "$SCRIPTPATH" - fi - fi -done -exit 0 -- cgit v1.2.3-55-g7522 From 9e0740c95c2999872b8cc5fa9c06a22280894ebd Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 6 Sep 2013 16:40:35 +0200 Subject: [vbox] two unneeded files deleted --- remote/modules/vbox/data/opt/openslx/bin/vmplayer | 15 --------------- remote/modules/vbox/data/opt/openslx/bin/vmware | 11 ----------- 2 files changed, 26 deletions(-) delete mode 100755 remote/modules/vbox/data/opt/openslx/bin/vmplayer delete mode 100755 remote/modules/vbox/data/opt/openslx/bin/vmware diff --git a/remote/modules/vbox/data/opt/openslx/bin/vmplayer b/remote/modules/vbox/data/opt/openslx/bin/vmplayer deleted file mode 100755 index 147f514f..00000000 --- a/remote/modules/vbox/data/opt/openslx/bin/vmplayer +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# radically simplified version of the original script vmplayer by VMware Inc. -PREFIX=/usr/lib/vmware # depends on the vmware location - -# HACK: Let the OpenGL driver report s3tc capability even if not present, so 3D will be enabled -export force_s3tc_enable=true - -exec "$PREFIX"'/lib/wrapper-gtk24.sh' \ - "$PREFIX"'/lib' \ - "$PREFIX"'/bin/vmplayer' \ - "$PREFIX"'/libconf' "$@" - - - - diff --git a/remote/modules/vbox/data/opt/openslx/bin/vmware b/remote/modules/vbox/data/opt/openslx/bin/vmware deleted file mode 100755 index 1fe9b11d..00000000 --- a/remote/modules/vbox/data/opt/openslx/bin/vmware +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# radically simplified version of the original script vmplayer by VMware Inc. -PREFIX=/usr/lib/vmware # depends on the vmware location -exec "$PREFIX"'/lib/wrapper-gtk24.sh' \ - "$PREFIX"'/lib' \ - "$PREFIX"'/bin/vmware' \ - "$PREFIX"'/libconf' "$@" - - - - -- cgit v1.2.3-55-g7522 From 307a58f0fd755e334beb541198820adf10040466 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 14:42:55 +0200 Subject: [debug] Added logger to opensuse conf --- remote/modules/debug/debug.conf.opensuse | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/debug/debug.conf.opensuse b/remote/modules/debug/debug.conf.opensuse index b7971956..e4306fc3 100644 --- a/remote/modules/debug/debug.conf.opensuse +++ b/remote/modules/debug/debug.conf.opensuse @@ -8,4 +8,5 @@ REQUIRED_INSTALLED_PACKAGES=" " REQUIRED_BINARIES+=" fonts-config + logger " -- cgit v1.2.3-55-g7522 From 345fec22096b2af5e06451d85b4d9b0cb4eeff2d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:23:11 +0200 Subject: [vbox] Full udev rule with ENV{DEVTYPE}=="usb_device", see README! --- remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules index a94f2165..f2b99721 100644 --- a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules +++ b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules @@ -1,6 +1,6 @@ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" SUBSYSTEM=="usb_device", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb_device", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -SUBSYSTEM=="usb", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -- cgit v1.2.3-55-g7522 From 6c38b9214baf971339de86d1834a79f47f431622 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:28:46 +0200 Subject: [vbox] Amended README-File: Cave: systemd-udevd restart. --- remote/modules/vbox/README | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README index 41e7d219..142bce5e 100644 --- a/remote/modules/vbox/README +++ b/remote/modules/vbox/README @@ -12,10 +12,19 @@ please note there is also a (linked) scripts named VBoxManage (note capitals). It is therefore recommended to use the lower case version (vboxmanage). + systemd capabilites: + The systemd-udevd compiled within the module systemd lacks a capability in the environment variable DEVTYPE at least in regard to USB devices, so an entry ENV{DEVTYPE}=="usb_device" in an udev rule file rule will not work. + This applies to several versions, tested so far 195, 204, 206. In contrast to this a hand-copied distribution binary will work flawlessly within the openSLX biotope. + +It does not seem possible right now to circumvent this problem, as this kind +of problem seems to be unknown even irc/systemd development group. So as a +workaround the systemd-udevd will be restarted in addon-init. But the danger +of losing queue messages needs to be kept in mind, and if a solution arises, +the udevd restart line should be deleted. -- cgit v1.2.3-55-g7522 From 34f0648fbf1989604ae1cff8428cbce68efc926d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:30:45 +0200 Subject: [vbox] addon-init: systemd-udevd gets restarted now. Cave: Queued message loss possible. --- remote/modules/vbox/data/addon-init | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/remote/modules/vbox/data/addon-init b/remote/modules/vbox/data/addon-init index 0c77c3fc..d3c3fa47 100755 --- a/remote/modules/vbox/data/addon-init +++ b/remote/modules/vbox/data/addon-init @@ -11,3 +11,7 @@ fi systemctl daemon-reload systemctl start vbox.service + +# this seems to be necessary due to the misbehaviour of udevd +# in view of the undetected ENV dev_type +systemctl restart systemd-udevd -- cgit v1.2.3-55-g7522 From 5478dd8d9b011da7d8c65901228cce99d7af320d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 18:59:48 +0200 Subject: [branding-freiburg] New config module: Add UniFR logo in /etc/, for now used by kdm theme --- server/configs/freiburg/branding-freiburg | 1 + server/modules/branding-freiburg/etc/branding.svg | 1277 +++++++++++++++++++++ 2 files changed, 1278 insertions(+) create mode 120000 server/configs/freiburg/branding-freiburg create mode 100644 server/modules/branding-freiburg/etc/branding.svg diff --git a/server/configs/freiburg/branding-freiburg b/server/configs/freiburg/branding-freiburg new file mode 120000 index 00000000..174dca3e --- /dev/null +++ b/server/configs/freiburg/branding-freiburg @@ -0,0 +1 @@ +../../modules/branding-freiburg \ No newline at end of file diff --git a/server/modules/branding-freiburg/etc/branding.svg b/server/modules/branding-freiburg/etc/branding.svg new file mode 100644 index 00000000..fbefc54a --- /dev/null +++ b/server/modules/branding-freiburg/etc/branding.svg @@ -0,0 +1,1277 @@ + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3-55-g7522 From 187c92e4134d5bda3f8cb8d748514a81fde3dce4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 19:50:13 +0200 Subject: [german] Try to make locale-gen logic a little smarter --- remote/modules/german/german.build | 15 ++++++++++----- remote/modules/german/german.conf | 3 +-- remote/modules/german/german.conf.opensuse | 12 +++++++++--- remote/modules/german/german.conf.ubuntu | 4 ++++ 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/remote/modules/german/german.build b/remote/modules/german/german.build index 6327815f..c8795254 100644 --- a/remote/modules/german/german.build +++ b/remote/modules/german/german.build @@ -3,12 +3,17 @@ fetch_source() { } build() { - # Make sure uncompressed locales are present, so we can fetch german utf8 - # Cave: locale-gen is debian/ubunto-specific, so other distris _must_ have /usr/lib/locale/de_DE.utf8! - if [ ! -d "/usr/lib/locale/de_DE.utf8" ]; then + # Debian-like + if [ -e "/etc/locale.gen" ] && ! grep -q -E '^\s*de_DE\.UTF-8' "/etc/locale.gen"; then pinfo "Generating locales..." - locale-gen --purge --no-archive || perror "Could not run locale-gen" - [ ! -d "/usr/lib/locale/de_DE.utf8" ] && perror "locale-gen was executed, but de_DE.utf8 does not exist." + echo 'de_DE.UTF-8 UTF-8' >> "/etc/locale.gen" + locale-gen || perror "Could not generate locales (debian style)" + fi + # Ubuntu's version + if [ -d "/var/lib/locales/supported.d" ] && ! grep -q -E -r '^\s*de_DE\.UTF-8' "/var/lib/locales/supported.d"; then + pinfo "Generating locales..." + echo 'de_DE.UTF-8 UTF-8' >> "/var/lib/locales/supported.d/openslx" + locale-gen "de_DE.UTF-8" || perror "Could not generate locales (ubuntu style)" fi # Put everything we build or get from the system in build dir diff --git a/remote/modules/german/german.conf b/remote/modules/german/german.conf index c79b8ded..e2f82123 100644 --- a/remote/modules/german/german.conf +++ b/remote/modules/german/german.conf @@ -1,6 +1,5 @@ REQUIRED_BINARIES="" REQUIRED_FILES="" REQUIRED_DIRECTORIES=" - /usr/lib/locale/de_DE.utf8 - /usr/share/X11 + /usr/share/X11 " diff --git a/remote/modules/german/german.conf.opensuse b/remote/modules/german/german.conf.opensuse index 015adfe2..1a4a4558 100644 --- a/remote/modules/german/german.conf.opensuse +++ b/remote/modules/german/german.conf.opensuse @@ -1,7 +1,13 @@ REQUIRED_INSTALLED_PACKAGES=" - libX11-data - glibc-locale" + libX11-data + glibc-locale +" REQUIRED_CONTENT_PACKAGES=" - libX11-data" + libX11-data +" +REQUIRED_DIRECTORIES+=" + /usr/lib/locale/de_DE.UTF-8 +" REQUIRED_BINARIES="" REQUIRED_FILES="" + diff --git a/remote/modules/german/german.conf.ubuntu b/remote/modules/german/german.conf.ubuntu index 28e3d966..02262276 100644 --- a/remote/modules/german/german.conf.ubuntu +++ b/remote/modules/german/german.conf.ubuntu @@ -5,3 +5,7 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libX11-data " +REQUIRED_DIRECTORIES+=" + /usr/lib/locale/de_DE.UTF-8 +" + -- cgit v1.2.3-55-g7522 From a3b435f6a1582b3b63ffbd4ad703e3ec893be62e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 19:55:15 +0200 Subject: [mltk] Add pkg-config to required dev-tools, add "exit 1" to qnd_exit just in case... --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index 73de3601..67b5e663 100755 --- a/mltk +++ b/mltk @@ -28,6 +28,7 @@ qnd_exit() { unset_quiet kill "$MLTK_PID" [ $# -ge 1 ] && kill "$1" + exit 1 } # source all helper functions files that are found under helper/*.inc -- cgit v1.2.3-55-g7522 From f6b40a165bc05ff43fafe11c8b1efb96b8a6a6c8 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:05:21 +0200 Subject: [helper/fileutil] Fix error handling in install_packages --- helper/fileutil.inc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/helper/fileutil.inc b/helper/fileutil.inc index abab7903..9f5c110f 100644 --- a/helper/fileutil.inc +++ b/helper/fileutil.inc @@ -91,7 +91,7 @@ install_packages() { if [ "x$LRET" == "x0" ]; then # package installed pdebug "$PKG installed!" - elif [ "x$LRET" == "x1" ]; then + else # package not installed pdebug "$PKG not installed!" if [ "x$PACKET_MANAGER" == "xapt" ]; then @@ -100,10 +100,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: apt-get failed with '$?' for package '$PKG'" + perror "install_packages: apt-get failed with '$IRET' for package '$PKG'" fi elif [ "x$PACKET_MANAGER" == "xzypper" ]; then zypper --no-refresh --non-interactive install ${PKG} @@ -111,10 +111,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: zypper failed with '$?' for package '$PKG'" + perror "install_packages: zypper failed with '$IRET' for package '$PKG'" fi elif [ "x$PACKET_MANAGER" == "xyum" ]; then yum --assumeyes install ${PKG} @@ -122,10 +122,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: yum failed with '$?' for package '$PKG'" + perror "install_packages: yum failed with '$IRET' for package '$PKG'" fi else perror "No packet manager determined, this should not happen!" -- cgit v1.2.3-55-g7522 From 95bfa5e889d8df6d38639a39eb811110b0ab1e49 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:24:45 +0200 Subject: [polkit] FIX: Actually take REQUIRED_DIR_STRUCT into account --- remote/modules/polkit/polkit.build | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/remote/modules/polkit/polkit.build b/remote/modules/polkit/polkit.build index eeae1e32..151da8a8 100644 --- a/remote/modules/polkit/polkit.build +++ b/remote/modules/polkit/polkit.build @@ -6,10 +6,9 @@ fetch_source () { } build () { - COPYLIST="$MODULE_DIR/list_dpkg_output" - [ -e "${COPYLIST}" ] && rm "${COPYLIST}" - - list_packet_files >> "${COPYLIST}" + local COPYLIST="$MODULE_DIR/list_dpkg_output" + list_packet_files > "$COPYLIST" + [ -n "$REQUIRED_DIR_STRUCT" ] && find $REQUIRED_DIR_STRUCT -type d >> "$COPYLIST" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" local POLPATH=$(find "$MODULE_BUILD_DIR" -name polkitd -executable | head -n 1) POLPATH="/${POLPATH#$MODULE_BUILD_DIR}" -- cgit v1.2.3-55-g7522 From 8bd765048310215733833ff16d6f13aa2126fe8f Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:47:11 +0200 Subject: [nscd] Remove "netgroup" from nscd.conf as it is not available in all nscd versions --- remote/modules/nscd/data/etc/nscd.conf | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/remote/modules/nscd/data/etc/nscd.conf b/remote/modules/nscd/data/etc/nscd.conf index 863a6f50..c4e23686 100644 --- a/remote/modules/nscd/data/etc/nscd.conf +++ b/remote/modules/nscd/data/etc/nscd.conf @@ -78,13 +78,3 @@ shared services yes max-db-size services 33554432 -# netgroup caching is known-broken, so disable it in the default config, -# see: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1068889 - enable-cache netgroup no - positive-time-to-live netgroup 28800 - negative-time-to-live netgroup 20 - suggested-size netgroup 211 - check-files netgroup yes - persistent netgroup yes - shared netgroup yes - max-db-size netgroup 33554432 -- cgit v1.2.3-55-g7522 From c4bdc2d98cc458c0e885e6f314650779882b1b10 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 12:07:22 +0200 Subject: [mltk] Actually really add pkg-config ( fixes commit:a3b435f6a1 ) --- mltk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mltk b/mltk index 67b5e663..d705df50 100755 --- a/mltk +++ b/mltk @@ -92,7 +92,7 @@ print_usage() { check_devtools() { # Checking for needed development tools, compilers etc. # Required: m4 make gcc g++ binutils - DEVTOOLS="gcc c++ g++ make m4 strip git depmod patch mksquashfs" # 'strip' as marker for binutils + DEVTOOLS="gcc c++ g++ make m4 strip git depmod patch mksquashfs pkg-config" # 'strip' as marker for binutils for i in $DEVTOOLS; do which "$i" 2>/dev/null 1>&2 || { echo "Essential development tool $i not found - exiting."; exit 1; } done -- cgit v1.2.3-55-g7522 From ebd3438d281f3e2577bdcfb54f20dce006185203 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:04:54 +0200 Subject: [debug] Config tweaks --- remote/modules/debug/debug.conf | 2 +- remote/modules/debug/debug.conf.ubuntu | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 7b040326..9ce39476 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -7,7 +7,7 @@ REQUIRED_BINARIES=" nano fc-cache fc-query - xset + @xset locale su file diff --git a/remote/modules/debug/debug.conf.ubuntu b/remote/modules/debug/debug.conf.ubuntu index f455b152..3b9c032a 100644 --- a/remote/modules/debug/debug.conf.ubuntu +++ b/remote/modules/debug/debug.conf.ubuntu @@ -1,6 +1,7 @@ REQUIRED_INSTALLED_PACKAGES=" curl ltrace + strace nano fontconfig fonts-config -- cgit v1.2.3-55-g7522 From 8bce876f73162f053bfb04ea062592387aca6e30 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:05:54 +0200 Subject: [kdm] Clean up config files --- remote/modules/kdm/kdm.conf | 3 +++ remote/modules/kdm/kdm.conf.opensuse | 19 ++++------------ remote/modules/kdm/kdm.conf.ubuntu | 43 +++++++++++++++++------------------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/remote/modules/kdm/kdm.conf b/remote/modules/kdm/kdm.conf index 92dd47d7..2778a2bc 100644 --- a/remote/modules/kdm/kdm.conf +++ b/remote/modules/kdm/kdm.conf @@ -8,6 +8,7 @@ REQUIRED_DIRECTORIES=" /etc/dbus-1 " REQUIRED_LIBRARIES="" +# non-standard vars REQUIRED_SYSTEM_FILES=" /usr/share/icons/oxygen/16x16/actions/system-reboot.png /usr/share/icons/oxygen/16x16/actions/system-shutdown.png @@ -15,3 +16,5 @@ REQUIRED_SYSTEM_FILES=" /usr/share/icons/oxygen/index.theme /usr/share/icons/default.kde4/index.theme " +# Ignore these libs even if output by ldd +REQUIRED_LDD_BLACKLIST="\|libQtWebKit\|libGL" diff --git a/remote/modules/kdm/kdm.conf.opensuse b/remote/modules/kdm/kdm.conf.opensuse index d3c0044b..832baf9c 100644 --- a/remote/modules/kdm/kdm.conf.opensuse +++ b/remote/modules/kdm/kdm.conf.opensuse @@ -1,21 +1,10 @@ REQUIRED_INSTALLED_PACKAGES=" - kdm + kdm " REQUIRED_CONTENT_PACKAGES=" - kdm - kde4-kgreeter-plugins + kdm + kde4-kgreeter-plugins " -REQUIRED_BINARIES="" REQUIRED_DIRECTORIES+=" - /usr/$LIB64/kde4 -" -REQUIRED_FILES="" -REQUIRED_LIBRARIES="" -#non-standard vars -REQUIRED_SYSTEM_FILES=" - /usr/share/icons/oxygen/16x16/actions/system-reboot.png - /usr/share/icons/oxygen/16x16/actions/system-shutdown.png - /usr/share/icons/oxygen/16x16/actions/dialog-cancel.png - /usr/share/icons/oxygen/index.theme - /usr/share/icons/default.kde4/index.theme + /usr/$LIB64/kde4 " diff --git a/remote/modules/kdm/kdm.conf.ubuntu b/remote/modules/kdm/kdm.conf.ubuntu index 7119bf6f..b91d00e0 100644 --- a/remote/modules/kdm/kdm.conf.ubuntu +++ b/remote/modules/kdm/kdm.conf.ubuntu @@ -1,32 +1,29 @@ REQUIRED_INSTALLED_PACKAGES=" - kdm - kde-workspace-kgreet-plugins + kdm + kde-workspace-kgreet-plugins " REQUIRED_CONTENT_PACKAGES=" - kdm - kde-workspace-kgreet-plugins - libicu48 - libxcursor1 - libxrandr2 - libxfixes3 - libxinerama1 - libxi6 + kdm + kde-workspace-kgreet-plugins + libicu48 + libxcursor1 + libxrandr2 + libxfixes3 + libxinerama1 + libxi6 " -REQUIRED_BINARIES="" REQUIRED_DIRECTORIES+=" - /usr/lib - /etc/pam.d - /etc/logrotate.d - /etc/insserv.conf.d - /etc/kde4/kdm + /usr/lib + /etc/pam.d + /etc/logrotate.d + /etc/insserv.conf.d + /etc/kde4/kdm " -REQUIRED_FILES="" -REQUIRED_LIBRARIES="" # non-standard vars REQUIRED_SYSTEM_FILES+=" - /usr/share/kde4/apps/kdm/pics/shutdown.png - /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf - /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf - /usr/share/icons/default/index.theme + /usr/share/kde4/apps/kdm/pics/shutdown.png + /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf + /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf + /usr/share/icons/default/index.theme " -REQUIRED_LDD_BLACKLIST="\|libQtWebKit\|libGL" + -- cgit v1.2.3-55-g7522 From dcb91e97e6126ba9a768612b0d9f0bb1ea872b86 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:07:00 +0200 Subject: [rootfs-stage32] (ubuntu) add ntpdate to required installed packages --- remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu index cfc5b128..2d97ce18 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu @@ -3,6 +3,7 @@ REQUIRED_INSTALLED_PACKAGES=" squashfs-tools whois xfsprogs + ntpdate " REQUIRED_DIRECTORIES=" /lib/xtables -- cgit v1.2.3-55-g7522 From 39dfc1b11e8dacba1b1464a4fea36555486cbfa7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:07:53 +0200 Subject: * Add debian support * --- remote/modules/alsa/alsa.conf.debian | 5 +++ remote/modules/beamer/beamer.conf.debian | 6 +++ remote/modules/consolekit/consolekit.conf.debian | 2 + remote/modules/dbus/dbus.conf.debian | 9 ++++ remote/modules/debug/debug.conf.debian | 8 ++++ remote/modules/dnbd3/dnbd3.conf.debian | 7 ++++ remote/modules/german/german.conf.debian | 11 +++++ remote/modules/kdm/kdm.conf.debian | 28 +++++++++++++ remote/modules/nscd/nscd.conf.debian | 6 +++ remote/modules/openbox/openbox.conf.debian | 15 +++++++ remote/modules/pam/pam.conf.debian | 49 ++++++++++++++++++++++ remote/modules/plymouth/plymouth.conf.debian | 7 ++++ remote/modules/polkit/polkit.conf.debian | 19 +++++++++ remote/modules/redsocks/redsocks.conf.debian | 3 ++ remote/modules/rsyslogd/rsyslogd.conf.debian | 6 +++ remote/modules/systemd/systemd.conf.debian | 13 ++++++ remote/modules/udisks/udisks.conf.debian | 32 ++++++++++++++ remote/modules/vmchooser/vmchooser.conf.debian | 4 ++ remote/modules/xorg/xorg.conf.debian | 41 ++++++++++++++++++ .../rootfs-stage32/rootfs-stage32.conf.debian | 14 +++++++ 20 files changed, 285 insertions(+) create mode 100644 remote/modules/alsa/alsa.conf.debian create mode 100644 remote/modules/beamer/beamer.conf.debian create mode 100644 remote/modules/consolekit/consolekit.conf.debian create mode 100644 remote/modules/dbus/dbus.conf.debian create mode 100644 remote/modules/debug/debug.conf.debian create mode 100644 remote/modules/dnbd3/dnbd3.conf.debian create mode 100644 remote/modules/german/german.conf.debian create mode 100644 remote/modules/kdm/kdm.conf.debian create mode 100644 remote/modules/nscd/nscd.conf.debian create mode 100644 remote/modules/openbox/openbox.conf.debian create mode 100644 remote/modules/pam/pam.conf.debian create mode 100644 remote/modules/plymouth/plymouth.conf.debian create mode 100644 remote/modules/polkit/polkit.conf.debian create mode 100644 remote/modules/redsocks/redsocks.conf.debian create mode 100644 remote/modules/rsyslogd/rsyslogd.conf.debian create mode 100644 remote/modules/systemd/systemd.conf.debian create mode 100644 remote/modules/udisks/udisks.conf.debian create mode 100644 remote/modules/vmchooser/vmchooser.conf.debian create mode 100644 remote/modules/xorg/xorg.conf.debian create mode 100644 remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian diff --git a/remote/modules/alsa/alsa.conf.debian b/remote/modules/alsa/alsa.conf.debian new file mode 100644 index 00000000..b1f9f0e2 --- /dev/null +++ b/remote/modules/alsa/alsa.conf.debian @@ -0,0 +1,5 @@ +REQUIRED_CONTENT_PACKAGES=" + alsa-utils + alsa-base + libasound2 +" diff --git a/remote/modules/beamer/beamer.conf.debian b/remote/modules/beamer/beamer.conf.debian new file mode 100644 index 00000000..459dd079 --- /dev/null +++ b/remote/modules/beamer/beamer.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + zenity +" +REQUIRED_CONTENT_PACKAGES=" + zenity +" diff --git a/remote/modules/consolekit/consolekit.conf.debian b/remote/modules/consolekit/consolekit.conf.debian new file mode 100644 index 00000000..c0fffffa --- /dev/null +++ b/remote/modules/consolekit/consolekit.conf.debian @@ -0,0 +1,2 @@ +REQUIRED_CONTENT_PACKAGES="consolekit" + diff --git a/remote/modules/dbus/dbus.conf.debian b/remote/modules/dbus/dbus.conf.debian new file mode 100644 index 00000000..d007c2ef --- /dev/null +++ b/remote/modules/dbus/dbus.conf.debian @@ -0,0 +1,9 @@ +REQUIRED_CONTENT_PACKAGES=" + dbus +" +REQUIRED_DIRECTORIES+=" + /lib/systemd +" +REQUIRED_FILES=" + /etc/default/dbus +" diff --git a/remote/modules/debug/debug.conf.debian b/remote/modules/debug/debug.conf.debian new file mode 100644 index 00000000..3b9c032a --- /dev/null +++ b/remote/modules/debug/debug.conf.debian @@ -0,0 +1,8 @@ +REQUIRED_INSTALLED_PACKAGES=" + curl + ltrace + strace + nano + fontconfig + fonts-config +" diff --git a/remote/modules/dnbd3/dnbd3.conf.debian b/remote/modules/dnbd3/dnbd3.conf.debian new file mode 100644 index 00000000..c26fd833 --- /dev/null +++ b/remote/modules/dnbd3/dnbd3.conf.debian @@ -0,0 +1,7 @@ +REQUIRED_CONTENT_PACKAGES=" + cmake +" + +REQUIRED_INSTALLED_PACKAGES=" + cmake +" diff --git a/remote/modules/german/german.conf.debian b/remote/modules/german/german.conf.debian new file mode 100644 index 00000000..b41764e0 --- /dev/null +++ b/remote/modules/german/german.conf.debian @@ -0,0 +1,11 @@ +REQUIRED_INSTALLED_PACKAGES=" + libX11-data + language-pack-de +" +REQUIRED_CONTENT_PACKAGES=" + libX11-data +" +REQUIRED_DIRECTORIES+=" + /usr/lib/locale +" + diff --git a/remote/modules/kdm/kdm.conf.debian b/remote/modules/kdm/kdm.conf.debian new file mode 100644 index 00000000..da0df913 --- /dev/null +++ b/remote/modules/kdm/kdm.conf.debian @@ -0,0 +1,28 @@ +REQUIRED_INSTALLED_PACKAGES=" + kdm + kde-workspace-kgreet-plugins +" +REQUIRED_CONTENT_PACKAGES=" + kdm + kde-workspace-kgreet-plugins + libicu48 + libxcursor1 + libxrandr2 + libxfixes3 + libxinerama1 + libxi6 +" +REQUIRED_DIRECTORIES+=" + /usr/lib + /etc/pam.d + /etc/logrotate.d + /etc/insserv.conf.d + /etc/kde4/kdm +" +# non-standard vars +REQUIRED_SYSTEM_FILES+=" + /usr/share/kde4/apps/kdm/pics/shutdown.png + /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf + /usr/share/icons/default/index.theme +" + diff --git a/remote/modules/nscd/nscd.conf.debian b/remote/modules/nscd/nscd.conf.debian new file mode 100644 index 00000000..4a61cc19 --- /dev/null +++ b/remote/modules/nscd/nscd.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + nscd +" +REQUIRED_CONTENT_PACKAGES=" + nscd +" diff --git a/remote/modules/openbox/openbox.conf.debian b/remote/modules/openbox/openbox.conf.debian new file mode 100644 index 00000000..b10bd40d --- /dev/null +++ b/remote/modules/openbox/openbox.conf.debian @@ -0,0 +1,15 @@ +REQUIRED_INSTALLED_PACKAGES=" + openbox + libpango1.0-0 + libpango1.0-dev + libdbus-1-dev +" +REQUIRED_CONTENT_PACKAGES=" + openbox + libpango1.0-0 + libpango1.0-dev + libdbus-1-dev +" +REQUIRED_DIRECTORIES+=" + /usr/lib +" diff --git a/remote/modules/pam/pam.conf.debian b/remote/modules/pam/pam.conf.debian new file mode 100644 index 00000000..278c36be --- /dev/null +++ b/remote/modules/pam/pam.conf.debian @@ -0,0 +1,49 @@ +REQUIRED_INSTALLED_PACKAGES=" + libpam-ldap + libnss-ldap + libpam-ck-connector + libpam-cap + krb5-user + krb5-config + libpam-krb5 + libssl-dev + ldap-utils + libnfsidmap2 + nfs-common + libpam0g-dev + ncpfs +" +REQUIRED_CONTENT_PACKAGES=" + libpam0g + libpam-modules + libpam-ck-connector + libpam-cap + libldap-2.4-2 + libpam-ldap + libnss-ldap + krb5-user + krb5-config + libpam-krb5 + ldap-utils + libnfsidmap2 + nfs-common + ncpfs +" +REQUIRED_BINARIES+=" + nwmsg + ncpmount + ncpumount + mount.ncp + mount.ncpfs +" +REQUIRED_DIRECTORIES+=" + /lib + /usr/lib +" +REQUIRED_SYSTEM_FILES+=" + /etc/pam.conf + /etc/default/locale + /lib/security + /lib/${ARCH_TRIPLET}/security + /sbin/mkhomedir_helper +" diff --git a/remote/modules/plymouth/plymouth.conf.debian b/remote/modules/plymouth/plymouth.conf.debian new file mode 100644 index 00000000..0c6e00a4 --- /dev/null +++ b/remote/modules/plymouth/plymouth.conf.debian @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + libpng-dev + libpango1.0-dev + libcairo-dev + libgtk2.0-dev + libdrm-dev +" diff --git a/remote/modules/polkit/polkit.conf.debian b/remote/modules/polkit/polkit.conf.debian new file mode 100644 index 00000000..5684a504 --- /dev/null +++ b/remote/modules/polkit/polkit.conf.debian @@ -0,0 +1,19 @@ +REQUIRED_INSTALLED_PACKAGES=" + libmozjs185-1.0 + policykit-1 +" +REQUIRED_CONTENT_PACKAGES=" + libmozjs185-1.0 + policykit-1 +" +REQUIRED_DIRECTORIES+=" + /usr/lib/policykit-1 + /usr/lib/${ARCH_TRIPLET}/polkit-1 + /var/lib/polkit-1 +" +# Module specific: Root of dirstructs we need directly from system +REQUIRED_DIR_STRUCT=" + /var/lib/polkit-1 + /etc/polkit-1 +" + diff --git a/remote/modules/redsocks/redsocks.conf.debian b/remote/modules/redsocks/redsocks.conf.debian new file mode 100644 index 00000000..da41b04e --- /dev/null +++ b/remote/modules/redsocks/redsocks.conf.debian @@ -0,0 +1,3 @@ +REQUIRED_INSTALLED_PACKAGES=" + libevent-dev +" diff --git a/remote/modules/rsyslogd/rsyslogd.conf.debian b/remote/modules/rsyslogd/rsyslogd.conf.debian new file mode 100644 index 00000000..79aba761 --- /dev/null +++ b/remote/modules/rsyslogd/rsyslogd.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_CONTENT_PACKAGES=" + rsyslog +" +REQUIRED_DIRECTORIES=" + /usr/lib/rsyslog +" diff --git a/remote/modules/systemd/systemd.conf.debian b/remote/modules/systemd/systemd.conf.debian new file mode 100644 index 00000000..2768b51c --- /dev/null +++ b/remote/modules/systemd/systemd.conf.debian @@ -0,0 +1,13 @@ +REQUIRED_INSTALLED_PACKAGES=" + intltool + gperf + dbus + pkg-config + libcap-dev + libudev-dev + libdbus-1-dev + xsltproc + libblkid-dev + libacl1-dev + libpam-dev +" diff --git a/remote/modules/udisks/udisks.conf.debian b/remote/modules/udisks/udisks.conf.debian new file mode 100644 index 00000000..c32a5f24 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.debian @@ -0,0 +1,32 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks +" +REQUIRED_CONTENT_PACKAGES=" + udisks +" +# Override: Only udisks1 is available +REQUIRED_BINARIES=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" + diff --git a/remote/modules/vmchooser/vmchooser.conf.debian b/remote/modules/vmchooser/vmchooser.conf.debian new file mode 100644 index 00000000..2953ac63 --- /dev/null +++ b/remote/modules/vmchooser/vmchooser.conf.debian @@ -0,0 +1,4 @@ +REQUIRED_INSTALLED_PACKAGES=" + cmake + libqt4-dev +" diff --git a/remote/modules/xorg/xorg.conf.debian b/remote/modules/xorg/xorg.conf.debian new file mode 100644 index 00000000..a3be908f --- /dev/null +++ b/remote/modules/xorg/xorg.conf.debian @@ -0,0 +1,41 @@ +REQUIRED_CONTENT_PACKAGES=" + xserver-xorg$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-core$UBUNTU_XORG_PKG_SUFFIX + libgl1-mesa-dri$UBUNTU_XORG_PKG_SUFFIX + libgl1-mesa-glx$UBUNTU_XORG_PKG_SUFFIX + xkb-data + x11-xkb-utils + x11-xserver-utils + xserver-xorg-input-evdev$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-input-mouse$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-input-vmmouse$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-ati$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-mga$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-sis$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-radeon$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-sisusb$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-openchrome$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-savage$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-trident$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-mach64$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-siliconmotion$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-cirrus$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-r128$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-neomagic$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-geode$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-s3$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-tdfx$UBUNTU_XORG_PKG_SUFFIX +" +REQUIRED_BINARIES+=" + xkbcomp +" +REQUIRED_DIRECTORIES+=" + /usr/lib +" +REQUIRED_FILES="" diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian new file mode 100644 index 00000000..4b80623f --- /dev/null +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian @@ -0,0 +1,14 @@ +REQUIRED_INSTALLED_PACKAGES=" + nfs-common + squashfs-tools + whois + xfsprogs + ntpdate + firmware-linux-free +" +REQUIRED_DIRECTORIES=" + /lib/xtables +" +REQUIRED_FILES+=" + /etc/X11/app-defaults/Xvidtune +" -- cgit v1.2.3-55-g7522 From 15bcbeb8693198aef0a17738b6e58d98a7095b65 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:34:18 +0200 Subject: [debug] Remove nonsense from config --- remote/modules/debug/debug.conf.debian | 1 - remote/modules/debug/debug.conf.ubuntu | 1 - 2 files changed, 2 deletions(-) diff --git a/remote/modules/debug/debug.conf.debian b/remote/modules/debug/debug.conf.debian index 3b9c032a..00bfea2c 100644 --- a/remote/modules/debug/debug.conf.debian +++ b/remote/modules/debug/debug.conf.debian @@ -4,5 +4,4 @@ REQUIRED_INSTALLED_PACKAGES=" strace nano fontconfig - fonts-config " diff --git a/remote/modules/debug/debug.conf.ubuntu b/remote/modules/debug/debug.conf.ubuntu index 3b9c032a..00bfea2c 100644 --- a/remote/modules/debug/debug.conf.ubuntu +++ b/remote/modules/debug/debug.conf.ubuntu @@ -4,5 +4,4 @@ REQUIRED_INSTALLED_PACKAGES=" strace nano fontconfig - fonts-config " -- cgit v1.2.3-55-g7522 From 24f945442088064ba5a8add0e47f3c17ee03d95c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:36:33 +0200 Subject: [german] language-pack-de doesn't exist on debian --- remote/modules/german/german.conf.debian | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/german/german.conf.debian b/remote/modules/german/german.conf.debian index b41764e0..a43faea2 100644 --- a/remote/modules/german/german.conf.debian +++ b/remote/modules/german/german.conf.debian @@ -1,6 +1,5 @@ REQUIRED_INSTALLED_PACKAGES=" libX11-data - language-pack-de " REQUIRED_CONTENT_PACKAGES=" libX11-data -- cgit v1.2.3-55-g7522 From a26521eb4189e5aaa699fb5d603b69ab6909a640 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:39:41 +0200 Subject: [plymouth] Fix config variable naming --- remote/modules/plymouth/plymouth.build | 7 +++---- remote/modules/plymouth/plymouth.conf | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/remote/modules/plymouth/plymouth.build b/remote/modules/plymouth/plymouth.build index e46541f3..67b7734e 100644 --- a/remote/modules/plymouth/plymouth.build +++ b/remote/modules/plymouth/plymouth.build @@ -1,14 +1,13 @@ #!/bin/bash fetch_source() { - download_untar "$URL" "src/" + download_untar "$REQUIRED_URL" "src/" } build() { - cd src/$VERSION + cd "src/$REQUIRED_VERSION" pinfo "Running configure" - - ./configure --enable-systemd-integration --disable-gtk --disable-static --prefix="$PREFIX"|| perror "failed." + ./configure --enable-systemd-integration --disable-gtk --disable-static --prefix="$REQUIRED_PREFIX"|| perror "failed." pinfo "Running make" make || perror "failed" pinfo "Running make install" diff --git a/remote/modules/plymouth/plymouth.conf b/remote/modules/plymouth/plymouth.conf index d9acf6a3..887d8ef6 100644 --- a/remote/modules/plymouth/plymouth.conf +++ b/remote/modules/plymouth/plymouth.conf @@ -1,6 +1,6 @@ -VERSION=plymouth-0.8.6.1 -URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 -PREFIX="/usr" +REQUIRED_VERSION=plymouth-0.8.6.1 +REQUIRED_URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 +REQUIRED_PREFIX="/usr" REQUIRED_BINARIES=" plymouth plymouthd -- cgit v1.2.3-55-g7522 From 30db2daeac1877148518972765f1d18073e8c022 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:42:46 +0200 Subject: Fix fix --- remote/modules/plymouth/plymouth.conf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/remote/modules/plymouth/plymouth.conf b/remote/modules/plymouth/plymouth.conf index 887d8ef6..d8827529 100644 --- a/remote/modules/plymouth/plymouth.conf +++ b/remote/modules/plymouth/plymouth.conf @@ -1,15 +1,15 @@ -REQUIRED_VERSION=plymouth-0.8.6.1 -REQUIRED_URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 +REQUIRED_VERSION="plymouth-0.8.6.1" +REQUIRED_URL="http://www.freedesktop.org/software/plymouth/releases/${REQUIRED_VERSION}.tar.bz2" REQUIRED_PREFIX="/usr" REQUIRED_BINARIES=" plymouth plymouthd " REQUIRED_DIRECTORIES=" - $PREFIX/bin - $PREFIX/etc - $PREFIX/lib - $PREFIX/sbin - $PREFIX/var/lib - $PREFIX/var/spool + $REQUIRED_PREFIX/bin + $REQUIRED_PREFIX/etc + $REQUIRED_PREFIX/lib + $REQUIRED_PREFIX/sbin + $REQUIRED_PREFIX/var/lib + $REQUIRED_PREFIX/var/spool " -- cgit v1.2.3-55-g7522 From a35c9913317f627a2712705263416becf15b6ad9 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:50:18 +0200 Subject: [vmchooser] Fix config variable naming --- remote/modules/vmchooser/vmchooser.build | 10 +++++----- remote/modules/vmchooser/vmchooser.conf | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/remote/modules/vmchooser/vmchooser.build b/remote/modules/vmchooser/vmchooser.build index 7d78f508..9a9d6d63 100644 --- a/remote/modules/vmchooser/vmchooser.build +++ b/remote/modules/vmchooser/vmchooser.build @@ -1,14 +1,14 @@ #!/bin/bash fetch_source() { - git clone "${GIT}" src + git clone "${REQUIRED_GIT}" src } build() { - SRCDIR="${MODULE_DIR}/src/" + local SRCDIR="${MODULE_DIR}/src/" - [ ! -d "${MODULE_BUILD_DIR}/${PREFIX}" ] && mkdir -p "${MODULE_BUILD_DIR}/${PREFIX}" - cd "${MODULE_BUILD_DIR}/${PREFIX}" + [ ! -d "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" ] && mkdir -p "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" + cd "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" # patch globals.cpp and globals.h to use standardised paths /opt/openslx/... sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"/g' "${SRCDIR}"/src/globals.h @@ -22,7 +22,7 @@ build() { sed -i 's/^#define VMCHOOSER_VMPATH.*/#define VMCHOOSER_VMPATH "\/mnt\/vmstore"/g' "${SRCDIR}"/src/globals.h pinfo "Running cmake" - cmake $CMAKE_ARGS $SRCDIR || perror "'cmake $CMAKE_ARGS $SRCDIR' failed." + cmake "$SRCDIR" || perror "'cmake $SRCDIR' failed." make || perror "'make' failed." cd - &> /dev/null diff --git a/remote/modules/vmchooser/vmchooser.conf b/remote/modules/vmchooser/vmchooser.conf index 182d65a0..686eb8bf 100644 --- a/remote/modules/vmchooser/vmchooser.conf +++ b/remote/modules/vmchooser/vmchooser.conf @@ -1,3 +1,3 @@ -GIT=git://git.openslx.org/openslx/tools/vmchooser.git -PREFIX="/opt/openslx/bin" +REQUIRED_GIT="git://git.openslx.org/openslx/tools/vmchooser.git" +REQUIRED_PREFIX="/opt/openslx/bin" REQUIRED_BINARIES="vmchooser" -- cgit v1.2.3-55-g7522 From 89d8ef3c5c7c83affd26eb992130ed3690bcaf8a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:50:53 +0200 Subject: [setup_target] Check config files for invalid variable names --- remote/setup_target | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/remote/setup_target b/remote/setup_target index b783729f..04af2158 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -74,6 +74,7 @@ read_config () { # sanity checks [ ! -e "${MODULE_CONFIG}" ] && perror "Config for '$MODULE' not found." + validate_config "$MODULE_CONFIG" # source the config file . "${MODULE_CONFIG}" || perror "Sourcing '${MODULE_CONFIG}' failed." # sanity checks - no distribution specific things in the global config @@ -85,13 +86,24 @@ read_config () { for FILE in $SYS_VERSIONS; do if [ -e "${MODULE_CONFIG}.${FILE}" ]; then # a specific tool.conf seems to exist, use it to override/extend certain vars - . "${MODULE_CONFIG}.${FILE}" || perror "Sourcing '${MODULE_CONFIG}.${PACKET_MANAGER}' failed." + validate_config "${MODULE_CONFIG}.${FILE}" + . "${MODULE_CONFIG}.${FILE}" || perror "Sourcing '${MODULE_CONFIG}.${FILE}' failed." pinfo "Sourced distribution specific ${MODULE_CONFIG}.${FILE}" break fi done } +validate_config () { + local INVALID=$(grep -h -E -o '^\s*\w+=' "$1" | grep -v -E '^\s*REQUIRED_') + [ -z "$INVALID" ] && return 0 + local i + for i in $INVALID; do + pwarning "Invalid variable $i" + done + perror "$1 contains invalid variables. All variables must start with REQUIRED_" +} + # # generic function to read the build script of the current $MODULE # -- cgit v1.2.3-55-g7522 From 8fd841480e9fe36fa58b458bdae8de684dd78373 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 14:55:17 +0200 Subject: [vbox] Standardization for run-virt --- .../opt/openslx/etc/virtualbox/run-virt.include | 642 +++++++++++++++++++++ 1 file changed, 642 insertions(+) create mode 100755 remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include diff --git a/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include new file mode 100755 index 00000000..b755133f --- /dev/null +++ b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include @@ -0,0 +1,642 @@ +# run-virt.include +# ----------------------------------------------------------------------------- +# Copyright (c) 2009..2012 - RZ Uni Freiburg +# Copyright (c) 2009..2013 - OpenSLX GmbH +# +# This program is free software distributed under the GPL version 2. +# See http://openslx.org/COPYING +# +# If you have any feedback please consult http://openslx.org/feedback and +# send your suggestions, praise, or complaints to feedback@openslx.org +# +# General information about OpenSLX can be found at http://openslx.org/ +# ----------------------------------------------------------------------------- +# run-virt.include +# - component for vmware/player of the vmchooser plugin run-virt.sh +################################################################################ + +# configuration writer functions +################################################################################ + +function clean_string () +{ + if [ "$#" -ge 1 ]; then + echo "$@" | tr '[A-Z]' '[a-z]' | tr -d '\t _./' + else + cat - | tr '[A-Z]' '[a-z]' | tr -d '\t _./' + fi +} + +vmostype=$(clean_string "$vmostype") + +runvmwareconfheader () +{ + echo "# This configuration file was generated by $0" > "$conffile" + + MAXMEM="9999999" + MAXCORES="256" + + # check for the ostype + # 1) memory limits + case "$vmostype" in + win31*|windows31*) + MAXMEM="32" + vmostype="win31" + ;; + winnt*|windowsnt*) + MAXMEM="1000" + vmostype="winnt" + ;; + win95*|windows95*) + MAXMEM="96" + vmostype="win95" + ;; + win98*|windows98*) + MAXMEM="384" + vmostype="win98" + ;; + winme*|windowsme*) + MAXMEM="384" + vmostype="winme" + ;; + win2000|windows2000|win2000pro*) + MAXMEM="4000" + vmostype="win2000pro" + ;; + win2000srv*|windows2000srv*|win2000serv*|windows2000serv*) + MAXMEM="4000" + vmostype="win2000serv" + ;; + win2000adv*|windows2000adv*|win2000dat*|windows2000dat*) + MAXMEM="8000" + vmostype="win2000advserv" + ;; + winnet*64|win*2003*64|windowsnet*64) + MAXMEM="8000" + vmostype="winnetstandard-64" + ;; + winnet*|win*2003*|windowsnet*) + MAXMEM="4000" + vmostype="winnetstandard" + ;; + winxphome*|windowsxphome*) + MAXMEM="4000" + vmostype="winxphome" + ;; + winxp*64|windowsxp*64) + MAXMEM="8000" + vmostype="winxppro-64" + ;; + winxp*|windowsxp*) + MAXMEM="4000" + vmostype="winxppro" + ;; + winvista*64|windowsvista*64) + MAXMEM="16000" + vmostype="winvista-64" + ;; + winvista*|windowsvista*) + MAXMEM="8000" + vmostype="winvista" + ;; + win7*64|windows7*64) + MAXMEM="32000" + vmostype="windows7-64" + ;; + win7*|windows7*) + MAXMEM="8000" + vmostype="windows7" + ;; + win*64) + MAXMEM="16000" + ;; + win*) + MAXMEM="8000" + ;; + dos|msdos*|ms-dos*) + MAXMEM="128" + vmostype="dos" + ;; + *64) + MAXMEM="123456" + ;; + *) + MAXMEM="8000" + ;; + esac + + # 2) other hardware + capabilities + shfolders="FALSE" + case "$vmostype" in + win31) + MAXCORES="1" + sound="sb16" + ;; + winnt) + MAXCORES="2" + sound="sb16" + ;; + win95|win98|winme) + MAXCORES="1" + ;; + win2000pro) # Don't know if Win 2000 supports shared folders, disabled to be safe + MAXCORES="2" + ;; + win2000serv) + MAXCORES="4" + ;; + win2000advserv) + MAXCORES="8" + ;; + winxphome) + MAXCORES="1" + shfolders="TRUE" + ;; + winxp*|winvista*|windows7*) + shfolders="TRUE" + ;; + winnet*) + shfolders="TRUE" + ;; + linux*|ubuntu*|suse*|debian*) + shfolders="TRUE" + ;; + macos*64) + MAXCORES="2" + vmostype="freebsd-64" + ;; + macos*) + MAXCORES="1" + vmostype="freebsd" + ;; + beos*) + vmostype="other" + ;; + # Unknown guestOS setting in .xml - use conservative defaults + *64) + vmostype="other-64" + ;; + *) + vmostype="other" + ;; + esac + + svga_autodetect="TRUE" + + real_core_count="$cpu_cores" + [ "$cpu_cores" -gt "$MAXCORES" ] && cpu_cores="$MAXCORES" + # It currently makes no sense to set the virtual number of cores + # to a different value than the virtual number of cores per virtual CPU. + cores_per_socket="$cpu_cores" + + if [ "x$shfolders" != "xFALSE" ]; then + ENABLE_SHARE='sharedFolder.option = "alwaysEnabled"' + else + ENABLE_SHARE='' + fi + + [ "$mem" -ge "$MAXMEM" ] && mem="$MAXMEM" + [ "$hwver" -lt "7" -a "$mem" -gt "3500" ] && mem="3500" + + cap3d="WHAT IS THIS VAR USED FOR?" # helper var for loging output + + cat >> "$conffile" </dev/null 2>&1 +} + +preferencesheader () +{ + cat > "$vmhome/preferences" <> "$vmhome/preferences" <> "$vmhome/preferences" </dev/null 2>&1 +mkdir -p "$confdir" >/dev/null 2>&1 +mkdir -p "$vmhome/dndlogs" >/dev/null 2>&1 +touch "$vmhome/dndlogs/dndlog.conf" >/dev/null 2>&1 + +# create preferences +preferencesheader + +# create VMware startup file +runvmwareconfheader + +# link to conffile if confdir != redodir +ln -s "$conffile" "$redodir/run-vmware.conf" >/dev/null 2>&1 + +# sync is needed to ensure that data is really written to virtual disk +sync + +# own nvram. We need it for floppy drive b, default nvram has just drive a +# TODO: optimize, currently kinda inefficient, too much copys, but we +# don't know which one is installed... +cp "/opt/openslx/etc/vmware/nvram" "$confdir/nvram" 2>/dev/null + + +# logging and stdout +################################################################################ + +# log script information +writelog "# File created by $0 (VMversion ${vmversion})\n# on $(date)\n" +## Edited for persistent mode. +writelog "Starting with ${diskmode} mode ...\n" +## + +# write all results to logfile +# log disksetup +writelog "Directories:" +writelog "\tConfdir:\t${confdir}" +writelog "\tConffile:\t${conffile}" +writelog "\tRedodir:\t${redodir}" +writelog "\tVMhome:\t\t${vmhome}" +writelog "\t/tmp info: \ +$(grep "/tmp " /proc/mounts) $(df -h | grep " /tmp$" | awk '{print $2}')" +# hw setup +writelog "Hardware:" +writelog "\tMAC:\t\t00:50:56:${VM_ID}:${machostpart}" +if [ -n "${network_card}" ]; then + writelog "\tNet Adaptor:\t${network_card}" +fi +writelog "\tMem:\t\t${mem} MB" +# echo nur wenn hostmem gesetzt +[ -n "${hostmem}" ] && writelog "\tHostmem:\t${hostmem} MB" +writelog "\tMax. res.:\t${xres}x${yres}" +writelog "\tCD-ROM1:\t${cdrom0}" +writelog "\tCD-ROM2:\t${cdrom1}" +writelog "\tFloppy_A:\t${floppy0}" +if [ "${serial}" = "TRUE" ]; then + writelog "\tSerial Port:\t${serialdev}" +fi +if [ "${parallel}" = "TRUE" ]; then + writelog "\tParallel Port:\t${paraldev}" +fi +# image +writelog "Diskimage:" +writelog "\tDiskfile:\t${diskfile}" +writelog "\tDisktype:\t${hddrv}" +writelog "\tHWVersion:\t${hwver}" +writelog "\tVMostype:\t${vmostype}" +# misc +writelog "Misc:" +writelog "\tDisplayname:\t${displayname}" +if [ "${cap3d}" = "TRUE" -a "${enable3d}" = "TRUE" ]; then + writelog "\t3D Graphics:\tenabled" +fi +# empty line at end +writelog "" + + +# finally set env for run-virt.sh +################################################################################ + +# configure and start samba service to provide user's home directory +#if [ -f /usr/sbin/smbd ] ; then +# sudo /opt/openslx/bin/sed -i /etc/vmware/smb.conf -e "s,USER,$USER," +# sudo /usr/sbin/nmbd -s /etc/vmware/smb.conf +# sudo /usr/sbin/smbd -s /etc/vmware/smb.conf +#fi + +# For debugging +cp "$conffile" "/tmp/vmware-last-config" + +# using the modified version of the wrapper script +VIRTCMD="/opt/openslx/bin/vmplayer" +VIRTCMDOPTS="${vmopt} ${conffile}" +RMDIRS="${redodir} ${conffile}" -- cgit v1.2.3-55-g7522 From 8971a0cbcae1c192295a4f06009660385e08666b Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 14:56:00 +0200 Subject: [vbox] Standardization for run-virt --- remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf diff --git a/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf new file mode 100644 index 00000000..8a7a58e4 --- /dev/null +++ b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf @@ -0,0 +1,2 @@ +# Todo: Good setting +export VBOX_USER_HOME="" -- cgit v1.2.3-55-g7522 From af5c84b0b7386ccbf23315d5a1d1341ea3471e85 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:09:04 +0200 Subject: [system.inc] Path variable LIB64 now generalized usable (dep. on $SYS_DISTRIBUTION) --- helper/system.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 7a9f8954..1d2bdf06 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -21,7 +21,12 @@ export MAKEFLAGS="-j$CPU_CORES" # Determine if we have lib64 if [ "$(uname -m)x" = "x86_64x" ]; then - LIB64="lib64" + # Setting LIB64, as openSuse differentiates but Ubuntu does not: + case $SYS_DISTRIBUTION in + ubuntu | debian) LIB64="lib" ;; + opensuse) LIB64="lib64" ;; + *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + esac AMD64_I386=amd64 X86_64_I586=x86_64 AMD64_X86=amd64 -- cgit v1.2.3-55-g7522 From 251b86d339b32b3756d452ad7fae6f647aecdf2a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:10:33 +0200 Subject: [systemd] conf file updated (systemd-204, kmod-14) --- remote/modules/systemd/systemd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/systemd/systemd.conf b/remote/modules/systemd/systemd.conf index ea042020..3cb6196a 100644 --- a/remote/modules/systemd/systemd.conf +++ b/remote/modules/systemd/systemd.conf @@ -1,6 +1,6 @@ REQUIRED_VERSION="systemd-204" REQUIRED_URL="http://www.freedesktop.org/software/systemd/${REQUIRED_VERSION}.tar.xz" -REQUIRED_LIBKMOD_VERSION="kmod-12" +REQUIRED_LIBKMOD_VERSION="kmod-14" REQUIRED_LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${REQUIRED_LIBKMOD_VERSION}.tar.gz" REQUIRED_DISABLED_SERVICES=" tmp.mount -- cgit v1.2.3-55-g7522 From 9346f54a3a94b3b29eef53cfbf56e935bc2a14eb Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:10:59 +0200 Subject: [systemd] Cave: Possible breaker: build file doesn't install kmod anymore into base system. --- remote/modules/systemd/systemd.build | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index 3a5baf07..b1228f17 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -15,16 +15,29 @@ build () { cd "${MODULE_DIR}/src/$REQUIRED_LIBKMOD_VERSION" ./configure || perror "./configure kmod failed." make || perror "kmod make failed." - make install || perror "kmod make install failed." + DESTDIR="${MODULE_BUILD_DIR}" make install || perror "kmod make install failed." cd - &> /dev/null #build systemd pinfo "Building systemd" cd "${MODULE_DIR}/src/$REQUIRED_VERSION" pinfo "calling configure" + + # Save potentially pre-used paths/flages + OLDLDFLAGS="$LDFLAGS" + OLDCPPFLAGS="$CPPFLAGS" + OLDPKG_CONFIG_PATH="PKG_CONFIG_PATH" + + + LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ + CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" + PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" + + pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ --disable-microhttpd --disable-bootchart --disable-quotacheck --disable-hostnamed --disable-timedated \ --disable-localed --disable-coredump --disable-keymap --without-python --enable-blkid --enable-acl --enable-pam \ + --enable-kmod \ || perror "configure failed." pinfo "calling make" make || perror "make failed." @@ -32,6 +45,11 @@ build () { DESTDIR="${MODULE_BUILD_DIR}" make install || perror "make install failed." cd - &> /dev/null + # Restore used flags/paths: + LDFLAGS="$OLDLDFLAGS" + CPPFLAGS="$OLDCPPFLAGS" + PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" + # Delete unneeded services pinfo "Deleting unneeded services" local SERVICE= -- cgit v1.2.3-55-g7522 From 69c4ca42ab9614808412448e7660f1323203bab6 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 16:26:32 +0200 Subject: [sshd] Disallow ssh login for "demo" user as the password is a little easy to guess ;) --- remote/modules/sshd/data/etc/ssh/sshd_config | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/remote/modules/sshd/data/etc/ssh/sshd_config b/remote/modules/sshd/data/etc/ssh/sshd_config index da9e5e01..3b7d65a6 100644 --- a/remote/modules/sshd/data/etc/ssh/sshd_config +++ b/remote/modules/sshd/data/etc/ssh/sshd_config @@ -85,3 +85,8 @@ Subsystem sftp /usr/lib/openssh/sftp-server # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes + +# OpenSLX +DenyUsers demo +UseDNS no + -- cgit v1.2.3-55-g7522 From 544936d22db4cb86ec411594fa38ad026ef4ccb5 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:50:49 +0200 Subject: [system.inc] LIB64 depending on SYS_DISTRIBUTION now perror, not pwarning. --- helper/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 1d2bdf06..bbab4a40 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -25,7 +25,7 @@ if [ "$(uname -m)x" = "x86_64x" ]; then case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From e79dc051991a4d0d6e031fd3f6cface2fadf97f3 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:01:05 +0200 Subject: [system.inc] now self-detects SYS_DISTRIBUTION as not being reliably sourced. --- helper/system.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index bbab4a40..606ef406 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -22,10 +22,11 @@ export MAKEFLAGS="-j$CPU_CORES" # Determine if we have lib64 if [ "$(uname -m)x" = "x86_64x" ]; then # Setting LIB64, as openSuse differentiates but Ubuntu does not: + SYS_DISTRIBUTION=$(lsb_release -is | tr '[A-Z]' '[a-z]' | sed -r 's/[^a-z0-9]//g;s/project$//g;s/scientificsl$/scientific/g') case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From 48eeb63c69f0cc531725fef2154061b5960018b9 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:02:43 +0200 Subject: [system.inc] Forgot to reinstate perror for pwarning ... --- helper/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 606ef406..defa5c98 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -26,7 +26,7 @@ if [ "$(uname -m)x" = "x86_64x" ]; then case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; + *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From dbeea6ae5af8b7d47e191ff9e52bcbcf65d8758e Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:15:57 +0200 Subject: [systemd] corr. variable expor[systemd] corr. variable exportt --- remote/modules/systemd/systemd.build | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index b1228f17..199f69e7 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -28,10 +28,9 @@ build () { OLDCPPFLAGS="$CPPFLAGS" OLDPKG_CONFIG_PATH="PKG_CONFIG_PATH" - - LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ - CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" - PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" + export LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ + export CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" + export PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ @@ -46,9 +45,9 @@ build () { cd - &> /dev/null # Restore used flags/paths: - LDFLAGS="$OLDLDFLAGS" - CPPFLAGS="$OLDCPPFLAGS" - PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" + export LDFLAGS="$OLDLDFLAGS" + export CPPFLAGS="$OLDCPPFLAGS" + export PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" # Delete unneeded services pinfo "Deleting unneeded services" -- cgit v1.2.3-55-g7522 From 499f314e27c1853dc1c2e152b867499ca6ee0025 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 17:29:18 +0200 Subject: [consolekit] Fix config for opensuse --- remote/modules/consolekit/consolekit.conf | 2 +- remote/modules/consolekit/consolekit.conf.opensuse | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index 4f128c62..91fc6dc2 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -4,7 +4,7 @@ REQUIRED_BINARIES=" REQUIRED_DIRECTORIES=" /usr /etc - /lib + /$LIB64 " REQUIRED_LIBRARIES=" pam_ck_connector diff --git a/remote/modules/consolekit/consolekit.conf.opensuse b/remote/modules/consolekit/consolekit.conf.opensuse index 74c694a1..ef8eff2b 100644 --- a/remote/modules/consolekit/consolekit.conf.opensuse +++ b/remote/modules/consolekit/consolekit.conf.opensuse @@ -1,2 +1,4 @@ -REQUIRED_CONTENT_PACKAGES="ConsoleKit" - +REQUIRED_CONTENT_PACKAGES=" + ConsoleKit + ConsoleKit-x11 +" -- cgit v1.2.3-55-g7522 From e9698a2d5c3f1f0cb48107053b150403aeb93fef Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:47:40 +0200 Subject: [systemd] build script minus obsolete debug line --- remote/modules/systemd/systemd.build | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index 199f69e7..a9f530b3 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -32,7 +32,6 @@ build () { export CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" export PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" - pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ --disable-microhttpd --disable-bootchart --disable-quotacheck --disable-hostnamed --disable-timedated \ --disable-localed --disable-coredump --disable-keymap --without-python --enable-blkid --enable-acl --enable-pam \ -- cgit v1.2.3-55-g7522 From 55a2c9adcca073969e9eae5ed6d3b17d74087428 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:25:51 +0200 Subject: [vbox] remote target for vbox --- remote/targets/vbox/vbox | 1 + 1 file changed, 1 insertion(+) create mode 120000 remote/targets/vbox/vbox diff --git a/remote/targets/vbox/vbox b/remote/targets/vbox/vbox new file mode 120000 index 00000000..78b3e385 --- /dev/null +++ b/remote/targets/vbox/vbox @@ -0,0 +1 @@ +../../modules/vbox \ No newline at end of file -- cgit v1.2.3-55-g7522 From cd5cb0c660d10cf9022f2095c0007af0c3531eca Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:29:29 +0200 Subject: [german] conf: directory names corrected: lowercase, minus hyphen --- remote/modules/german/german.conf.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/german/german.conf.ubuntu b/remote/modules/german/german.conf.ubuntu index 02262276..4c7cb62d 100644 --- a/remote/modules/german/german.conf.ubuntu +++ b/remote/modules/german/german.conf.ubuntu @@ -6,6 +6,6 @@ REQUIRED_CONTENT_PACKAGES=" libX11-data " REQUIRED_DIRECTORIES+=" - /usr/lib/locale/de_DE.UTF-8 + /usr/lib/locale/de_DE.utf8 " -- cgit v1.2.3-55-g7522 From 17594df01de8c41dfb41b446e0d2a535a93fa3c5 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:30:11 +0200 Subject: [german] conf: directory names corrected: lowercase, minus hyphen --- remote/modules/german/german.conf.opensuse | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/german/german.conf.opensuse b/remote/modules/german/german.conf.opensuse index 1a4a4558..2bb901ff 100644 --- a/remote/modules/german/german.conf.opensuse +++ b/remote/modules/german/german.conf.opensuse @@ -6,7 +6,7 @@ REQUIRED_CONTENT_PACKAGES=" libX11-data " REQUIRED_DIRECTORIES+=" - /usr/lib/locale/de_DE.UTF-8 + /usr/lib/locale/de_DE.utf8 " REQUIRED_BINARIES="" REQUIRED_FILES="" -- cgit v1.2.3-55-g7522 From 5741985db822ee32b1d098b89779d5df0ea2f624 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 11 Sep 2013 18:00:19 +0200 Subject: [mount_export] Fix collision with mount points for addons --- .../data/opt/openslx/scripts/systemd-mount_export | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index 3d012360..988dc3d7 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -4,7 +4,10 @@ [ -z "${SLX_STAGE4_NFS}" ] && { echo "SLX_STAGE4_NFS is not set in /opt/openslx/config." && exit 1; } -echo "Mounting ${SLX_STAGE4_NFS} to /opt/openslx/mnt" -mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" /opt/openslx/mnt || { echo "Fail." && exit 1; } -echo "Appending /opt/openslx/mnt to /" -mount -o remount,append:/opt/openslx/mnt=ro / || { echo "Fail." && exit 1; } +MOUNTPOINT="/opt/openslx/mnt/stage4" +mkdir -p "$MOUNTPOINT" +echo "Mounting ${SLX_STAGE4_NFS} to $MOUNTPOINT" +mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" "$MOUNTPOINT" || { echo "Fail." && exit 1; } +echo "Appending $MOUNTPOINT to /" +mount -o "remount,append:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } + -- cgit v1.2.3-55-g7522 From de4af34a4aae8494c26ca812fcc64e898d00e16a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 18:05:59 +0200 Subject: [vbox] Added path patch for vboxheadless, debian/ubuntu suid VBoxHeadless --- remote/modules/vbox/vbox.build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index 48cfe8c2..dfc9d27e 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -5,7 +5,7 @@ patch_vbox_scripts() { # openslx paths need to be at the end of PATH to not impede with system binaries to not impede with system binaries pinfo "Patching virtual box scripts to include openslx (busybox)-paths ..." # vboxmanage is a link to VBox; will get unlinked. Original link will be vboxmanage.original - for i in virtualbox vboxmanage; do + for i in virtualbox vboxmanage vboxheadless; do pinfo "Patching virtual box script $i ..." SCRIPTPATH=$(grep -m 1 PATH "${MODULE_BUILD_DIR}/usr/bin/$i"|sed 's/"//g') # assume first hit is real path sed -i "-i.original" "/^PATH=/c ${SCRIPTPATH}:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin"\ @@ -104,6 +104,7 @@ build() { dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" # VirtualBox needs to be suid-root: chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VirtualBox || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VBoxHeadless || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From be54549f1f55587f3413ba66a8d5fe4ec8d8efd0 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 18:23:49 +0200 Subject: [vbox] Forced suids for binaries in Ubuntu branch --- remote/modules/vbox/vbox.build | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index dfc9d27e..f095b4e2 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -103,8 +103,9 @@ build() { cd build || perror "Cannot cd to build directory!" dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" # VirtualBox needs to be suid-root: - chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VirtualBox || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" - chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VBoxHeadless || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" + for i in VBoxHeadless VBoxNetAdpCtl VBoxNetDHCP VBoxSDL VBoxVolInfo VirtualBox; do + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/$i || pwarning "(Debian/Ubuntu) Could not suid $i executable!" + done ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From 159b336244e186408cb65059f0c1c1d6885e2b2f Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 11 Sep 2013 19:54:52 +0200 Subject: [systemd] Add udev-acl rules (compatibility with CK) --- .../data/usr/lib/udev/rules.d/70-udev-acl.rules | 76 ++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules diff --git a/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules new file mode 100644 index 00000000..2dac2831 --- /dev/null +++ b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules @@ -0,0 +1,76 @@ +# do not edit this file, it will be overwritten on update + +# Do not use TAG+="udev-acl" outside of this file. This variable is private to +# udev-acl of this udev release and may be replaced at any time. + +ENV{MAJOR}=="", GOTO="acl_end" +ACTION=="remove", GOTO="acl_apply" + +# systemd replaces udev-acl entirely, skip if active +TEST=="/sys/fs/cgroup/systemd", TAG=="uaccess", GOTO="acl_end" + +# PTP/MTP protocol devices, cameras, portable media players +SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl" + +# digicams with proprietary protocol +ENV{ID_GPHOTO2}=="*?", TAG+="udev-acl" + +# SCSI and USB scanners +ENV{libsane_matched}=="yes", TAG+="udev-acl" + +# HPLIP devices (necessary for ink level check and HP tool maintenance) +ENV{ID_HPLIP}=="1", TAG+="udev-acl" + +# optical drives +SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="udev-acl" +SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl" + +# sound devices +SUBSYSTEM=="sound", TAG+="udev-acl" + +# ffado is an userspace driver for firewire sound cards +SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="udev-acl" + +# webcams, frame grabber, TV cards +SUBSYSTEM=="video4linux", TAG+="udev-acl" +SUBSYSTEM=="dvb", TAG+="udev-acl" + +# IIDC devices: industrial cameras and some webcams +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", TAG+="udev-acl" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", TAG+="udev-acl" +# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="udev-acl" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="udev-acl" + +# DRI video devices +SUBSYSTEM=="drm", KERNEL=="card*", TAG+="udev-acl" + +# KVM +SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="udev-acl" + +# smart-card readers +ENV{ID_SMARTCARD_READER}=="*?", TAG+="udev-acl" + +# PDA devices +ENV{ID_PDA}=="*?", TAG+="udev-acl" + +# Programmable remote control +ENV{ID_REMOTE_CONTROL}=="1", TAG+="udev-acl" + +# joysticks +SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="udev-acl" + +# color measurement devices +ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="udev-acl" + +# DDC/CI device, usually high-end monitors such as the DreamColor +ENV{DDC_DEVICE}=="*?", TAG+="udev-acl" + +# media player raw devices (for user-mode drivers, Android SDK, etc.) +SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="udev-acl" + +# apply ACL for all locally logged in users +LABEL="acl_apply", TAG=="udev-acl", TEST=="/var/run/ConsoleKit/database", \ + RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}" + +LABEL="acl_end" -- cgit v1.2.3-55-g7522 From ad0918ffd57fd7e2b93223d8290b50f530ea817a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 14:09:56 +0200 Subject: [clone_stage4] Just a little check for 'local' as IP. --- scripts/clone_stage4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/clone_stage4 b/scripts/clone_stage4 index e24fd416..2704db02 100755 --- a/scripts/clone_stage4 +++ b/scripts/clone_stage4 @@ -18,7 +18,8 @@ qnd_exit() { [ $# -ge 1 ] && kill "$1" } -[ $# -lt 3 ] && perror "$0 " +[ $# -lt 3 ] && perror "$0 " +[ "$1" = "local" ] && perror 'It is not wise to use "local" as remote IP.' BASE_DIR="${ROOT_DIR}/server/local_builds/$1" BOOT_DIR="${ROOT_DIR}/server/boot/$1" -- cgit v1.2.3-55-g7522 From a90b2dcc473c3179e2c8f5eb4486aabe88ae035a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 16:52:05 +0200 Subject: [mltk] Added mltk remote -n to help message --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index d705df50..a36edc85 100755 --- a/mltk +++ b/mltk @@ -75,6 +75,7 @@ print_usage() { echo -e " remote stage31 -c -b (clean all modules and build all linked modules in remote/targets/stage31 to remote/builds/stage31)" echo -e " remote stage32 -c -b rootfs_stage31 sshd (clean all modules, build base, policykit and sshd in remote/builds/stage32)" echo -e " remote stage32 -c base sshd -b sshd ldm -d (clean base and sshd, build sshd and ldm, be verbose)" + echo -e " remote -n (provides bind mount at /export/build for synchronizing)" echo -e " server 1.2.3.4 -s (sync all builds from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" -- cgit v1.2.3-55-g7522 From b4a10317b68a52276423b21367b135e3cefe2f25 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 12 Sep 2013 17:00:04 +0200 Subject: [udhcp-script] Don't start nfs-mount --- .../rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx | 6 ------ 1 file changed, 6 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx index 69380a2f..4c1d9ffc 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx @@ -130,12 +130,6 @@ case "$1" in echo "# Config written by openslx-dhcp-script (2)" >> /opt/openslx/config echo "SLX_DNS='$dns'" >> /opt/openslx/config - # TODO: This mounts stage4. Current method is for testing purposes only. - # when going productive, this has to happen after user login, if the - # user selects a native linux session. - if [ "x$(grep -ci mount /proc/cmdline)" != "x0" ]; then - systemctl start nfs-mount.service & - fi # Mark network target as reached systemctl start network.target fi -- cgit v1.2.3-55-g7522 From 3a1c085102e981db4c16cc2075b8cd0270d57bdb Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 17:18:05 +0200 Subject: [clone_stage4] Beginning of a readme file - please comment / amend / revise! --- scripts/clone_stage4.README | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 scripts/clone_stage4.README diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README new file mode 100644 index 00000000..7c37d71c --- /dev/null +++ b/scripts/clone_stage4.README @@ -0,0 +1,37 @@ +Some hints for usage of clone_stage4: + +Use clone_stage4 not on the build computer but on the computer which +provides httpd and nfsd, or, in other words: On the computer which server +the boot files. That's the reason why clone_stage4 rejects 'local' as IP. + +To use stage4 a nfs export will be necessary. + + +On the build computer (or, in other words, the computer which compiles etc.): +- build your system to your taste. +- Then, to provide a standardized bind mount (/export/build) for synchronizing + from elsewhere ("server IP") enter: + ./mltk remote -n + +Then, on the service computer (the one where's booted from etc, see above) + +- sync all of your build (IP is IP of build computer): + ./mltk server IP -s + +- or, if wanted, sync just some parts, for example: + ./mltk server [IP] stage31 -e stage31 -s + ./mltk server [IP] stage32 -e stage32 -s + ./mltk server 132.230.8.238 vbox -e addons + (etc.) + +Well, then do the cloning work: + ./clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 + +To use the stage4 make sure your (base) config file contains a line + SLX_STAGE4_NFS=[IP of service computer] :/path/to/your/nfs/share/stage4 + + +At least now (20130912) it is necessary to enter + systemctl (start, restart, reload) nfs-mount + +... then login (or re-login), and the stage4s should be there in all their glory. -- cgit v1.2.3-55-g7522 From 55ebb9bf0fbbad1abbc0725bad5a4323ef0d4714 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 17:51:09 +0200 Subject: [clone_stage4] README: script path standardized for calling from tm-scripts directory --- scripts/clone_stage4.README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README index 7c37d71c..346be031 100644 --- a/scripts/clone_stage4.README +++ b/scripts/clone_stage4.README @@ -25,7 +25,7 @@ Then, on the service computer (the one where's booted from etc, see above) (etc.) Well, then do the cloning work: - ./clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 + ./scripts/clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 To use the stage4 make sure your (base) config file contains a line SLX_STAGE4_NFS=[IP of service computer] :/path/to/your/nfs/share/stage4 -- cgit v1.2.3-55-g7522 From af0fb293ebd6e9c71932a18a313c0e4f97dd9d94 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 12:31:37 +0200 Subject: [pam-freiburg] Prevent pam_script from preventing the systemd session to close ;o) --- .../modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close | 8 -------- 1 file changed, 8 deletions(-) diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close index 27620ee0..01d409a1 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -2,11 +2,3 @@ [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" -OPENSESSIONS=$(loginctl|grep $PAM_USER|wc -l) -[ ! -z "$SLX_DEBUG" ] && echo "User $PAM_USER has $OPENSESSIONS open sessions." - -if [ "x$OPENSESSIONS" == "x1" ]; then - # assume its last session, start watchdog in background - [ ! -z "$SLX_DEBUG" ] && echo "Last session beeing closed..." - ( while true; do sleep 1; if [ "x$(loginctl |grep $PAM_USER)" == "x" ]; then [ $(id -g $PAM_USER) -ge 1000 ] && umount /home/s8jobaue; fi; done) & -fi -- cgit v1.2.3-55-g7522 From e82ab2e92254aa0b1b8376409527eefda4b2dae2 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:37:05 +0200 Subject: [debug] udevd-logger for debug module with systemd-service *unreliable* --- .../debug/data/etc/systemd/system/debug-udevd_logger.service | 8 ++++++++ .../debug/data/opt/openslx/scripts/systemd-debug_udevd_logger | 2 ++ remote/modules/debug/debug.conf | 7 +++++++ remote/modules/debug/debug.conf.opensuse | 1 - 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service create mode 100755 remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger diff --git a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service new file mode 100644 index 00000000..d834292f --- /dev/null +++ b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service @@ -0,0 +1,8 @@ +[Unit] +Description=Logger for udevd-messages via udevadmin monitor +DefaultDependencies=no +IgnoreOnIsolate=yes + +[Service] +Type=oneshot +ExecStart=/opt/openslx/scripts/systemd-debug_udevd_logger diff --git a/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger b/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger new file mode 100755 index 00000000..8b772517 --- /dev/null +++ b/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/bin/udevadm monitor | /usr/bin/logger diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 9ce39476..0db29dde 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,4 +12,11 @@ REQUIRED_BINARIES=" su file @htop + logger " + +# For debug-udevd_logger.service: +# REQUIRED_BINARIES+=" +# logger +# " + diff --git a/remote/modules/debug/debug.conf.opensuse b/remote/modules/debug/debug.conf.opensuse index e4306fc3..b7971956 100644 --- a/remote/modules/debug/debug.conf.opensuse +++ b/remote/modules/debug/debug.conf.opensuse @@ -8,5 +8,4 @@ REQUIRED_INSTALLED_PACKAGES=" " REQUIRED_BINARIES+=" fonts-config - logger " -- cgit v1.2.3-55-g7522 From 73026185afb2402a486ec5e0adf4c910520db784 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:38:37 +0200 Subject: [clone_stage4] README: A little -s missing in an example --- scripts/clone_stage4.README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README index 346be031..6a8ddf5c 100644 --- a/scripts/clone_stage4.README +++ b/scripts/clone_stage4.README @@ -21,7 +21,7 @@ Then, on the service computer (the one where's booted from etc, see above) - or, if wanted, sync just some parts, for example: ./mltk server [IP] stage31 -e stage31 -s ./mltk server [IP] stage32 -e stage32 -s - ./mltk server 132.230.8.238 vbox -e addons + ./mltk server 132.230.8.238 vbox -e addons -s (etc.) Well, then do the cloning work: -- cgit v1.2.3-55-g7522 From 98024c5d6c3794a935699f642d545bfc96649627 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:39:53 +0200 Subject: [debug] debug.conf: Forgot to delete an obsolete, out-commented entry --- remote/modules/debug/debug.conf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 0db29dde..fa2d92a3 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -14,9 +14,3 @@ REQUIRED_BINARIES=" @htop logger " - -# For debug-udevd_logger.service: -# REQUIRED_BINARIES+=" -# logger -# " - -- cgit v1.2.3-55-g7522 From 4c453571b4af69478bc1a0c939e0d82f190ec204 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:45:10 +0200 Subject: [blacklists] README updated to reflect new structure desktop-sessions, 'includes' --- server/blacklists/README | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/blacklists/README b/server/blacklists/README index 1f4300d1..ed3fe459 100644 --- a/server/blacklists/README +++ b/server/blacklists/README @@ -3,7 +3,13 @@ should be excluded when cloning stage4 of a remote system. The blacklists are split into groups, represented by sub-directories. They contain one or more text files representing blacklists in rsync "--exclude-from" format. + There is a group called "essential", containg blacklists for essential files and dirs that you always want to exclude from being cloned. Other directories are create for specific software packages, like gnome, or kde. + +For inclusion of desktop environments like Gnome or KDE a substructure +(subdirectory) called desktop-sessions was introduced. The files / +directories in there should describe only includes ("+ ....") to provide +files needed for a desktop environment. -- cgit v1.2.3-55-g7522 From 280f8d638a140fcdc26e7b39bb9e845964cc5184 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:46:21 +0200 Subject: [debug] service link for service start within target --- .../etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service | 1 + 1 file changed, 1 insertion(+) create mode 120000 remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service diff --git a/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service new file mode 120000 index 00000000..ad7f978f --- /dev/null +++ b/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service @@ -0,0 +1 @@ +../debug-udevd_logger.service \ No newline at end of file -- cgit v1.2.3-55-g7522 From 4b90094bc54c1591879ef51554b34f1a7ea82087 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:50:09 +0200 Subject: [blacklists] pam/gnome: transported include entries to desktop-sessions/gnome --- server/blacklists/pam/gnome | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/blacklists/pam/gnome b/server/blacklists/pam/gnome index d1c85b72..686f42c6 100644 --- a/server/blacklists/pam/gnome +++ b/server/blacklists/pam/gnome @@ -1,4 +1,5 @@ -+ /etc/pam.d/gdm -+ /etc/pam.d/gdm-* -+ /etc/pam.d/gnome-* +# transported to desktop-sessions/gnome +# + /etc/pam.d/gdm +# + /etc/pam.d/gdm-* +# + /etc/pam.d/gnome-* -- cgit v1.2.3-55-g7522 From e3d0c80ff165364cb0648360352c60c5c3d6e3f6 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:56:00 +0200 Subject: [blacklists] x-autostart/xdg-autostart: gnome entries transported to gnome --- server/blacklists/x-autostart/xdg-autostart | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/blacklists/x-autostart/xdg-autostart b/server/blacklists/x-autostart/xdg-autostart index 64593d31..b8c499ad 100644 --- a/server/blacklists/x-autostart/xdg-autostart +++ b/server/blacklists/x-autostart/xdg-autostart @@ -1,5 +1,2 @@ + /etc/xdg/autostart/**/ -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - /etc/xdg/autostart/** - -- cgit v1.2.3-55-g7522 From e31cd737bdc833274809989d22c369d7fb4c7842 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 16:11:14 +0200 Subject: [blacklists] desktop-session/gnome: 'includes' for Gnome --- server/blacklists/desktop-sessions/gnome | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 server/blacklists/desktop-sessions/gnome diff --git a/server/blacklists/desktop-sessions/gnome b/server/blacklists/desktop-sessions/gnome new file mode 100644 index 00000000..c13d0109 --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome @@ -0,0 +1,27 @@ +# transported from pam/gnome: ++ /etc/pam.d/gdm ++ /etc/pam.d/gdm-* ++ /etc/pam.d/gnome-* + +# transported from x-autostart/xdg-autostart: ++ /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + +# files from /etc: +/etc/gnome +/etc/gnome-app-install +/etc/gnome-settings-daemon + +# files from /usr/bin: +/usr/bin/gnome* + +# from package gnome-session: +/usr/share/gnome-session +/usr/share/doc + +# + from package gnome-session-bin: +/usr/share/GConf +/usr/share/glib-2.0 +/usr/lib/*gnome* + + -- cgit v1.2.3-55-g7522 From dbe7515e8f1ea35e3979082d5c512a494c01bb76 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:55:32 +0200 Subject: [stage32] Some work on system startup regarding systemd dependencies - still somewhat messy, but already way more restricted and predictable than before when it comes to ordering --- remote/modules/kdm/data/etc/systemd/system/kdm.service | 5 +---- .../modules/systemd/data/etc/systemd/system/network.target | 13 +++++++++++++ remote/modules/systemd/systemd.conf | 3 +-- .../data/etc/systemd/system/setup-partitions.service | 4 ++-- .../data/etc/systemd/system/setup-slx-addons.service | 5 +++-- .../data/etc/systemd/system/update-etc_issue.service | 2 +- 6 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 remote/modules/systemd/data/etc/systemd/system/network.target diff --git a/remote/modules/kdm/data/etc/systemd/system/kdm.service b/remote/modules/kdm/data/etc/systemd/system/kdm.service index 14ff7457..9882459f 100644 --- a/remote/modules/kdm/data/etc/systemd/system/kdm.service +++ b/remote/modules/kdm/data/etc/systemd/system/kdm.service @@ -1,12 +1,9 @@ [Unit] Description=KDM Display Manager Conflicts=getty@tty7.service -After=systemd-user-sessions.service getty@tty7.service plymouth-quit.service +After=systemd-user-sessions.service getty@tty7.service plymouth-quit.service activate-nss-ldap.service [Service] ExecStart=/usr/bin/kdm -nodaemon Restart=always IgnoreSIGPIPE=no - -[Install] -Alias=display-manager.service diff --git a/remote/modules/systemd/data/etc/systemd/system/network.target b/remote/modules/systemd/data/etc/systemd/system/network.target new file mode 100644 index 00000000..0bc2a410 --- /dev/null +++ b/remote/modules/systemd/data/etc/systemd/system/network.target @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network +Documentation=man:systemd.special(7) +Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +ConditionPathExists=/run/udhcpc/network-ready + diff --git a/remote/modules/systemd/systemd.conf b/remote/modules/systemd/systemd.conf index 3cb6196a..1a038647 100644 --- a/remote/modules/systemd/systemd.conf +++ b/remote/modules/systemd/systemd.conf @@ -4,7 +4,6 @@ REQUIRED_LIBKMOD_VERSION="kmod-14" REQUIRED_LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${REQUIRED_LIBKMOD_VERSION}.tar.gz" REQUIRED_DISABLED_SERVICES=" tmp.mount - time-sync.target systemd-random-seed-save.service systemd-random-seed-load.service systemd-readahead-collect.service @@ -24,7 +23,7 @@ REQUIRED_DISABLED_SERVICES=" nss-user-lookup.target systemd-initctl.service systemd-initctl.socket - swap.target + umount.target " REQUIRED_BINARIES=" journalctl diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service index 20e789a4..4e663d56 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service @@ -1,8 +1,8 @@ [Unit] Description=Setup local disk partitions (tmp, swap) -After=sysinit.target -Before=shutdown.target DefaultDependencies=no +Before=sysinit.target shutdown.target +Wants=sysinit.target [Service] Type=oneshot diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service index acc827c9..6a5b63ad 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service @@ -1,9 +1,10 @@ [Unit] Description=Download, mount and append SLX addons -After=sysinit.target setup-partitions.service -Wants=setup-partitions.service +After=setup-partitions.service +DefaultDependencies=no [Service] Type=oneshot ExecStart=/opt/openslx/scripts/systemd-setup_slx_addons RemainAfterExit=yes + diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service index c4f45a3c..21a09b7c 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service @@ -1,6 +1,6 @@ [Unit] Description=Update /etc/issue -Before=sysinit.target shutdown.target +Before=getty.target shutdown.target DefaultDependencies=no [Service] -- cgit v1.2.3-55-g7522 From f5ba9c7bbb8be2e2e5c1899b4f0c370ebc1e425d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:56:51 +0200 Subject: [debug] Optionally include tcpdump and getfacl --- remote/modules/debug/debug.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 9ce39476..66f90011 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,4 +12,6 @@ REQUIRED_BINARIES=" su file @htop + @tcpdump + getfacl " -- cgit v1.2.3-55-g7522 From c1559ccd6c7fa224b21cd640acfd45de47204329 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:59:22 +0200 Subject: [ntpdate.service] Speed up timesync a little --- .../data/opt/openslx/scripts/systemd-setup_network_time | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time index 3e644abd..87c93fd4 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time @@ -3,13 +3,13 @@ . /opt/openslx/config || { echo "Could not source config!"; exit 1; } SLX_NTP_SERVER="$SLX_NTP_SERVER 0.de.pool.ntp.org" for SERVER in $SLX_NTP_SERVER; do - if ntpdate -u -b "$SERVER"; then + if ntpdate -u -p 2 "$SERVER"; then echo "Successfully queried $SERVER for time." if [ "x$SLX_BIOS_CLOCK" = "xlocal" ]; then - sleep 1 + usleep 100000 hwclock -l -w || echo "... but could not set BIOS clock to localtime" elif [ "x$SLX_BIOS_CLOCK" = "xutc" ]; then - sleep 1 + usleep 100000 hwclock -u -w || echo "... but could not set BIOS clock to UTC" fi exit 0 -- cgit v1.2.3-55-g7522 From 4fdbf9e76f7d3da223871858da159c9093bd3d46 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:59:51 +0200 Subject: [setup-partitions] Don't retry if fdisk returns no partitons as boot order makes sure now partitons are read before calling. Also improve mounting /tmp and moving files from old to new dir --- .../opt/openslx/scripts/systemd-setup_partitions | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions index bc5ce9c1..b0f606dd 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions @@ -52,6 +52,21 @@ diskfm () { } function mount_temp () { + local PRE=$(pwd) + if ! cd /tmp; then + mount_temp_fallback $@ + return $? + fi + mount $@ /tmp || return 1 + chmod a+rwxt /tmp + # Move stuff from working directory, which is old /tmp, to new /tmp just mounted + mv ./* ./.[!.]* ./..?* /tmp/ 2> /dev/null + local OLD=$(LANG=C ls -alh | grep -v -E ' \.\.?$' | grep -v '^total') + [ -n "$OLD" ] && echo -- "Leftovers:" && echo -- "$OLD" + cd "$PRE" +} + +function mount_temp_fallback () { mkdir -p /tmptmp mv /tmp/* /tmp/.* /tmptmp/ 2> /dev/null mount $@ /tmp || return 1 @@ -61,12 +76,7 @@ function mount_temp () { return 0 } -# Check for local harddisks and appropriate partitions -for waiting in 1 1 2 3 4; do - fdisk -l | sed -n "/^\/dev\//p" > "/etc/disk.partition" - [ -s "/etc/disk.partition" ] && break - sleep "$waiting" -done +fdisk -l | sed -n "/^\/dev\//p" > "/etc/disk.partition" echo "Partitions:" cat "/etc/disk.partition" -- cgit v1.2.3-55-g7522 From fd471531c51ed77621164086b893269030107473 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:02:46 +0200 Subject: [blacklists] 'includes for gnome --- server/blacklists/desktop-sessions/gnome | 27 ----- .../blacklists/desktop-sessions/gnome/gnome-base | 28 +++++ .../blacklists/desktop-sessions/gnome/gnome-icons | 130 +++++++++++++++++++++ 3 files changed, 158 insertions(+), 27 deletions(-) delete mode 100644 server/blacklists/desktop-sessions/gnome create mode 100644 server/blacklists/desktop-sessions/gnome/gnome-base create mode 100644 server/blacklists/desktop-sessions/gnome/gnome-icons diff --git a/server/blacklists/desktop-sessions/gnome b/server/blacklists/desktop-sessions/gnome deleted file mode 100644 index c13d0109..00000000 --- a/server/blacklists/desktop-sessions/gnome +++ /dev/null @@ -1,27 +0,0 @@ -# transported from pam/gnome: -+ /etc/pam.d/gdm -+ /etc/pam.d/gdm-* -+ /etc/pam.d/gnome-* - -# transported from x-autostart/xdg-autostart: -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - -# files from /etc: -/etc/gnome -/etc/gnome-app-install -/etc/gnome-settings-daemon - -# files from /usr/bin: -/usr/bin/gnome* - -# from package gnome-session: -/usr/share/gnome-session -/usr/share/doc - -# + from package gnome-session-bin: -/usr/share/GConf -/usr/share/glib-2.0 -/usr/lib/*gnome* - - diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base new file mode 100644 index 00000000..6df837bc --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -0,0 +1,28 @@ +# transported from pam/gnome: ++ /etc/pam.d/gdm ++ /etc/pam.d/gdm-* ++ /etc/pam.d/gnome-* + +# transported from x-autostart/xdg-autostart: ++ /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + +# files from /etc: +/etc/gnome +/etc/gnome-app-install +/etc/gnome-settings-daemon + +# files from /usr/bin: +/usr/bin/*gnome* + +# from package gnome-session: +/usr/share/gnome-session +/usr/share/doc + +# + from package gnome-session-bin: +/usr/share/GConf +/usr/share/glib-2.0 +/usr/lib/*gnome* + +# Caught freestyle: +/usr/share/gnome* diff --git a/server/blacklists/desktop-sessions/gnome/gnome-icons b/server/blacklists/desktop-sessions/gnome/gnome-icons new file mode 100644 index 00000000..6e7d0481 --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome/gnome-icons @@ -0,0 +1,130 @@ +# Gnome icons: +/usr/share/app-install/icons/*gnome* +/usr/share/icons/ubuntu-mono-light/status/22/*gnome* +/usr/share/icons/ubuntu-mono-light/status/24/*gnome* +/usr/share/icons/ubuntu-mono-light/status/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/22/*gnome* +/usr/share/icons/ubuntu-mono-light/places/48/*gnome* +/usr/share/icons/ubuntu-mono-light/places/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/64/*gnome* +/usr/share/icons/ubuntu-mono-light/places/32/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* +/usr/share/icons/hicolor/24x24/apps/*gnome* +/usr/share/icons/hicolor/scalable/apps/*gnome* +/usr/share/icons/hicolor/16x16/apps/*gnome* +/usr/share/icons/hicolor/256x256/apps/*gnome* +/usr/share/icons/hicolor/22x22/apps/*gnome* +/usr/share/icons/hicolor/48x48/apps/*gnome* +/usr/share/icons/hicolor/32x32/apps/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* +/usr/share/icons/HighContrast/24x24/apps/*gnome* +/usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg +/usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png +/usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png +/usr/share/app-install/icons/*gnome* +/usr/share/icons/gnome/* +/usr/share/icons/Humanity/actions/128 +/usr/share/icons/Humanity/actions/16 +/usr/share/icons/Humanity/actions/22 +/usr/share/icons/Humanity/actions/24/*gnome* +/usr/share/icons/Humanity/actions/32/*gnome* +/usr/share/icons/Humanity/actions/48/*gnome* +/usr/share/icons/Humanity/actions/64/*gnome* +/usr/share/icons/Humanity/animations/16/*gnome* +/usr/share/icons/Humanity/animations/22/*gnome* +/usr/share/icons/Humanity/animations/24/*gnome* +/usr/share/icons/Humanity/animations/32/*gnome* +/usr/share/icons/Humanity/apps/128/*gnome* +/usr/share/icons/Humanity/apps/16/*gnome* +/usr/share/icons/Humanity/apps/22/*gnome* +/usr/share/icons/Humanity/apps/24/*gnome* +/usr/share/icons/Humanity/apps/32/*gnome* +/usr/share/icons/Humanity/apps/48/*gnome* +/usr/share/icons/Humanity/apps/64/*gnome* +/usr/share/icons/Humanity/categories/16/*gnome* +/usr/share/icons/Humanity/categories/22/*gnome* +/usr/share/icons/Humanity/categories/24/*gnome* +/usr/share/icons/Humanity/categories/32/*gnome* +/usr/share/icons/Humanity/categories/48/*gnome* +/usr/share/icons/Humanity/categories/64/*gnome* +/usr/share/icons/Humanity-Dark/apps/16/*gnome* +/usr/share/icons/Humanity-Dark/apps/22/*gnome* +/usr/share/icons/Humanity-Dark/devices/22/*gnome* +/usr/share/icons/Humanity-Dark/devices/24/*gnome* +/usr/share/icons/Humanity-Dark/places/16/*gnome* +/usr/share/icons/Humanity-Dark/places/22/*gnome* +/usr/share/icons/Humanity-Dark/places/24/*gnome* +/usr/share/icons/Humanity-Dark/places/48/*gnome* +/usr/share/icons/Humanity-Dark/places/64/*gnome* +/usr/share/icons/Humanity-Dark/status/22/*gnome* +/usr/share/icons/Humanity-Dark/status/24/*gnome* +/usr/share/icons/Humanity/devices/128/*gnome* +/usr/share/icons/Humanity/devices/16/*gnome* +/usr/share/icons/Humanity/devices/22/*gnome* +/usr/share/icons/Humanity/devices/24/*gnome* +/usr/share/icons/Humanity/devices/32/*gnome* +/usr/share/icons/Humanity/devices/48/*gnome* +/usr/share/icons/Humanity/devices/64/*gnome* +/usr/share/icons/Humanity/mimes/128/*gnome* +/usr/share/icons/Humanity/mimes/16/*gnome* +/usr/share/icons/Humanity/mimes/22/*gnome* +/usr/share/icons/Humanity/mimes/24/*gnome* +/usr/share/icons/Humanity/mimes/32/*gnome* +/usr/share/icons/Humanity/mimes/48/*gnome* +/usr/share/icons/Humanity/mimes/64/*gnome* +/usr/share/icons/Humanity/places/128/*gnome* +/usr/share/icons/Humanity/places/16/*gnome* +/usr/share/icons/Humanity/places/22/*gnome* +/usr/share/icons/Humanity/places/24/*gnome* +/usr/share/icons/Humanity/places/32/*gnome* +/usr/share/icons/Humanity/places/48/*gnome* +/usr/share/icons/Humanity/places/64/*gnome* +/usr/share/icons/Humanity/status/128/*gnome* +/usr/share/icons/Humanity/status/16/*gnome* +/usr/share/icons/Humanity/status/22/*gnome* +/usr/share/icons/Humanity/status/24/*gnome* +/usr/share/icons/Humanity/status/32/*gnome* +/usr/share/icons/Humanity/status/48/*gnome* +/usr/share/icons/Humanity/status/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/22/*gnome* +/usr/share/icons/ubuntu-mono-light/places/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/32/*gnome* +/usr/share/icons/ubuntu-mono-light/places/48/*gnome* +/usr/share/icons/ubuntu-mono-light/places/64/*gnome* +/usr/share/icons/ubuntu-mono-light/status/16/*gnome* +/usr/share/icons/ubuntu-mono-light/status/22/*gnome* +/usr/share/icons/ubuntu-mono-light/status/24/*gnome* +/usr/share/notify-osd/icons/*gnome* -- cgit v1.2.3-55-g7522 From da4eaf0c4335a4a7786f339680500463f69a8b9a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:07:07 +0200 Subject: [blacklists] gnome includes: '+ ' added --- .../blacklists/desktop-sessions/gnome/gnome-base | 48 ++-- .../blacklists/desktop-sessions/gnome/gnome-icons | 258 ++++++++++----------- 2 files changed, 163 insertions(+), 143 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index 6df837bc..98bf8d60 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -8,21 +8,41 @@ + /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop # files from /etc: -/etc/gnome -/etc/gnome-app-install -/etc/gnome-settings-daemon - ++ /etc/gnome ++ /etc/gnome-app-install ++ /etc/gnome-settings-daemon ++ # files from /usr/bin: -/usr/bin/*gnome* - ++ /usr/bin/*gnome* ++ # from package gnome-session: -/usr/share/gnome-session -/usr/share/doc - ++ /usr/share/gnome-session ++ /usr/share/doc ++ # + from package gnome-session-bin: -/usr/share/GConf -/usr/share/glib-2.0 -/usr/lib/*gnome* - ++ /usr/share/GConf ++ /usr/share/glib-2.0 ++ /usr/lib/*gnome* + # Caught freestyle: -/usr/share/gnome* ++ /usr/share/gnome* ++ /usr/lib/python3/dist-packages/orca/scripts/apps/*gnome* + +# gnome keyring libs: ++ /usr/lib/x86_64-linux-gnu/*gnome* + ++ /usr/lib/x86_64-linux-gnu/pkcs11 ++ /usr/lib/x86_64-linux-gnu/gio/modules ++ /usr/lib/x86_64-linux-gnu/libproxy/0.4.11/modules + ++ /usr/sbin/*gnome* + ++ /usr/lib/libvte-2.90-9/*gnome* ++ /usr/lib/openssh/*gnome* + ++ /usr/share/dbus-1/services/*gnome* ++ /usr/share/locale-langpack/de/LC_MESSAGES/*gnome* + ++ /usr/share/polkit-1/actions/*gnome* ++ /usr/share/polkit-1/rules.d/*gnome* ++ /usr/share/dbus-1/services/*gnome* diff --git a/server/blacklists/desktop-sessions/gnome/gnome-icons b/server/blacklists/desktop-sessions/gnome/gnome-icons index 6e7d0481..cca0c045 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-icons +++ b/server/blacklists/desktop-sessions/gnome/gnome-icons @@ -1,130 +1,130 @@ # Gnome icons: -/usr/share/app-install/icons/*gnome* -/usr/share/icons/ubuntu-mono-light/status/22/*gnome* -/usr/share/icons/ubuntu-mono-light/status/24/*gnome* -/usr/share/icons/ubuntu-mono-light/status/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/22/*gnome* -/usr/share/icons/ubuntu-mono-light/places/48/*gnome* -/usr/share/icons/ubuntu-mono-light/places/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/64/*gnome* -/usr/share/icons/ubuntu-mono-light/places/32/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* -/usr/share/icons/hicolor/24x24/apps/*gnome* -/usr/share/icons/hicolor/scalable/apps/*gnome* -/usr/share/icons/hicolor/16x16/apps/*gnome* -/usr/share/icons/hicolor/256x256/apps/*gnome* -/usr/share/icons/hicolor/22x22/apps/*gnome* -/usr/share/icons/hicolor/48x48/apps/*gnome* -/usr/share/icons/hicolor/32x32/apps/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* -/usr/share/icons/HighContrast/24x24/apps/*gnome* -/usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg -/usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png -/usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png -/usr/share/app-install/icons/*gnome* -/usr/share/icons/gnome/* -/usr/share/icons/Humanity/actions/128 -/usr/share/icons/Humanity/actions/16 -/usr/share/icons/Humanity/actions/22 -/usr/share/icons/Humanity/actions/24/*gnome* -/usr/share/icons/Humanity/actions/32/*gnome* -/usr/share/icons/Humanity/actions/48/*gnome* -/usr/share/icons/Humanity/actions/64/*gnome* -/usr/share/icons/Humanity/animations/16/*gnome* -/usr/share/icons/Humanity/animations/22/*gnome* -/usr/share/icons/Humanity/animations/24/*gnome* -/usr/share/icons/Humanity/animations/32/*gnome* -/usr/share/icons/Humanity/apps/128/*gnome* -/usr/share/icons/Humanity/apps/16/*gnome* -/usr/share/icons/Humanity/apps/22/*gnome* -/usr/share/icons/Humanity/apps/24/*gnome* -/usr/share/icons/Humanity/apps/32/*gnome* -/usr/share/icons/Humanity/apps/48/*gnome* -/usr/share/icons/Humanity/apps/64/*gnome* -/usr/share/icons/Humanity/categories/16/*gnome* -/usr/share/icons/Humanity/categories/22/*gnome* -/usr/share/icons/Humanity/categories/24/*gnome* -/usr/share/icons/Humanity/categories/32/*gnome* -/usr/share/icons/Humanity/categories/48/*gnome* -/usr/share/icons/Humanity/categories/64/*gnome* -/usr/share/icons/Humanity-Dark/apps/16/*gnome* -/usr/share/icons/Humanity-Dark/apps/22/*gnome* -/usr/share/icons/Humanity-Dark/devices/22/*gnome* -/usr/share/icons/Humanity-Dark/devices/24/*gnome* -/usr/share/icons/Humanity-Dark/places/16/*gnome* -/usr/share/icons/Humanity-Dark/places/22/*gnome* -/usr/share/icons/Humanity-Dark/places/24/*gnome* -/usr/share/icons/Humanity-Dark/places/48/*gnome* -/usr/share/icons/Humanity-Dark/places/64/*gnome* -/usr/share/icons/Humanity-Dark/status/22/*gnome* -/usr/share/icons/Humanity-Dark/status/24/*gnome* -/usr/share/icons/Humanity/devices/128/*gnome* -/usr/share/icons/Humanity/devices/16/*gnome* -/usr/share/icons/Humanity/devices/22/*gnome* -/usr/share/icons/Humanity/devices/24/*gnome* -/usr/share/icons/Humanity/devices/32/*gnome* -/usr/share/icons/Humanity/devices/48/*gnome* -/usr/share/icons/Humanity/devices/64/*gnome* -/usr/share/icons/Humanity/mimes/128/*gnome* -/usr/share/icons/Humanity/mimes/16/*gnome* -/usr/share/icons/Humanity/mimes/22/*gnome* -/usr/share/icons/Humanity/mimes/24/*gnome* -/usr/share/icons/Humanity/mimes/32/*gnome* -/usr/share/icons/Humanity/mimes/48/*gnome* -/usr/share/icons/Humanity/mimes/64/*gnome* -/usr/share/icons/Humanity/places/128/*gnome* -/usr/share/icons/Humanity/places/16/*gnome* -/usr/share/icons/Humanity/places/22/*gnome* -/usr/share/icons/Humanity/places/24/*gnome* -/usr/share/icons/Humanity/places/32/*gnome* -/usr/share/icons/Humanity/places/48/*gnome* -/usr/share/icons/Humanity/places/64/*gnome* -/usr/share/icons/Humanity/status/128/*gnome* -/usr/share/icons/Humanity/status/16/*gnome* -/usr/share/icons/Humanity/status/22/*gnome* -/usr/share/icons/Humanity/status/24/*gnome* -/usr/share/icons/Humanity/status/32/*gnome* -/usr/share/icons/Humanity/status/48/*gnome* -/usr/share/icons/Humanity/status/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/22/*gnome* -/usr/share/icons/ubuntu-mono-light/places/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/32/*gnome* -/usr/share/icons/ubuntu-mono-light/places/48/*gnome* -/usr/share/icons/ubuntu-mono-light/places/64/*gnome* -/usr/share/icons/ubuntu-mono-light/status/16/*gnome* -/usr/share/icons/ubuntu-mono-light/status/22/*gnome* -/usr/share/icons/ubuntu-mono-light/status/24/*gnome* -/usr/share/notify-osd/icons/*gnome* ++ /usr/share/app-install/icons/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/16/*gnome* ++ /usr/share/icons/hicolor/24x24/apps/*gnome* ++ /usr/share/icons/hicolor/scalable/apps/*gnome* ++ /usr/share/icons/hicolor/16x16/apps/*gnome* ++ /usr/share/icons/hicolor/256x256/apps/*gnome* ++ /usr/share/icons/hicolor/22x22/apps/*gnome* ++ /usr/share/icons/hicolor/48x48/apps/*gnome* ++ /usr/share/icons/hicolor/32x32/apps/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* ++ /usr/share/icons/HighContrast/24x24/apps/*gnome* ++ /usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg ++ /usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png ++ /usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png ++ /usr/share/app-install/icons/*gnome* ++ /usr/share/icons/gnome/* ++ /usr/share/icons/Humanity/actions/128 ++ /usr/share/icons/Humanity/actions/16 ++ /usr/share/icons/Humanity/actions/22 ++ /usr/share/icons/Humanity/actions/24/*gnome* ++ /usr/share/icons/Humanity/actions/32/*gnome* ++ /usr/share/icons/Humanity/actions/48/*gnome* ++ /usr/share/icons/Humanity/actions/64/*gnome* ++ /usr/share/icons/Humanity/animations/16/*gnome* ++ /usr/share/icons/Humanity/animations/22/*gnome* ++ /usr/share/icons/Humanity/animations/24/*gnome* ++ /usr/share/icons/Humanity/animations/32/*gnome* ++ /usr/share/icons/Humanity/apps/128/*gnome* ++ /usr/share/icons/Humanity/apps/16/*gnome* ++ /usr/share/icons/Humanity/apps/22/*gnome* ++ /usr/share/icons/Humanity/apps/24/*gnome* ++ /usr/share/icons/Humanity/apps/32/*gnome* ++ /usr/share/icons/Humanity/apps/48/*gnome* ++ /usr/share/icons/Humanity/apps/64/*gnome* ++ /usr/share/icons/Humanity/categories/16/*gnome* ++ /usr/share/icons/Humanity/categories/22/*gnome* ++ /usr/share/icons/Humanity/categories/24/*gnome* ++ /usr/share/icons/Humanity/categories/32/*gnome* ++ /usr/share/icons/Humanity/categories/48/*gnome* ++ /usr/share/icons/Humanity/categories/64/*gnome* ++ /usr/share/icons/Humanity-Dark/apps/16/*gnome* ++ /usr/share/icons/Humanity-Dark/apps/22/*gnome* ++ /usr/share/icons/Humanity-Dark/devices/22/*gnome* ++ /usr/share/icons/Humanity-Dark/devices/24/*gnome* ++ /usr/share/icons/Humanity-Dark/places/16/*gnome* ++ /usr/share/icons/Humanity-Dark/places/22/*gnome* ++ /usr/share/icons/Humanity-Dark/places/24/*gnome* ++ /usr/share/icons/Humanity-Dark/places/48/*gnome* ++ /usr/share/icons/Humanity-Dark/places/64/*gnome* ++ /usr/share/icons/Humanity-Dark/status/22/*gnome* ++ /usr/share/icons/Humanity-Dark/status/24/*gnome* ++ /usr/share/icons/Humanity/devices/128/*gnome* ++ /usr/share/icons/Humanity/devices/16/*gnome* ++ /usr/share/icons/Humanity/devices/22/*gnome* ++ /usr/share/icons/Humanity/devices/24/*gnome* ++ /usr/share/icons/Humanity/devices/32/*gnome* ++ /usr/share/icons/Humanity/devices/48/*gnome* ++ /usr/share/icons/Humanity/devices/64/*gnome* ++ /usr/share/icons/Humanity/mimes/128/*gnome* ++ /usr/share/icons/Humanity/mimes/16/*gnome* ++ /usr/share/icons/Humanity/mimes/22/*gnome* ++ /usr/share/icons/Humanity/mimes/24/*gnome* ++ /usr/share/icons/Humanity/mimes/32/*gnome* ++ /usr/share/icons/Humanity/mimes/48/*gnome* ++ /usr/share/icons/Humanity/mimes/64/*gnome* ++ /usr/share/icons/Humanity/places/128/*gnome* ++ /usr/share/icons/Humanity/places/16/*gnome* ++ /usr/share/icons/Humanity/places/22/*gnome* ++ /usr/share/icons/Humanity/places/24/*gnome* ++ /usr/share/icons/Humanity/places/32/*gnome* ++ /usr/share/icons/Humanity/places/48/*gnome* ++ /usr/share/icons/Humanity/places/64/*gnome* ++ /usr/share/icons/Humanity/status/128/*gnome* ++ /usr/share/icons/Humanity/status/16/*gnome* ++ /usr/share/icons/Humanity/status/22/*gnome* ++ /usr/share/icons/Humanity/status/24/*gnome* ++ /usr/share/icons/Humanity/status/32/*gnome* ++ /usr/share/icons/Humanity/status/48/*gnome* ++ /usr/share/icons/Humanity/status/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/24/*gnome* ++ /usr/share/notify-osd/icons/*gnome* -- cgit v1.2.3-55-g7522 From bfffe952daaea241a753204d333fe698825c89d3 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:08:29 +0200 Subject: [blacklists] Sorry, forgot something: '+ ' in empty lines. --- server/blacklists/desktop-sessions/gnome/gnome-base | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index 98bf8d60..aec31026 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -11,14 +11,14 @@ + /etc/gnome + /etc/gnome-app-install + /etc/gnome-settings-daemon -+ + # files from /usr/bin: + /usr/bin/*gnome* -+ + # from package gnome-session: + /usr/share/gnome-session + /usr/share/doc -+ + # + from package gnome-session-bin: + /usr/share/GConf + /usr/share/glib-2.0 -- cgit v1.2.3-55-g7522 From 5ef291ccd91aff5cbe86f37b68b8f72139f22bbe Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 17:28:33 +0200 Subject: [pam-freiburg] nscd is not configured to cache hostnames, so don't patch nsswitch.conf to use it --- .../modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service index bbac775a..664f7dd7 100644 --- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service +++ b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service @@ -5,6 +5,6 @@ Before=graphical.target [Service] Type=oneshot ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap -ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/;s/^hosts:.*files/hosts:\t\tcache files/' /etc/nsswitch.conf +ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf ExecStart=/usr/bin/systemctl restart nscd -- cgit v1.2.3-55-g7522 From 35a5d92aba95ed1242ebf6a9eec71eb05864014c Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 18:13:35 +0200 Subject: [blacklists] gnome-base: nautilus-autostart for backgrounds etc., some other gnome-autostarts also. --- server/blacklists/desktop-sessions/gnome/gnome-base | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index aec31026..f760cfa4 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -4,8 +4,12 @@ + /etc/pam.d/gnome-* # transported from x-autostart/xdg-autostart: -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop +# (obsolete entries, left here to match comment in +# x-autostart/xdg-autostart), now matched in more 'x-autostart stuff'. + +# more x-autostart stuff: ++ /etc/xdg/autostart/*gnome* ++ /etc/xdg/autostart/nautilus-autostart.desktop # files from /etc: + /etc/gnome -- cgit v1.2.3-55-g7522 From 34528bacfa729d09fe33797a390f7261f74ac90d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 16 Sep 2013 16:54:15 +0200 Subject: [mltk] Added help entry for option -k (write config) --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index a36edc85..2032d7cf 100755 --- a/mltk +++ b/mltk @@ -80,6 +80,7 @@ print_usage() { echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" echo -e " server 1.2.3.4 addons-eexam -e addons (pack eexam-addons as squashfs)" + echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz) echo -e "" echo -e " Existing targets for remote are:" echo -e " $(echo $(ls ${ROOT_DIR}/remote/targets 2>/dev/null || echo "No targets for remote found."))" -- cgit v1.2.3-55-g7522 From ae89afb3e997c6f4d68a2db70806e1325d9d9905 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 16 Sep 2013 16:55:29 +0200 Subject: [mltk] fix --- mltk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mltk b/mltk index 2032d7cf..5d5ea80f 100755 --- a/mltk +++ b/mltk @@ -80,7 +80,7 @@ print_usage() { echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" echo -e " server 1.2.3.4 addons-eexam -e addons (pack eexam-addons as squashfs)" - echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz) + echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz)" echo -e "" echo -e " Existing targets for remote are:" echo -e " $(echo $(ls ${ROOT_DIR}/remote/targets 2>/dev/null || echo "No targets for remote found."))" -- cgit v1.2.3-55-g7522 From 775f5cb266a062057863cbf578426ee2409f117a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 17 Sep 2013 18:29:02 +0200 Subject: [nfs-mount] Dbus service reload for stage4 --- .../rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index 988dc3d7..b116c067 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -11,3 +11,5 @@ mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" "$MOUNTPOINT" || { echo echo "Appending $MOUNTPOINT to /" mount -o "remount,append:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } +# dbus reload needed eg. for gnome etc. and perhaps other service files which stage4 needs: +systemctl reload dbus.service -- cgit v1.2.3-55-g7522 From 6e54ced220d6452e1384c6dac48d52422b52df6e Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 17 Sep 2013 18:31:04 +0200 Subject: [blacklists] Remaining gnome stuff (Ubuntu) --- server/blacklists/desktop-sessions/gnome/gnome-base | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index f760cfa4..fd7b73d7 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -34,11 +34,27 @@ # gnome keyring libs: + /usr/lib/x86_64-linux-gnu/*gnome* - + /usr/lib/x86_64-linux-gnu/pkcs11 + /usr/lib/x86_64-linux-gnu/gio/modules + /usr/lib/x86_64-linux-gnu/libproxy/0.4.11/modules - + +# gnome seems to need accountdaemon for screensaver login +# (if not found 30sec timeout) +# + /usr/lib/systemd/system/accounts-daemon.service +# Suse version: ++ /usr/lib/accounts-daemon +# Ubuntu version: ++ /usr/lib/accountsservice/accounts-daemon + +# sonstiges für accountservice: ++ /etc/dbus-1/system.d/org.freedesktop.Accounts.conf ++ /usr/share/dbus-1/interfaces/org.freedesktop.Accounts.User.xml ++ /usr/share/dbus-1/interfaces/org.freedesktop.Accounts.xml ++ /usr/share/dbus-1/system-services/org.freedesktop.Accounts.service ++ /usr/share/polkit-1/actions/org.freedesktop.accounts.policy ++ /usr/share/language-tools + + + /usr/sbin/*gnome* + /usr/lib/libvte-2.90-9/*gnome* -- cgit v1.2.3-55-g7522 From 04752b838015524a7ee290ddc26bf9fcfc375581 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:05:15 +0200 Subject: [modprobe.d/50-mltk-blacklist.conf] Proposal for mltk-related module blacklists. Just an entry so far for Intel 82Q35 MEI controller, which spams syslogs under some 3.0 kernels. Entry is out-commented, as this is just a proposal. --- .../rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf diff --git a/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf b/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf new file mode 100644 index 00000000..7a01777c --- /dev/null +++ b/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf @@ -0,0 +1,5 @@ +# Blacklist for mltk related modules + +# Intel corporation 82Q35 Express MEI controller spams syslog under +# some 3.0 kernels +# blacklist mei -- cgit v1.2.3-55-g7522 From 1dd827fed88835dac71010ceb7c9d62f2df6d30b Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:21:03 +0200 Subject: [stage32-opensuse] Just some target links --- remote/targets/stage32-opensuse/consolekit | 1 + remote/targets/stage32-opensuse/dnbd3 | 1 + remote/targets/stage32-opensuse/polkit | 1 + remote/targets/stage32-opensuse/redsocks | 1 + remote/targets/stage32-opensuse/udisks | 1 + 5 files changed, 5 insertions(+) create mode 120000 remote/targets/stage32-opensuse/consolekit create mode 120000 remote/targets/stage32-opensuse/dnbd3 create mode 120000 remote/targets/stage32-opensuse/polkit create mode 120000 remote/targets/stage32-opensuse/redsocks create mode 120000 remote/targets/stage32-opensuse/udisks diff --git a/remote/targets/stage32-opensuse/consolekit b/remote/targets/stage32-opensuse/consolekit new file mode 120000 index 00000000..261968c7 --- /dev/null +++ b/remote/targets/stage32-opensuse/consolekit @@ -0,0 +1 @@ +../../modules/consolekit \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/dnbd3 b/remote/targets/stage32-opensuse/dnbd3 new file mode 120000 index 00000000..fa80b45c --- /dev/null +++ b/remote/targets/stage32-opensuse/dnbd3 @@ -0,0 +1 @@ +../../modules/dnbd3 \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/polkit b/remote/targets/stage32-opensuse/polkit new file mode 120000 index 00000000..0ad0b111 --- /dev/null +++ b/remote/targets/stage32-opensuse/polkit @@ -0,0 +1 @@ +../../modules/polkit \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/redsocks b/remote/targets/stage32-opensuse/redsocks new file mode 120000 index 00000000..0740c53b --- /dev/null +++ b/remote/targets/stage32-opensuse/redsocks @@ -0,0 +1 @@ +../../modules/redsocks \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/udisks b/remote/targets/stage32-opensuse/udisks new file mode 120000 index 00000000..06e7da5f --- /dev/null +++ b/remote/targets/stage32-opensuse/udisks @@ -0,0 +1 @@ +../../modules/udisks \ No newline at end of file -- cgit v1.2.3-55-g7522 From 1dc7370b14e27a9ebb1faf7e650d8dea6c879201 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:33:52 +0200 Subject: [polkit] polkit.build: +missing directory for opensuse --- remote/modules/polkit/polkit.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/polkit/polkit.build b/remote/modules/polkit/polkit.build index 151da8a8..10203209 100644 --- a/remote/modules/polkit/polkit.build +++ b/remote/modules/polkit/polkit.build @@ -12,7 +12,7 @@ build () { tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" local POLPATH=$(find "$MODULE_BUILD_DIR" -name polkitd -executable | head -n 1) POLPATH="/${POLPATH#$MODULE_BUILD_DIR}" - mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" "$MODULE_BUILD_DIR/var/lib/polkit" sed "s,%POLKITD%,${POLPATH},g" "templates/systemd.service" > "$MODULE_BUILD_DIR/etc/systemd/system/polkit.service" || perror "Could not generate polkit.service for systemd" sed "s,%POLKITD%,${POLPATH},g" "templates/dbus.service" > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service" || perror "Could not generate polkit.service for dbus" } -- cgit v1.2.3-55-g7522 From 6509b9cf7be01188dacb410383da9c21dbea49e0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:05:07 +0200 Subject: [dbus] Create systemd service using a template instead of grabbing from running system Also remove the ugly hack that moves /lib/systemd to /etc/systemd; this would only help mixing systemd service files from the running system with our own -- trouble ahead! Warn if /lib/systemd exists in the target build dir. --- .../dbus/data/etc/systemd/system/dbus.socket | 5 +++++ remote/modules/dbus/dbus.build | 21 ++++++++++++++++++--- remote/modules/dbus/templates/dbus.service | 11 +++++++++++ remote/setup_target | 11 +++++------ 4 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 remote/modules/dbus/data/etc/systemd/system/dbus.socket create mode 100644 remote/modules/dbus/templates/dbus.service diff --git a/remote/modules/dbus/data/etc/systemd/system/dbus.socket b/remote/modules/dbus/data/etc/systemd/system/dbus.socket new file mode 100644 index 00000000..5c373cf4 --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/dbus.socket @@ -0,0 +1,5 @@ +[Unit] +Description=D-Bus System Message Bus Socket + +[Socket] +ListenStream=/run/dbus/system_bus_socket diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index bcab63b0..81c849fb 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -7,11 +7,26 @@ fetch_source() { build() { COPYLIST="list_dpkg_output" [ -e "${COPYLIST}" ] && rm "${COPYLIST}" - - list_packet_files >> "${COPYLIST}" + + list_packet_files >> "${COPYLIST}" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" - + + # Generate systemd files + mkdir "$MODULE_BUILD_DIR/etc/systemd/system" + local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) + local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) + UUIDGEN="${UUIDGEN#$MODULE_BUILD_DIR}" + DAEMON="${DAEMON#$MODULE_BUILD_DIR}" + SEND="${SEND#$MODULE_BUILD_DIR}" + [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" + [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" + [ -z "$SEND" ] && perror "Could not determine dbus-send location" + sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g" "templates/dbus.service" \ + > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ + || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } post_copy() { : } + diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service new file mode 100644 index 00000000..b6e05271 --- /dev/null +++ b/remote/modules/dbus/templates/dbus.service @@ -0,0 +1,11 @@ +[Unit] +Description=D-Bus System Message Bus +Requires=dbus.socket +After=syslog.target + +[Service] +ExecStartPre=%UUIDGEN% --ensure +ExecStartPre=-/bin/rm -f /run/dbus/pid +ExecStart=%DAEMON% --system --address=systemd: --nofork --activation=systemd +ExecReload=%SEND% --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig +OOMScoreAdjust=-900 diff --git a/remote/setup_target b/remote/setup_target index 04af2158..00a182f3 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -358,13 +358,12 @@ process_module() { post_process_target() { local TOOL_STR="$TOOL_STR post_process_target:" - # move systemd files from /lib to /etc/lib - pinfo "move systemd files from /lib/systemd to /etc/systemd" if [ -d "${TARGET_BUILD_DIR}/lib/systemd" ]; then - cd "${TARGET_BUILD_DIR}/lib" - tarcopy "systemd" "${TARGET_BUILD_DIR}/etc" - cd - &> /dev/null - rm -r "${TARGET_BUILD_DIR}/lib/systemd" + pwarning "/lib/systemd exists in the generated target. It is not advisable to fetch existing" + pwarning "systemd service files from the template system, as it might conflict with generated" + pwarning "ones. In fact, some systems don't even use systemd so there might be no existing" + pwarning "service files. Please generate your own service file and place it in /etc/systemd." + pwarning "All files in /lib/systemd will be ignored." fi # figure out all relevant ld-paths -- cgit v1.2.3-55-g7522 From 8c59ff141bd129206144e7db366b5c68e0e512dd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:09:33 +0200 Subject: [dbus] Fix mkdir, remove /lib/systemd from required directories --- remote/modules/dbus/dbus.build | 2 +- remote/modules/dbus/dbus.conf.opensuse | 5 +---- remote/modules/dbus/dbus.conf.ubuntu | 4 +--- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index 81c849fb..beb557b4 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -12,7 +12,7 @@ build() { tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" # Generate systemd files - mkdir "$MODULE_BUILD_DIR/etc/systemd/system" + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) diff --git a/remote/modules/dbus/dbus.conf.opensuse b/remote/modules/dbus/dbus.conf.opensuse index 93610f62..9bc514e2 100644 --- a/remote/modules/dbus/dbus.conf.opensuse +++ b/remote/modules/dbus/dbus.conf.opensuse @@ -1,7 +1,4 @@ REQUIRED_CONTENT_PACKAGES=" dbus-1 " -REQUIRED_DIRECTORIES+=" - /usr/lib/systemd -" -REQUIRED_FILES="" + diff --git a/remote/modules/dbus/dbus.conf.ubuntu b/remote/modules/dbus/dbus.conf.ubuntu index d007c2ef..9f302876 100644 --- a/remote/modules/dbus/dbus.conf.ubuntu +++ b/remote/modules/dbus/dbus.conf.ubuntu @@ -1,9 +1,7 @@ REQUIRED_CONTENT_PACKAGES=" dbus " -REQUIRED_DIRECTORIES+=" - /lib/systemd -" REQUIRED_FILES=" /etc/default/dbus " + -- cgit v1.2.3-55-g7522 From e6548a4e94c4a47d47ec02b05e4f63791d9562b7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:14:12 +0200 Subject: [dbus] Missed *.wants --- .../dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service | 1 + .../dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket | 1 + remote/modules/dbus/dbus.build | 2 +- remote/modules/dbus/templates/dbus.service | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) create mode 120000 remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service create mode 120000 remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket diff --git a/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service b/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service new file mode 120000 index 00000000..224df24b --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service @@ -0,0 +1 @@ +../dbus.service \ No newline at end of file diff --git a/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket b/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket new file mode 120000 index 00000000..fe02d162 --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket @@ -0,0 +1 @@ +../dbus.socket \ No newline at end of file diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index beb557b4..7b7e472c 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -22,7 +22,7 @@ build() { [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" [ -z "$SEND" ] && perror "Could not determine dbus-send location" - sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g" "templates/dbus.service" \ + sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,/$DAEMON,g;s,%SEND%,/$SEND,g" "templates/dbus.service" \ > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service index b6e05271..a49d8f0f 100644 --- a/remote/modules/dbus/templates/dbus.service +++ b/remote/modules/dbus/templates/dbus.service @@ -1,5 +1,6 @@ [Unit] Description=D-Bus System Message Bus +Wants=dbus.socket Requires=dbus.socket After=syslog.target -- cgit v1.2.3-55-g7522 From b610610d6689b6f6d8c1df5a11fdfff85e054453 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:16:24 +0200 Subject: [debug] Remove non existent binary --- remote/modules/debug/debug.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 82a741fe..66f90011 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,7 +12,6 @@ REQUIRED_BINARIES=" su file @htop - logger @tcpdump getfacl " -- cgit v1.2.3-55-g7522 From ae5b79ddaf0dfca1199db85ca4f208c843498464 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:17:26 +0200 Subject: ...better yet, make it optional --- remote/modules/debug/debug.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 66f90011..71006514 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,6 +12,7 @@ REQUIRED_BINARIES=" su file @htop + @logger @tcpdump getfacl " -- cgit v1.2.3-55-g7522 From 6c2d70ce4a721a6432aa3ad6c68baa5d48bbaf8d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 15:45:42 +0200 Subject: [blacklists] Modifications for accounts-daemon.service --- server/blacklists/desktop-sessions/gnome/gnome-base | 4 +++- server/blacklists/essential/linux-extended | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index fd7b73d7..b5e25eee 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -40,7 +40,9 @@ # gnome seems to need accountdaemon for screensaver login # (if not found 30sec timeout) -# + /usr/lib/systemd/system/accounts-daemon.service ++ /usr/lib/systemd/ ++ /usr/lib/systemd/system/ ++ /usr/lib/systemd/system/accounts-daemon.service # Suse version: + /usr/lib/accounts-daemon # Ubuntu version: diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended index ab39fda0..54f500ed 100644 --- a/server/blacklists/essential/linux-extended +++ b/server/blacklists/essential/linux-extended @@ -8,6 +8,7 @@ - /usr/share/upstart - /lib/systemd - /usr/lib/systemd +- /usr/lib/systemd/** - /etc/systemd - /var/lib/NetworkManager -- cgit v1.2.3-55-g7522 From 9b46a91b836e5a0aae6772ece7c295fcc4bbe302 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:08:48 +0200 Subject: [setup_target] Actually CHECK IF A REQUIRED LIBRARY IS THERE! --- remote/setup_target | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/remote/setup_target b/remote/setup_target index 00a182f3..2f4d6e37 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -178,11 +178,11 @@ copy_files_with_deps () { done done - [ ! -z "${REQUIRED_LIBRARIES}" ] && pinfo "Gathering required libraries from config file..." - for LIB in ${REQUIRED_LIBRARIES} - do - for LOCATION in $(find . -name ${LIB}.so\*) - do + [ ! -z "$REQUIRED_LIBRARIES" ] && pinfo "Gathering required libraries from config file..." + for LIB in $REQUIRED_LIBRARIES; do + FILE_CANDIDATES=$(find . -name "${LIB}.so*") + [ -z "$FILE_CANDIDATES" ] && perror "Cannot find required library $LIB" + for LOCATION in $FILE_CANDIDATES; do pdebug "* $LOCATION" strip "$LOCATION" || pwarning "Could not strip '${LOCATION}'" get_link_chain "${MODULE_BUILD_DIR}/${LOCATION}" "${MODULE_BUILD_DIR}" >> "${COPYFILES_LIST}" -- cgit v1.2.3-55-g7522 From e2b3ddfd5117da5a9907b1cbd5284a568c373942 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:42:52 +0200 Subject: Make sure pam_ck_connector is required by and included in the consolekit module on all platforms (Previously it was in consolekit on suse and pam on ubuntu... -.-) --- remote/modules/consolekit/consolekit.build | 10 +++++++++- remote/modules/consolekit/consolekit.conf | 10 +++++++--- remote/modules/consolekit/consolekit.conf.debian | 6 +++++- remote/modules/consolekit/consolekit.conf.ubuntu | 6 +++++- remote/modules/consolekit/templates/consolekit.dbus.service | 6 ++++++ remote/modules/consolekit/templates/consolekit.systemd.service | 9 +++++++++ remote/modules/pam/pam.conf.ubuntu | 1 - remote/setup_target | 2 +- 8 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 remote/modules/consolekit/templates/consolekit.dbus.service create mode 100644 remote/modules/consolekit/templates/consolekit.systemd.service diff --git a/remote/modules/consolekit/consolekit.build b/remote/modules/consolekit/consolekit.build index ac31f9ed..0c63ec6b 100644 --- a/remote/modules/consolekit/consolekit.build +++ b/remote/modules/consolekit/consolekit.build @@ -10,11 +10,19 @@ build() { list_packet_files >> "${COPYLIST}" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" - + # Systemd/dbus + mkdir -p "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" "$MODULE_BUILD_DIR/etc/systemd/system" + local DAEMON=$(find "$MODULE_BUILD_DIR" -name console-kit-daemon -executable | head -n 1) + DAEMON="${DAEMON#$MODULE_BUILD_DIR}" + [ -z "$DAEMON" ] && perror "Could not find console-kit-daemon binary" + sed "s,%DAEMON%,/$DAEMON,g" "templates/consolekit.systemd.service" > "$MODULE_BUILD_DIR/etc/systemd/system/console-kit-daemon.service" || perror "Could not generate systemd service" + sed "s,%DAEMON%,/$DAEMON,g" "templates/consolekit.dbus.service" > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service" || perror "Could not generate dbus service" } + post_copy() { mkdir -p "${TARGET_BUILD_DIR}/usr/lib/ConsoleKit/run-seat.d" mkdir -p "${TARGET_BUILD_DIR}/etc/ConsoleKit/run-seat.d" mkdir -p "${TARGET_BUILD_DIR}/etc/ConsoleKit/run-session.d" mkdir -p "${TARGET_BUILD_DIR}/var/log/ConsoleKit" } + diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index 91fc6dc2..b84bf697 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -1,12 +1,16 @@ REQUIRED_BINARIES=" console-kit-daemon + ck-history + ck-launch-session + ck-list-sessions " REQUIRED_DIRECTORIES=" - /usr - /etc - /$LIB64 + /etc/ConsoleKit + /etc/dbus-1 + /usr/share " REQUIRED_LIBRARIES=" pam_ck_connector + libck-connector " diff --git a/remote/modules/consolekit/consolekit.conf.debian b/remote/modules/consolekit/consolekit.conf.debian index c0fffffa..0171868a 100644 --- a/remote/modules/consolekit/consolekit.conf.debian +++ b/remote/modules/consolekit/consolekit.conf.debian @@ -1,2 +1,6 @@ -REQUIRED_CONTENT_PACKAGES="consolekit" +REQUIRED_CONTENT_PACKAGES=" + consolekit + libpam-ck-connector +" + diff --git a/remote/modules/consolekit/consolekit.conf.ubuntu b/remote/modules/consolekit/consolekit.conf.ubuntu index c0fffffa..3b160bc9 100644 --- a/remote/modules/consolekit/consolekit.conf.ubuntu +++ b/remote/modules/consolekit/consolekit.conf.ubuntu @@ -1,2 +1,6 @@ -REQUIRED_CONTENT_PACKAGES="consolekit" +REQUIRED_CONTENT_PACKAGES=" + consolekit + libpam-ck-connector + libck-connector0 +" diff --git a/remote/modules/consolekit/templates/consolekit.dbus.service b/remote/modules/consolekit/templates/consolekit.dbus.service new file mode 100644 index 00000000..5720e4cf --- /dev/null +++ b/remote/modules/consolekit/templates/consolekit.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.ConsoleKit +Exec=%DAEMON% --no-daemon +User=root +SystemdService=console-kit-daemon.service + diff --git a/remote/modules/consolekit/templates/consolekit.systemd.service b/remote/modules/consolekit/templates/consolekit.systemd.service new file mode 100644 index 00000000..f86158cc --- /dev/null +++ b/remote/modules/consolekit/templates/consolekit.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=ConsoleKit (Legacy) +After=syslog.target + +[Service] +Type=dbus +BusName=org.freedesktop.ConsoleKit +ExecStart=%DAEMON% --no-daemon + diff --git a/remote/modules/pam/pam.conf.ubuntu b/remote/modules/pam/pam.conf.ubuntu index c1516e13..fe034225 100644 --- a/remote/modules/pam/pam.conf.ubuntu +++ b/remote/modules/pam/pam.conf.ubuntu @@ -14,7 +14,6 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libpam0g libpam-modules - libpam-ck-connector libpam-cap libldap-2.4-2 libpam-ldap diff --git a/remote/setup_target b/remote/setup_target index 2f4d6e37..dc8bd151 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -338,7 +338,7 @@ process_module() { [ -d "${TARGET_BUILD_DIR}" ] && TARGET_BUILD_SIZE=$(du -bc "${TARGET_BUILD_DIR}" | awk 'END {print $1}') || TARGET_BUILD_SIZE=0 pinfo "## Copying files with dependencies" copy_files_with_deps - pinfo "## Copying required system files" + pinfo "## Copying required system files" # REQUIRED_SYSTEM_FILES copy_system_files pinfo "## Copying static module files" copy_static_data -- cgit v1.2.3-55-g7522 From d79cee2a60ba1c0e48b0d05a04eba44c832b2121 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:53:14 +0200 Subject: [rootfs-stage32] Remove libau because it's not there and I have no clue what it is --- remote/rootfs/rootfs-stage32/rootfs-stage32.conf | 472 ++++++++++++----------- 1 file changed, 240 insertions(+), 232 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf index 5c453397..1dd76e68 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf @@ -1,236 +1,244 @@ -REQUIRED_MODULES=" kernel" +REQUIRED_MODULES=" + kernel +" REQUIRED_BINARIES=" - bash - more - less - agetty - cat - false - loadkeys - setfont - login - sulogin - mount - umount - mount.nfs4 - umount.nfs4 - fdisk - mkfs.xfs - rm - blkid - modprobe - ps - scp - ssh - tput - xterm - xvidtune - bc - dirname - mkdosfs - iptables - ntpdate - rdns - find + bash + more + less + agetty + cat + false + loadkeys + setfont + login + sulogin + mount + umount + mount.nfs4 + umount.nfs4 + fdisk + mkfs.xfs + rm + blkid + modprobe + ps + scp + ssh + tput + xterm + xvidtune + bc + dirname + mkdosfs + iptables + ntpdate + rdns + find +" +REQUIRED_LIBRARIES=" + libcap + libcidn + libcom_err + libcrypt + libcrypto + libnsl + libnss_compat + libnss_dns + libnss_files + libnss_hesiod + libnss_nis + libnss_nisplus + libnss_mdns + libpam + libutil + libtinfo + libresolv " -REQUIRED_LIBRARIES=" libcap - libcidn - libcom_err - libcrypt - libcrypto - libnsl - libnss_compat - libnss_dns - libnss_files - libnss_hesiod - libnss_nis - libnss_nisplus - libnss_mdns - libpam - libutil - libtinfo - libresolv - libau" REQUIRED_FILES=" - /etc/inputrc - /etc/localtime - /etc/login.defs - /etc/securetty - /etc/protocols - /etc/services - /etc/networks - /etc/netconfig - /etc/fonts/fonts.conf + /etc/inputrc + /etc/localtime + /etc/login.defs + /etc/securetty + /etc/protocols + /etc/services + /etc/networks + /etc/netconfig + /etc/fonts/fonts.conf +" +REQUIRED_KERNEL_MODULES=" + kernel/drivers/cpufreq + kernel/drivers/memstick + kernel/drivers/mfd + kernel/drivers/gpio + kernel/drivers/block + kernel/drivers/uwb + kernel/drivers/w1 + kernel/drivers/regulator + kernel/drivers/leds + kernel/drivers/firmware + kernel/drivers/watchdog + kernel/drivers/media/rc + kernel/drivers/media/video + kernel/drivers/media/common + kernel/drivers/mmc + kernel/drivers/staging + kernel/drivers/firewire + kernel/drivers/bluetooth + kernel/drivers/power + kernel/drivers/video + kernel/drivers/uio + kernel/drivers/md + kernel/drivers/virtio + kernel/drivers/pci + kernel/drivers/acpi + kernel/drivers/input + kernel/drivers/ssb + kernel/drivers/spi + kernel/drivers/crypto + kernel/drivers/bcma + kernel/drivers/nfc + kernel/drivers/usb + kernel/drivers/char + kernel/drivers/vhost + kernel/drivers/i2c + kernel/drivers/ata + kernel/drivers/tty + kernel/drivers/parport + kernel/drivers/misc + kernel/drivers/scsi + kernel/drivers/auxdisplay + kernel/drivers/target + kernel/drivers/dca + kernel/drivers/dma + kernel/drivers/rtc + kernel/drivers/pps + kernel/drivers/hid + kernel/drivers/atm + kernel/drivers/platform + kernel/drivers/edac + kernel/drivers/hv + kernel/drivers/idle + kernel/drivers/xen + kernel/ubuntu/aufs + kernel/arch + kernel/lib + kernel/fs + kernel/crypto + kernel/net + kernel/sound + kernel/fs/autofs4/autofs4 +" +REQUIRED_FIRMWARE=" + 3com + acenic + adaptec + advansys + ar3k + asihpi + av7110 + bnx2 + bnx2x + brcm + cis + cpia2 + cxgb3 + cxgb4 + dabusb + dsp56k + e100 + ea + edgeport + emi26 + emi62 + ene-ub6250 + ess + hp + isci + kaweth + keyspan + keyspan_pda + korg + libertas + matrox + mrvl + mwl8k + ositech + r128 + radeon + RTL8192E + RTL8192SE + rtl_nic + sb16 + scripts + slicoss + sun + sxg + tehuti + ti-connectivity + tigon + ttusb-budget + ueagle-atm + usbdux + vicam + vxge + yam + yamaha + agere_ap_fw.bin + agere_sta_fw.bin + aic94xx-seq.fw + ath3k-1.fw + atmel_at76c502_3com.bin + atmel_at76c502.bin + atmel_at76c502d.bin + atmel_at76c502e.bin + atmel_at76c504_2958.bin + atmel_at76c504a_2958.bin + atmel_at76c504.bin + atmel_at76c506.bin + atmsar11.fw + carl9170-1.fw + f2255usb.bin + GPL-3 + htc_7010.fw + htc_9271.fw + i2400m-fw-usb-1.4.sbcf + i2400m-fw-usb-1.5.sbcf + i6050-fw-usb-1.5.sbcf + intelliport2.bin + lbtf_usb.bin + lgs8g75.fw + mts_cdma.fw + mts_edge.fw + mts_gsm.fw + mts_mt9234mu.fw + mts_mt9234zba.fw + mwl8335_duplex.fw + NPE-B + NPE-C + phanfw.bin + rt2561.bin + rt2561s.bin + rt2661.bin + rt2860.bin + rt2870.bin + rt3070.bin + rt3071.bin + rt3090.bin + rt73.bin + s2250.fw + s2250_loader.fw + TDA7706_OM_v2.5.1_boot.txt + TDA7706_OM_v3.0.2_boot.txt + ti_3410.fw + ti_5052.fw + tlg2300_firmware.bin + tr_smctr.bin + usbduxfast_firmware.bin + usbdux_firmware.bin + usbduxsigma_firmware.bin + vntwusb.fw + WHENCE.ubuntu + whiteheat.fw + whiteheat_loader.fw " -REQUIRED_KERNEL_MODULES=" kernel/drivers/cpufreq - kernel/drivers/memstick - kernel/drivers/mfd - kernel/drivers/gpio - kernel/drivers/block - kernel/drivers/uwb - kernel/drivers/w1 - kernel/drivers/regulator - kernel/drivers/leds - kernel/drivers/firmware - kernel/drivers/watchdog - kernel/drivers/media/rc - kernel/drivers/media/video - kernel/drivers/media/common - kernel/drivers/mmc - kernel/drivers/staging - kernel/drivers/firewire - kernel/drivers/bluetooth - kernel/drivers/power - kernel/drivers/video - kernel/drivers/uio - kernel/drivers/md - kernel/drivers/virtio - kernel/drivers/pci - kernel/drivers/acpi - kernel/drivers/input - kernel/drivers/ssb - kernel/drivers/spi - kernel/drivers/crypto - kernel/drivers/bcma - kernel/drivers/nfc - kernel/drivers/usb - kernel/drivers/char - kernel/drivers/vhost - kernel/drivers/i2c - kernel/drivers/ata - kernel/drivers/tty - kernel/drivers/parport - kernel/drivers/misc - kernel/drivers/scsi - kernel/drivers/auxdisplay - kernel/drivers/target - kernel/drivers/dca - kernel/drivers/dma - kernel/drivers/rtc - kernel/drivers/pps - kernel/drivers/hid - kernel/drivers/atm - kernel/drivers/platform - kernel/drivers/edac - kernel/drivers/hv - kernel/drivers/idle - kernel/drivers/xen - kernel/ubuntu/aufs - kernel/arch - kernel/lib - kernel/fs - kernel/crypto - kernel/net - kernel/sound - kernel/fs/autofs4/autofs4" -REQUIRED_FIRMWARE=" 3com - acenic - adaptec - advansys - ar3k - asihpi - av7110 - bnx2 - bnx2x - brcm - cis - cpia2 - cxgb3 - cxgb4 - dabusb - dsp56k - e100 - ea - edgeport - emi26 - emi62 - ene-ub6250 - ess - hp - isci - kaweth - keyspan - keyspan_pda - korg - libertas - matrox - mrvl - mwl8k - ositech - r128 - radeon - RTL8192E - RTL8192SE - rtl_nic - sb16 - scripts - slicoss - sun - sxg - tehuti - ti-connectivity - tigon - ttusb-budget - ueagle-atm - usbdux - vicam - vxge - yam - yamaha - agere_ap_fw.bin - agere_sta_fw.bin - aic94xx-seq.fw - ath3k-1.fw - atmel_at76c502_3com.bin - atmel_at76c502.bin - atmel_at76c502d.bin - atmel_at76c502e.bin - atmel_at76c504_2958.bin - atmel_at76c504a_2958.bin - atmel_at76c504.bin - atmel_at76c506.bin - atmsar11.fw - carl9170-1.fw - f2255usb.bin - GPL-3 - htc_7010.fw - htc_9271.fw - i2400m-fw-usb-1.4.sbcf - i2400m-fw-usb-1.5.sbcf - i6050-fw-usb-1.5.sbcf - intelliport2.bin - lbtf_usb.bin - lgs8g75.fw - mts_cdma.fw - mts_edge.fw - mts_gsm.fw - mts_mt9234mu.fw - mts_mt9234zba.fw - mwl8335_duplex.fw - NPE-B - NPE-C - phanfw.bin - rt2561.bin - rt2561s.bin - rt2661.bin - rt2860.bin - rt2870.bin - rt3070.bin - rt3071.bin - rt3090.bin - rt73.bin - s2250.fw - s2250_loader.fw - TDA7706_OM_v2.5.1_boot.txt - TDA7706_OM_v3.0.2_boot.txt - ti_3410.fw - ti_5052.fw - tlg2300_firmware.bin - tr_smctr.bin - usbduxfast_firmware.bin - usbdux_firmware.bin - usbduxsigma_firmware.bin - vntwusb.fw - WHENCE.ubuntu - whiteheat.fw - whiteheat_loader.fw" + -- cgit v1.2.3-55-g7522 From fbc6e8a10abb301e2b92a9c491f9a777eb3d8c71 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:54:58 +0200 Subject: [rootfs-stage32] Tweak startup order (systemd) --- .../rootfs-stage32/data/etc/systemd/system/setup-partitions.service | 3 ++- .../rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service | 1 + .../data/opt/openslx/scripts/systemd-setup_slx_addons | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service index 4e663d56..df075922 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service @@ -1,7 +1,8 @@ [Unit] Description=Setup local disk partitions (tmp, swap) DefaultDependencies=no -Before=sysinit.target shutdown.target +Before=sysinit.target +After=systemd-udev-trigger.service Wants=sysinit.target [Service] diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service index 20909813..d7ec53c2 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service @@ -1,5 +1,6 @@ [Unit] Description=Setup SLX addon %i +DefaultDependencies=no [Service] Type=oneshot diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons index 661beac4..b5e2040b 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons @@ -41,9 +41,9 @@ mkdir -p "$SYS_TMP" || { echo "Failed to create $SYS_TMP"; exit 1; } # NO ARGUMENTS -> LOOP OVER ALL ADDONS # -if [ $# == 0 ]; then +if [ $# -eq 0 ]; then for ADDON in ${SLX_ADDONS}; do - systemctl start setup-slx-addon@$ADDON + systemctl start "setup-slx-addon@$ADDON" & done fi @@ -52,7 +52,7 @@ fi # WITH ARGUMENTS -> SETUP ADDON # -if [ $# == 1 ]; then +if [ $# -eq 1 ]; then ADDON="$1" # sanity check -- cgit v1.2.3-55-g7522 From 41cc2a57138c22e1a3833c52670dc69cadc125b1 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 17:02:51 +0200 Subject: [dbus] Add missing systemd service file --- remote/modules/dbus/dbus.conf | 18 +++++++++++------- remote/modules/dbus/dbus.conf.ubuntu | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/remote/modules/dbus/dbus.conf b/remote/modules/dbus/dbus.conf index 64457541..40f8a53d 100644 --- a/remote/modules/dbus/dbus.conf +++ b/remote/modules/dbus/dbus.conf @@ -1,11 +1,15 @@ REQUIRED_BINARIES=" - dbus-cleanup-sockets - dbus-daemon - dbus-uuidgen - dbus-monitor - dbus-send - dbus-daemon-launch-helper + dbus-cleanup-sockets + dbus-daemon + dbus-uuidgen + dbus-monitor + dbus-send + dbus-daemon-launch-helper " REQUIRED_DIRECTORIES=" - /etc/dbus-1 + /etc/dbus-1 " +REQUIRED_FILES=" + /etc/systemd/system/dbus.service +" + diff --git a/remote/modules/dbus/dbus.conf.ubuntu b/remote/modules/dbus/dbus.conf.ubuntu index 9f302876..558eea7f 100644 --- a/remote/modules/dbus/dbus.conf.ubuntu +++ b/remote/modules/dbus/dbus.conf.ubuntu @@ -1,7 +1,7 @@ REQUIRED_CONTENT_PACKAGES=" dbus " -REQUIRED_FILES=" +REQUIRED_FILES+=" /etc/default/dbus " -- cgit v1.2.3-55-g7522 From 7c7f4d6b934a3c8cf71de010c3b8939289c64214 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 18:42:14 +0200 Subject: [dbus] dbus parameters changed over time. Try to get them right --- remote/modules/dbus/dbus.build | 45 +++++++++++++++++++++++++----- remote/modules/dbus/templates/dbus.service | 7 +++-- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index 7b7e472c..c5b2d353 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -13,20 +13,51 @@ build() { # Generate systemd files mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" - local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + # This is ugly, as the command line arguments changed over time. Try to do the right thing (whatever that is) + # Need to run dbus-uuidgen first? + local UUIDGEN="# This line intentionally left blank" + if files_contain "ExecStartPre.*uuidgen" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" + UUIDGEN="ExecStartPre=/${UUIDGEN#$MODULE_BUILD_DIR} --ensure" + fi + # Figure out daemon location local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) - local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) - UUIDGEN="${UUIDGEN#$MODULE_BUILD_DIR}" - DAEMON="${DAEMON#$MODULE_BUILD_DIR}" - SEND="${SEND#$MODULE_BUILD_DIR}" - [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" + DAEMON="/${DAEMON#$MODULE_BUILD_DIR}" + local DAEMON_ARGS="" + # Daemon arguments + if files_contain "dbus-daemon.*nopidfile" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --nopidfile" + fi + if files_contain "dbus-daemon.*activation=systemd" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --activation=systemd" + fi + if files_contain "dbus-daemon.*systemd-activation" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --systemd-activation" + fi + # dbus-send location + local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) [ -z "$SEND" ] && perror "Could not determine dbus-send location" - sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,/$DAEMON,g;s,%SEND%,/$SEND,g" "templates/dbus.service" \ + SEND="/${SEND#$MODULE_BUILD_DIR}" + sed "s,%UUIDGEN%,$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g;s,%DAEMON_ARGS%,$DAEMON_ARGS,g" "templates/dbus.service" \ > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } + post_copy() { : } +files_contain () { + [ $# -lt 2 ] && perror "files_contain needs at least 2 arguments (pattern, file)" + local PATTERN="$1" + shift + local FILE + for FILE in $@; do + [ -e "$FILE" ] || continue + grep -q "$PATTERN" "$FILE" && return 0 # Found + done + return 1 +} + diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service index a49d8f0f..00b721f2 100644 --- a/remote/modules/dbus/templates/dbus.service +++ b/remote/modules/dbus/templates/dbus.service @@ -5,8 +5,9 @@ Requires=dbus.socket After=syslog.target [Service] -ExecStartPre=%UUIDGEN% --ensure -ExecStartPre=-/bin/rm -f /run/dbus/pid -ExecStart=%DAEMON% --system --address=systemd: --nofork --activation=systemd +%UUIDGEN% +ExecStartPre=-/bin/rm -f /var/run/dbus/pid +ExecStart=%DAEMON% --system --address=systemd: --nofork %DAEMON_ARGS% ExecReload=%SEND% --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig OOMScoreAdjust=-900 + -- cgit v1.2.3-55-g7522 From 82df5e0ce257dbcbb56a7bf7a0ee80ad17caba91 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 18:52:41 +0200 Subject: [debug] Fix service type of udevd-logger --- remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service index d834292f..387defde 100644 --- a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service +++ b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service @@ -4,5 +4,5 @@ DefaultDependencies=no IgnoreOnIsolate=yes [Service] -Type=oneshot ExecStart=/opt/openslx/scripts/systemd-debug_udevd_logger + -- cgit v1.2.3-55-g7522 From d793540a53a8f45016dedaf66e3063096b1e5eb9 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 15:19:16 +0200 Subject: [mltk] add comments about needed package to use mltk. TODO make it install automaticly --- mltk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mltk b/mltk index 5d5ea80f..2ba63fc4 100755 --- a/mltk +++ b/mltk @@ -98,6 +98,10 @@ check_devtools() { for i in $DEVTOOLS; do which "$i" 2>/dev/null 1>&2 || { echo "Essential development tool $i not found - exiting."; exit 1; } done + + # TODO make the script install the dev-stuff automaticly. + # Ubuntu: 'build-essential', 'm4', 'squashfs-tools' + # OpenSUSE: ??? } initial_checks() { -- cgit v1.2.3-55-g7522 From 776bdc66d20ab811b2cdaeffd6a337c3f1402d4d Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 16:01:56 +0200 Subject: [consolekit] added back missing folder, fixes error msg upon login --- remote/modules/consolekit/consolekit.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index b84bf697..e27b15e6 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -7,6 +7,7 @@ REQUIRED_BINARIES=" REQUIRED_DIRECTORIES=" /etc/ConsoleKit /etc/dbus-1 + /usr/lib/ConsoleKit /usr/share " REQUIRED_LIBRARIES=" -- cgit v1.2.3-55-g7522 From 99ffc4dbc445c1456cc4fd4f7b163d647314588a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 20 Sep 2013 16:31:08 +0200 Subject: [rootfs-stage32] buildscript and conf file updated for openSuse --- remote/rootfs/rootfs-stage32/rootfs-stage32.build | 3 ++- remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.build b/remote/rootfs/rootfs-stage32/rootfs-stage32.build index 02f238de..94642a8c 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.build +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.build @@ -33,7 +33,8 @@ build() { pinfo "Searching libraries from config file in system... (could take some time)" for LIB in ${REQUIRED_LIBRARIES} do - for LIB_LOCATION in $(find /lib/ -name "${LIB}.so*") + # lib + lib64: Ugly hack, will be replaced by a better solution + for LIB_LOCATION in $(find /lib/ /lib64/ -name "${LIB}.so*") do get_link_chain "${LIB_LOCATION}" >> "${FILELIST}" done diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse index bd9b7562..316cb5e4 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse @@ -3,9 +3,11 @@ REQUIRED_INSTALLED_PACKAGES=" xfsprogs squashfs timezone + libcap2 " REQUIRED_CONTENT_PACKAGES=" timezone + libcap2 " REQUIRED_DIRECTORIES=" /usr/$LIB64/xtables -- cgit v1.2.3-55-g7522 From db126b3c9761b00ca9c553abc9cd814e3157aee0 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 20 Sep 2013 16:59:48 +0200 Subject: [xorg] conf file for openSuse updated --- remote/modules/xorg/xorg.conf.opensuse | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/xorg/xorg.conf.opensuse b/remote/modules/xorg/xorg.conf.opensuse index a91aca4d..38517d00 100644 --- a/remote/modules/xorg/xorg.conf.opensuse +++ b/remote/modules/xorg/xorg.conf.opensuse @@ -34,6 +34,7 @@ REQUIRED_CONTENT_PACKAGES=" xkbevd libpixman-1-0 xrandr + vaapi-intel-driver " REQUIRED_LIBRARIES=" libI810XvMC -- cgit v1.2.3-55-g7522 From d12f1bedbccc3b19999cc84c14a836166bb43d18 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 16:59:55 +0200 Subject: [pam-hso] fix permissions for pam scripts mouting homes. --- .../pam-hso/etc/pam-script/pam_script_ses_close | 1 + .../pam-hso/etc/pam-script/pam_script_ses_open | 1 - .../pam-hso/etc/pam-script/pam_script_ses_open.bak | 30 -------------- .../etc/pam-script/pam_script_ses_open.save | 47 ---------------------- 4 files changed, 1 insertion(+), 78 deletions(-) delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close index 8bc8d3bb..dc7b5bd7 100755 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close @@ -5,3 +5,4 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o echo "[$PAM_TYPE] Closing session for $PAM_USER" [ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open index 2189c347..4cf6bf58 100755 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open @@ -22,4 +22,3 @@ fi #mount H-Drive ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser - diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak deleted file mode 100755 index 79a94169..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -echo "[$PAM_TYPE] Opening session for $PAM_USER" - -if [ $(id -g $PAM_USER) -eq 1001 ]; then - echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" - - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" - - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - - # now we can mount the home directory - mkdir -p /home/$PAM_USER - if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then - exit 0 - else - echo "Failed to mount home directory for $PAM_USER" - exit 1 - fi - -fi - diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save deleted file mode 100755 index 1bbb9d81..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save +++ /dev/null @@ -1,47 +0,0 @@ -/root/tm-scripts/server/boot/local/initramfs-stage32/root/tm-scripts/server/boot/local/initramfs-stage32#!/bin/sh - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - - -#check who is logged in to put the "Home"-Folder on the correct Desktop -#Doesn't work with root! -#export loggedInUser=$(whoami) -[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" - - -#create Folder on Desktop to link with H-Drive, if not already existent -if [ ! -d /home/$loggedInUser ]; then - mkdir -p /home/$loggedInUser -fi - - -#ask for username -#read -p "Benutzername: " username - - -#mount H-Drive -ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser#!/bin/sh - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - - -#check who is logged in to put the "Home"-Folder on the correct Desktop -#Doesn't work with root! -#export loggedInUser=$(whoami) -[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" - - -#create Folder on Desktop to link with H-Drive, if not already existent -if [ ! -d /home/$loggedInUser ]; then - mkdir -p /home/$loggedInUser -fi - - -#ask for username -#read -p "Benutzername: " username - - -#mount H-Drive -ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser - - -- cgit v1.2.3-55-g7522 From 0c87185a27c83431e50a528f67be1cbd7411d1c0 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:01:22 +0200 Subject: [pam-freiburg] fix permission --- server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close | 1 + server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close index 01d409a1..44dcd418 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -2,3 +2,4 @@ [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" + diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open index 9af51e7f..205090b6 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -22,7 +22,7 @@ if [ $(id -g $PAM_USER) -ge 1000 ]; then FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - # now we can mount the home directory + # now we can mount the home directory! mkdir -p /home/$PAM_USER if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then exit 0 -- cgit v1.2.3-55-g7522 From 7ca042135c5ba849db405bbe44e1ccf0fb88f9bf Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:02:07 +0200 Subject: [export_target] set owner and group of config files to root, always --- server/export_target | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/export_target b/server/export_target index 52f87942..4dbf2aae 100755 --- a/server/export_target +++ b/server/export_target @@ -128,7 +128,7 @@ generate_config() { done # no conflict, add file to archive - tar cf "${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar" $(ls) + tar --owner=root --group=root -c -f "${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar" $(ls) RET=$? [ "x$RET" != "x0" ] && perror "\tCould not create '${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar'" done -- cgit v1.2.3-55-g7522 From 5f45473ac132f529d1c986103b2f034ddbab45fe Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:06:59 +0200 Subject: workaround for permissions fix not working. .. --- server/modules/pam-freiburg/etc/gssapi_mech.conf | 21 ----- server/modules/pam-freiburg/etc/idmapd.conf | 12 --- server/modules/pam-freiburg/etc/krb5.conf | 28 ------ server/modules/pam-freiburg/etc/ldap.conf | 11 --- server/modules/pam-freiburg/etc/ldap/ldap.conf | 7 -- server/modules/pam-freiburg/etc/openldap/ldap.conf | 1 - .../etc/pam-script/pam_script_ses_close | 1 - .../etc/pam-script/pam_script_ses_open | 1 - .../modules/pam-freiburg/etc/pam.d/common-account | 26 ------ server/modules/pam-freiburg/etc/pam.d/common-auth | 27 ------ .../modules/pam-freiburg/etc/pam.d/common-password | 33 ------- .../modules/pam-freiburg/etc/pam.d/common-session | 38 -------- .../etc/pam.d/common-session-noninteractive | 30 ------ server/modules/pam-freiburg/etc/pam.d/kdm | 10 -- server/modules/pam-freiburg/etc/pam.d/kdm-np | 11 --- server/modules/pam-freiburg/etc/pam.d/login | 101 --------------------- server/modules/pam-freiburg/etc/pam.d/other | 10 -- server/modules/pam-freiburg/etc/pam.d/passwd | 6 -- server/modules/pam-freiburg/etc/pam.d/sshd | 41 --------- server/modules/pam-freiburg/etc/pam.d/vmware-authd | 6 -- server/modules/pam-freiburg/etc/pam.d/xdm | 6 -- .../etc/systemd/system/activate-nss-ldap.service | 10 -- .../getty.target.wants/activate-nss-ldap.service | 1 - .../system/getty.target.wants/rpc-gssd.service | 1 - .../system/getty.target.wants/rpc-idmapd.service | 1 - .../etc/systemd/system/rpc-gssd.service | 7 -- .../etc/systemd/system/rpc-idmapd.service | 7 -- .../etc/systemd/system/run-rpc_pipefs.mount | 7 -- .../opt/openslx/scripts/pam_script_ses_close | 5 - .../opt/openslx/scripts/pam_script_ses_open | 35 ------- 30 files changed, 501 deletions(-) delete mode 100644 server/modules/pam-freiburg/etc/gssapi_mech.conf delete mode 100644 server/modules/pam-freiburg/etc/idmapd.conf delete mode 100644 server/modules/pam-freiburg/etc/krb5.conf delete mode 100644 server/modules/pam-freiburg/etc/ldap.conf delete mode 100644 server/modules/pam-freiburg/etc/ldap/ldap.conf delete mode 120000 server/modules/pam-freiburg/etc/openldap/ldap.conf delete mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close delete mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-account delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-auth delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-password delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive delete mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm delete mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm-np delete mode 100644 server/modules/pam-freiburg/etc/pam.d/login delete mode 100644 server/modules/pam-freiburg/etc/pam.d/other delete mode 100644 server/modules/pam-freiburg/etc/pam.d/passwd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/sshd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/vmware-authd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/xdm delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount delete mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close delete mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf deleted file mode 100644 index ac41f5fd..00000000 --- a/server/modules/pam-freiburg/etc/gssapi_mech.conf +++ /dev/null @@ -1,21 +0,0 @@ -# Example /etc/gssapi_mech.conf file -# -# GSSAPI Mechanism Definitions -# -# This configuration file determines which GSS-API mechanisms -# the gssd code should use -# -# NOTE: -# The initiaiization function "mechglue_internal_krb5_init" -# is used for the MIT krb5 gssapi mechanism. This special -# function name indicates that an internal function should -# be used to determine the entry points for the MIT gssapi -# mechanism funtions. -# -# library initialization function -# ================================ ========================== -# The MIT K5 gssapi library, use special function for initialization. -libgssapi_krb5.so.2 mechglue_internal_krb5_init -# -# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. -# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf deleted file mode 100644 index 2253cf0d..00000000 --- a/server/modules/pam-freiburg/etc/idmapd.conf +++ /dev/null @@ -1,12 +0,0 @@ -[General] - -Verbosity = 0 -Pipefs-Directory = /run/rpc_pipefs -# set your own domain here, if id differs from FQDN minus hostname -Domain = uni-freiburg.de -# localdomain - -[Mapping] - -Nobody-User = nobody -Nobody-Group = nogroup diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf deleted file mode 100644 index 6fd49243..00000000 --- a/server/modules/pam-freiburg/etc/krb5.conf +++ /dev/null @@ -1,28 +0,0 @@ -# file copied from configuration package (rootfs/etc/krb5.conf) -######################################################################### -[libdefaults] - noaddresses = false - clockskew = 300 - default_realm = PUBLIC.ADS.UNI-FREIBURG.DE - forwardable = true - minimum_uid = 1000 - proxiable = false - renew_lifetime = 30d - retain_after_close = false - ticket_lifetime = 3d - use_shmem = sshd - allow_weak_crypto=true -######################################################################### -[realms] - PUBLIC.ADS.UNI-FREIBURG.DE = { - kdc = kerberos.uni-freiburg.de - default_domain = uni-freiburg.de - admin_server = kerberos.uni-freiburg.de - } -######################################################################### -[domain_realm] - uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE - .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE -########################################################################## -[appdefaults] -######################################################################### diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf deleted file mode 100644 index 483595d2..00000000 --- a/server/modules/pam-freiburg/etc/ldap.conf +++ /dev/null @@ -1,11 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -BIND_TIMELIMIT 5 -TIMELIMIT 10 -LOGDIR /tmp/ldap -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - -nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf deleted file mode 100644 index 809065cc..00000000 --- a/server/modules/pam-freiburg/etc/ldap/ldap.conf +++ /dev/null @@ -1,7 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf deleted file mode 120000 index c0aaf459..00000000 --- a/server/modules/pam-freiburg/etc/openldap/ldap.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/ldap.conf \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close deleted file mode 120000 index f3682056..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_close \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open deleted file mode 120000 index 4f5598e5..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_open \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account deleted file mode 100644 index 3a5d5a14..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-account +++ /dev/null @@ -1,26 +0,0 @@ -# -# /etc/pam.d/common-account - authorization settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define -# the central access policy for use on the system. The default is to -# only deny service to users whose accounts are expired in /etc/shadow. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. -# - -# here are the per-package modules (the "Primary" block) -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -account requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -account required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth deleted file mode 100644 index 790afa1d..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-auth +++ /dev/null @@ -1,27 +0,0 @@ -# -# /etc/pam.d/common-auth - authentication settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 -auth [success=2 default=ignore] pam_unix.so try_first_pass -auth [success=1 default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password deleted file mode 100644 index cb8c7b71..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-password +++ /dev/null @@ -1,33 +0,0 @@ -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. - -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -password [success=1 default=ignore] pam_unix.so obscure sha512 -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session deleted file mode 100644 index 9a8b73e1..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ /dev/null @@ -1,38 +0,0 @@ -# -# /etc/pam.d/common-session - session-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_ck_connector.so -session optional pam_env.so readenv=1 -session optional pam_env.so readenv=1 envfile=/etc/default/locale -session optional pam_krb5.so minimum_uid=1000 -session [success=1] pam_unix.so -session [success=ok] pam_ldap.so -session sufficient pam_script.so -session optional pam_mkhomedir.so skel=/etc/skel umask=0022 -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive deleted file mode 100644 index 1fee2c4f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive +++ /dev/null @@ -1,30 +0,0 @@ -# -# /etc/pam.d/common-session-noninteractive - session-related modules -# common to all non-interactive services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of all non-interactive sessions. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_unix.so -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm deleted file mode 100644 index e6a4ec9b..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm +++ /dev/null @@ -1,10 +0,0 @@ -# -# /etc/pam.d/kdm - specify the PAM behaviour of kdm -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -auth include common-auth -account include common-account -password include common-password -session include common-session diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np deleted file mode 100644 index dc10e5b5..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm-np +++ /dev/null @@ -1,11 +0,0 @@ -# -# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -session required pam_limits.so -account include common-account -password include common-password -session include common-session -auth required pam_permit.so diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login deleted file mode 100644 index 1065f351..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/login +++ /dev/null @@ -1,101 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -# OpenSLX: Not Needed? -#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# TODO do we need this? -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -#auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# TODO do we need this? -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -#session required pam_limits.so - -# TODO check if this is needed -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Standard Un*x account and session -account include common-account -session include common-session -password include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other deleted file mode 100644 index 840eb77f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/other +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd deleted file mode 100644 index 32eaa3c6..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/passwd +++ /dev/null @@ -1,6 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password - diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd deleted file mode 100644 index 8954d639..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/sshd +++ /dev/null @@ -1,41 +0,0 @@ -# PAM configuration for the Secure Shell service - -# Read environment variables from /etc/environment and -# /etc/security/pam_env.conf. -auth required pam_env.so # [1] -# In Debian 4.0 (etch), locale-related environment variables were moved to -# /etc/default/locale, so read that as well. -auth required pam_env.so envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# Disallow non-root logins when /etc/nologin exists. -account required pam_nologin.so - -# Uncomment and edit /etc/security/access.conf if you need to set complex -# access limits that are hard to express in sshd_config. -# account required pam_access.so - -# Standard Un*x authorization. -account include common-account - -# Standard Un*x session setup and teardown. -session include common-session - -# Print the message of the day upon successful login. -session optional pam_motd.so # [1] - -# TODO do we need this? -# Print the status of the user's mailbox upon successful login. -#session optional pam_mail.so standard noenv # [1] - -# TODO do we need this? -# Set up user limits from /etc/security/limits.conf. -#session required pam_limits.so - -# Set up SELinux capabilities (need modified pam) -# session required pam_selinux.so multiple - -# Standard Un*x password updating. -password include common-password diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd deleted file mode 100644 index 1f9b60f9..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/vmware-authd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session include common-session - diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm deleted file mode 100644 index d21651db..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/xdm +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service deleted file mode 100644 index 664f7dd7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Activate NSS-LDAP lookups -Before=graphical.target - -[Service] -Type=oneshot -ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap -ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf -ExecStart=/usr/bin/systemctl restart nscd - diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service deleted file mode 120000 index 1102840c..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service +++ /dev/null @@ -1 +0,0 @@ -../activate-nss-ldap.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service deleted file mode 120000 index 194aba77..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-gssd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service deleted file mode 120000 index 66a28252..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-idmapd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service deleted file mode 100644 index 79ffce8d..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFS rpcsec_gss daemon -Requires=run-rpc_pipefs.mount -After=run-rpc_pipefs.mount - -[Service] -ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service deleted file mode 100644 index c4da93e7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFSv4 ID-name mapping daemon -Requires=network.target run-rpc_pipefs.mount -After=network.target - -[Service] -ExecStart=/usr/sbin/rpc.idmapd -f diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount deleted file mode 100644 index 692adce8..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Pipefs RPC filesystem - -[Mount] -What=rpc_pipefs -Where=/run/rpc_pipefs -Type=rpc_pipefs diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close deleted file mode 100755 index 44dcd418..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" - - diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open deleted file mode 100755 index 205090b6..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" - -if [ ! -z "$(mount|grep $PAM_USER)" ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." - exit 0 -fi - -if [ $(id -g $PAM_USER) -ge 1000 ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" - - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" - - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - - # now we can mount the home directory! - mkdir -p /home/$PAM_USER - if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then - exit 0 - else - echo "Failed to mount home directory for $PAM_USER" - exit 1 - fi - -fi - -- cgit v1.2.3-55-g7522 From 16f8a9a10308a4dfaf8d1652a14b35bc7133299d Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:07:41 +0200 Subject: workaround part 2 --- server/modules/pam-freiburg/etc/gssapi_mech.conf | 21 +++++ server/modules/pam-freiburg/etc/idmapd.conf | 12 +++ server/modules/pam-freiburg/etc/krb5.conf | 28 ++++++ server/modules/pam-freiburg/etc/ldap.conf | 11 +++ server/modules/pam-freiburg/etc/ldap/ldap.conf | 7 ++ server/modules/pam-freiburg/etc/openldap/ldap.conf | 1 + .../etc/pam-script/pam_script_ses_close | 1 + .../etc/pam-script/pam_script_ses_open | 1 + .../modules/pam-freiburg/etc/pam.d/common-account | 26 ++++++ server/modules/pam-freiburg/etc/pam.d/common-auth | 27 ++++++ .../modules/pam-freiburg/etc/pam.d/common-password | 33 +++++++ .../modules/pam-freiburg/etc/pam.d/common-session | 38 ++++++++ .../etc/pam.d/common-session-noninteractive | 30 ++++++ server/modules/pam-freiburg/etc/pam.d/kdm | 10 ++ server/modules/pam-freiburg/etc/pam.d/kdm-np | 11 +++ server/modules/pam-freiburg/etc/pam.d/login | 101 +++++++++++++++++++++ server/modules/pam-freiburg/etc/pam.d/other | 10 ++ server/modules/pam-freiburg/etc/pam.d/passwd | 6 ++ server/modules/pam-freiburg/etc/pam.d/sshd | 41 +++++++++ server/modules/pam-freiburg/etc/pam.d/vmware-authd | 6 ++ server/modules/pam-freiburg/etc/pam.d/xdm | 6 ++ .../etc/systemd/system/activate-nss-ldap.service | 10 ++ .../getty.target.wants/activate-nss-ldap.service | 1 + .../system/getty.target.wants/rpc-gssd.service | 1 + .../system/getty.target.wants/rpc-idmapd.service | 1 + .../etc/systemd/system/rpc-gssd.service | 7 ++ .../etc/systemd/system/rpc-idmapd.service | 7 ++ .../etc/systemd/system/run-rpc_pipefs.mount | 7 ++ .../opt/openslx/scripts/pam_script_ses_close | 5 + .../opt/openslx/scripts/pam_script_ses_open | 35 +++++++ 30 files changed, 501 insertions(+) create mode 100644 server/modules/pam-freiburg/etc/gssapi_mech.conf create mode 100644 server/modules/pam-freiburg/etc/idmapd.conf create mode 100644 server/modules/pam-freiburg/etc/krb5.conf create mode 100644 server/modules/pam-freiburg/etc/ldap.conf create mode 100644 server/modules/pam-freiburg/etc/ldap/ldap.conf create mode 120000 server/modules/pam-freiburg/etc/openldap/ldap.conf create mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close create mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-account create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-auth create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-password create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive create mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm create mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm-np create mode 100644 server/modules/pam-freiburg/etc/pam.d/login create mode 100644 server/modules/pam-freiburg/etc/pam.d/other create mode 100644 server/modules/pam-freiburg/etc/pam.d/passwd create mode 100644 server/modules/pam-freiburg/etc/pam.d/sshd create mode 100644 server/modules/pam-freiburg/etc/pam.d/vmware-authd create mode 100644 server/modules/pam-freiburg/etc/pam.d/xdm create mode 100644 server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount create mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close create mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf new file mode 100644 index 00000000..ac41f5fd --- /dev/null +++ b/server/modules/pam-freiburg/etc/gssapi_mech.conf @@ -0,0 +1,21 @@ +# Example /etc/gssapi_mech.conf file +# +# GSSAPI Mechanism Definitions +# +# This configuration file determines which GSS-API mechanisms +# the gssd code should use +# +# NOTE: +# The initiaiization function "mechglue_internal_krb5_init" +# is used for the MIT krb5 gssapi mechanism. This special +# function name indicates that an internal function should +# be used to determine the entry points for the MIT gssapi +# mechanism funtions. +# +# library initialization function +# ================================ ========================== +# The MIT K5 gssapi library, use special function for initialization. +libgssapi_krb5.so.2 mechglue_internal_krb5_init +# +# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. +# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf new file mode 100644 index 00000000..2253cf0d --- /dev/null +++ b/server/modules/pam-freiburg/etc/idmapd.conf @@ -0,0 +1,12 @@ +[General] + +Verbosity = 0 +Pipefs-Directory = /run/rpc_pipefs +# set your own domain here, if id differs from FQDN minus hostname +Domain = uni-freiburg.de +# localdomain + +[Mapping] + +Nobody-User = nobody +Nobody-Group = nogroup diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf new file mode 100644 index 00000000..6fd49243 --- /dev/null +++ b/server/modules/pam-freiburg/etc/krb5.conf @@ -0,0 +1,28 @@ +# file copied from configuration package (rootfs/etc/krb5.conf) +######################################################################### +[libdefaults] + noaddresses = false + clockskew = 300 + default_realm = PUBLIC.ADS.UNI-FREIBURG.DE + forwardable = true + minimum_uid = 1000 + proxiable = false + renew_lifetime = 30d + retain_after_close = false + ticket_lifetime = 3d + use_shmem = sshd + allow_weak_crypto=true +######################################################################### +[realms] + PUBLIC.ADS.UNI-FREIBURG.DE = { + kdc = kerberos.uni-freiburg.de + default_domain = uni-freiburg.de + admin_server = kerberos.uni-freiburg.de + } +######################################################################### +[domain_realm] + uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE + .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE +########################################################################## +[appdefaults] +######################################################################### diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf new file mode 100644 index 00000000..483595d2 --- /dev/null +++ b/server/modules/pam-freiburg/etc/ldap.conf @@ -0,0 +1,11 @@ +URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de +BASE ou=people,dc=uni-freiburg,dc=de +BIND_TIMELIMIT 5 +TIMELIMIT 10 +LOGDIR /tmp/ldap +TLS_REQCERT allow +nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) +nss_base_group ou=group,dc=uni-freiburg,dc=de?one +nss_map_attribute homeDirectory rufClientHome + +nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf new file mode 100644 index 00000000..809065cc --- /dev/null +++ b/server/modules/pam-freiburg/etc/ldap/ldap.conf @@ -0,0 +1,7 @@ +URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de +BASE ou=people,dc=uni-freiburg,dc=de +TLS_REQCERT allow +nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) +nss_base_group ou=group,dc=uni-freiburg,dc=de?one +nss_map_attribute homeDirectory rufClientHome + diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf new file mode 120000 index 00000000..c0aaf459 --- /dev/null +++ b/server/modules/pam-freiburg/etc/openldap/ldap.conf @@ -0,0 +1 @@ +/etc/ldap.conf \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close new file mode 120000 index 00000000..f3682056 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close @@ -0,0 +1 @@ +/opt/openslx/scripts/pam_script_ses_close \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open new file mode 120000 index 00000000..4f5598e5 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open @@ -0,0 +1 @@ +/opt/openslx/scripts/pam_script_ses_open \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account new file mode 100644 index 00000000..3a5d5a14 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-account @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth new file mode 100644 index 00000000..790afa1d --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-auth @@ -0,0 +1,27 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 +auth [success=2 default=ignore] pam_unix.so try_first_pass +auth [success=1 default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password new file mode 100644 index 00000000..cb8c7b71 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session new file mode 100644 index 00000000..9a8b73e1 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -0,0 +1,38 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_systemd.so +session optional pam_ck_connector.so +session optional pam_env.so readenv=1 +session optional pam_env.so readenv=1 envfile=/etc/default/locale +session optional pam_krb5.so minimum_uid=1000 +session [success=1] pam_unix.so +session [success=ok] pam_ldap.so +session sufficient pam_script.so +session optional pam_mkhomedir.so skel=/etc/skel umask=0022 +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive new file mode 100644 index 00000000..1fee2c4f --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm new file mode 100644 index 00000000..e6a4ec9b --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/kdm @@ -0,0 +1,10 @@ +# +# /etc/pam.d/kdm - specify the PAM behaviour of kdm +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np new file mode 100644 index 00000000..dc10e5b5 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/kdm-np @@ -0,0 +1,11 @@ +# +# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +session required pam_limits.so +account include common-account +password include common-password +session include common-session +auth required pam_permit.so diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login new file mode 100644 index 00000000..1065f351 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/login @@ -0,0 +1,101 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +# OpenSLX: Not Needed? +#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# TODO do we need this? +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +#auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# TODO do we need this? +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +#session required pam_limits.so + +# TODO check if this is needed +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the motd upon succesful login +# (Replaces the `MOTD_FILE' option in login.defs) +session optional pam_motd.so + +# Standard Un*x account and session +account include common-account +session include common-session +password include common-password + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other new file mode 100644 index 00000000..840eb77f --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/other @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd new file mode 100644 index 00000000..32eaa3c6 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/passwd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `passwd' service +# + +password include common-password + diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd new file mode 100644 index 00000000..8954d639 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/sshd @@ -0,0 +1,41 @@ +# PAM configuration for the Secure Shell service + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +auth required pam_env.so # [1] +# In Debian 4.0 (etch), locale-related environment variables were moved to +# /etc/default/locale, so read that as well. +auth required pam_env.so envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +account include common-account + +# Standard Un*x session setup and teardown. +session include common-session + +# Print the message of the day upon successful login. +session optional pam_motd.so # [1] + +# TODO do we need this? +# Print the status of the user's mailbox upon successful login. +#session optional pam_mail.so standard noenv # [1] + +# TODO do we need this? +# Set up user limits from /etc/security/limits.conf. +#session required pam_limits.so + +# Set up SELinux capabilities (need modified pam) +# session required pam_selinux.so multiple + +# Standard Un*x password updating. +password include common-password diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd new file mode 100644 index 00000000..1f9b60f9 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/vmware-authd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session + diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm new file mode 100644 index 00000000..d21651db --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/xdm @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service new file mode 100644 index 00000000..664f7dd7 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service @@ -0,0 +1,10 @@ +[Unit] +Description=Activate NSS-LDAP lookups +Before=graphical.target + +[Service] +Type=oneshot +ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap +ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf +ExecStart=/usr/bin/systemctl restart nscd + diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service new file mode 120000 index 00000000..1102840c --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service @@ -0,0 +1 @@ +../activate-nss-ldap.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service new file mode 120000 index 00000000..194aba77 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service @@ -0,0 +1 @@ +../rpc-gssd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service new file mode 120000 index 00000000..66a28252 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service @@ -0,0 +1 @@ +../rpc-idmapd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service new file mode 100644 index 00000000..79ffce8d --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service @@ -0,0 +1,7 @@ +[Unit] +Description=NFS rpcsec_gss daemon +Requires=run-rpc_pipefs.mount +After=run-rpc_pipefs.mount + +[Service] +ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service new file mode 100644 index 00000000..c4da93e7 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service @@ -0,0 +1,7 @@ +[Unit] +Description=NFSv4 ID-name mapping daemon +Requires=network.target run-rpc_pipefs.mount +After=network.target + +[Service] +ExecStart=/usr/sbin/rpc.idmapd -f diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount new file mode 100644 index 00000000..692adce8 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount @@ -0,0 +1,7 @@ +[Unit] +Description=Pipefs RPC filesystem + +[Mount] +What=rpc_pipefs +Where=/run/rpc_pipefs +Type=rpc_pipefs diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close new file mode 100755 index 00000000..44dcd418 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -0,0 +1,5 @@ +#!/bin/bash + +[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" + + diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open new file mode 100755 index 00000000..205090b6 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -0,0 +1,35 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" + +if [ ! -z "$(mount|grep $PAM_USER)" ]; then + [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." + exit 0 +fi + +if [ $(id -g $PAM_USER) -ge 1000 ]; then + [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" + + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab + chmod 600 /etc/krb5.keytab + + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + + FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + + # now we can mount the home directory! + mkdir -p /home/$PAM_USER + if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then + exit 0 + else + echo "Failed to mount home directory for $PAM_USER" + exit 1 + fi + +fi + -- cgit v1.2.3-55-g7522