From 0ca0a0ee41446474c5de58fd2299c6c4e48da84f Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Tue, 3 Sep 2013 13:56:33 +0200 Subject: [pam-hso] server config module for the pam configuration for the hochschule offenburg --- .../pam-hso/etc/pam-script/pam_script_ses_close | 7 ++ .../pam-hso/etc/pam-script/pam_script_ses_open | 25 +++++ .../pam-hso/etc/pam-script/pam_script_ses_open.bak | 30 ++++++ .../etc/pam-script/pam_script_ses_open.save | 47 ++++++++++ server/modules/pam-hso/etc/pam.d/common-account | 26 ++++++ server/modules/pam-hso/etc/pam.d/common-auth | 26 ++++++ server/modules/pam-hso/etc/pam.d/common-password | 33 +++++++ server/modules/pam-hso/etc/pam.d/common-session | 36 ++++++++ .../etc/pam.d/common-session-noninteractive | 30 ++++++ server/modules/pam-hso/etc/pam.d/kdm | 10 ++ server/modules/pam-hso/etc/pam.d/kdm-np | 11 +++ server/modules/pam-hso/etc/pam.d/login | 101 +++++++++++++++++++++ server/modules/pam-hso/etc/pam.d/other | 10 ++ server/modules/pam-hso/etc/pam.d/passwd | 6 ++ server/modules/pam-hso/etc/pam.d/sshd | 41 +++++++++ server/modules/pam-hso/etc/pam.d/vmware-authd | 6 ++ server/modules/pam-hso/etc/pam.d/xdm | 6 ++ 17 files changed, 451 insertions(+) create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_close create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak create mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save create mode 100644 server/modules/pam-hso/etc/pam.d/common-account create mode 100644 server/modules/pam-hso/etc/pam.d/common-auth create mode 100644 server/modules/pam-hso/etc/pam.d/common-password create mode 100644 server/modules/pam-hso/etc/pam.d/common-session create mode 100644 server/modules/pam-hso/etc/pam.d/common-session-noninteractive create mode 100644 server/modules/pam-hso/etc/pam.d/kdm create mode 100644 server/modules/pam-hso/etc/pam.d/kdm-np create mode 100644 server/modules/pam-hso/etc/pam.d/login create mode 100644 server/modules/pam-hso/etc/pam.d/other create mode 100644 server/modules/pam-hso/etc/pam.d/passwd create mode 100644 server/modules/pam-hso/etc/pam.d/sshd create mode 100644 server/modules/pam-hso/etc/pam.d/vmware-authd create mode 100644 server/modules/pam-hso/etc/pam.d/xdm diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close new file mode 100755 index 00000000..8bc8d3bb --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close @@ -0,0 +1,7 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +echo "[$PAM_TYPE] Closing session for $PAM_USER" + +[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open new file mode 100755 index 00000000..2189c347 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open @@ -0,0 +1,25 @@ +#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/users/$loggedInUser ]; then + mkdir -p /home/users/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser + + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak new file mode 100755 index 00000000..79a94169 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak @@ -0,0 +1,30 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +echo "[$PAM_TYPE] Opening session for $PAM_USER" + +if [ $(id -g $PAM_USER) -eq 1001 ]; then + echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" + + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab + chmod 600 /etc/krb5.keytab + + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + + FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + + # now we can mount the home directory + mkdir -p /home/$PAM_USER + if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then + exit 0 + else + echo "Failed to mount home directory for $PAM_USER" + exit 1 + fi + +fi + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save new file mode 100755 index 00000000..1bbb9d81 --- /dev/null +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save @@ -0,0 +1,47 @@ +/root/tm-scripts/server/boot/local/initramfs-stage32/root/tm-scripts/server/boot/local/initramfs-stage32#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/$loggedInUser ]; then + mkdir -p /home/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser#!/bin/sh + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + + +#check who is logged in to put the "Home"-Folder on the correct Desktop +#Doesn't work with root! +#export loggedInUser=$(whoami) +[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" + + +#create Folder on Desktop to link with H-Drive, if not already existent +if [ ! -d /home/$loggedInUser ]; then + mkdir -p /home/$loggedInUser +fi + + +#ask for username +#read -p "Benutzername: " username + + +#mount H-Drive +ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser + + diff --git a/server/modules/pam-hso/etc/pam.d/common-account b/server/modules/pam-hso/etc/pam.d/common-account new file mode 100644 index 00000000..3a5d5a14 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-account @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-auth b/server/modules/pam-hso/etc/pam.d/common-auth new file mode 100644 index 00000000..8a2d4c86 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-auth @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +auth [success=2 default=ignore] pam_unix.so try_first_pass +auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-password b/server/modules/pam-hso/etc/pam.d/common-password new file mode 100644 index 00000000..cb8c7b71 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session b/server/modules/pam-hso/etc/pam.d/common-session new file mode 100644 index 00000000..4c4a7e95 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-session @@ -0,0 +1,36 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_systemd.so +session optional pam_env.so readenv=1 +session optional pam_env.so readenv=1 envfile=/etc/default/locale +session [success=1] pam_unix.so +session [success=ok] pam_ldap.so +session sufficient pam_script.so +session optional pam_mkhomedir.so skel=/etc/skel umask=0022 +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive new file mode 100644 index 00000000..1fee2c4f --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so +# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/kdm b/server/modules/pam-hso/etc/pam.d/kdm new file mode 100644 index 00000000..e6a4ec9b --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/kdm @@ -0,0 +1,10 @@ +# +# /etc/pam.d/kdm - specify the PAM behaviour of kdm +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/server/modules/pam-hso/etc/pam.d/kdm-np b/server/modules/pam-hso/etc/pam.d/kdm-np new file mode 100644 index 00000000..dc10e5b5 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/kdm-np @@ -0,0 +1,11 @@ +# +# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +session required pam_limits.so +account include common-account +password include common-password +session include common-session +auth required pam_permit.so diff --git a/server/modules/pam-hso/etc/pam.d/login b/server/modules/pam-hso/etc/pam.d/login new file mode 100644 index 00000000..1065f351 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/login @@ -0,0 +1,101 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +# OpenSLX: Not Needed? +#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# TODO do we need this? +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +#auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# TODO do we need this? +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +#session required pam_limits.so + +# TODO check if this is needed +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the motd upon succesful login +# (Replaces the `MOTD_FILE' option in login.defs) +session optional pam_motd.so + +# Standard Un*x account and session +account include common-account +session include common-session +password include common-password + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) diff --git a/server/modules/pam-hso/etc/pam.d/other b/server/modules/pam-hso/etc/pam.d/other new file mode 100644 index 00000000..840eb77f --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/other @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/server/modules/pam-hso/etc/pam.d/passwd b/server/modules/pam-hso/etc/pam.d/passwd new file mode 100644 index 00000000..32eaa3c6 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/passwd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `passwd' service +# + +password include common-password + diff --git a/server/modules/pam-hso/etc/pam.d/sshd b/server/modules/pam-hso/etc/pam.d/sshd new file mode 100644 index 00000000..8954d639 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/sshd @@ -0,0 +1,41 @@ +# PAM configuration for the Secure Shell service + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +auth required pam_env.so # [1] +# In Debian 4.0 (etch), locale-related environment variables were moved to +# /etc/default/locale, so read that as well. +auth required pam_env.so envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +account include common-account + +# Standard Un*x session setup and teardown. +session include common-session + +# Print the message of the day upon successful login. +session optional pam_motd.so # [1] + +# TODO do we need this? +# Print the status of the user's mailbox upon successful login. +#session optional pam_mail.so standard noenv # [1] + +# TODO do we need this? +# Set up user limits from /etc/security/limits.conf. +#session required pam_limits.so + +# Set up SELinux capabilities (need modified pam) +# session required pam_selinux.so multiple + +# Standard Un*x password updating. +password include common-password diff --git a/server/modules/pam-hso/etc/pam.d/vmware-authd b/server/modules/pam-hso/etc/pam.d/vmware-authd new file mode 100644 index 00000000..1f9b60f9 --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/vmware-authd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session + diff --git a/server/modules/pam-hso/etc/pam.d/xdm b/server/modules/pam-hso/etc/pam.d/xdm new file mode 100644 index 00000000..d21651db --- /dev/null +++ b/server/modules/pam-hso/etc/pam.d/xdm @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session -- cgit v1.2.3-55-g7522 From 65cd08896ba486f1f11398bcbec0d735392aea52 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Tue, 3 Sep 2013 13:57:37 +0200 Subject: [pam-hso] activated pam-hso in configs of server --- server/configs/offenburg/pam-hso | 1 + 1 file changed, 1 insertion(+) create mode 120000 server/configs/offenburg/pam-hso diff --git a/server/configs/offenburg/pam-hso b/server/configs/offenburg/pam-hso new file mode 120000 index 00000000..700c42e0 --- /dev/null +++ b/server/configs/offenburg/pam-hso @@ -0,0 +1 @@ +../../modules/pam-hso \ No newline at end of file -- cgit v1.2.3-55-g7522 From cd6ad7ff3b1ba04429fb675f460ec48e3c36e116 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 3 Sep 2013 21:36:58 +0200 Subject: Add udisks module --- .../usr/share/polkit-1/rules.d/10-drives.rules | 6 ++++ .../modules/udisks/templates/udisks.dbus.service | 6 ++++ .../udisks/templates/udisks.systemd.service | 9 +++++ .../modules/udisks/templates/udisks2.dbus.service | 6 ++++ .../udisks/templates/udisks2.systemd.service | 9 +++++ remote/modules/udisks/udisks.build | 38 ++++++++++++++++++++++ remote/modules/udisks/udisks.conf | 14 ++++++++ remote/modules/udisks/udisks.conf.opensuse | 7 ++++ remote/modules/udisks/udisks.conf.ubuntu | 7 ++++ remote/modules/udisks/udisks.conf.ubuntu.12 | 7 ++++ remote/targets/stage32/udisks | 1 + 11 files changed, 110 insertions(+) create mode 100644 remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules create mode 100644 remote/modules/udisks/templates/udisks.dbus.service create mode 100644 remote/modules/udisks/templates/udisks.systemd.service create mode 100644 remote/modules/udisks/templates/udisks2.dbus.service create mode 100644 remote/modules/udisks/templates/udisks2.systemd.service create mode 100644 remote/modules/udisks/udisks.build create mode 100644 remote/modules/udisks/udisks.conf create mode 100644 remote/modules/udisks/udisks.conf.opensuse create mode 100644 remote/modules/udisks/udisks.conf.ubuntu create mode 100644 remote/modules/udisks/udisks.conf.ubuntu.12 create mode 120000 remote/targets/stage32/udisks diff --git a/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules b/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules new file mode 100644 index 00000000..72c4fb16 --- /dev/null +++ b/remote/modules/udisks/data/usr/share/polkit-1/rules.d/10-drives.rules @@ -0,0 +1,6 @@ +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.udisks") == 0) { + return polkit.Result.YES; + } +}); + diff --git a/remote/modules/udisks/templates/udisks.dbus.service b/remote/modules/udisks/templates/udisks.dbus.service new file mode 100644 index 00000000..f48b064b --- /dev/null +++ b/remote/modules/udisks/templates/udisks.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.UDisks +Exec=%UDISKSD% --no-debug +User=root +SystemdService=udisks.service + diff --git a/remote/modules/udisks/templates/udisks.systemd.service b/remote/modules/udisks/templates/udisks.systemd.service new file mode 100644 index 00000000..d0c41438 --- /dev/null +++ b/remote/modules/udisks/templates/udisks.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Documentation=man:udisks(8) + +[Service] +Type=dbus +BusName=org.freedesktop.UDisks +ExecStart=%UDISKSD% --no-debug + diff --git a/remote/modules/udisks/templates/udisks2.dbus.service b/remote/modules/udisks/templates/udisks2.dbus.service new file mode 100644 index 00000000..2761a67c --- /dev/null +++ b/remote/modules/udisks/templates/udisks2.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.UDisks2 +Exec=%UDISKSD% --no-debug +User=root +SystemdService=udisks2.service + diff --git a/remote/modules/udisks/templates/udisks2.systemd.service b/remote/modules/udisks/templates/udisks2.systemd.service new file mode 100644 index 00000000..47105a71 --- /dev/null +++ b/remote/modules/udisks/templates/udisks2.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Documentation=man:udisks(8) + +[Service] +Type=dbus +BusName=org.freedesktop.UDisks2 +ExecStart=%UDISKSD% --no-debug + diff --git a/remote/modules/udisks/udisks.build b/remote/modules/udisks/udisks.build new file mode 100644 index 00000000..1e9e73b0 --- /dev/null +++ b/remote/modules/udisks/udisks.build @@ -0,0 +1,38 @@ + +fetch_source () { + : +} + +build () { + COPYLIST="list_dpkg_output" + rm -f "$COPYLIST" + + list_packet_files >> "$COPYLIST" + tarcopy "$(cat "$COPYLIST" | sort -u)" "$MODULE_BUILD_DIR" + if [ -d "$MODULE_BUILD_DIR/lib/udev" ]; then + cp -a "$MODULE_BUILD_DIR/lib/udev" "$MODULE_BUILD_DIR/usr/lib/" || perror "Could not move /lib/udev to /usr/lib/udev" + fi + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + local BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks2d -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd2 -executable | head -n 1) + [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) + [ -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" + BINARY="/${BINARY#$MODULE_BUILD_DIR}" + if [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]]; then + # assume udisks v2 + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks2.service" || perror "Error creating dbus service for udisks2" + ln -s "../udisks2.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks2.service" + else + # assume udisks v1 + sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" + ln -s "../udisks.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks.service" + fi +} + +post_copy () { + : +} + diff --git a/remote/modules/udisks/udisks.conf b/remote/modules/udisks/udisks.conf new file mode 100644 index 00000000..8ef6f29c --- /dev/null +++ b/remote/modules/udisks/udisks.conf @@ -0,0 +1,14 @@ +# This module is a little special, as it's supposed to be compatible +# with udisks 1 and 2. suse 12.3 and ubuntu 13.04 use udisks2, ubuntu 12.04 +# uses udisks1. The build script looks a little hacky +REQUIRED_DIRECTORIES=" + /etc/dbus-1 + /usr/lib/udev/rules.d + /usr/share/dbus-1 + /usr/share/polkit-1 + /etc/systemd/system +" +REQUIRED_BINARIES=" + udisksd +" + diff --git a/remote/modules/udisks/udisks.conf.opensuse b/remote/modules/udisks/udisks.conf.opensuse new file mode 100644 index 00000000..abf12be7 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.opensuse @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks2 +" +REQUIRED_CONTENT_PACKAGES=" + udisks2 +" + diff --git a/remote/modules/udisks/udisks.conf.ubuntu b/remote/modules/udisks/udisks.conf.ubuntu new file mode 100644 index 00000000..abf12be7 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.ubuntu @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks2 +" +REQUIRED_CONTENT_PACKAGES=" + udisks2 +" + diff --git a/remote/modules/udisks/udisks.conf.ubuntu.12 b/remote/modules/udisks/udisks.conf.ubuntu.12 new file mode 100644 index 00000000..0b8690bd --- /dev/null +++ b/remote/modules/udisks/udisks.conf.ubuntu.12 @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks +" +REQUIRED_CONTENT_PACKAGES=" + udisks +" + diff --git a/remote/targets/stage32/udisks b/remote/targets/stage32/udisks new file mode 120000 index 00000000..06e7da5f --- /dev/null +++ b/remote/targets/stage32/udisks @@ -0,0 +1 @@ +../../modules/udisks \ No newline at end of file -- cgit v1.2.3-55-g7522 From 1b5a6bfd1d4501e23829767fa9274052e4b9e4d0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:33:12 +0200 Subject: [polkit] Fix integration with gnome/udisks2, fixes usb mount on Ubuntu 13.04 --- remote/modules/polkit/polkit.conf.opensuse | 1 + remote/modules/polkit/polkit.conf.ubuntu | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/remote/modules/polkit/polkit.conf.opensuse b/remote/modules/polkit/polkit.conf.opensuse index 10cedbe9..e7c1f369 100644 --- a/remote/modules/polkit/polkit.conf.opensuse +++ b/remote/modules/polkit/polkit.conf.opensuse @@ -7,5 +7,6 @@ REQUIRED_CONTENT_PACKAGES=" " REQUIRED_DIRECTORIES+=" /usr/lib/polkit-1 + /var/lib/polkit " diff --git a/remote/modules/polkit/polkit.conf.ubuntu b/remote/modules/polkit/polkit.conf.ubuntu index 76d31b9e..eb2f88d1 100644 --- a/remote/modules/polkit/polkit.conf.ubuntu +++ b/remote/modules/polkit/polkit.conf.ubuntu @@ -4,9 +4,16 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libmozjs185-1.0 policykit-1 + policykit-desktop-privileges " REQUIRED_DIRECTORIES+=" /usr/lib/policykit-1 /usr${ARCH_LIB_DIR}/polkit-1 + /var/lib/polkit-1 +" +# Module specific: Root of dirstructs we need directly from system +REQUIRED_DIR_STRUCT=" + /var/lib/polkit-1 + /etc/polkit-1 " -- cgit v1.2.3-55-g7522 From f088f1ed223e767f389840848e813075d471adf0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:34:44 +0200 Subject: [SERVER] Update stage4 filter --- server/blacklists/essential/console-kit | 8 -------- server/blacklists/essential/dbus | 4 +++- server/blacklists/essential/linux-extended | 1 + server/blacklists/essential/policykit | 7 +------ server/blacklists/x-autostart/xdg-autostart | 1 + 5 files changed, 6 insertions(+), 15 deletions(-) delete mode 100644 server/blacklists/essential/console-kit diff --git a/server/blacklists/essential/console-kit b/server/blacklists/essential/console-kit deleted file mode 100644 index a176cac9..00000000 --- a/server/blacklists/essential/console-kit +++ /dev/null @@ -1,8 +0,0 @@ -# Consolekit is removed and replaced by a dummy in stage32 -- console-kit* -- consolekit* -- libck-connector* -- *-ck-connector* -- *Console-Kit* -- *ConsoleKit* - diff --git a/server/blacklists/essential/dbus b/server/blacklists/essential/dbus index 42afc286..f8748c13 100644 --- a/server/blacklists/essential/dbus +++ b/server/blacklists/essential/dbus @@ -35,7 +35,8 @@ - dbus-1**org.freedesktop.Geoclue.* - dbus-1**org.gnome.zeitgeist.* - dbus-1**unity-lens-shopping.service -# systen-services +- dbus-1**org.freedesktop.UPower.* +# system-services - dbus-1**fi.epitest.hostap.WPASupplicant.service - dbus-1**fi.w1.wpa_supplicant1.service - dbus-1**org.freedesktop.hostname1.service @@ -44,4 +45,5 @@ - dbus-1**org.freedesktop.nm_dispatcher.service - dbus-1**org.freedesktop.systemd1.service - dbus-1**org.freedesktop.timedate1.service +- dbus-1**org.freedesktop.UPower.service diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended index d9d7ef97..ab39fda0 100644 --- a/server/blacklists/essential/linux-extended +++ b/server/blacklists/essential/linux-extended @@ -3,6 +3,7 @@ - /usr/src - /etc/init.d - /etc/init +- /etc/cups - /var/lib/init.d - /usr/share/upstart - /lib/systemd diff --git a/server/blacklists/essential/policykit b/server/blacklists/essential/policykit index 68ff5a44..c46a050a 100644 --- a/server/blacklists/essential/policykit +++ b/server/blacklists/essential/policykit @@ -1,7 +1,2 @@ -# Also get rid of polkit -- libpolkit* -- polkit* -- policykit* -- *PolicyKit* -- *PolKit* +- /usr/share/pol*/actions/org.freedesktop.upower.* diff --git a/server/blacklists/x-autostart/xdg-autostart b/server/blacklists/x-autostart/xdg-autostart index bd4dd467..64593d31 100644 --- a/server/blacklists/x-autostart/xdg-autostart +++ b/server/blacklists/x-autostart/xdg-autostart @@ -1,4 +1,5 @@ + /etc/xdg/autostart/**/ + /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - /etc/xdg/autostart/** -- cgit v1.2.3-55-g7522 From 40a41642d475111798d079e92d7f50529111ac00 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Sep 2013 20:36:27 +0200 Subject: [pam-freiburg] Add pam_ck_connector again Which is required by consolekit, which is required by policykit, which is required by udisks2, which is required to mount usb sticks etc. as normal user in a desktop session --- server/modules/pam-freiburg/etc/pam.d/common-session | 1 + 1 file changed, 1 insertion(+) diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 6182d470..1eb564a3 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -27,6 +27,7 @@ session required pam_permit.so session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_systemd.so +session optional pam_ck_connector.so nox11 session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale session optional pam_krb5.so minimum_uid=1000 -- cgit v1.2.3-55-g7522 From c3fb7708ddad3ea2ba23112cf8ff19521e349f28 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:32:19 +0200 Subject: [systemd] README file annotated, ENV limitation --- remote/modules/systemd/README | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/remote/modules/systemd/README b/remote/modules/systemd/README index c374b45b..f84283d8 100644 --- a/remote/modules/systemd/README +++ b/remote/modules/systemd/README @@ -1,3 +1,12 @@ To activate debug level, add to units under [Service] this line - Environment=SYSTEMD_LOG_LEVEL=debug + +Note on systemd-versions: Some systemds below 204 (verified in +systemd-195) seem to need libpci-dev (or the openSuse equivalent). + + +Another note on our compiled systemd-udevd: +So far it has not been possible to reach a fully functional udev +system in view of the perceived systemd-udevd limitation about +evaluating the variable ENV{DEVTYPE}=="usb_device" in udev rule +scripts. -- cgit v1.2.3-55-g7522 From 61b72ef5a8e55496a097a5e10e3dd94d7da70798 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:37:09 +0200 Subject: [vbox] Readme further elaborated: systemd-udev-problem ENV. --- remote/modules/vbox/README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README index 94566785..41e7d219 100644 --- a/remote/modules/vbox/README +++ b/remote/modules/vbox/README @@ -16,4 +16,6 @@ systemd capabilites: The systemd-udevd compiled within the module systemd lacks a capability in the environment variable DEVTYPE at least in regard to USB devices, so an entry ENV{DEVTYPE}=="usb_device" in an udev rule file rule will not work. -This applies at least to systemd version 204. +This applies to several versions, tested so far 195, 204, 206. +In contrast to this a hand-copied distribution binary will work flawlessly +within the openSLX biotope. -- cgit v1.2.3-55-g7522 From c9239cac3ce2c94411e6475910c04656a68b298d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 5 Sep 2013 13:39:06 +0200 Subject: [vbox] CAVE, ugly hack: udev-rule without offending ENV{DEVTYPE}=="usb_device" limitation. --- remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules index f2b99721..a94f2165 100644 --- a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules +++ b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules @@ -1,6 +1,6 @@ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" SUBSYSTEM=="usb_device", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb_device", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -- cgit v1.2.3-55-g7522 From 6973d7d3bd2f20b5aa04d2d0bbf00a94abbf1878 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 13:53:08 +0200 Subject: [rootfs-stage32] Fix issue indentation --- remote/rootfs/rootfs-stage32/templates/issue.template | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/templates/issue.template b/remote/rootfs/rootfs-stage32/templates/issue.template index e200c1c0..a79797ad 100644 --- a/remote/rootfs/rootfs-stage32/templates/issue.template +++ b/remote/rootfs/rootfs-stage32/templates/issue.template @@ -1,9 +1,9 @@ - WELCOME TO %space% \n (\l) - _____ ______ ______ __ __ _______ __ __ __ - / _ | _ | ___| | | | | ____| | | | | | - | | | | |_| | |_ | | | | |___ | | / / - | | | | ___/| _| | | ____ | | | | - | |_| | | | |___| | | | ____| | |___ / / - _____/|__| |______|__| |__| |_______|______|__| |__| - NG + WELCOME TO %space% \n (\l) + _____ ______ ______ __ __ _______ __ __ __ + / _ | _ | ___| | | | | ____| | | | | | + | | | | |_| | |_ | | | | |___ | | / / + | | | | ___/| _| | | ____ | | | | + | |_| | | | |___| | | | ____| | |___ / / + _____/|__| |______|__| |__| |_______|______|__| |__| - NG - %version% (c) + %version% (c) -- cgit v1.2.3-55-g7522 From 820f4a6bc8d57bb129717e208b372a6008c7bea5 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 18:05:25 +0200 Subject: [stage4] Allow basic kde autostart files --- server/blacklists/x-autostart/kde-autostart | 5 +++++ server/modules/pam-freiburg/etc/pam.d/common-session | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/server/blacklists/x-autostart/kde-autostart b/server/blacklists/x-autostart/kde-autostart index 4d384303..131a8563 100644 --- a/server/blacklists/x-autostart/kde-autostart +++ b/server/blacklists/x-autostart/kde-autostart @@ -1,5 +1,10 @@ + /usr/share/autostart/**/ - /usr/share/autostart/** ++ /usr/share/autostart/kdesktop.desktop ++ /usr/share/autostart/krunner.desktop ++ /usr/share/autostart/plasma.desktop ++ /usr/share/autostart/plasma-desktop.desktop ++ /usr/share/autostart/polkit-kde-authentication-agent-1.desktop + /opt/kde3/share/autostart/**/ - /opt/kde3/share/autostart/** diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 1eb564a3..9a8b73e1 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -27,7 +27,7 @@ session required pam_permit.so session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_systemd.so -session optional pam_ck_connector.so nox11 +session optional pam_ck_connector.so session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale session optional pam_krb5.so minimum_uid=1000 -- cgit v1.2.3-55-g7522 From 97e47087a263096ec902e624006ba2d5b80ddd3a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 5 Sep 2013 19:23:50 +0200 Subject: [udisks] Include udisks and udisks2 in Ubuntu 13.04 Apparently, Unity (and gnome?) use udisks2, while KDE depends on udisks1 .... --- .../udisks/templates/udisks2.systemd.service | 2 +- remote/modules/udisks/udisks.build | 37 +++++++++++++++------- remote/modules/udisks/udisks.conf.ubuntu | 27 ++++++++++++++++ remote/modules/udisks/udisks.conf.ubuntu.12 | 24 ++++++++++++++ 4 files changed, 78 insertions(+), 12 deletions(-) diff --git a/remote/modules/udisks/templates/udisks2.systemd.service b/remote/modules/udisks/templates/udisks2.systemd.service index 47105a71..d96bd69f 100644 --- a/remote/modules/udisks/templates/udisks2.systemd.service +++ b/remote/modules/udisks/templates/udisks2.systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Gnomes bloated 1000 dependency monster aka Disk Manager +Description=Gnomes bloated 1000 dependency monster aka Disk Manager 2 Documentation=man:udisks(8) [Service] diff --git a/remote/modules/udisks/udisks.build b/remote/modules/udisks/udisks.build index 1e9e73b0..ab9df016 100644 --- a/remote/modules/udisks/udisks.build +++ b/remote/modules/udisks/udisks.build @@ -13,26 +13,41 @@ build () { cp -a "$MODULE_BUILD_DIR/lib/udev" "$MODULE_BUILD_DIR/usr/lib/" || perror "Could not move /lib/udev to /usr/lib/udev" fi mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + local FOUND=no local BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd -executable | head -n 1) [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks2d -executable | head -n 1) [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisksd2 -executable | head -n 1) - [ -z "$BINARY" ] && BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) - [ -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" - BINARY="/${BINARY#$MODULE_BUILD_DIR}" - if [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]]; then + VER=none + if [ -n "$BINARY" ]; then + VER=udisks + [[ "$BINARY" == *udisks2* || -d "$MODULE_BUILD_DIR/usr/lib/udisks2" ]] && VER=udisks2 + create_udisks_service "$VER" "$BINARY" + FOUND=yes + fi + if [ "$VER" != "udisks" ]; then + BINARY=$(find "$MODULE_BUILD_DIR" -name udisks-daemon -executable | head -n 1) + [ "$VER" == "none" -a -z "$BINARY" ] && perror "Could not determine the udisks(1/2) daemon binary from inspecting $MODULE_BUILD_DIR" + [ -n "$BINARY" ] && create_udisks_service "udisks" "$BINARY" + fi +} + +post_copy () { + : +} + +create_udisks_service () { + [ $# -ne 2 ] && perror "Call create_udisks_service with TWO params!" + local BINARY="/${2#$MODULE_BUILD_DIR}" + if [ "$1" == "udisks2" ]; then # assume udisks v2 - sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks2.service" || perror "Error creating systemd service for udisks2 $BINARY" sed "s,%UDISKSD%,$BINARY,g" templates/udisks2.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks2.service" || perror "Error creating dbus service for udisks2" ln -s "../udisks2.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks2.service" else # assume udisks v1 - sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks" - sed "s,%UDISKSD%,$BINARY,g" templates/udisks1.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks.systemd.service > "$MODULE_BUILD_DIR/etc/systemd/system/udisks.service" || perror "Error creating systemd service for udisks $BINARY" + sed "s,%UDISKSD%,$BINARY,g" templates/udisks.dbus.service > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.UDisks.service" || perror "Error creating dbus service for udisks" ln -s "../udisks.service" "$MODULE_BUILD_DIR/etc/systemd/system/basic.target.wants/udisks.service" fi } -post_copy () { - : -} - diff --git a/remote/modules/udisks/udisks.conf.ubuntu b/remote/modules/udisks/udisks.conf.ubuntu index abf12be7..3d127619 100644 --- a/remote/modules/udisks/udisks.conf.ubuntu +++ b/remote/modules/udisks/udisks.conf.ubuntu @@ -1,7 +1,34 @@ REQUIRED_INSTALLED_PACKAGES=" + udisks udisks2 " REQUIRED_CONTENT_PACKAGES=" + udisks udisks2 " +# Add these for udisks 1 (required by kde) +REQUIRED_BINARIES+=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" diff --git a/remote/modules/udisks/udisks.conf.ubuntu.12 b/remote/modules/udisks/udisks.conf.ubuntu.12 index 0b8690bd..b962ec65 100644 --- a/remote/modules/udisks/udisks.conf.ubuntu.12 +++ b/remote/modules/udisks/udisks.conf.ubuntu.12 @@ -4,4 +4,28 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" udisks " +REQUIRED_BINARIES=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" -- cgit v1.2.3-55-g7522 From b8233a8930b85ac7a4e415301e69697f2f5885cc Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 6 Sep 2013 12:59:51 +0200 Subject: [export_target] Added two trailing slashes at mksquashfs calls. --- server/export_target | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/export_target b/server/export_target index 92b6fdcb..52f87942 100755 --- a/server/export_target +++ b/server/export_target @@ -57,7 +57,7 @@ generate_stage32() { local TOOL_STR="${TOOL_STR} generate_stage32:" rm -f "${SERVER_BOOT_DIR}/${TARGET}.sqfs" pinfo "Writing '${TARGET}.sqfs' to '${SERVER_BOOT_DIR}/${TARGET}.sqfs'" - mksquashfs "${SERVER_BUILD_DIR}/${TARGET}" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." + mksquashfs "${SERVER_BUILD_DIR}/${TARGET}/" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." pinfo "Created '${SERVER_BOOT_DIR}/${TARGET}.sqfs'." #pinfo "Wrapping squashFS in initramfs-stage32" #generate_initramfs "${SERVER_BOOT_DIR}/stage32_sqfs" "./mnt/${TARGET}.sqfs" "${SERVER_BOOT_DIR}/initramfs-${TARGET}" @@ -75,7 +75,7 @@ generate_addons() { local TOOL_STR="${TOOL_STR} generate_addons:" pinfo "Writing '${TARGET}.sqfs' to '${SERVER_BOOT_DIR}/${TARGET}.sqfs'" [ -e "${SERVER_BOOT_DIR}/${TARGET}.sqfs" ] && rm "${SERVER_BOOT_DIR}/${TARGET}.sqfs" - mksquashfs "${SERVER_BUILD_DIR}/${TARGET}" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." + mksquashfs "${SERVER_BUILD_DIR}/${TARGET}/" "${SERVER_BOOT_DIR}/${TARGET}.sqfs" -comp xz -b 1M -no-recovery >&6 || perror "mksquashfs failed ($?)." } generate_config() { -- cgit v1.2.3-55-g7522 From 6db54d3fc40c2ba5c4c58c23025a8b292dabf1c3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 6 Sep 2013 13:02:15 +0200 Subject: [dnbd3] Remove invalid parameter from service file --- remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service b/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service index 97f6703d..8f737395 100644 --- a/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service +++ b/remote/modules/dnbd3/data/etc/systemd/system/setup-dnbd3.service @@ -5,7 +5,6 @@ Before=shutdown.target DefaultDependencies=no [Service] -Type=service ExecStart=/opt/openslx/scripts/systemd-setup_dnbd3 ExecStop=/opt/openslx/bin/dnbd3-client --kill ExecStopPost=/bin/rm /var/run/dnbd3.socket -- cgit v1.2.3-55-g7522 From 9cabc18ccc4ed94ed9ee0313ea78f68e1bab5d2a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 6 Sep 2013 15:18:35 +0200 Subject: [DEMOSERVER] Update install and update script - Check for updated scripts first, then update minilinux - Add defaults for NTP - Create pxe menuconfig in new format (config.tgz & addon support) - Minor tweaks and refactoring --- data/openslx-install | 2 + data/openslx-update | 182 ++++++++++++++++++++++++++++----------------------- 2 files changed, 103 insertions(+), 81 deletions(-) diff --git a/data/openslx-install b/data/openslx-install index b712aa3e..d511e88d 100755 --- a/data/openslx-install +++ b/data/openslx-install @@ -293,6 +293,8 @@ else # external NFS Server for VM Images is used. Disable NFS + Samba fi print "Dienste konfiguriert." +[ ! -e "/srv/openslx/www/config.tgz" ] && openslx-settings + # # ---- Create boottime system config ---- # diff --git a/data/openslx-update b/data/openslx-update index cb46b258..10ee3d7e 100755 --- a/data/openslx-update +++ b/data/openslx-update @@ -1,6 +1,6 @@ #!/bin/bash -### Funktionen ################################### +### Functions ################################### function print () { @@ -17,42 +17,104 @@ function warning () { echo -e "\033[01;33m$@\033[00m" } + +function download () +{ + [ $# -ne 2 ] && error "Script-Fehler: download (2 Params, habe $#!)" + # Download + wget -nv -O "$WWWDIR/$1" "$2" && DLFLAG=1 || { warning "Download von $2 fehlgeschlagen"; return 1; } + # Download md5 value + wget -nv -O "$WWWTEMP/$1.$CRCEXTENSION" "$2.$CRCEXTENSION" || { warning "Download von $2.$CRCEXTENSION fehlgeschlagen. Kann Dateiintegrität nicht prüfen."; return 0; } + # Check file checksums + if [ "$($CRCCOMMAND "$WWWDIR/$1" | cut -f 1 -d " ")" != "$(cat "$WWWTEMP/$1.$CRCEXTENSION")" ]; then + warning "$CRCCOMMAND: $WWWDIR/$1: Prüfsummendiskrepanz! Übertragungsfehler oder Laufwerk voll." + error "Beende Skript aufgrund Prüfsummendiskrepanz!" + else + print "Prüfsummencheck Datei $1 ok." + fi + return 0 +} -### Variablen ################################### +### Constants ################################### # Web MIRROR="http://mltk.boot.openslx.org" MIRRORDIR="files" -# Dateien und Verzeichnisse +# Files/Dirs PXEDIR="/srv/openslx/tftp/pxelinux.cfg" PXECONFIG="$PXEDIR/default" PXETEMPLATE="/opt/openslx/templates/pxemenu-header" -FILEPRAEFIX="openslx-" +FILEPREFIX="openslx-" WWWDIR="/srv/openslx/www" -SLXSCRIPTS="openslx-install openslx-update" SCRIPTPATH=$(dirname "$0") -SCRIPTBACKUPDIR=/root/backup -# Konfigurationsdateien +SCRIPTBACKUPDIR="/root/backup" SERVERDEFAULTS="/opt/openslx/server-defaults" -# Temporäres +LOCALINDEX="/opt/openslx/local_version" +WWWTEMP="/srv/openslx/www-temp" +# Other +SLXSCRIPTS="openslx-install openslx-update" +NOW=$(date +%Y%m%d) +# Temporary REMOTEINDEX=$(mktemp /tmp/mlversionXXX) LOCALINDEX="/opt/openslx/local_version" WWWTEMP="/srv/openslx/www-temp" +# Checksumming +CRCCOMMAND=md5sum +CRCEXTENSION=md5 +CRCLEN=32 +# Minimum free disk space +MINSPACE=409600 # 400MiB +### Variables ################################## DLFLAG=0 # if something was downloaded -# Vars zum Überladen LOCAL_STABLE=0 LOCAL_TESTING=0 -# Vars für Prüfsummen -CRCCOMMAND=md5sum -CRCEXTENSION=md5 -# Mindestens freier Plattenplatz in Kilobytes -MINSPACE=409600 # 400MB -# Allgemein -DATUM=$(date +%Y%m%d) -trap "{ rm -f $REMOTEINDEX $WWWTEMP/* $WWWDIR/*.$CRCEXTENSION; }" SIGINT SIGTERM EXIT +trap "{ rm -f \"$REMOTEINDEX\" \"$WWWTEMP\"/* \"$WWWDIR\"/*.\"$CRCEXTENSION\"; }" SIGINT SIGTERM EXIT -# Warnung ausgeben, wenn Raum für $WWWTEMP eventuell zu klein -if [ $(df -Pk $WWWTEMP|tail -1| tr -s ' '|cut -d " " -f 4) -lt $MINSPACE ]; then +mkdir -p "$WWWTEMP" + +# Update Scripts openslx-install and openslx-update, if possible. +if [ ! -d "$SCRIPTBACKUPDIR" ]; then + print "Erzeuge Sicherungsverzeichnis für Skripte $SCRIPTBACKUPDIR" + mkdir -p "$SCRIPTBACKUPDIR" || error "Kann Sicherungsverzeichnis für Skripte nicht erstellen!" +fi +print "Prüfe auf neue openslx-ng Script-Versionen..." +SLXCHANGED=no +for FILE in $SLXSCRIPTS; do + if ! wget -nv -O "$WWWTEMP/$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION"; then + warning "Fehler bei Update-Prüfung für $FILE" + continue + fi + CRCVALNEW=$(cat "$WWWTEMP/$FILE.$CRCEXTENSION" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]') + CRCVALOLD=$($CRCCOMMAND "$SCRIPTPATH/$FILE" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]') + if [ "${#CRCVALNEW}" -ne "$CRCLEN" ]; then + warning "Fehler beim herunterladen der Prüfsumme von $FILE - erwartewte Länge $CRCLEN, tatsächliche Länge ${#CRCVALNEW}" + continue + fi + if [ "$CRCVALNEW" == "$CRCVALOLD" ]; then + print "$SCRIPTPATH/$FILE - kein Update notwendig." + continue + fi + wget -nv -O "$WWWTEMP/$FILE" "$MIRROR/$MIRRORDIR/$FILE" + if [ "$($CRCCOMMAND "$WWWTEMP/$FILE" | cut -f 1 -d " " | tr '[A-Z]' '[a-z]')" != "$CRCVALNEW" ]; then + warning "$SCRIPTPATH/$FILE konnte nicht upgedatet werden ($CRCEXTENSION-Fehler)!" + continue + fi + print "$SCRIPTPATH/$FILE wird upgedatet - $CRCEXTENSION ok." + print "Alte Version $SCRIPTPATH/$FILE gesichert nach: $SCRIPTBACKUPDIR/$FILE.$NOW." + mv "$SCRIPTPATH/$FILE" "$SCRIPTBACKUPDIR/$FILE.$NOW" + chmod u+x "$WWWTEMP/$FILE" # wget doesn't set exec :) + mv "$WWWTEMP/$FILE" "$SCRIPTPATH" + SLXCHANGED=yes +done +if [ "$SLXCHANGED" == "yes" ]; then + print "OpenSLX-Scripte aktualisiert. Starte neu..." + $0 $@ + RET=$? + exit $RET +fi + +# Warn if there's not enough space left... +if [ "$(df -Pk "$WWWDIR" | tail -1 | tr -s ' ' | cut -d " " -f 4)" -lt "$MINSPACE" ]; then warning "Achtung: Eventuell zu wenig freier Speicherplatz verfügbar." fi @@ -64,7 +126,7 @@ fi print "" print "Lade Liste aktuell verfügbarer Versionen..." -wget -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Releases nicht herunterladen." +wget -nv -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Releases nicht herunterladen." . "$REMOTEINDEX" || error "Liste verfügbarer Releases Fehlerhaft (konnte $REMOTEINDEX nicht sourcen)" # Regenerate pxemenu @@ -72,10 +134,7 @@ wget -O "$REMOTEINDEX" "$MIRROR/index" || error "Konnte Liste verfügbarer Relea cp "$PXETEMPLATE" "$PXECONFIG" ERR=$?; [ $ERR -ne 0 ] && error "Kann PXE-Vorlage nicht umkopieren!" -mkdir -p "$WWWTEMP" -print "Kopiere bestehende Dateien sicherheitshalber um..." -cp -p "$WWWDIR/$FILEPRAEFIX"* "$WWWTEMP/" -ERR=$?; [ $ERR -ne 0 ] && error "Kann bestehende Dateien nicht nach $WWWTEMP kopieren!" +mv "$WWWDIR/$FILEPREFIX"* "$WWWTEMP/" for REL in ${!AVAILABLE_*}; do BRANCH="${REL#AVAILABLE_}" @@ -85,35 +144,25 @@ for REL in ${!AVAILABLE_*}; do for FILE in ${!REL}; do # Handle pxelinux.cfg if [[ "$FILE" == kernel* ]]; then - KERNEL="KERNEL http://$SLX_LOCAL_ADDR/$FILEPRAEFIX$FILE" + KERNEL="KERNEL http://$SLX_LOCAL_ADDR/$FILEPREFIX$FILE" else if [ -z "$PXELINE" ]; then PXELINE="INITRD " else PXELINE+="," fi - PXELINE+="http://$SLX_LOCAL_ADDR/$FILEPRAEFIX$FILE" + PXELINE+="http://$SLX_LOCAL_ADDR/$FILEPREFIX$FILE" fi # If file is available locally, don't download again - if [ -s "$WWWTEMP/$FILEPRAEFIX$FILE" ]; then - continue + if [ -s "$WWWTEMP/$FILEPREFIX$FILE" ]; then + mv "$WWWTEMP/$FILEPREFIX$FILE" "$WWWDIR/" && continue + warning "Konnte bestehende Datei $WWWTEMP/$FILEPREFIX$FILE nicht nach $WWWDIR/ verschieben, lade erneut herunter..." fi # Download - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" && DLFLAG=1 || { warning "Could not download $FILE"; continue; } - # Download md5 value - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION" \ - || { warning "Could not download $FILE.$CRCEXTENSION!"; continue; } - # check file checksums - if [ $($CRCCOMMAND "$WWWTEMP/$FILEPRAEFIX$FILE"|cut -f 1 -d " ") != "$(cat $WWWTEMP/$FILEPRAEFIX$FILE.$CRCEXTENSION)" ]; then - warning "$CRCCOMMAND: $FILE: checksum mismatch! Transmission error or disk full." - warning "$CRCCOMMAND: $FILE: Prüfsummendiskrepanz! Übertragungsfehler oder Laufwerk voll." - error "Beende Skript aufgrund Prüfsummendiskrepanz!" - else - print "Prüfsummencheck Datei $FILE ok." - fi + download "$FILEPREFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" done if [ -z "$PXELINE" -o -z "$KERNEL" ]; then - warning "Incomplete entry. KERNEL or INITRD missing." + warning "Unvollständiger Eintrag. KERNEL oder INITRD fehlen." continue fi # Append to pxeconfig @@ -123,57 +172,28 @@ for REL in ${!AVAILABLE_*}; do echo " $KERNEL" >> "$PXECONFIG" echo " $PXELINE" >> "$PXECONFIG" echo " IPAPPEND 3" >> "$PXECONFIG" - echo " APPEND slxconfig=http://$SLX_LOCAL_ADDR/config" >> "$PXECONFIG" - # Extra files (e.g. vmplayer in it's own sqfs that gets downloaded later) + echo " APPEND slxsrv=$SLX_LOCAL_ADDR slxbase=/" >> "$PXECONFIG" + # Extra files (e.g. vmplayer in its own sqfs that gets downloaded later) EXTRA="${BRANCH}_EXTRA" for FILE in ${!EXTRA}; do # If file is available locally, don't download again - if [ -s "$WWWTEMP/$FILEPRAEFIX$FILE" ]; then - # mv "$WWWTEMP/$FILEPRAEFIX$FILE" "$WWWDIR/" - continue + if [ -s "$WWWTEMP/$FILEPREFIX$FILE" ]; then + mv "$WWWTEMP/$FILEPREFIX$FILE" "$WWWDIR/" && continue + warning "Konnte bestehende Datei $WWWTEMP/$FILEPREFIX$FILE nicht nach $WWWDIR/ verschieben, lade erneut herunter..." fi # Download - wget -O "$WWWTEMP/$FILEPRAEFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" || warning "Could not download $FILE" + download "$FILEPREFIX$FILE" "$MIRROR/$MIRRORDIR/$FILE" done done # If we are here, then we can assume everything went either right, or at least no fatal error happened. -# So, we will move the stuff in $WWWTEMP to $WWWDIR. if [ "$DLFLAG" -ne 0 ]; then - print "Alles scheint ok - Bewege neue Abbilder zum Webserver." - mv "$WWWTEMP/"* "$WWWDIR/" - print "Neue Abbilder bewegt." + print "Alles scheint ok." else - print "Keine Abbilder heruntergeladen - leere temporäres Verzeichnis $WWWTEMP." - rm -f "$WWWTEMP/"* + print "Keine neuen Abbilder heruntergeladen." fi +rm -f "$WWWTEMP/"* + +exit 0 -# Update Scripts openslx-install and openslx-update, if possible. -if [ ! -d "$SCRIPTBACKUPDIR" ]; then - print "Erzeuge Sicherungsverzeichnis für Skripte $SCRIPTBACKUPDIR" - mkdir -p "$SCRIPTBACKUPDIR" || error "Kann Sicherungsverzeichnis für Skripte nicht erstellen!" -fi - -for FILE in $SLXSCRIPTS; do - wget -O "$WWWTEMP/$FILE.$CRCEXTENSION" "$MIRROR/$MIRRORDIR/$FILE.$CRCEXTENSION" - CRCVALNEW=$(cat "$WWWTEMP/$FILE.$CRCEXTENSION"|cut -f 1 -d " ") - CRCVALOLD=$($CRCCOMMAND "$SCRIPTPATH/$FILE"|cut -f 1 -d " ") - if [ "$CRCVALNEW" == "$CRCVALOLD" ]; then - print "$SCRIPTPATH/$FILE - kein Update notwendig." - continue - else - wget -O "$WWWTEMP/$FILE" "$MIRROR/$MIRRORDIR/$FILE" - if [ $($CRCCOMMAND "$WWWTEMP/$FILE"|cut -f 1 -d " ") != "$CRCVALNEW" ]; then - warning "$SCRIPTPATH/$FILE konnte nicht upgedatet werden ($CRCEXTENSION-Fehler)!" - continue - else - print "$SCRIPTPATH/$FILE wird upgedatet - $CRCEXTENSION ok." - print "Alte Version $SCRIPTPATH/$FILE gesichert nach: $SCRIPTBACKUPDIR/$FILE.$DATUM." - mv "$SCRIPTPATH/$FILE" "$SCRIPTBACKUPDIR/$FILE.$DATUM" - chmod u+x "$WWWTEMP/$FILE" # sonst wg. wget keine exec-bit - mv "$WWWTEMP/$FILE" "$SCRIPTPATH" - fi - fi -done -exit 0 -- cgit v1.2.3-55-g7522 From 2817e5c800cb80dc0817a20fb167425b4a2f9fb2 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 6 Sep 2013 16:40:35 +0200 Subject: [vbox] two unneeded files deleted --- remote/modules/vbox/data/opt/openslx/bin/vmplayer | 15 --------------- remote/modules/vbox/data/opt/openslx/bin/vmware | 11 ----------- 2 files changed, 26 deletions(-) delete mode 100755 remote/modules/vbox/data/opt/openslx/bin/vmplayer delete mode 100755 remote/modules/vbox/data/opt/openslx/bin/vmware diff --git a/remote/modules/vbox/data/opt/openslx/bin/vmplayer b/remote/modules/vbox/data/opt/openslx/bin/vmplayer deleted file mode 100755 index 147f514f..00000000 --- a/remote/modules/vbox/data/opt/openslx/bin/vmplayer +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# radically simplified version of the original script vmplayer by VMware Inc. -PREFIX=/usr/lib/vmware # depends on the vmware location - -# HACK: Let the OpenGL driver report s3tc capability even if not present, so 3D will be enabled -export force_s3tc_enable=true - -exec "$PREFIX"'/lib/wrapper-gtk24.sh' \ - "$PREFIX"'/lib' \ - "$PREFIX"'/bin/vmplayer' \ - "$PREFIX"'/libconf' "$@" - - - - diff --git a/remote/modules/vbox/data/opt/openslx/bin/vmware b/remote/modules/vbox/data/opt/openslx/bin/vmware deleted file mode 100755 index 1fe9b11d..00000000 --- a/remote/modules/vbox/data/opt/openslx/bin/vmware +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# radically simplified version of the original script vmplayer by VMware Inc. -PREFIX=/usr/lib/vmware # depends on the vmware location -exec "$PREFIX"'/lib/wrapper-gtk24.sh' \ - "$PREFIX"'/lib' \ - "$PREFIX"'/bin/vmware' \ - "$PREFIX"'/libconf' "$@" - - - - -- cgit v1.2.3-55-g7522 From 907a1c9ebf3d374ebc2930d009d7376ab92c8c3d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 14:42:55 +0200 Subject: [debug] Added logger to opensuse conf --- remote/modules/debug/debug.conf.opensuse | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/debug/debug.conf.opensuse b/remote/modules/debug/debug.conf.opensuse index b7971956..e4306fc3 100644 --- a/remote/modules/debug/debug.conf.opensuse +++ b/remote/modules/debug/debug.conf.opensuse @@ -8,4 +8,5 @@ REQUIRED_INSTALLED_PACKAGES=" " REQUIRED_BINARIES+=" fonts-config + logger " -- cgit v1.2.3-55-g7522 From df0b2e2d7d1efdfc6b35c790522d0d876c6faf88 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:23:11 +0200 Subject: [vbox] Full udev rule with ENV{DEVTYPE}=="usb_device", see README! --- remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules index a94f2165..f2b99721 100644 --- a/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules +++ b/remote/modules/vbox/data/etc/udev/rules.d/10-vboxdrv.rules @@ -1,6 +1,6 @@ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" SUBSYSTEM=="usb_device", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" -SUBSYSTEM=="usb", ACTION=="add", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb_device", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -SUBSYSTEM=="usb", ACTION=="remove", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{PATH}="/usr/bin:/bin:/usr/sbin:/sbin:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin", RUN+="/usr/share/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" -- cgit v1.2.3-55-g7522 From ce621f1e8d9e7b4c4ccb1d3f8fe615175731821d Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:28:46 +0200 Subject: [vbox] Amended README-File: Cave: systemd-udevd restart. --- remote/modules/vbox/README | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/remote/modules/vbox/README b/remote/modules/vbox/README index 41e7d219..142bce5e 100644 --- a/remote/modules/vbox/README +++ b/remote/modules/vbox/README @@ -12,10 +12,19 @@ please note there is also a (linked) scripts named VBoxManage (note capitals). It is therefore recommended to use the lower case version (vboxmanage). + systemd capabilites: + The systemd-udevd compiled within the module systemd lacks a capability in the environment variable DEVTYPE at least in regard to USB devices, so an entry ENV{DEVTYPE}=="usb_device" in an udev rule file rule will not work. + This applies to several versions, tested so far 195, 204, 206. In contrast to this a hand-copied distribution binary will work flawlessly within the openSLX biotope. + +It does not seem possible right now to circumvent this problem, as this kind +of problem seems to be unknown even irc/systemd development group. So as a +workaround the systemd-udevd will be restarted in addon-init. But the danger +of losing queue messages needs to be kept in mind, and if a solution arises, +the udevd restart line should be deleted. -- cgit v1.2.3-55-g7522 From 9c15093466d1835e90be251060267de2b3c3b3b1 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 9 Sep 2013 15:30:45 +0200 Subject: [vbox] addon-init: systemd-udevd gets restarted now. Cave: Queued message loss possible. --- remote/modules/vbox/data/addon-init | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/remote/modules/vbox/data/addon-init b/remote/modules/vbox/data/addon-init index 0c77c3fc..d3c3fa47 100755 --- a/remote/modules/vbox/data/addon-init +++ b/remote/modules/vbox/data/addon-init @@ -11,3 +11,7 @@ fi systemctl daemon-reload systemctl start vbox.service + +# this seems to be necessary due to the misbehaviour of udevd +# in view of the undetected ENV dev_type +systemctl restart systemd-udevd -- cgit v1.2.3-55-g7522 From ea4bfa3418cf9d1ff380e5531de22d223c4e291b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 18:59:48 +0200 Subject: [branding-freiburg] New config module: Add UniFR logo in /etc/, for now used by kdm theme --- server/configs/freiburg/branding-freiburg | 1 + server/modules/branding-freiburg/etc/branding.svg | 1277 +++++++++++++++++++++ 2 files changed, 1278 insertions(+) create mode 120000 server/configs/freiburg/branding-freiburg create mode 100644 server/modules/branding-freiburg/etc/branding.svg diff --git a/server/configs/freiburg/branding-freiburg b/server/configs/freiburg/branding-freiburg new file mode 120000 index 00000000..174dca3e --- /dev/null +++ b/server/configs/freiburg/branding-freiburg @@ -0,0 +1 @@ +../../modules/branding-freiburg \ No newline at end of file diff --git a/server/modules/branding-freiburg/etc/branding.svg b/server/modules/branding-freiburg/etc/branding.svg new file mode 100644 index 00000000..fbefc54a --- /dev/null +++ b/server/modules/branding-freiburg/etc/branding.svg @@ -0,0 +1,1277 @@ + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3-55-g7522 From 89bd8f318707eb96717c2bf3f58b4285d79f319c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 19:50:13 +0200 Subject: [german] Try to make locale-gen logic a little smarter --- remote/modules/german/german.build | 15 ++++++++++----- remote/modules/german/german.conf | 3 +-- remote/modules/german/german.conf.opensuse | 12 +++++++++--- remote/modules/german/german.conf.ubuntu | 4 ++++ 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/remote/modules/german/german.build b/remote/modules/german/german.build index 6327815f..c8795254 100644 --- a/remote/modules/german/german.build +++ b/remote/modules/german/german.build @@ -3,12 +3,17 @@ fetch_source() { } build() { - # Make sure uncompressed locales are present, so we can fetch german utf8 - # Cave: locale-gen is debian/ubunto-specific, so other distris _must_ have /usr/lib/locale/de_DE.utf8! - if [ ! -d "/usr/lib/locale/de_DE.utf8" ]; then + # Debian-like + if [ -e "/etc/locale.gen" ] && ! grep -q -E '^\s*de_DE\.UTF-8' "/etc/locale.gen"; then pinfo "Generating locales..." - locale-gen --purge --no-archive || perror "Could not run locale-gen" - [ ! -d "/usr/lib/locale/de_DE.utf8" ] && perror "locale-gen was executed, but de_DE.utf8 does not exist." + echo 'de_DE.UTF-8 UTF-8' >> "/etc/locale.gen" + locale-gen || perror "Could not generate locales (debian style)" + fi + # Ubuntu's version + if [ -d "/var/lib/locales/supported.d" ] && ! grep -q -E -r '^\s*de_DE\.UTF-8' "/var/lib/locales/supported.d"; then + pinfo "Generating locales..." + echo 'de_DE.UTF-8 UTF-8' >> "/var/lib/locales/supported.d/openslx" + locale-gen "de_DE.UTF-8" || perror "Could not generate locales (ubuntu style)" fi # Put everything we build or get from the system in build dir diff --git a/remote/modules/german/german.conf b/remote/modules/german/german.conf index c79b8ded..e2f82123 100644 --- a/remote/modules/german/german.conf +++ b/remote/modules/german/german.conf @@ -1,6 +1,5 @@ REQUIRED_BINARIES="" REQUIRED_FILES="" REQUIRED_DIRECTORIES=" - /usr/lib/locale/de_DE.utf8 - /usr/share/X11 + /usr/share/X11 " diff --git a/remote/modules/german/german.conf.opensuse b/remote/modules/german/german.conf.opensuse index 015adfe2..1a4a4558 100644 --- a/remote/modules/german/german.conf.opensuse +++ b/remote/modules/german/german.conf.opensuse @@ -1,7 +1,13 @@ REQUIRED_INSTALLED_PACKAGES=" - libX11-data - glibc-locale" + libX11-data + glibc-locale +" REQUIRED_CONTENT_PACKAGES=" - libX11-data" + libX11-data +" +REQUIRED_DIRECTORIES+=" + /usr/lib/locale/de_DE.UTF-8 +" REQUIRED_BINARIES="" REQUIRED_FILES="" + diff --git a/remote/modules/german/german.conf.ubuntu b/remote/modules/german/german.conf.ubuntu index 28e3d966..02262276 100644 --- a/remote/modules/german/german.conf.ubuntu +++ b/remote/modules/german/german.conf.ubuntu @@ -5,3 +5,7 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libX11-data " +REQUIRED_DIRECTORIES+=" + /usr/lib/locale/de_DE.UTF-8 +" + -- cgit v1.2.3-55-g7522 From 3e6e24ea7ce6f9116721cb8152ccca5f8a9b063b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 19:55:15 +0200 Subject: [mltk] Add pkg-config to required dev-tools, add "exit 1" to qnd_exit just in case... --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index 73de3601..67b5e663 100755 --- a/mltk +++ b/mltk @@ -28,6 +28,7 @@ qnd_exit() { unset_quiet kill "$MLTK_PID" [ $# -ge 1 ] && kill "$1" + exit 1 } # source all helper functions files that are found under helper/*.inc -- cgit v1.2.3-55-g7522 From 3f2b4eba3cda1e0e5caf450ee2a2d96e897c5727 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:05:21 +0200 Subject: [helper/fileutil] Fix error handling in install_packages --- helper/fileutil.inc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/helper/fileutil.inc b/helper/fileutil.inc index abab7903..9f5c110f 100644 --- a/helper/fileutil.inc +++ b/helper/fileutil.inc @@ -91,7 +91,7 @@ install_packages() { if [ "x$LRET" == "x0" ]; then # package installed pdebug "$PKG installed!" - elif [ "x$LRET" == "x1" ]; then + else # package not installed pdebug "$PKG not installed!" if [ "x$PACKET_MANAGER" == "xapt" ]; then @@ -100,10 +100,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: apt-get failed with '$?' for package '$PKG'" + perror "install_packages: apt-get failed with '$IRET' for package '$PKG'" fi elif [ "x$PACKET_MANAGER" == "xzypper" ]; then zypper --no-refresh --non-interactive install ${PKG} @@ -111,10 +111,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: zypper failed with '$?' for package '$PKG'" + perror "install_packages: zypper failed with '$IRET' for package '$PKG'" fi elif [ "x$PACKET_MANAGER" == "xyum" ]; then yum --assumeyes install ${PKG} @@ -122,10 +122,10 @@ install_packages() { if [ "x$IRET" == "x0" ]; then # $PGK was installed successfully INSTALLED_PACKAGES+="$PKG " - elif [ "x$IRET" == "x1" ]; then + else # PKG was not installed # TODO error handling - pwarning "install_packages: yum failed with '$?' for package '$PKG'" + perror "install_packages: yum failed with '$IRET' for package '$PKG'" fi else perror "No packet manager determined, this should not happen!" -- cgit v1.2.3-55-g7522 From b92510902dec95eed8835cdbf630dee6baa9aad2 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:24:45 +0200 Subject: [polkit] FIX: Actually take REQUIRED_DIR_STRUCT into account --- remote/modules/polkit/polkit.build | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/remote/modules/polkit/polkit.build b/remote/modules/polkit/polkit.build index eeae1e32..151da8a8 100644 --- a/remote/modules/polkit/polkit.build +++ b/remote/modules/polkit/polkit.build @@ -6,10 +6,9 @@ fetch_source () { } build () { - COPYLIST="$MODULE_DIR/list_dpkg_output" - [ -e "${COPYLIST}" ] && rm "${COPYLIST}" - - list_packet_files >> "${COPYLIST}" + local COPYLIST="$MODULE_DIR/list_dpkg_output" + list_packet_files > "$COPYLIST" + [ -n "$REQUIRED_DIR_STRUCT" ] && find $REQUIRED_DIR_STRUCT -type d >> "$COPYLIST" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" local POLPATH=$(find "$MODULE_BUILD_DIR" -name polkitd -executable | head -n 1) POLPATH="/${POLPATH#$MODULE_BUILD_DIR}" -- cgit v1.2.3-55-g7522 From a893e9db2e12e0c7456f6a2aaa82ad564d522c47 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Sep 2013 20:47:11 +0200 Subject: [nscd] Remove "netgroup" from nscd.conf as it is not available in all nscd versions --- remote/modules/nscd/data/etc/nscd.conf | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/remote/modules/nscd/data/etc/nscd.conf b/remote/modules/nscd/data/etc/nscd.conf index 863a6f50..c4e23686 100644 --- a/remote/modules/nscd/data/etc/nscd.conf +++ b/remote/modules/nscd/data/etc/nscd.conf @@ -78,13 +78,3 @@ shared services yes max-db-size services 33554432 -# netgroup caching is known-broken, so disable it in the default config, -# see: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1068889 - enable-cache netgroup no - positive-time-to-live netgroup 28800 - negative-time-to-live netgroup 20 - suggested-size netgroup 211 - check-files netgroup yes - persistent netgroup yes - shared netgroup yes - max-db-size netgroup 33554432 -- cgit v1.2.3-55-g7522 From 9f0402b9713d7be1955ca226930e9cd57f2d8f7d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 12:07:22 +0200 Subject: [mltk] Actually really add pkg-config ( fixes commit:a3b435f6a1 ) --- mltk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mltk b/mltk index 67b5e663..d705df50 100755 --- a/mltk +++ b/mltk @@ -92,7 +92,7 @@ print_usage() { check_devtools() { # Checking for needed development tools, compilers etc. # Required: m4 make gcc g++ binutils - DEVTOOLS="gcc c++ g++ make m4 strip git depmod patch mksquashfs" # 'strip' as marker for binutils + DEVTOOLS="gcc c++ g++ make m4 strip git depmod patch mksquashfs pkg-config" # 'strip' as marker for binutils for i in $DEVTOOLS; do which "$i" 2>/dev/null 1>&2 || { echo "Essential development tool $i not found - exiting."; exit 1; } done -- cgit v1.2.3-55-g7522 From c2421d6384555a82a57fcd9edf75a3871c22dbc6 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:04:54 +0200 Subject: [debug] Config tweaks --- remote/modules/debug/debug.conf | 2 +- remote/modules/debug/debug.conf.ubuntu | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 7b040326..9ce39476 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -7,7 +7,7 @@ REQUIRED_BINARIES=" nano fc-cache fc-query - xset + @xset locale su file diff --git a/remote/modules/debug/debug.conf.ubuntu b/remote/modules/debug/debug.conf.ubuntu index f455b152..3b9c032a 100644 --- a/remote/modules/debug/debug.conf.ubuntu +++ b/remote/modules/debug/debug.conf.ubuntu @@ -1,6 +1,7 @@ REQUIRED_INSTALLED_PACKAGES=" curl ltrace + strace nano fontconfig fonts-config -- cgit v1.2.3-55-g7522 From 0d0633ad14f0d6f487545cd2ae2bd251bd8a420c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:05:54 +0200 Subject: [kdm] Clean up config files --- remote/modules/kdm/kdm.conf | 3 +++ remote/modules/kdm/kdm.conf.opensuse | 19 ++++------------ remote/modules/kdm/kdm.conf.ubuntu | 43 +++++++++++++++++------------------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/remote/modules/kdm/kdm.conf b/remote/modules/kdm/kdm.conf index 92dd47d7..2778a2bc 100644 --- a/remote/modules/kdm/kdm.conf +++ b/remote/modules/kdm/kdm.conf @@ -8,6 +8,7 @@ REQUIRED_DIRECTORIES=" /etc/dbus-1 " REQUIRED_LIBRARIES="" +# non-standard vars REQUIRED_SYSTEM_FILES=" /usr/share/icons/oxygen/16x16/actions/system-reboot.png /usr/share/icons/oxygen/16x16/actions/system-shutdown.png @@ -15,3 +16,5 @@ REQUIRED_SYSTEM_FILES=" /usr/share/icons/oxygen/index.theme /usr/share/icons/default.kde4/index.theme " +# Ignore these libs even if output by ldd +REQUIRED_LDD_BLACKLIST="\|libQtWebKit\|libGL" diff --git a/remote/modules/kdm/kdm.conf.opensuse b/remote/modules/kdm/kdm.conf.opensuse index d3c0044b..832baf9c 100644 --- a/remote/modules/kdm/kdm.conf.opensuse +++ b/remote/modules/kdm/kdm.conf.opensuse @@ -1,21 +1,10 @@ REQUIRED_INSTALLED_PACKAGES=" - kdm + kdm " REQUIRED_CONTENT_PACKAGES=" - kdm - kde4-kgreeter-plugins + kdm + kde4-kgreeter-plugins " -REQUIRED_BINARIES="" REQUIRED_DIRECTORIES+=" - /usr/$LIB64/kde4 -" -REQUIRED_FILES="" -REQUIRED_LIBRARIES="" -#non-standard vars -REQUIRED_SYSTEM_FILES=" - /usr/share/icons/oxygen/16x16/actions/system-reboot.png - /usr/share/icons/oxygen/16x16/actions/system-shutdown.png - /usr/share/icons/oxygen/16x16/actions/dialog-cancel.png - /usr/share/icons/oxygen/index.theme - /usr/share/icons/default.kde4/index.theme + /usr/$LIB64/kde4 " diff --git a/remote/modules/kdm/kdm.conf.ubuntu b/remote/modules/kdm/kdm.conf.ubuntu index 7119bf6f..b91d00e0 100644 --- a/remote/modules/kdm/kdm.conf.ubuntu +++ b/remote/modules/kdm/kdm.conf.ubuntu @@ -1,32 +1,29 @@ REQUIRED_INSTALLED_PACKAGES=" - kdm - kde-workspace-kgreet-plugins + kdm + kde-workspace-kgreet-plugins " REQUIRED_CONTENT_PACKAGES=" - kdm - kde-workspace-kgreet-plugins - libicu48 - libxcursor1 - libxrandr2 - libxfixes3 - libxinerama1 - libxi6 + kdm + kde-workspace-kgreet-plugins + libicu48 + libxcursor1 + libxrandr2 + libxfixes3 + libxinerama1 + libxi6 " -REQUIRED_BINARIES="" REQUIRED_DIRECTORIES+=" - /usr/lib - /etc/pam.d - /etc/logrotate.d - /etc/insserv.conf.d - /etc/kde4/kdm + /usr/lib + /etc/pam.d + /etc/logrotate.d + /etc/insserv.conf.d + /etc/kde4/kdm " -REQUIRED_FILES="" -REQUIRED_LIBRARIES="" # non-standard vars REQUIRED_SYSTEM_FILES+=" - /usr/share/kde4/apps/kdm/pics/shutdown.png - /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf - /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf - /usr/share/icons/default/index.theme + /usr/share/kde4/apps/kdm/pics/shutdown.png + /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf + /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf + /usr/share/icons/default/index.theme " -REQUIRED_LDD_BLACKLIST="\|libQtWebKit\|libGL" + -- cgit v1.2.3-55-g7522 From 2a8e9baa90d08d41101ed2cddd6eb64582889df8 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:07:00 +0200 Subject: [rootfs-stage32] (ubuntu) add ntpdate to required installed packages --- remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu index cfc5b128..2d97ce18 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.ubuntu @@ -3,6 +3,7 @@ REQUIRED_INSTALLED_PACKAGES=" squashfs-tools whois xfsprogs + ntpdate " REQUIRED_DIRECTORIES=" /lib/xtables -- cgit v1.2.3-55-g7522 From 00e2efa7809d0a1cada7ea67fbe870db2a02d737 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:07:53 +0200 Subject: * Add debian support * --- remote/modules/alsa/alsa.conf.debian | 5 +++ remote/modules/beamer/beamer.conf.debian | 6 +++ remote/modules/consolekit/consolekit.conf.debian | 2 + remote/modules/dbus/dbus.conf.debian | 9 ++++ remote/modules/debug/debug.conf.debian | 8 ++++ remote/modules/dnbd3/dnbd3.conf.debian | 7 ++++ remote/modules/german/german.conf.debian | 11 +++++ remote/modules/kdm/kdm.conf.debian | 28 +++++++++++++ remote/modules/nscd/nscd.conf.debian | 6 +++ remote/modules/openbox/openbox.conf.debian | 15 +++++++ remote/modules/pam/pam.conf.debian | 49 ++++++++++++++++++++++ remote/modules/plymouth/plymouth.conf.debian | 7 ++++ remote/modules/polkit/polkit.conf.debian | 19 +++++++++ remote/modules/redsocks/redsocks.conf.debian | 3 ++ remote/modules/rsyslogd/rsyslogd.conf.debian | 6 +++ remote/modules/systemd/systemd.conf.debian | 13 ++++++ remote/modules/udisks/udisks.conf.debian | 32 ++++++++++++++ remote/modules/vmchooser/vmchooser.conf.debian | 4 ++ remote/modules/xorg/xorg.conf.debian | 41 ++++++++++++++++++ .../rootfs-stage32/rootfs-stage32.conf.debian | 14 +++++++ 20 files changed, 285 insertions(+) create mode 100644 remote/modules/alsa/alsa.conf.debian create mode 100644 remote/modules/beamer/beamer.conf.debian create mode 100644 remote/modules/consolekit/consolekit.conf.debian create mode 100644 remote/modules/dbus/dbus.conf.debian create mode 100644 remote/modules/debug/debug.conf.debian create mode 100644 remote/modules/dnbd3/dnbd3.conf.debian create mode 100644 remote/modules/german/german.conf.debian create mode 100644 remote/modules/kdm/kdm.conf.debian create mode 100644 remote/modules/nscd/nscd.conf.debian create mode 100644 remote/modules/openbox/openbox.conf.debian create mode 100644 remote/modules/pam/pam.conf.debian create mode 100644 remote/modules/plymouth/plymouth.conf.debian create mode 100644 remote/modules/polkit/polkit.conf.debian create mode 100644 remote/modules/redsocks/redsocks.conf.debian create mode 100644 remote/modules/rsyslogd/rsyslogd.conf.debian create mode 100644 remote/modules/systemd/systemd.conf.debian create mode 100644 remote/modules/udisks/udisks.conf.debian create mode 100644 remote/modules/vmchooser/vmchooser.conf.debian create mode 100644 remote/modules/xorg/xorg.conf.debian create mode 100644 remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian diff --git a/remote/modules/alsa/alsa.conf.debian b/remote/modules/alsa/alsa.conf.debian new file mode 100644 index 00000000..b1f9f0e2 --- /dev/null +++ b/remote/modules/alsa/alsa.conf.debian @@ -0,0 +1,5 @@ +REQUIRED_CONTENT_PACKAGES=" + alsa-utils + alsa-base + libasound2 +" diff --git a/remote/modules/beamer/beamer.conf.debian b/remote/modules/beamer/beamer.conf.debian new file mode 100644 index 00000000..459dd079 --- /dev/null +++ b/remote/modules/beamer/beamer.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + zenity +" +REQUIRED_CONTENT_PACKAGES=" + zenity +" diff --git a/remote/modules/consolekit/consolekit.conf.debian b/remote/modules/consolekit/consolekit.conf.debian new file mode 100644 index 00000000..c0fffffa --- /dev/null +++ b/remote/modules/consolekit/consolekit.conf.debian @@ -0,0 +1,2 @@ +REQUIRED_CONTENT_PACKAGES="consolekit" + diff --git a/remote/modules/dbus/dbus.conf.debian b/remote/modules/dbus/dbus.conf.debian new file mode 100644 index 00000000..d007c2ef --- /dev/null +++ b/remote/modules/dbus/dbus.conf.debian @@ -0,0 +1,9 @@ +REQUIRED_CONTENT_PACKAGES=" + dbus +" +REQUIRED_DIRECTORIES+=" + /lib/systemd +" +REQUIRED_FILES=" + /etc/default/dbus +" diff --git a/remote/modules/debug/debug.conf.debian b/remote/modules/debug/debug.conf.debian new file mode 100644 index 00000000..3b9c032a --- /dev/null +++ b/remote/modules/debug/debug.conf.debian @@ -0,0 +1,8 @@ +REQUIRED_INSTALLED_PACKAGES=" + curl + ltrace + strace + nano + fontconfig + fonts-config +" diff --git a/remote/modules/dnbd3/dnbd3.conf.debian b/remote/modules/dnbd3/dnbd3.conf.debian new file mode 100644 index 00000000..c26fd833 --- /dev/null +++ b/remote/modules/dnbd3/dnbd3.conf.debian @@ -0,0 +1,7 @@ +REQUIRED_CONTENT_PACKAGES=" + cmake +" + +REQUIRED_INSTALLED_PACKAGES=" + cmake +" diff --git a/remote/modules/german/german.conf.debian b/remote/modules/german/german.conf.debian new file mode 100644 index 00000000..b41764e0 --- /dev/null +++ b/remote/modules/german/german.conf.debian @@ -0,0 +1,11 @@ +REQUIRED_INSTALLED_PACKAGES=" + libX11-data + language-pack-de +" +REQUIRED_CONTENT_PACKAGES=" + libX11-data +" +REQUIRED_DIRECTORIES+=" + /usr/lib/locale +" + diff --git a/remote/modules/kdm/kdm.conf.debian b/remote/modules/kdm/kdm.conf.debian new file mode 100644 index 00000000..da0df913 --- /dev/null +++ b/remote/modules/kdm/kdm.conf.debian @@ -0,0 +1,28 @@ +REQUIRED_INSTALLED_PACKAGES=" + kdm + kde-workspace-kgreet-plugins +" +REQUIRED_CONTENT_PACKAGES=" + kdm + kde-workspace-kgreet-plugins + libicu48 + libxcursor1 + libxrandr2 + libxfixes3 + libxinerama1 + libxi6 +" +REQUIRED_DIRECTORIES+=" + /usr/lib + /etc/pam.d + /etc/logrotate.d + /etc/insserv.conf.d + /etc/kde4/kdm +" +# non-standard vars +REQUIRED_SYSTEM_FILES+=" + /usr/share/kde4/apps/kdm/pics/shutdown.png + /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf + /usr/share/icons/default/index.theme +" + diff --git a/remote/modules/nscd/nscd.conf.debian b/remote/modules/nscd/nscd.conf.debian new file mode 100644 index 00000000..4a61cc19 --- /dev/null +++ b/remote/modules/nscd/nscd.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + nscd +" +REQUIRED_CONTENT_PACKAGES=" + nscd +" diff --git a/remote/modules/openbox/openbox.conf.debian b/remote/modules/openbox/openbox.conf.debian new file mode 100644 index 00000000..b10bd40d --- /dev/null +++ b/remote/modules/openbox/openbox.conf.debian @@ -0,0 +1,15 @@ +REQUIRED_INSTALLED_PACKAGES=" + openbox + libpango1.0-0 + libpango1.0-dev + libdbus-1-dev +" +REQUIRED_CONTENT_PACKAGES=" + openbox + libpango1.0-0 + libpango1.0-dev + libdbus-1-dev +" +REQUIRED_DIRECTORIES+=" + /usr/lib +" diff --git a/remote/modules/pam/pam.conf.debian b/remote/modules/pam/pam.conf.debian new file mode 100644 index 00000000..278c36be --- /dev/null +++ b/remote/modules/pam/pam.conf.debian @@ -0,0 +1,49 @@ +REQUIRED_INSTALLED_PACKAGES=" + libpam-ldap + libnss-ldap + libpam-ck-connector + libpam-cap + krb5-user + krb5-config + libpam-krb5 + libssl-dev + ldap-utils + libnfsidmap2 + nfs-common + libpam0g-dev + ncpfs +" +REQUIRED_CONTENT_PACKAGES=" + libpam0g + libpam-modules + libpam-ck-connector + libpam-cap + libldap-2.4-2 + libpam-ldap + libnss-ldap + krb5-user + krb5-config + libpam-krb5 + ldap-utils + libnfsidmap2 + nfs-common + ncpfs +" +REQUIRED_BINARIES+=" + nwmsg + ncpmount + ncpumount + mount.ncp + mount.ncpfs +" +REQUIRED_DIRECTORIES+=" + /lib + /usr/lib +" +REQUIRED_SYSTEM_FILES+=" + /etc/pam.conf + /etc/default/locale + /lib/security + /lib/${ARCH_TRIPLET}/security + /sbin/mkhomedir_helper +" diff --git a/remote/modules/plymouth/plymouth.conf.debian b/remote/modules/plymouth/plymouth.conf.debian new file mode 100644 index 00000000..0c6e00a4 --- /dev/null +++ b/remote/modules/plymouth/plymouth.conf.debian @@ -0,0 +1,7 @@ +REQUIRED_INSTALLED_PACKAGES=" + libpng-dev + libpango1.0-dev + libcairo-dev + libgtk2.0-dev + libdrm-dev +" diff --git a/remote/modules/polkit/polkit.conf.debian b/remote/modules/polkit/polkit.conf.debian new file mode 100644 index 00000000..5684a504 --- /dev/null +++ b/remote/modules/polkit/polkit.conf.debian @@ -0,0 +1,19 @@ +REQUIRED_INSTALLED_PACKAGES=" + libmozjs185-1.0 + policykit-1 +" +REQUIRED_CONTENT_PACKAGES=" + libmozjs185-1.0 + policykit-1 +" +REQUIRED_DIRECTORIES+=" + /usr/lib/policykit-1 + /usr/lib/${ARCH_TRIPLET}/polkit-1 + /var/lib/polkit-1 +" +# Module specific: Root of dirstructs we need directly from system +REQUIRED_DIR_STRUCT=" + /var/lib/polkit-1 + /etc/polkit-1 +" + diff --git a/remote/modules/redsocks/redsocks.conf.debian b/remote/modules/redsocks/redsocks.conf.debian new file mode 100644 index 00000000..da41b04e --- /dev/null +++ b/remote/modules/redsocks/redsocks.conf.debian @@ -0,0 +1,3 @@ +REQUIRED_INSTALLED_PACKAGES=" + libevent-dev +" diff --git a/remote/modules/rsyslogd/rsyslogd.conf.debian b/remote/modules/rsyslogd/rsyslogd.conf.debian new file mode 100644 index 00000000..79aba761 --- /dev/null +++ b/remote/modules/rsyslogd/rsyslogd.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_CONTENT_PACKAGES=" + rsyslog +" +REQUIRED_DIRECTORIES=" + /usr/lib/rsyslog +" diff --git a/remote/modules/systemd/systemd.conf.debian b/remote/modules/systemd/systemd.conf.debian new file mode 100644 index 00000000..2768b51c --- /dev/null +++ b/remote/modules/systemd/systemd.conf.debian @@ -0,0 +1,13 @@ +REQUIRED_INSTALLED_PACKAGES=" + intltool + gperf + dbus + pkg-config + libcap-dev + libudev-dev + libdbus-1-dev + xsltproc + libblkid-dev + libacl1-dev + libpam-dev +" diff --git a/remote/modules/udisks/udisks.conf.debian b/remote/modules/udisks/udisks.conf.debian new file mode 100644 index 00000000..c32a5f24 --- /dev/null +++ b/remote/modules/udisks/udisks.conf.debian @@ -0,0 +1,32 @@ +REQUIRED_INSTALLED_PACKAGES=" + udisks +" +REQUIRED_CONTENT_PACKAGES=" + udisks +" +# Override: Only udisks1 is available +REQUIRED_BINARIES=" + udisks-helper-linux-md-check + udisks-daemon + udisks-helper-change-luks-password + udisks-helper-create-partition-table + udisks-helper-mdadm-expand + udisks-helper-drive-benchmark + udisks-helper-drive-detach + udisks-helper-mkfs + udisks-helper-ata-smart-collect + udisks-helper-change-filesystem-label + udisks-helper-modify-partition + udisks-helper-delete-partition + udisks-helper-create-partition + udisks-helper-fstab-mounter + udisks-helper-linux-md-remove-component + udisks-helper-ata-smart-selftest + udisks-helper-drive-poll + udisks-dm-export + udisks-lvm-pv-export + udisks-part-id + udisks-probe-ata-smart + udisks-probe-sas-expander +" + diff --git a/remote/modules/vmchooser/vmchooser.conf.debian b/remote/modules/vmchooser/vmchooser.conf.debian new file mode 100644 index 00000000..2953ac63 --- /dev/null +++ b/remote/modules/vmchooser/vmchooser.conf.debian @@ -0,0 +1,4 @@ +REQUIRED_INSTALLED_PACKAGES=" + cmake + libqt4-dev +" diff --git a/remote/modules/xorg/xorg.conf.debian b/remote/modules/xorg/xorg.conf.debian new file mode 100644 index 00000000..a3be908f --- /dev/null +++ b/remote/modules/xorg/xorg.conf.debian @@ -0,0 +1,41 @@ +REQUIRED_CONTENT_PACKAGES=" + xserver-xorg$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-core$UBUNTU_XORG_PKG_SUFFIX + libgl1-mesa-dri$UBUNTU_XORG_PKG_SUFFIX + libgl1-mesa-glx$UBUNTU_XORG_PKG_SUFFIX + xkb-data + x11-xkb-utils + x11-xserver-utils + xserver-xorg-input-evdev$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-input-mouse$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-input-vmmouse$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-ati$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-mga$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-sis$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-radeon$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-sisusb$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-openchrome$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-savage$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-trident$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-mach64$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-siliconmotion$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-cirrus$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-r128$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-neomagic$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-geode$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-s3$UBUNTU_XORG_PKG_SUFFIX + @xserver-xorg-video-tdfx$UBUNTU_XORG_PKG_SUFFIX +" +REQUIRED_BINARIES+=" + xkbcomp +" +REQUIRED_DIRECTORIES+=" + /usr/lib +" +REQUIRED_FILES="" diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian new file mode 100644 index 00000000..4b80623f --- /dev/null +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.debian @@ -0,0 +1,14 @@ +REQUIRED_INSTALLED_PACKAGES=" + nfs-common + squashfs-tools + whois + xfsprogs + ntpdate + firmware-linux-free +" +REQUIRED_DIRECTORIES=" + /lib/xtables +" +REQUIRED_FILES+=" + /etc/X11/app-defaults/Xvidtune +" -- cgit v1.2.3-55-g7522 From 0f72bd1601d3ca75d679bde447c7046a6fe9a844 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:34:18 +0200 Subject: [debug] Remove nonsense from config --- remote/modules/debug/debug.conf.debian | 1 - remote/modules/debug/debug.conf.ubuntu | 1 - 2 files changed, 2 deletions(-) diff --git a/remote/modules/debug/debug.conf.debian b/remote/modules/debug/debug.conf.debian index 3b9c032a..00bfea2c 100644 --- a/remote/modules/debug/debug.conf.debian +++ b/remote/modules/debug/debug.conf.debian @@ -4,5 +4,4 @@ REQUIRED_INSTALLED_PACKAGES=" strace nano fontconfig - fonts-config " diff --git a/remote/modules/debug/debug.conf.ubuntu b/remote/modules/debug/debug.conf.ubuntu index 3b9c032a..00bfea2c 100644 --- a/remote/modules/debug/debug.conf.ubuntu +++ b/remote/modules/debug/debug.conf.ubuntu @@ -4,5 +4,4 @@ REQUIRED_INSTALLED_PACKAGES=" strace nano fontconfig - fonts-config " -- cgit v1.2.3-55-g7522 From 02fdfd45445fe6fe74a5641b5fa1bb82dda7d4b8 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:36:33 +0200 Subject: [german] language-pack-de doesn't exist on debian --- remote/modules/german/german.conf.debian | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/german/german.conf.debian b/remote/modules/german/german.conf.debian index b41764e0..a43faea2 100644 --- a/remote/modules/german/german.conf.debian +++ b/remote/modules/german/german.conf.debian @@ -1,6 +1,5 @@ REQUIRED_INSTALLED_PACKAGES=" libX11-data - language-pack-de " REQUIRED_CONTENT_PACKAGES=" libX11-data -- cgit v1.2.3-55-g7522 From 45448fb9a294506d1932b4b7c30c4736a712e073 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:39:41 +0200 Subject: [plymouth] Fix config variable naming --- remote/modules/plymouth/plymouth.build | 7 +++---- remote/modules/plymouth/plymouth.conf | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/remote/modules/plymouth/plymouth.build b/remote/modules/plymouth/plymouth.build index e46541f3..67b7734e 100644 --- a/remote/modules/plymouth/plymouth.build +++ b/remote/modules/plymouth/plymouth.build @@ -1,14 +1,13 @@ #!/bin/bash fetch_source() { - download_untar "$URL" "src/" + download_untar "$REQUIRED_URL" "src/" } build() { - cd src/$VERSION + cd "src/$REQUIRED_VERSION" pinfo "Running configure" - - ./configure --enable-systemd-integration --disable-gtk --disable-static --prefix="$PREFIX"|| perror "failed." + ./configure --enable-systemd-integration --disable-gtk --disable-static --prefix="$REQUIRED_PREFIX"|| perror "failed." pinfo "Running make" make || perror "failed" pinfo "Running make install" diff --git a/remote/modules/plymouth/plymouth.conf b/remote/modules/plymouth/plymouth.conf index d9acf6a3..887d8ef6 100644 --- a/remote/modules/plymouth/plymouth.conf +++ b/remote/modules/plymouth/plymouth.conf @@ -1,6 +1,6 @@ -VERSION=plymouth-0.8.6.1 -URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 -PREFIX="/usr" +REQUIRED_VERSION=plymouth-0.8.6.1 +REQUIRED_URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 +REQUIRED_PREFIX="/usr" REQUIRED_BINARIES=" plymouth plymouthd -- cgit v1.2.3-55-g7522 From 7ae5878d101980d9083e01a01703e25a072b71bd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:42:46 +0200 Subject: Fix fix --- remote/modules/plymouth/plymouth.conf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/remote/modules/plymouth/plymouth.conf b/remote/modules/plymouth/plymouth.conf index 887d8ef6..d8827529 100644 --- a/remote/modules/plymouth/plymouth.conf +++ b/remote/modules/plymouth/plymouth.conf @@ -1,15 +1,15 @@ -REQUIRED_VERSION=plymouth-0.8.6.1 -REQUIRED_URL=http://www.freedesktop.org/software/plymouth/releases/${VERSION}.tar.bz2 +REQUIRED_VERSION="plymouth-0.8.6.1" +REQUIRED_URL="http://www.freedesktop.org/software/plymouth/releases/${REQUIRED_VERSION}.tar.bz2" REQUIRED_PREFIX="/usr" REQUIRED_BINARIES=" plymouth plymouthd " REQUIRED_DIRECTORIES=" - $PREFIX/bin - $PREFIX/etc - $PREFIX/lib - $PREFIX/sbin - $PREFIX/var/lib - $PREFIX/var/spool + $REQUIRED_PREFIX/bin + $REQUIRED_PREFIX/etc + $REQUIRED_PREFIX/lib + $REQUIRED_PREFIX/sbin + $REQUIRED_PREFIX/var/lib + $REQUIRED_PREFIX/var/spool " -- cgit v1.2.3-55-g7522 From 4b033992bc19e25f6d4889ce42b9f95f237b645a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:50:18 +0200 Subject: [vmchooser] Fix config variable naming --- remote/modules/vmchooser/vmchooser.build | 10 +++++----- remote/modules/vmchooser/vmchooser.conf | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/remote/modules/vmchooser/vmchooser.build b/remote/modules/vmchooser/vmchooser.build index 7d78f508..9a9d6d63 100644 --- a/remote/modules/vmchooser/vmchooser.build +++ b/remote/modules/vmchooser/vmchooser.build @@ -1,14 +1,14 @@ #!/bin/bash fetch_source() { - git clone "${GIT}" src + git clone "${REQUIRED_GIT}" src } build() { - SRCDIR="${MODULE_DIR}/src/" + local SRCDIR="${MODULE_DIR}/src/" - [ ! -d "${MODULE_BUILD_DIR}/${PREFIX}" ] && mkdir -p "${MODULE_BUILD_DIR}/${PREFIX}" - cd "${MODULE_BUILD_DIR}/${PREFIX}" + [ ! -d "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" ] && mkdir -p "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" + cd "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" # patch globals.cpp and globals.h to use standardised paths /opt/openslx/... sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"/g' "${SRCDIR}"/src/globals.h @@ -22,7 +22,7 @@ build() { sed -i 's/^#define VMCHOOSER_VMPATH.*/#define VMCHOOSER_VMPATH "\/mnt\/vmstore"/g' "${SRCDIR}"/src/globals.h pinfo "Running cmake" - cmake $CMAKE_ARGS $SRCDIR || perror "'cmake $CMAKE_ARGS $SRCDIR' failed." + cmake "$SRCDIR" || perror "'cmake $SRCDIR' failed." make || perror "'make' failed." cd - &> /dev/null diff --git a/remote/modules/vmchooser/vmchooser.conf b/remote/modules/vmchooser/vmchooser.conf index 182d65a0..686eb8bf 100644 --- a/remote/modules/vmchooser/vmchooser.conf +++ b/remote/modules/vmchooser/vmchooser.conf @@ -1,3 +1,3 @@ -GIT=git://git.openslx.org/openslx/tools/vmchooser.git -PREFIX="/opt/openslx/bin" +REQUIRED_GIT="git://git.openslx.org/openslx/tools/vmchooser.git" +REQUIRED_PREFIX="/opt/openslx/bin" REQUIRED_BINARIES="vmchooser" -- cgit v1.2.3-55-g7522 From d47613b9579ef31e95376bdcbbb104b57b36a69a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 13:50:53 +0200 Subject: [setup_target] Check config files for invalid variable names --- remote/setup_target | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/remote/setup_target b/remote/setup_target index b783729f..04af2158 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -74,6 +74,7 @@ read_config () { # sanity checks [ ! -e "${MODULE_CONFIG}" ] && perror "Config for '$MODULE' not found." + validate_config "$MODULE_CONFIG" # source the config file . "${MODULE_CONFIG}" || perror "Sourcing '${MODULE_CONFIG}' failed." # sanity checks - no distribution specific things in the global config @@ -85,13 +86,24 @@ read_config () { for FILE in $SYS_VERSIONS; do if [ -e "${MODULE_CONFIG}.${FILE}" ]; then # a specific tool.conf seems to exist, use it to override/extend certain vars - . "${MODULE_CONFIG}.${FILE}" || perror "Sourcing '${MODULE_CONFIG}.${PACKET_MANAGER}' failed." + validate_config "${MODULE_CONFIG}.${FILE}" + . "${MODULE_CONFIG}.${FILE}" || perror "Sourcing '${MODULE_CONFIG}.${FILE}' failed." pinfo "Sourced distribution specific ${MODULE_CONFIG}.${FILE}" break fi done } +validate_config () { + local INVALID=$(grep -h -E -o '^\s*\w+=' "$1" | grep -v -E '^\s*REQUIRED_') + [ -z "$INVALID" ] && return 0 + local i + for i in $INVALID; do + pwarning "Invalid variable $i" + done + perror "$1 contains invalid variables. All variables must start with REQUIRED_" +} + # # generic function to read the build script of the current $MODULE # -- cgit v1.2.3-55-g7522 From 37e74cb1cbf1033842c68ca919f701df3b250ef4 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 14:55:17 +0200 Subject: [vbox] Standardization for run-virt --- .../opt/openslx/etc/virtualbox/run-virt.include | 642 +++++++++++++++++++++ 1 file changed, 642 insertions(+) create mode 100755 remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include diff --git a/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include new file mode 100755 index 00000000..b755133f --- /dev/null +++ b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/run-virt.include @@ -0,0 +1,642 @@ +# run-virt.include +# ----------------------------------------------------------------------------- +# Copyright (c) 2009..2012 - RZ Uni Freiburg +# Copyright (c) 2009..2013 - OpenSLX GmbH +# +# This program is free software distributed under the GPL version 2. +# See http://openslx.org/COPYING +# +# If you have any feedback please consult http://openslx.org/feedback and +# send your suggestions, praise, or complaints to feedback@openslx.org +# +# General information about OpenSLX can be found at http://openslx.org/ +# ----------------------------------------------------------------------------- +# run-virt.include +# - component for vmware/player of the vmchooser plugin run-virt.sh +################################################################################ + +# configuration writer functions +################################################################################ + +function clean_string () +{ + if [ "$#" -ge 1 ]; then + echo "$@" | tr '[A-Z]' '[a-z]' | tr -d '\t _./' + else + cat - | tr '[A-Z]' '[a-z]' | tr -d '\t _./' + fi +} + +vmostype=$(clean_string "$vmostype") + +runvmwareconfheader () +{ + echo "# This configuration file was generated by $0" > "$conffile" + + MAXMEM="9999999" + MAXCORES="256" + + # check for the ostype + # 1) memory limits + case "$vmostype" in + win31*|windows31*) + MAXMEM="32" + vmostype="win31" + ;; + winnt*|windowsnt*) + MAXMEM="1000" + vmostype="winnt" + ;; + win95*|windows95*) + MAXMEM="96" + vmostype="win95" + ;; + win98*|windows98*) + MAXMEM="384" + vmostype="win98" + ;; + winme*|windowsme*) + MAXMEM="384" + vmostype="winme" + ;; + win2000|windows2000|win2000pro*) + MAXMEM="4000" + vmostype="win2000pro" + ;; + win2000srv*|windows2000srv*|win2000serv*|windows2000serv*) + MAXMEM="4000" + vmostype="win2000serv" + ;; + win2000adv*|windows2000adv*|win2000dat*|windows2000dat*) + MAXMEM="8000" + vmostype="win2000advserv" + ;; + winnet*64|win*2003*64|windowsnet*64) + MAXMEM="8000" + vmostype="winnetstandard-64" + ;; + winnet*|win*2003*|windowsnet*) + MAXMEM="4000" + vmostype="winnetstandard" + ;; + winxphome*|windowsxphome*) + MAXMEM="4000" + vmostype="winxphome" + ;; + winxp*64|windowsxp*64) + MAXMEM="8000" + vmostype="winxppro-64" + ;; + winxp*|windowsxp*) + MAXMEM="4000" + vmostype="winxppro" + ;; + winvista*64|windowsvista*64) + MAXMEM="16000" + vmostype="winvista-64" + ;; + winvista*|windowsvista*) + MAXMEM="8000" + vmostype="winvista" + ;; + win7*64|windows7*64) + MAXMEM="32000" + vmostype="windows7-64" + ;; + win7*|windows7*) + MAXMEM="8000" + vmostype="windows7" + ;; + win*64) + MAXMEM="16000" + ;; + win*) + MAXMEM="8000" + ;; + dos|msdos*|ms-dos*) + MAXMEM="128" + vmostype="dos" + ;; + *64) + MAXMEM="123456" + ;; + *) + MAXMEM="8000" + ;; + esac + + # 2) other hardware + capabilities + shfolders="FALSE" + case "$vmostype" in + win31) + MAXCORES="1" + sound="sb16" + ;; + winnt) + MAXCORES="2" + sound="sb16" + ;; + win95|win98|winme) + MAXCORES="1" + ;; + win2000pro) # Don't know if Win 2000 supports shared folders, disabled to be safe + MAXCORES="2" + ;; + win2000serv) + MAXCORES="4" + ;; + win2000advserv) + MAXCORES="8" + ;; + winxphome) + MAXCORES="1" + shfolders="TRUE" + ;; + winxp*|winvista*|windows7*) + shfolders="TRUE" + ;; + winnet*) + shfolders="TRUE" + ;; + linux*|ubuntu*|suse*|debian*) + shfolders="TRUE" + ;; + macos*64) + MAXCORES="2" + vmostype="freebsd-64" + ;; + macos*) + MAXCORES="1" + vmostype="freebsd" + ;; + beos*) + vmostype="other" + ;; + # Unknown guestOS setting in .xml - use conservative defaults + *64) + vmostype="other-64" + ;; + *) + vmostype="other" + ;; + esac + + svga_autodetect="TRUE" + + real_core_count="$cpu_cores" + [ "$cpu_cores" -gt "$MAXCORES" ] && cpu_cores="$MAXCORES" + # It currently makes no sense to set the virtual number of cores + # to a different value than the virtual number of cores per virtual CPU. + cores_per_socket="$cpu_cores" + + if [ "x$shfolders" != "xFALSE" ]; then + ENABLE_SHARE='sharedFolder.option = "alwaysEnabled"' + else + ENABLE_SHARE='' + fi + + [ "$mem" -ge "$MAXMEM" ] && mem="$MAXMEM" + [ "$hwver" -lt "7" -a "$mem" -gt "3500" ] && mem="3500" + + cap3d="WHAT IS THIS VAR USED FOR?" # helper var for loging output + + cat >> "$conffile" </dev/null 2>&1 +} + +preferencesheader () +{ + cat > "$vmhome/preferences" <> "$vmhome/preferences" <> "$vmhome/preferences" </dev/null 2>&1 +mkdir -p "$confdir" >/dev/null 2>&1 +mkdir -p "$vmhome/dndlogs" >/dev/null 2>&1 +touch "$vmhome/dndlogs/dndlog.conf" >/dev/null 2>&1 + +# create preferences +preferencesheader + +# create VMware startup file +runvmwareconfheader + +# link to conffile if confdir != redodir +ln -s "$conffile" "$redodir/run-vmware.conf" >/dev/null 2>&1 + +# sync is needed to ensure that data is really written to virtual disk +sync + +# own nvram. We need it for floppy drive b, default nvram has just drive a +# TODO: optimize, currently kinda inefficient, too much copys, but we +# don't know which one is installed... +cp "/opt/openslx/etc/vmware/nvram" "$confdir/nvram" 2>/dev/null + + +# logging and stdout +################################################################################ + +# log script information +writelog "# File created by $0 (VMversion ${vmversion})\n# on $(date)\n" +## Edited for persistent mode. +writelog "Starting with ${diskmode} mode ...\n" +## + +# write all results to logfile +# log disksetup +writelog "Directories:" +writelog "\tConfdir:\t${confdir}" +writelog "\tConffile:\t${conffile}" +writelog "\tRedodir:\t${redodir}" +writelog "\tVMhome:\t\t${vmhome}" +writelog "\t/tmp info: \ +$(grep "/tmp " /proc/mounts) $(df -h | grep " /tmp$" | awk '{print $2}')" +# hw setup +writelog "Hardware:" +writelog "\tMAC:\t\t00:50:56:${VM_ID}:${machostpart}" +if [ -n "${network_card}" ]; then + writelog "\tNet Adaptor:\t${network_card}" +fi +writelog "\tMem:\t\t${mem} MB" +# echo nur wenn hostmem gesetzt +[ -n "${hostmem}" ] && writelog "\tHostmem:\t${hostmem} MB" +writelog "\tMax. res.:\t${xres}x${yres}" +writelog "\tCD-ROM1:\t${cdrom0}" +writelog "\tCD-ROM2:\t${cdrom1}" +writelog "\tFloppy_A:\t${floppy0}" +if [ "${serial}" = "TRUE" ]; then + writelog "\tSerial Port:\t${serialdev}" +fi +if [ "${parallel}" = "TRUE" ]; then + writelog "\tParallel Port:\t${paraldev}" +fi +# image +writelog "Diskimage:" +writelog "\tDiskfile:\t${diskfile}" +writelog "\tDisktype:\t${hddrv}" +writelog "\tHWVersion:\t${hwver}" +writelog "\tVMostype:\t${vmostype}" +# misc +writelog "Misc:" +writelog "\tDisplayname:\t${displayname}" +if [ "${cap3d}" = "TRUE" -a "${enable3d}" = "TRUE" ]; then + writelog "\t3D Graphics:\tenabled" +fi +# empty line at end +writelog "" + + +# finally set env for run-virt.sh +################################################################################ + +# configure and start samba service to provide user's home directory +#if [ -f /usr/sbin/smbd ] ; then +# sudo /opt/openslx/bin/sed -i /etc/vmware/smb.conf -e "s,USER,$USER," +# sudo /usr/sbin/nmbd -s /etc/vmware/smb.conf +# sudo /usr/sbin/smbd -s /etc/vmware/smb.conf +#fi + +# For debugging +cp "$conffile" "/tmp/vmware-last-config" + +# using the modified version of the wrapper script +VIRTCMD="/opt/openslx/bin/vmplayer" +VIRTCMDOPTS="${vmopt} ${conffile}" +RMDIRS="${redodir} ${conffile}" -- cgit v1.2.3-55-g7522 From ca23b4dd11b1551186ba13db05afbf5d2125e9df Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 14:56:00 +0200 Subject: [vbox] Standardization for run-virt --- remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf diff --git a/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf new file mode 100644 index 00000000..8a7a58e4 --- /dev/null +++ b/remote/modules/vbox/data/opt/openslx/etc/virtualbox/virtualbox.conf @@ -0,0 +1,2 @@ +# Todo: Good setting +export VBOX_USER_HOME="" -- cgit v1.2.3-55-g7522 From 892c1567a81b11243427d9fed141dc17bc345d45 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:09:04 +0200 Subject: [system.inc] Path variable LIB64 now generalized usable (dep. on $SYS_DISTRIBUTION) --- helper/system.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 7a9f8954..1d2bdf06 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -21,7 +21,12 @@ export MAKEFLAGS="-j$CPU_CORES" # Determine if we have lib64 if [ "$(uname -m)x" = "x86_64x" ]; then - LIB64="lib64" + # Setting LIB64, as openSuse differentiates but Ubuntu does not: + case $SYS_DISTRIBUTION in + ubuntu | debian) LIB64="lib" ;; + opensuse) LIB64="lib64" ;; + *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + esac AMD64_I386=amd64 X86_64_I586=x86_64 AMD64_X86=amd64 -- cgit v1.2.3-55-g7522 From 8205609508f54d3e1e0c5ec07715381ed657ba33 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:10:33 +0200 Subject: [systemd] conf file updated (systemd-204, kmod-14) --- remote/modules/systemd/systemd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/systemd/systemd.conf b/remote/modules/systemd/systemd.conf index ea042020..3cb6196a 100644 --- a/remote/modules/systemd/systemd.conf +++ b/remote/modules/systemd/systemd.conf @@ -1,6 +1,6 @@ REQUIRED_VERSION="systemd-204" REQUIRED_URL="http://www.freedesktop.org/software/systemd/${REQUIRED_VERSION}.tar.xz" -REQUIRED_LIBKMOD_VERSION="kmod-12" +REQUIRED_LIBKMOD_VERSION="kmod-14" REQUIRED_LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${REQUIRED_LIBKMOD_VERSION}.tar.gz" REQUIRED_DISABLED_SERVICES=" tmp.mount -- cgit v1.2.3-55-g7522 From cb37d5d66ab6a4a109cd9dd95ffae8bc3a3ce34c Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:10:59 +0200 Subject: [systemd] Cave: Possible breaker: build file doesn't install kmod anymore into base system. --- remote/modules/systemd/systemd.build | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index 3a5baf07..b1228f17 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -15,16 +15,29 @@ build () { cd "${MODULE_DIR}/src/$REQUIRED_LIBKMOD_VERSION" ./configure || perror "./configure kmod failed." make || perror "kmod make failed." - make install || perror "kmod make install failed." + DESTDIR="${MODULE_BUILD_DIR}" make install || perror "kmod make install failed." cd - &> /dev/null #build systemd pinfo "Building systemd" cd "${MODULE_DIR}/src/$REQUIRED_VERSION" pinfo "calling configure" + + # Save potentially pre-used paths/flages + OLDLDFLAGS="$LDFLAGS" + OLDCPPFLAGS="$CPPFLAGS" + OLDPKG_CONFIG_PATH="PKG_CONFIG_PATH" + + + LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ + CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" + PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" + + pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ --disable-microhttpd --disable-bootchart --disable-quotacheck --disable-hostnamed --disable-timedated \ --disable-localed --disable-coredump --disable-keymap --without-python --enable-blkid --enable-acl --enable-pam \ + --enable-kmod \ || perror "configure failed." pinfo "calling make" make || perror "make failed." @@ -32,6 +45,11 @@ build () { DESTDIR="${MODULE_BUILD_DIR}" make install || perror "make install failed." cd - &> /dev/null + # Restore used flags/paths: + LDFLAGS="$OLDLDFLAGS" + CPPFLAGS="$OLDCPPFLAGS" + PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" + # Delete unneeded services pinfo "Deleting unneeded services" local SERVICE= -- cgit v1.2.3-55-g7522 From 755e1948be5393cc6fa9224c805f8b8b098e7553 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 16:26:32 +0200 Subject: [sshd] Disallow ssh login for "demo" user as the password is a little easy to guess ;) --- remote/modules/sshd/data/etc/ssh/sshd_config | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/remote/modules/sshd/data/etc/ssh/sshd_config b/remote/modules/sshd/data/etc/ssh/sshd_config index da9e5e01..3b7d65a6 100644 --- a/remote/modules/sshd/data/etc/ssh/sshd_config +++ b/remote/modules/sshd/data/etc/ssh/sshd_config @@ -85,3 +85,8 @@ Subsystem sftp /usr/lib/openssh/sftp-server # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes + +# OpenSLX +DenyUsers demo +UseDNS no + -- cgit v1.2.3-55-g7522 From 4cbe3ee407dcc12f38f3b9d098ba880a93cb4d5e Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 16:50:49 +0200 Subject: [system.inc] LIB64 depending on SYS_DISTRIBUTION now perror, not pwarning. --- helper/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 1d2bdf06..bbab4a40 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -25,7 +25,7 @@ if [ "$(uname -m)x" = "x86_64x" ]; then case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From d5e71ad32173408ce0247e00bb82c4cad8105d55 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:01:05 +0200 Subject: [system.inc] now self-detects SYS_DISTRIBUTION as not being reliably sourced. --- helper/system.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index bbab4a40..606ef406 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -22,10 +22,11 @@ export MAKEFLAGS="-j$CPU_CORES" # Determine if we have lib64 if [ "$(uname -m)x" = "x86_64x" ]; then # Setting LIB64, as openSuse differentiates but Ubuntu does not: + SYS_DISTRIBUTION=$(lsb_release -is | tr '[A-Z]' '[a-z]' | sed -r 's/[^a-z0-9]//g;s/project$//g;s/scientificsl$/scientific/g') case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown / not set!" ;; + *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From 19f1b42e29d3fce889f5abbdd82da69b648ce02e Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:02:43 +0200 Subject: [system.inc] Forgot to reinstate perror for pwarning ... --- helper/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/system.inc b/helper/system.inc index 606ef406..defa5c98 100644 --- a/helper/system.inc +++ b/helper/system.inc @@ -26,7 +26,7 @@ if [ "$(uname -m)x" = "x86_64x" ]; then case $SYS_DISTRIBUTION in ubuntu | debian) LIB64="lib" ;; opensuse) LIB64="lib64" ;; - *) pwarning "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; + *) perror "Cannot set LIB64, SYS_DISTRIBUTION: $SYS_DISTRIBUTION unknown!" ;; esac AMD64_I386=amd64 X86_64_I586=x86_64 -- cgit v1.2.3-55-g7522 From d2cceec7bd3aa2845cdb84d4b0bf802d24ca5ac1 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:15:57 +0200 Subject: [systemd] corr. variable expor[systemd] corr. variable exportt --- remote/modules/systemd/systemd.build | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index b1228f17..199f69e7 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -28,10 +28,9 @@ build () { OLDCPPFLAGS="$CPPFLAGS" OLDPKG_CONFIG_PATH="PKG_CONFIG_PATH" - - LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ - CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" - PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" + export LDFLAGS="$LDFLAGS -L${MODULE_BUILD_DIR}/usr/$LIB64" \ + export CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" + export PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ @@ -46,9 +45,9 @@ build () { cd - &> /dev/null # Restore used flags/paths: - LDFLAGS="$OLDLDFLAGS" - CPPFLAGS="$OLDCPPFLAGS" - PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" + export LDFLAGS="$OLDLDFLAGS" + export CPPFLAGS="$OLDCPPFLAGS" + export PKG_CONFIG_PATH="$OLDPKG_CONFIG_PATH" # Delete unneeded services pinfo "Deleting unneeded services" -- cgit v1.2.3-55-g7522 From c1ef1fc1009aa6d8cae972635dd7653b46468663 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Sep 2013 17:29:18 +0200 Subject: [consolekit] Fix config for opensuse --- remote/modules/consolekit/consolekit.conf | 2 +- remote/modules/consolekit/consolekit.conf.opensuse | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index 4f128c62..91fc6dc2 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -4,7 +4,7 @@ REQUIRED_BINARIES=" REQUIRED_DIRECTORIES=" /usr /etc - /lib + /$LIB64 " REQUIRED_LIBRARIES=" pam_ck_connector diff --git a/remote/modules/consolekit/consolekit.conf.opensuse b/remote/modules/consolekit/consolekit.conf.opensuse index 74c694a1..ef8eff2b 100644 --- a/remote/modules/consolekit/consolekit.conf.opensuse +++ b/remote/modules/consolekit/consolekit.conf.opensuse @@ -1,2 +1,4 @@ -REQUIRED_CONTENT_PACKAGES="ConsoleKit" - +REQUIRED_CONTENT_PACKAGES=" + ConsoleKit + ConsoleKit-x11 +" -- cgit v1.2.3-55-g7522 From 4ec4dfab76c895d8b2a1773493cf4a32d6e4dc7c Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 10 Sep 2013 17:47:40 +0200 Subject: [systemd] build script minus obsolete debug line --- remote/modules/systemd/systemd.build | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build index 199f69e7..a9f530b3 100644 --- a/remote/modules/systemd/systemd.build +++ b/remote/modules/systemd/systemd.build @@ -32,7 +32,6 @@ build () { export CPPFLAGS="-I${MODULE_BUILD_DIR}/usr/include" export PKG_CONFIG_PATH="${MODULE_BUILD_DIR}/usr/$LIB64/pkgconfig" - pinfo "-------- $KMOD_LIBS ----------" ./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls \ --disable-microhttpd --disable-bootchart --disable-quotacheck --disable-hostnamed --disable-timedated \ --disable-localed --disable-coredump --disable-keymap --without-python --enable-blkid --enable-acl --enable-pam \ -- cgit v1.2.3-55-g7522 From 42f9bec421ad2f99b706d765cf7c7ae04cc85377 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:25:51 +0200 Subject: [vbox] remote target for vbox --- remote/targets/vbox/vbox | 1 + 1 file changed, 1 insertion(+) create mode 120000 remote/targets/vbox/vbox diff --git a/remote/targets/vbox/vbox b/remote/targets/vbox/vbox new file mode 120000 index 00000000..78b3e385 --- /dev/null +++ b/remote/targets/vbox/vbox @@ -0,0 +1 @@ +../../modules/vbox \ No newline at end of file -- cgit v1.2.3-55-g7522 From 342bb3b11625d5721a71d2427ac3412f85de67ba Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:29:29 +0200 Subject: [german] conf: directory names corrected: lowercase, minus hyphen --- remote/modules/german/german.conf.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/german/german.conf.ubuntu b/remote/modules/german/german.conf.ubuntu index 02262276..4c7cb62d 100644 --- a/remote/modules/german/german.conf.ubuntu +++ b/remote/modules/german/german.conf.ubuntu @@ -6,6 +6,6 @@ REQUIRED_CONTENT_PACKAGES=" libX11-data " REQUIRED_DIRECTORIES+=" - /usr/lib/locale/de_DE.UTF-8 + /usr/lib/locale/de_DE.utf8 " -- cgit v1.2.3-55-g7522 From 09f6fb36126d31ae53c15bd0d1f156ec7ec7c71a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 17:30:11 +0200 Subject: [german] conf: directory names corrected: lowercase, minus hyphen --- remote/modules/german/german.conf.opensuse | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/german/german.conf.opensuse b/remote/modules/german/german.conf.opensuse index 1a4a4558..2bb901ff 100644 --- a/remote/modules/german/german.conf.opensuse +++ b/remote/modules/german/german.conf.opensuse @@ -6,7 +6,7 @@ REQUIRED_CONTENT_PACKAGES=" libX11-data " REQUIRED_DIRECTORIES+=" - /usr/lib/locale/de_DE.UTF-8 + /usr/lib/locale/de_DE.utf8 " REQUIRED_BINARIES="" REQUIRED_FILES="" -- cgit v1.2.3-55-g7522 From 059837eac5521e0996e27158f6a77fa6a0c8e3ab Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 11 Sep 2013 18:00:19 +0200 Subject: [mount_export] Fix collision with mount points for addons --- .../data/opt/openslx/scripts/systemd-mount_export | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index 3d012360..988dc3d7 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -4,7 +4,10 @@ [ -z "${SLX_STAGE4_NFS}" ] && { echo "SLX_STAGE4_NFS is not set in /opt/openslx/config." && exit 1; } -echo "Mounting ${SLX_STAGE4_NFS} to /opt/openslx/mnt" -mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" /opt/openslx/mnt || { echo "Fail." && exit 1; } -echo "Appending /opt/openslx/mnt to /" -mount -o remount,append:/opt/openslx/mnt=ro / || { echo "Fail." && exit 1; } +MOUNTPOINT="/opt/openslx/mnt/stage4" +mkdir -p "$MOUNTPOINT" +echo "Mounting ${SLX_STAGE4_NFS} to $MOUNTPOINT" +mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" "$MOUNTPOINT" || { echo "Fail." && exit 1; } +echo "Appending $MOUNTPOINT to /" +mount -o "remount,append:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } + -- cgit v1.2.3-55-g7522 From bfd3b8b6c999ede4ebd69326e04cf9e4edd07938 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 18:05:59 +0200 Subject: [vbox] Added path patch for vboxheadless, debian/ubuntu suid VBoxHeadless --- remote/modules/vbox/vbox.build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index 48cfe8c2..dfc9d27e 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -5,7 +5,7 @@ patch_vbox_scripts() { # openslx paths need to be at the end of PATH to not impede with system binaries to not impede with system binaries pinfo "Patching virtual box scripts to include openslx (busybox)-paths ..." # vboxmanage is a link to VBox; will get unlinked. Original link will be vboxmanage.original - for i in virtualbox vboxmanage; do + for i in virtualbox vboxmanage vboxheadless; do pinfo "Patching virtual box script $i ..." SCRIPTPATH=$(grep -m 1 PATH "${MODULE_BUILD_DIR}/usr/bin/$i"|sed 's/"//g') # assume first hit is real path sed -i "-i.original" "/^PATH=/c ${SCRIPTPATH}:/opt/openslx/bin:/opt/openslx/usr/bin:/opt/openslx/sbin"\ @@ -104,6 +104,7 @@ build() { dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" # VirtualBox needs to be suid-root: chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VirtualBox || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VBoxHeadless || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From 7f9b06e6b34a8396a50745c82af182a598f6e277 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 11 Sep 2013 18:23:49 +0200 Subject: [vbox] Forced suids for binaries in Ubuntu branch --- remote/modules/vbox/vbox.build | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/remote/modules/vbox/vbox.build b/remote/modules/vbox/vbox.build index dfc9d27e..f095b4e2 100644 --- a/remote/modules/vbox/vbox.build +++ b/remote/modules/vbox/vbox.build @@ -103,8 +103,9 @@ build() { cd build || perror "Cannot cd to build directory!" dpkg -x ../src/vbox/$(basename "$REQUIRED_VBOXBASEURL") . || perror "Could not unpack deb-archive!" # VirtualBox needs to be suid-root: - chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VirtualBox || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" - chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/VBoxHeadless || pwarning "(Debian/Ubuntu) Could not suid VirtualBox executable!" + for i in VBoxHeadless VBoxNetAdpCtl VBoxNetDHCP VBoxSDL VBoxVolInfo VirtualBox; do + chmod u+s ${MODULE_BUILD_DIR}/usr/lib/virtualbox/$i || pwarning "(Debian/Ubuntu) Could not suid $i executable!" + done ;; *) perror "Unknown Distribution: $SYS_DISTRIBUTION - Please specify its packet manager in remote/setup_target" ;; esac -- cgit v1.2.3-55-g7522 From 90ef35d1152ae53c8b19e2b6f915ab971285cde7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 11 Sep 2013 19:54:52 +0200 Subject: [systemd] Add udev-acl rules (compatibility with CK) --- .../data/usr/lib/udev/rules.d/70-udev-acl.rules | 76 ++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules diff --git a/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules new file mode 100644 index 00000000..2dac2831 --- /dev/null +++ b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules @@ -0,0 +1,76 @@ +# do not edit this file, it will be overwritten on update + +# Do not use TAG+="udev-acl" outside of this file. This variable is private to +# udev-acl of this udev release and may be replaced at any time. + +ENV{MAJOR}=="", GOTO="acl_end" +ACTION=="remove", GOTO="acl_apply" + +# systemd replaces udev-acl entirely, skip if active +TEST=="/sys/fs/cgroup/systemd", TAG=="uaccess", GOTO="acl_end" + +# PTP/MTP protocol devices, cameras, portable media players +SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl" + +# digicams with proprietary protocol +ENV{ID_GPHOTO2}=="*?", TAG+="udev-acl" + +# SCSI and USB scanners +ENV{libsane_matched}=="yes", TAG+="udev-acl" + +# HPLIP devices (necessary for ink level check and HP tool maintenance) +ENV{ID_HPLIP}=="1", TAG+="udev-acl" + +# optical drives +SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="udev-acl" +SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl" + +# sound devices +SUBSYSTEM=="sound", TAG+="udev-acl" + +# ffado is an userspace driver for firewire sound cards +SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="udev-acl" + +# webcams, frame grabber, TV cards +SUBSYSTEM=="video4linux", TAG+="udev-acl" +SUBSYSTEM=="dvb", TAG+="udev-acl" + +# IIDC devices: industrial cameras and some webcams +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", TAG+="udev-acl" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", TAG+="udev-acl" +# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="udev-acl" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="udev-acl" + +# DRI video devices +SUBSYSTEM=="drm", KERNEL=="card*", TAG+="udev-acl" + +# KVM +SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="udev-acl" + +# smart-card readers +ENV{ID_SMARTCARD_READER}=="*?", TAG+="udev-acl" + +# PDA devices +ENV{ID_PDA}=="*?", TAG+="udev-acl" + +# Programmable remote control +ENV{ID_REMOTE_CONTROL}=="1", TAG+="udev-acl" + +# joysticks +SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="udev-acl" + +# color measurement devices +ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="udev-acl" + +# DDC/CI device, usually high-end monitors such as the DreamColor +ENV{DDC_DEVICE}=="*?", TAG+="udev-acl" + +# media player raw devices (for user-mode drivers, Android SDK, etc.) +SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="udev-acl" + +# apply ACL for all locally logged in users +LABEL="acl_apply", TAG=="udev-acl", TEST=="/var/run/ConsoleKit/database", \ + RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}" + +LABEL="acl_end" -- cgit v1.2.3-55-g7522 From 0a23fe3a617116541559017e902ef5bec940a253 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 14:09:56 +0200 Subject: [clone_stage4] Just a little check for 'local' as IP. --- scripts/clone_stage4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/clone_stage4 b/scripts/clone_stage4 index e24fd416..2704db02 100755 --- a/scripts/clone_stage4 +++ b/scripts/clone_stage4 @@ -18,7 +18,8 @@ qnd_exit() { [ $# -ge 1 ] && kill "$1" } -[ $# -lt 3 ] && perror "$0 " +[ $# -lt 3 ] && perror "$0 " +[ "$1" = "local" ] && perror 'It is not wise to use "local" as remote IP.' BASE_DIR="${ROOT_DIR}/server/local_builds/$1" BOOT_DIR="${ROOT_DIR}/server/boot/$1" -- cgit v1.2.3-55-g7522 From 6678773a314588007d59ca22df4d58507e48fe3f Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 16:52:05 +0200 Subject: [mltk] Added mltk remote -n to help message --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index d705df50..a36edc85 100755 --- a/mltk +++ b/mltk @@ -75,6 +75,7 @@ print_usage() { echo -e " remote stage31 -c -b (clean all modules and build all linked modules in remote/targets/stage31 to remote/builds/stage31)" echo -e " remote stage32 -c -b rootfs_stage31 sshd (clean all modules, build base, policykit and sshd in remote/builds/stage32)" echo -e " remote stage32 -c base sshd -b sshd ldm -d (clean base and sshd, build sshd and ldm, be verbose)" + echo -e " remote -n (provides bind mount at /export/build for synchronizing)" echo -e " server 1.2.3.4 -s (sync all builds from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" -- cgit v1.2.3-55-g7522 From 02e7a0e23c25619dae17999ac142787aaf847b32 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 12 Sep 2013 17:00:04 +0200 Subject: [udhcp-script] Don't start nfs-mount --- .../rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx | 6 ------ 1 file changed, 6 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx index 69380a2f..4c1d9ffc 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx @@ -130,12 +130,6 @@ case "$1" in echo "# Config written by openslx-dhcp-script (2)" >> /opt/openslx/config echo "SLX_DNS='$dns'" >> /opt/openslx/config - # TODO: This mounts stage4. Current method is for testing purposes only. - # when going productive, this has to happen after user login, if the - # user selects a native linux session. - if [ "x$(grep -ci mount /proc/cmdline)" != "x0" ]; then - systemctl start nfs-mount.service & - fi # Mark network target as reached systemctl start network.target fi -- cgit v1.2.3-55-g7522 From fdbecb641e4df349023ac490028b39a8f153efee Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 17:18:05 +0200 Subject: [clone_stage4] Beginning of a readme file - please comment / amend / revise! --- scripts/clone_stage4.README | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 scripts/clone_stage4.README diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README new file mode 100644 index 00000000..7c37d71c --- /dev/null +++ b/scripts/clone_stage4.README @@ -0,0 +1,37 @@ +Some hints for usage of clone_stage4: + +Use clone_stage4 not on the build computer but on the computer which +provides httpd and nfsd, or, in other words: On the computer which server +the boot files. That's the reason why clone_stage4 rejects 'local' as IP. + +To use stage4 a nfs export will be necessary. + + +On the build computer (or, in other words, the computer which compiles etc.): +- build your system to your taste. +- Then, to provide a standardized bind mount (/export/build) for synchronizing + from elsewhere ("server IP") enter: + ./mltk remote -n + +Then, on the service computer (the one where's booted from etc, see above) + +- sync all of your build (IP is IP of build computer): + ./mltk server IP -s + +- or, if wanted, sync just some parts, for example: + ./mltk server [IP] stage31 -e stage31 -s + ./mltk server [IP] stage32 -e stage32 -s + ./mltk server 132.230.8.238 vbox -e addons + (etc.) + +Well, then do the cloning work: + ./clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 + +To use the stage4 make sure your (base) config file contains a line + SLX_STAGE4_NFS=[IP of service computer] :/path/to/your/nfs/share/stage4 + + +At least now (20130912) it is necessary to enter + systemctl (start, restart, reload) nfs-mount + +... then login (or re-login), and the stage4s should be there in all their glory. -- cgit v1.2.3-55-g7522 From e16b8817d802b449d0f6feb84144e065db083cbf Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Thu, 12 Sep 2013 17:51:09 +0200 Subject: [clone_stage4] README: script path standardized for calling from tm-scripts directory --- scripts/clone_stage4.README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README index 7c37d71c..346be031 100644 --- a/scripts/clone_stage4.README +++ b/scripts/clone_stage4.README @@ -25,7 +25,7 @@ Then, on the service computer (the one where's booted from etc, see above) (etc.) Well, then do the cloning work: - ./clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 + ./scripts/clone_stage4 [IP] stage32 /path/to/your/nfs/share/stage4 To use the stage4 make sure your (base) config file contains a line SLX_STAGE4_NFS=[IP of service computer] :/path/to/your/nfs/share/stage4 -- cgit v1.2.3-55-g7522 From 2027eab0ff339a69b0c47c8fd5dc086c445dc9fd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 12:31:37 +0200 Subject: [pam-freiburg] Prevent pam_script from preventing the systemd session to close ;o) --- .../modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close | 8 -------- 1 file changed, 8 deletions(-) diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close index 27620ee0..01d409a1 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -2,11 +2,3 @@ [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" -OPENSESSIONS=$(loginctl|grep $PAM_USER|wc -l) -[ ! -z "$SLX_DEBUG" ] && echo "User $PAM_USER has $OPENSESSIONS open sessions." - -if [ "x$OPENSESSIONS" == "x1" ]; then - # assume its last session, start watchdog in background - [ ! -z "$SLX_DEBUG" ] && echo "Last session beeing closed..." - ( while true; do sleep 1; if [ "x$(loginctl |grep $PAM_USER)" == "x" ]; then [ $(id -g $PAM_USER) -ge 1000 ] && umount /home/s8jobaue; fi; done) & -fi -- cgit v1.2.3-55-g7522 From bd22c3a5b92f474af07b14282bcfe75d2c9e715e Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:37:05 +0200 Subject: [debug] udevd-logger for debug module with systemd-service *unreliable* --- .../debug/data/etc/systemd/system/debug-udevd_logger.service | 8 ++++++++ .../debug/data/opt/openslx/scripts/systemd-debug_udevd_logger | 2 ++ remote/modules/debug/debug.conf | 7 +++++++ remote/modules/debug/debug.conf.opensuse | 1 - 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service create mode 100755 remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger diff --git a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service new file mode 100644 index 00000000..d834292f --- /dev/null +++ b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service @@ -0,0 +1,8 @@ +[Unit] +Description=Logger for udevd-messages via udevadmin monitor +DefaultDependencies=no +IgnoreOnIsolate=yes + +[Service] +Type=oneshot +ExecStart=/opt/openslx/scripts/systemd-debug_udevd_logger diff --git a/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger b/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger new file mode 100755 index 00000000..8b772517 --- /dev/null +++ b/remote/modules/debug/data/opt/openslx/scripts/systemd-debug_udevd_logger @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/bin/udevadm monitor | /usr/bin/logger diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 9ce39476..0db29dde 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,4 +12,11 @@ REQUIRED_BINARIES=" su file @htop + logger " + +# For debug-udevd_logger.service: +# REQUIRED_BINARIES+=" +# logger +# " + diff --git a/remote/modules/debug/debug.conf.opensuse b/remote/modules/debug/debug.conf.opensuse index e4306fc3..b7971956 100644 --- a/remote/modules/debug/debug.conf.opensuse +++ b/remote/modules/debug/debug.conf.opensuse @@ -8,5 +8,4 @@ REQUIRED_INSTALLED_PACKAGES=" " REQUIRED_BINARIES+=" fonts-config - logger " -- cgit v1.2.3-55-g7522 From 58d8ab852a0abd335c92680e9351fa116a6effcc Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:38:37 +0200 Subject: [clone_stage4] README: A little -s missing in an example --- scripts/clone_stage4.README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/clone_stage4.README b/scripts/clone_stage4.README index 346be031..6a8ddf5c 100644 --- a/scripts/clone_stage4.README +++ b/scripts/clone_stage4.README @@ -21,7 +21,7 @@ Then, on the service computer (the one where's booted from etc, see above) - or, if wanted, sync just some parts, for example: ./mltk server [IP] stage31 -e stage31 -s ./mltk server [IP] stage32 -e stage32 -s - ./mltk server 132.230.8.238 vbox -e addons + ./mltk server 132.230.8.238 vbox -e addons -s (etc.) Well, then do the cloning work: -- cgit v1.2.3-55-g7522 From 537f12551f9f6a9aecbfc240e7d875854b4313b8 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:39:53 +0200 Subject: [debug] debug.conf: Forgot to delete an obsolete, out-commented entry --- remote/modules/debug/debug.conf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 0db29dde..fa2d92a3 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -14,9 +14,3 @@ REQUIRED_BINARIES=" @htop logger " - -# For debug-udevd_logger.service: -# REQUIRED_BINARIES+=" -# logger -# " - -- cgit v1.2.3-55-g7522 From 545cbfea05a3b60bddf4a9468284e9834a22252b Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:45:10 +0200 Subject: [blacklists] README updated to reflect new structure desktop-sessions, 'includes' --- server/blacklists/README | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/blacklists/README b/server/blacklists/README index 1f4300d1..ed3fe459 100644 --- a/server/blacklists/README +++ b/server/blacklists/README @@ -3,7 +3,13 @@ should be excluded when cloning stage4 of a remote system. The blacklists are split into groups, represented by sub-directories. They contain one or more text files representing blacklists in rsync "--exclude-from" format. + There is a group called "essential", containg blacklists for essential files and dirs that you always want to exclude from being cloned. Other directories are create for specific software packages, like gnome, or kde. + +For inclusion of desktop environments like Gnome or KDE a substructure +(subdirectory) called desktop-sessions was introduced. The files / +directories in there should describe only includes ("+ ....") to provide +files needed for a desktop environment. -- cgit v1.2.3-55-g7522 From bc03e7521e51a737f7f1ece8cedc9795e75ee8a7 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:46:21 +0200 Subject: [debug] service link for service start within target --- .../etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service | 1 + 1 file changed, 1 insertion(+) create mode 120000 remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service diff --git a/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service new file mode 120000 index 00000000..ad7f978f --- /dev/null +++ b/remote/modules/debug/data/etc/systemd/system/sysinit.target.wants/debug-udevd_logger.service @@ -0,0 +1 @@ +../debug-udevd_logger.service \ No newline at end of file -- cgit v1.2.3-55-g7522 From cef95f6a8356640fca8dd7be6085546402128e23 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:50:09 +0200 Subject: [blacklists] pam/gnome: transported include entries to desktop-sessions/gnome --- server/blacklists/pam/gnome | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/blacklists/pam/gnome b/server/blacklists/pam/gnome index d1c85b72..686f42c6 100644 --- a/server/blacklists/pam/gnome +++ b/server/blacklists/pam/gnome @@ -1,4 +1,5 @@ -+ /etc/pam.d/gdm -+ /etc/pam.d/gdm-* -+ /etc/pam.d/gnome-* +# transported to desktop-sessions/gnome +# + /etc/pam.d/gdm +# + /etc/pam.d/gdm-* +# + /etc/pam.d/gnome-* -- cgit v1.2.3-55-g7522 From 5e205f069339769313aaea7a0f4af77a4b171131 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 15:56:00 +0200 Subject: [blacklists] x-autostart/xdg-autostart: gnome entries transported to gnome --- server/blacklists/x-autostart/xdg-autostart | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/blacklists/x-autostart/xdg-autostart b/server/blacklists/x-autostart/xdg-autostart index 64593d31..b8c499ad 100644 --- a/server/blacklists/x-autostart/xdg-autostart +++ b/server/blacklists/x-autostart/xdg-autostart @@ -1,5 +1,2 @@ + /etc/xdg/autostart/**/ -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - /etc/xdg/autostart/** - -- cgit v1.2.3-55-g7522 From b67c824476c0e4ad4b622f28249e38c6705df349 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 16:11:14 +0200 Subject: [blacklists] desktop-session/gnome: 'includes' for Gnome --- server/blacklists/desktop-sessions/gnome | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 server/blacklists/desktop-sessions/gnome diff --git a/server/blacklists/desktop-sessions/gnome b/server/blacklists/desktop-sessions/gnome new file mode 100644 index 00000000..c13d0109 --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome @@ -0,0 +1,27 @@ +# transported from pam/gnome: ++ /etc/pam.d/gdm ++ /etc/pam.d/gdm-* ++ /etc/pam.d/gnome-* + +# transported from x-autostart/xdg-autostart: ++ /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + +# files from /etc: +/etc/gnome +/etc/gnome-app-install +/etc/gnome-settings-daemon + +# files from /usr/bin: +/usr/bin/gnome* + +# from package gnome-session: +/usr/share/gnome-session +/usr/share/doc + +# + from package gnome-session-bin: +/usr/share/GConf +/usr/share/glib-2.0 +/usr/lib/*gnome* + + -- cgit v1.2.3-55-g7522 From 83f28589be57154add7db07d7c359c7cb2e95eae Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:55:32 +0200 Subject: [stage32] Some work on system startup regarding systemd dependencies - still somewhat messy, but already way more restricted and predictable than before when it comes to ordering --- remote/modules/kdm/data/etc/systemd/system/kdm.service | 5 +---- .../modules/systemd/data/etc/systemd/system/network.target | 13 +++++++++++++ remote/modules/systemd/systemd.conf | 3 +-- .../data/etc/systemd/system/setup-partitions.service | 4 ++-- .../data/etc/systemd/system/setup-slx-addons.service | 5 +++-- .../data/etc/systemd/system/update-etc_issue.service | 2 +- 6 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 remote/modules/systemd/data/etc/systemd/system/network.target diff --git a/remote/modules/kdm/data/etc/systemd/system/kdm.service b/remote/modules/kdm/data/etc/systemd/system/kdm.service index 14ff7457..9882459f 100644 --- a/remote/modules/kdm/data/etc/systemd/system/kdm.service +++ b/remote/modules/kdm/data/etc/systemd/system/kdm.service @@ -1,12 +1,9 @@ [Unit] Description=KDM Display Manager Conflicts=getty@tty7.service -After=systemd-user-sessions.service getty@tty7.service plymouth-quit.service +After=systemd-user-sessions.service getty@tty7.service plymouth-quit.service activate-nss-ldap.service [Service] ExecStart=/usr/bin/kdm -nodaemon Restart=always IgnoreSIGPIPE=no - -[Install] -Alias=display-manager.service diff --git a/remote/modules/systemd/data/etc/systemd/system/network.target b/remote/modules/systemd/data/etc/systemd/system/network.target new file mode 100644 index 00000000..0bc2a410 --- /dev/null +++ b/remote/modules/systemd/data/etc/systemd/system/network.target @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network +Documentation=man:systemd.special(7) +Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +ConditionPathExists=/run/udhcpc/network-ready + diff --git a/remote/modules/systemd/systemd.conf b/remote/modules/systemd/systemd.conf index 3cb6196a..1a038647 100644 --- a/remote/modules/systemd/systemd.conf +++ b/remote/modules/systemd/systemd.conf @@ -4,7 +4,6 @@ REQUIRED_LIBKMOD_VERSION="kmod-14" REQUIRED_LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${REQUIRED_LIBKMOD_VERSION}.tar.gz" REQUIRED_DISABLED_SERVICES=" tmp.mount - time-sync.target systemd-random-seed-save.service systemd-random-seed-load.service systemd-readahead-collect.service @@ -24,7 +23,7 @@ REQUIRED_DISABLED_SERVICES=" nss-user-lookup.target systemd-initctl.service systemd-initctl.socket - swap.target + umount.target " REQUIRED_BINARIES=" journalctl diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service index 20e789a4..4e663d56 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service @@ -1,8 +1,8 @@ [Unit] Description=Setup local disk partitions (tmp, swap) -After=sysinit.target -Before=shutdown.target DefaultDependencies=no +Before=sysinit.target shutdown.target +Wants=sysinit.target [Service] Type=oneshot diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service index acc827c9..6a5b63ad 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addons.service @@ -1,9 +1,10 @@ [Unit] Description=Download, mount and append SLX addons -After=sysinit.target setup-partitions.service -Wants=setup-partitions.service +After=setup-partitions.service +DefaultDependencies=no [Service] Type=oneshot ExecStart=/opt/openslx/scripts/systemd-setup_slx_addons RemainAfterExit=yes + diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service index c4f45a3c..21a09b7c 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/update-etc_issue.service @@ -1,6 +1,6 @@ [Unit] Description=Update /etc/issue -Before=sysinit.target shutdown.target +Before=getty.target shutdown.target DefaultDependencies=no [Service] -- cgit v1.2.3-55-g7522 From ed20afc2d7d034c5eefaa091104e39fe1bb3f6d4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:56:51 +0200 Subject: [debug] Optionally include tcpdump and getfacl --- remote/modules/debug/debug.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 9ce39476..66f90011 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,4 +12,6 @@ REQUIRED_BINARIES=" su file @htop + @tcpdump + getfacl " -- cgit v1.2.3-55-g7522 From 1a1203423f24649101bfc4317c878468d1dbd6c1 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:59:22 +0200 Subject: [ntpdate.service] Speed up timesync a little --- .../data/opt/openslx/scripts/systemd-setup_network_time | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time index 3e644abd..87c93fd4 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_network_time @@ -3,13 +3,13 @@ . /opt/openslx/config || { echo "Could not source config!"; exit 1; } SLX_NTP_SERVER="$SLX_NTP_SERVER 0.de.pool.ntp.org" for SERVER in $SLX_NTP_SERVER; do - if ntpdate -u -b "$SERVER"; then + if ntpdate -u -p 2 "$SERVER"; then echo "Successfully queried $SERVER for time." if [ "x$SLX_BIOS_CLOCK" = "xlocal" ]; then - sleep 1 + usleep 100000 hwclock -l -w || echo "... but could not set BIOS clock to localtime" elif [ "x$SLX_BIOS_CLOCK" = "xutc" ]; then - sleep 1 + usleep 100000 hwclock -u -w || echo "... but could not set BIOS clock to UTC" fi exit 0 -- cgit v1.2.3-55-g7522 From b6e84538e051a480230e04760074230676a97120 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 16:59:51 +0200 Subject: [setup-partitions] Don't retry if fdisk returns no partitons as boot order makes sure now partitons are read before calling. Also improve mounting /tmp and moving files from old to new dir --- .../opt/openslx/scripts/systemd-setup_partitions | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions index bc5ce9c1..b0f606dd 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions @@ -52,6 +52,21 @@ diskfm () { } function mount_temp () { + local PRE=$(pwd) + if ! cd /tmp; then + mount_temp_fallback $@ + return $? + fi + mount $@ /tmp || return 1 + chmod a+rwxt /tmp + # Move stuff from working directory, which is old /tmp, to new /tmp just mounted + mv ./* ./.[!.]* ./..?* /tmp/ 2> /dev/null + local OLD=$(LANG=C ls -alh | grep -v -E ' \.\.?$' | grep -v '^total') + [ -n "$OLD" ] && echo -- "Leftovers:" && echo -- "$OLD" + cd "$PRE" +} + +function mount_temp_fallback () { mkdir -p /tmptmp mv /tmp/* /tmp/.* /tmptmp/ 2> /dev/null mount $@ /tmp || return 1 @@ -61,12 +76,7 @@ function mount_temp () { return 0 } -# Check for local harddisks and appropriate partitions -for waiting in 1 1 2 3 4; do - fdisk -l | sed -n "/^\/dev\//p" > "/etc/disk.partition" - [ -s "/etc/disk.partition" ] && break - sleep "$waiting" -done +fdisk -l | sed -n "/^\/dev\//p" > "/etc/disk.partition" echo "Partitions:" cat "/etc/disk.partition" -- cgit v1.2.3-55-g7522 From 494d6041379131c279dc3f169912affd7f1b445b Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:02:46 +0200 Subject: [blacklists] 'includes for gnome --- server/blacklists/desktop-sessions/gnome | 27 ----- .../blacklists/desktop-sessions/gnome/gnome-base | 28 +++++ .../blacklists/desktop-sessions/gnome/gnome-icons | 130 +++++++++++++++++++++ 3 files changed, 158 insertions(+), 27 deletions(-) delete mode 100644 server/blacklists/desktop-sessions/gnome create mode 100644 server/blacklists/desktop-sessions/gnome/gnome-base create mode 100644 server/blacklists/desktop-sessions/gnome/gnome-icons diff --git a/server/blacklists/desktop-sessions/gnome b/server/blacklists/desktop-sessions/gnome deleted file mode 100644 index c13d0109..00000000 --- a/server/blacklists/desktop-sessions/gnome +++ /dev/null @@ -1,27 +0,0 @@ -# transported from pam/gnome: -+ /etc/pam.d/gdm -+ /etc/pam.d/gdm-* -+ /etc/pam.d/gnome-* - -# transported from x-autostart/xdg-autostart: -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - -# files from /etc: -/etc/gnome -/etc/gnome-app-install -/etc/gnome-settings-daemon - -# files from /usr/bin: -/usr/bin/gnome* - -# from package gnome-session: -/usr/share/gnome-session -/usr/share/doc - -# + from package gnome-session-bin: -/usr/share/GConf -/usr/share/glib-2.0 -/usr/lib/*gnome* - - diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base new file mode 100644 index 00000000..6df837bc --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -0,0 +1,28 @@ +# transported from pam/gnome: ++ /etc/pam.d/gdm ++ /etc/pam.d/gdm-* ++ /etc/pam.d/gnome-* + +# transported from x-autostart/xdg-autostart: ++ /etc/xdg/autostart/gnome-settings-daemon.desktop ++ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + +# files from /etc: +/etc/gnome +/etc/gnome-app-install +/etc/gnome-settings-daemon + +# files from /usr/bin: +/usr/bin/*gnome* + +# from package gnome-session: +/usr/share/gnome-session +/usr/share/doc + +# + from package gnome-session-bin: +/usr/share/GConf +/usr/share/glib-2.0 +/usr/lib/*gnome* + +# Caught freestyle: +/usr/share/gnome* diff --git a/server/blacklists/desktop-sessions/gnome/gnome-icons b/server/blacklists/desktop-sessions/gnome/gnome-icons new file mode 100644 index 00000000..6e7d0481 --- /dev/null +++ b/server/blacklists/desktop-sessions/gnome/gnome-icons @@ -0,0 +1,130 @@ +# Gnome icons: +/usr/share/app-install/icons/*gnome* +/usr/share/icons/ubuntu-mono-light/status/22/*gnome* +/usr/share/icons/ubuntu-mono-light/status/24/*gnome* +/usr/share/icons/ubuntu-mono-light/status/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/22/*gnome* +/usr/share/icons/ubuntu-mono-light/places/48/*gnome* +/usr/share/icons/ubuntu-mono-light/places/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/64/*gnome* +/usr/share/icons/ubuntu-mono-light/places/32/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* +/usr/share/icons/hicolor/24x24/apps/*gnome* +/usr/share/icons/hicolor/scalable/apps/*gnome* +/usr/share/icons/hicolor/16x16/apps/*gnome* +/usr/share/icons/hicolor/256x256/apps/*gnome* +/usr/share/icons/hicolor/22x22/apps/*gnome* +/usr/share/icons/hicolor/48x48/apps/*gnome* +/usr/share/icons/hicolor/32x32/apps/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* +/usr/share/icons/HighContrast/24x24/apps/*gnome* +/usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg +/usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png +/usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png +/usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png +/usr/share/app-install/icons/*gnome* +/usr/share/icons/gnome/* +/usr/share/icons/Humanity/actions/128 +/usr/share/icons/Humanity/actions/16 +/usr/share/icons/Humanity/actions/22 +/usr/share/icons/Humanity/actions/24/*gnome* +/usr/share/icons/Humanity/actions/32/*gnome* +/usr/share/icons/Humanity/actions/48/*gnome* +/usr/share/icons/Humanity/actions/64/*gnome* +/usr/share/icons/Humanity/animations/16/*gnome* +/usr/share/icons/Humanity/animations/22/*gnome* +/usr/share/icons/Humanity/animations/24/*gnome* +/usr/share/icons/Humanity/animations/32/*gnome* +/usr/share/icons/Humanity/apps/128/*gnome* +/usr/share/icons/Humanity/apps/16/*gnome* +/usr/share/icons/Humanity/apps/22/*gnome* +/usr/share/icons/Humanity/apps/24/*gnome* +/usr/share/icons/Humanity/apps/32/*gnome* +/usr/share/icons/Humanity/apps/48/*gnome* +/usr/share/icons/Humanity/apps/64/*gnome* +/usr/share/icons/Humanity/categories/16/*gnome* +/usr/share/icons/Humanity/categories/22/*gnome* +/usr/share/icons/Humanity/categories/24/*gnome* +/usr/share/icons/Humanity/categories/32/*gnome* +/usr/share/icons/Humanity/categories/48/*gnome* +/usr/share/icons/Humanity/categories/64/*gnome* +/usr/share/icons/Humanity-Dark/apps/16/*gnome* +/usr/share/icons/Humanity-Dark/apps/22/*gnome* +/usr/share/icons/Humanity-Dark/devices/22/*gnome* +/usr/share/icons/Humanity-Dark/devices/24/*gnome* +/usr/share/icons/Humanity-Dark/places/16/*gnome* +/usr/share/icons/Humanity-Dark/places/22/*gnome* +/usr/share/icons/Humanity-Dark/places/24/*gnome* +/usr/share/icons/Humanity-Dark/places/48/*gnome* +/usr/share/icons/Humanity-Dark/places/64/*gnome* +/usr/share/icons/Humanity-Dark/status/22/*gnome* +/usr/share/icons/Humanity-Dark/status/24/*gnome* +/usr/share/icons/Humanity/devices/128/*gnome* +/usr/share/icons/Humanity/devices/16/*gnome* +/usr/share/icons/Humanity/devices/22/*gnome* +/usr/share/icons/Humanity/devices/24/*gnome* +/usr/share/icons/Humanity/devices/32/*gnome* +/usr/share/icons/Humanity/devices/48/*gnome* +/usr/share/icons/Humanity/devices/64/*gnome* +/usr/share/icons/Humanity/mimes/128/*gnome* +/usr/share/icons/Humanity/mimes/16/*gnome* +/usr/share/icons/Humanity/mimes/22/*gnome* +/usr/share/icons/Humanity/mimes/24/*gnome* +/usr/share/icons/Humanity/mimes/32/*gnome* +/usr/share/icons/Humanity/mimes/48/*gnome* +/usr/share/icons/Humanity/mimes/64/*gnome* +/usr/share/icons/Humanity/places/128/*gnome* +/usr/share/icons/Humanity/places/16/*gnome* +/usr/share/icons/Humanity/places/22/*gnome* +/usr/share/icons/Humanity/places/24/*gnome* +/usr/share/icons/Humanity/places/32/*gnome* +/usr/share/icons/Humanity/places/48/*gnome* +/usr/share/icons/Humanity/places/64/*gnome* +/usr/share/icons/Humanity/status/128/*gnome* +/usr/share/icons/Humanity/status/16/*gnome* +/usr/share/icons/Humanity/status/22/*gnome* +/usr/share/icons/Humanity/status/24/*gnome* +/usr/share/icons/Humanity/status/32/*gnome* +/usr/share/icons/Humanity/status/48/*gnome* +/usr/share/icons/Humanity/status/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* +/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/22/*gnome* +/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* +/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/16/*gnome* +/usr/share/icons/ubuntu-mono-light/places/22/*gnome* +/usr/share/icons/ubuntu-mono-light/places/24/*gnome* +/usr/share/icons/ubuntu-mono-light/places/32/*gnome* +/usr/share/icons/ubuntu-mono-light/places/48/*gnome* +/usr/share/icons/ubuntu-mono-light/places/64/*gnome* +/usr/share/icons/ubuntu-mono-light/status/16/*gnome* +/usr/share/icons/ubuntu-mono-light/status/22/*gnome* +/usr/share/icons/ubuntu-mono-light/status/24/*gnome* +/usr/share/notify-osd/icons/*gnome* -- cgit v1.2.3-55-g7522 From a5579e92b0514aa135e3b068f77be4b7bbaf000a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:07:07 +0200 Subject: [blacklists] gnome includes: '+ ' added --- .../blacklists/desktop-sessions/gnome/gnome-base | 48 ++-- .../blacklists/desktop-sessions/gnome/gnome-icons | 258 ++++++++++----------- 2 files changed, 163 insertions(+), 143 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index 6df837bc..98bf8d60 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -8,21 +8,41 @@ + /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop # files from /etc: -/etc/gnome -/etc/gnome-app-install -/etc/gnome-settings-daemon - ++ /etc/gnome ++ /etc/gnome-app-install ++ /etc/gnome-settings-daemon ++ # files from /usr/bin: -/usr/bin/*gnome* - ++ /usr/bin/*gnome* ++ # from package gnome-session: -/usr/share/gnome-session -/usr/share/doc - ++ /usr/share/gnome-session ++ /usr/share/doc ++ # + from package gnome-session-bin: -/usr/share/GConf -/usr/share/glib-2.0 -/usr/lib/*gnome* - ++ /usr/share/GConf ++ /usr/share/glib-2.0 ++ /usr/lib/*gnome* + # Caught freestyle: -/usr/share/gnome* ++ /usr/share/gnome* ++ /usr/lib/python3/dist-packages/orca/scripts/apps/*gnome* + +# gnome keyring libs: ++ /usr/lib/x86_64-linux-gnu/*gnome* + ++ /usr/lib/x86_64-linux-gnu/pkcs11 ++ /usr/lib/x86_64-linux-gnu/gio/modules ++ /usr/lib/x86_64-linux-gnu/libproxy/0.4.11/modules + ++ /usr/sbin/*gnome* + ++ /usr/lib/libvte-2.90-9/*gnome* ++ /usr/lib/openssh/*gnome* + ++ /usr/share/dbus-1/services/*gnome* ++ /usr/share/locale-langpack/de/LC_MESSAGES/*gnome* + ++ /usr/share/polkit-1/actions/*gnome* ++ /usr/share/polkit-1/rules.d/*gnome* ++ /usr/share/dbus-1/services/*gnome* diff --git a/server/blacklists/desktop-sessions/gnome/gnome-icons b/server/blacklists/desktop-sessions/gnome/gnome-icons index 6e7d0481..cca0c045 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-icons +++ b/server/blacklists/desktop-sessions/gnome/gnome-icons @@ -1,130 +1,130 @@ # Gnome icons: -/usr/share/app-install/icons/*gnome* -/usr/share/icons/ubuntu-mono-light/status/22/*gnome* -/usr/share/icons/ubuntu-mono-light/status/24/*gnome* -/usr/share/icons/ubuntu-mono-light/status/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/22/*gnome* -/usr/share/icons/ubuntu-mono-light/places/48/*gnome* -/usr/share/icons/ubuntu-mono-light/places/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/64/*gnome* -/usr/share/icons/ubuntu-mono-light/places/32/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* -/usr/share/icons/hicolor/24x24/apps/*gnome* -/usr/share/icons/hicolor/scalable/apps/*gnome* -/usr/share/icons/hicolor/16x16/apps/*gnome* -/usr/share/icons/hicolor/256x256/apps/*gnome* -/usr/share/icons/hicolor/22x22/apps/*gnome* -/usr/share/icons/hicolor/48x48/apps/*gnome* -/usr/share/icons/hicolor/32x32/apps/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* -/usr/share/icons/HighContrast/24x24/apps/*gnome* -/usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg -/usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png -/usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png -/usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png -/usr/share/app-install/icons/*gnome* -/usr/share/icons/gnome/* -/usr/share/icons/Humanity/actions/128 -/usr/share/icons/Humanity/actions/16 -/usr/share/icons/Humanity/actions/22 -/usr/share/icons/Humanity/actions/24/*gnome* -/usr/share/icons/Humanity/actions/32/*gnome* -/usr/share/icons/Humanity/actions/48/*gnome* -/usr/share/icons/Humanity/actions/64/*gnome* -/usr/share/icons/Humanity/animations/16/*gnome* -/usr/share/icons/Humanity/animations/22/*gnome* -/usr/share/icons/Humanity/animations/24/*gnome* -/usr/share/icons/Humanity/animations/32/*gnome* -/usr/share/icons/Humanity/apps/128/*gnome* -/usr/share/icons/Humanity/apps/16/*gnome* -/usr/share/icons/Humanity/apps/22/*gnome* -/usr/share/icons/Humanity/apps/24/*gnome* -/usr/share/icons/Humanity/apps/32/*gnome* -/usr/share/icons/Humanity/apps/48/*gnome* -/usr/share/icons/Humanity/apps/64/*gnome* -/usr/share/icons/Humanity/categories/16/*gnome* -/usr/share/icons/Humanity/categories/22/*gnome* -/usr/share/icons/Humanity/categories/24/*gnome* -/usr/share/icons/Humanity/categories/32/*gnome* -/usr/share/icons/Humanity/categories/48/*gnome* -/usr/share/icons/Humanity/categories/64/*gnome* -/usr/share/icons/Humanity-Dark/apps/16/*gnome* -/usr/share/icons/Humanity-Dark/apps/22/*gnome* -/usr/share/icons/Humanity-Dark/devices/22/*gnome* -/usr/share/icons/Humanity-Dark/devices/24/*gnome* -/usr/share/icons/Humanity-Dark/places/16/*gnome* -/usr/share/icons/Humanity-Dark/places/22/*gnome* -/usr/share/icons/Humanity-Dark/places/24/*gnome* -/usr/share/icons/Humanity-Dark/places/48/*gnome* -/usr/share/icons/Humanity-Dark/places/64/*gnome* -/usr/share/icons/Humanity-Dark/status/22/*gnome* -/usr/share/icons/Humanity-Dark/status/24/*gnome* -/usr/share/icons/Humanity/devices/128/*gnome* -/usr/share/icons/Humanity/devices/16/*gnome* -/usr/share/icons/Humanity/devices/22/*gnome* -/usr/share/icons/Humanity/devices/24/*gnome* -/usr/share/icons/Humanity/devices/32/*gnome* -/usr/share/icons/Humanity/devices/48/*gnome* -/usr/share/icons/Humanity/devices/64/*gnome* -/usr/share/icons/Humanity/mimes/128/*gnome* -/usr/share/icons/Humanity/mimes/16/*gnome* -/usr/share/icons/Humanity/mimes/22/*gnome* -/usr/share/icons/Humanity/mimes/24/*gnome* -/usr/share/icons/Humanity/mimes/32/*gnome* -/usr/share/icons/Humanity/mimes/48/*gnome* -/usr/share/icons/Humanity/mimes/64/*gnome* -/usr/share/icons/Humanity/places/128/*gnome* -/usr/share/icons/Humanity/places/16/*gnome* -/usr/share/icons/Humanity/places/22/*gnome* -/usr/share/icons/Humanity/places/24/*gnome* -/usr/share/icons/Humanity/places/32/*gnome* -/usr/share/icons/Humanity/places/48/*gnome* -/usr/share/icons/Humanity/places/64/*gnome* -/usr/share/icons/Humanity/status/128/*gnome* -/usr/share/icons/Humanity/status/16/*gnome* -/usr/share/icons/Humanity/status/22/*gnome* -/usr/share/icons/Humanity/status/24/*gnome* -/usr/share/icons/Humanity/status/32/*gnome* -/usr/share/icons/Humanity/status/48/*gnome* -/usr/share/icons/Humanity/status/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/24/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/32/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/48/*gnome* -/usr/share/icons/ubuntu-mono-dark/places/64/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/16/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/22/*gnome* -/usr/share/icons/ubuntu-mono-dark/status/24/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/16/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/22/*gnome* -/usr/share/icons/ubuntu-mono-light/apps/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/16/*gnome* -/usr/share/icons/ubuntu-mono-light/places/22/*gnome* -/usr/share/icons/ubuntu-mono-light/places/24/*gnome* -/usr/share/icons/ubuntu-mono-light/places/32/*gnome* -/usr/share/icons/ubuntu-mono-light/places/48/*gnome* -/usr/share/icons/ubuntu-mono-light/places/64/*gnome* -/usr/share/icons/ubuntu-mono-light/status/16/*gnome* -/usr/share/icons/ubuntu-mono-light/status/22/*gnome* -/usr/share/icons/ubuntu-mono-light/status/24/*gnome* -/usr/share/notify-osd/icons/*gnome* ++ /usr/share/app-install/icons/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/16/*gnome* ++ /usr/share/icons/hicolor/24x24/apps/*gnome* ++ /usr/share/icons/hicolor/scalable/apps/*gnome* ++ /usr/share/icons/hicolor/16x16/apps/*gnome* ++ /usr/share/icons/hicolor/256x256/apps/*gnome* ++ /usr/share/icons/hicolor/22x22/apps/*gnome* ++ /usr/share/icons/hicolor/48x48/apps/*gnome* ++ /usr/share/icons/hicolor/32x32/apps/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* ++ /usr/share/icons/HighContrast/24x24/apps/*gnome* ++ /usr/share/icons/HighContrast/scalable/apps/*gnome*-sudoku.svg ++ /usr/share/icons/HighContrast/16x16/apps/*gnome*-sudoku.png ++ /usr/share/icons/HighContrast/256x256/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/22x22/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/48x48/apps/gnome-power-manager.png ++ /usr/share/icons/HighContrast/32x32/apps/gnome-mahjongg.png ++ /usr/share/app-install/icons/*gnome* ++ /usr/share/icons/gnome/* ++ /usr/share/icons/Humanity/actions/128 ++ /usr/share/icons/Humanity/actions/16 ++ /usr/share/icons/Humanity/actions/22 ++ /usr/share/icons/Humanity/actions/24/*gnome* ++ /usr/share/icons/Humanity/actions/32/*gnome* ++ /usr/share/icons/Humanity/actions/48/*gnome* ++ /usr/share/icons/Humanity/actions/64/*gnome* ++ /usr/share/icons/Humanity/animations/16/*gnome* ++ /usr/share/icons/Humanity/animations/22/*gnome* ++ /usr/share/icons/Humanity/animations/24/*gnome* ++ /usr/share/icons/Humanity/animations/32/*gnome* ++ /usr/share/icons/Humanity/apps/128/*gnome* ++ /usr/share/icons/Humanity/apps/16/*gnome* ++ /usr/share/icons/Humanity/apps/22/*gnome* ++ /usr/share/icons/Humanity/apps/24/*gnome* ++ /usr/share/icons/Humanity/apps/32/*gnome* ++ /usr/share/icons/Humanity/apps/48/*gnome* ++ /usr/share/icons/Humanity/apps/64/*gnome* ++ /usr/share/icons/Humanity/categories/16/*gnome* ++ /usr/share/icons/Humanity/categories/22/*gnome* ++ /usr/share/icons/Humanity/categories/24/*gnome* ++ /usr/share/icons/Humanity/categories/32/*gnome* ++ /usr/share/icons/Humanity/categories/48/*gnome* ++ /usr/share/icons/Humanity/categories/64/*gnome* ++ /usr/share/icons/Humanity-Dark/apps/16/*gnome* ++ /usr/share/icons/Humanity-Dark/apps/22/*gnome* ++ /usr/share/icons/Humanity-Dark/devices/22/*gnome* ++ /usr/share/icons/Humanity-Dark/devices/24/*gnome* ++ /usr/share/icons/Humanity-Dark/places/16/*gnome* ++ /usr/share/icons/Humanity-Dark/places/22/*gnome* ++ /usr/share/icons/Humanity-Dark/places/24/*gnome* ++ /usr/share/icons/Humanity-Dark/places/48/*gnome* ++ /usr/share/icons/Humanity-Dark/places/64/*gnome* ++ /usr/share/icons/Humanity-Dark/status/22/*gnome* ++ /usr/share/icons/Humanity-Dark/status/24/*gnome* ++ /usr/share/icons/Humanity/devices/128/*gnome* ++ /usr/share/icons/Humanity/devices/16/*gnome* ++ /usr/share/icons/Humanity/devices/22/*gnome* ++ /usr/share/icons/Humanity/devices/24/*gnome* ++ /usr/share/icons/Humanity/devices/32/*gnome* ++ /usr/share/icons/Humanity/devices/48/*gnome* ++ /usr/share/icons/Humanity/devices/64/*gnome* ++ /usr/share/icons/Humanity/mimes/128/*gnome* ++ /usr/share/icons/Humanity/mimes/16/*gnome* ++ /usr/share/icons/Humanity/mimes/22/*gnome* ++ /usr/share/icons/Humanity/mimes/24/*gnome* ++ /usr/share/icons/Humanity/mimes/32/*gnome* ++ /usr/share/icons/Humanity/mimes/48/*gnome* ++ /usr/share/icons/Humanity/mimes/64/*gnome* ++ /usr/share/icons/Humanity/places/128/*gnome* ++ /usr/share/icons/Humanity/places/16/*gnome* ++ /usr/share/icons/Humanity/places/22/*gnome* ++ /usr/share/icons/Humanity/places/24/*gnome* ++ /usr/share/icons/Humanity/places/32/*gnome* ++ /usr/share/icons/Humanity/places/48/*gnome* ++ /usr/share/icons/Humanity/places/64/*gnome* ++ /usr/share/icons/Humanity/status/128/*gnome* ++ /usr/share/icons/Humanity/status/16/*gnome* ++ /usr/share/icons/Humanity/status/22/*gnome* ++ /usr/share/icons/Humanity/status/24/*gnome* ++ /usr/share/icons/Humanity/status/32/*gnome* ++ /usr/share/icons/Humanity/status/48/*gnome* ++ /usr/share/icons/Humanity/status/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-dark/status/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/apps/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/24/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/32/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/48/*gnome* ++ /usr/share/icons/ubuntu-mono-light/places/64/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/16/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/22/*gnome* ++ /usr/share/icons/ubuntu-mono-light/status/24/*gnome* ++ /usr/share/notify-osd/icons/*gnome* -- cgit v1.2.3-55-g7522 From f4eedc7e54707287ef1ee03af2995448e3d58192 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 17:08:29 +0200 Subject: [blacklists] Sorry, forgot something: '+ ' in empty lines. --- server/blacklists/desktop-sessions/gnome/gnome-base | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index 98bf8d60..aec31026 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -11,14 +11,14 @@ + /etc/gnome + /etc/gnome-app-install + /etc/gnome-settings-daemon -+ + # files from /usr/bin: + /usr/bin/*gnome* -+ + # from package gnome-session: + /usr/share/gnome-session + /usr/share/doc -+ + # + from package gnome-session-bin: + /usr/share/GConf + /usr/share/glib-2.0 -- cgit v1.2.3-55-g7522 From 3f7d8e5dd00ac54891232df990981101ecce601e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Sep 2013 17:28:33 +0200 Subject: [pam-freiburg] nscd is not configured to cache hostnames, so don't patch nsswitch.conf to use it --- .../modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service index bbac775a..664f7dd7 100644 --- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service +++ b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service @@ -5,6 +5,6 @@ Before=graphical.target [Service] Type=oneshot ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap -ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/;s/^hosts:.*files/hosts:\t\tcache files/' /etc/nsswitch.conf +ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf ExecStart=/usr/bin/systemctl restart nscd -- cgit v1.2.3-55-g7522 From bf976501681d25f2601bb23e188866017cd0a0fc Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 13 Sep 2013 18:13:35 +0200 Subject: [blacklists] gnome-base: nautilus-autostart for backgrounds etc., some other gnome-autostarts also. --- server/blacklists/desktop-sessions/gnome/gnome-base | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index aec31026..f760cfa4 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -4,8 +4,12 @@ + /etc/pam.d/gnome-* # transported from x-autostart/xdg-autostart: -+ /etc/xdg/autostart/gnome-settings-daemon.desktop -+ /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop +# (obsolete entries, left here to match comment in +# x-autostart/xdg-autostart), now matched in more 'x-autostart stuff'. + +# more x-autostart stuff: ++ /etc/xdg/autostart/*gnome* ++ /etc/xdg/autostart/nautilus-autostart.desktop # files from /etc: + /etc/gnome -- cgit v1.2.3-55-g7522 From a6e8f2d9420855a0c15520f03573f273107923f8 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 16 Sep 2013 16:54:15 +0200 Subject: [mltk] Added help entry for option -k (write config) --- mltk | 1 + 1 file changed, 1 insertion(+) diff --git a/mltk b/mltk index a36edc85..2032d7cf 100755 --- a/mltk +++ b/mltk @@ -80,6 +80,7 @@ print_usage() { echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" echo -e " server 1.2.3.4 addons-eexam -e addons (pack eexam-addons as squashfs)" + echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz) echo -e "" echo -e " Existing targets for remote are:" echo -e " $(echo $(ls ${ROOT_DIR}/remote/targets 2>/dev/null || echo "No targets for remote found."))" -- cgit v1.2.3-55-g7522 From f392b5dc379985f328f71f0f402db762993e6ff5 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 16 Sep 2013 16:55:29 +0200 Subject: [mltk] fix --- mltk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mltk b/mltk index 2032d7cf..5d5ea80f 100755 --- a/mltk +++ b/mltk @@ -80,7 +80,7 @@ print_usage() { echo -e " server 1.2.3.4 stage32 -e stage32 (pack stage32 as squashfs+initramfs from remote system 1.2.3.4)" echo -e " server 1.2.3.4 stage31 -c (clean stage31 build under server/remote_builds and initramfs under server/boot)" echo -e " server 1.2.3.4 addons-eexam -e addons (pack eexam-addons as squashfs)" - echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz) + echo -e " server 1.2.3.4 -k [configname] (generate config file configs/config.tgz)" echo -e "" echo -e " Existing targets for remote are:" echo -e " $(echo $(ls ${ROOT_DIR}/remote/targets 2>/dev/null || echo "No targets for remote found."))" -- cgit v1.2.3-55-g7522 From 060261ef2c6afcfbb2dff3ac1f4947446c38f984 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 17 Sep 2013 18:29:02 +0200 Subject: [nfs-mount] Dbus service reload for stage4 --- .../rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export | 2 ++ 1 file changed, 2 insertions(+) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index 988dc3d7..b116c067 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -11,3 +11,5 @@ mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" "$MOUNTPOINT" || { echo echo "Appending $MOUNTPOINT to /" mount -o "remount,append:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } +# dbus reload needed eg. for gnome etc. and perhaps other service files which stage4 needs: +systemctl reload dbus.service -- cgit v1.2.3-55-g7522 From 83c46721a7afd15958e73b137e2c4c9096c739b9 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Tue, 17 Sep 2013 18:31:04 +0200 Subject: [blacklists] Remaining gnome stuff (Ubuntu) --- server/blacklists/desktop-sessions/gnome/gnome-base | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index f760cfa4..fd7b73d7 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -34,11 +34,27 @@ # gnome keyring libs: + /usr/lib/x86_64-linux-gnu/*gnome* - + /usr/lib/x86_64-linux-gnu/pkcs11 + /usr/lib/x86_64-linux-gnu/gio/modules + /usr/lib/x86_64-linux-gnu/libproxy/0.4.11/modules - + +# gnome seems to need accountdaemon for screensaver login +# (if not found 30sec timeout) +# + /usr/lib/systemd/system/accounts-daemon.service +# Suse version: ++ /usr/lib/accounts-daemon +# Ubuntu version: ++ /usr/lib/accountsservice/accounts-daemon + +# sonstiges für accountservice: ++ /etc/dbus-1/system.d/org.freedesktop.Accounts.conf ++ /usr/share/dbus-1/interfaces/org.freedesktop.Accounts.User.xml ++ /usr/share/dbus-1/interfaces/org.freedesktop.Accounts.xml ++ /usr/share/dbus-1/system-services/org.freedesktop.Accounts.service ++ /usr/share/polkit-1/actions/org.freedesktop.accounts.policy ++ /usr/share/language-tools + + + /usr/sbin/*gnome* + /usr/lib/libvte-2.90-9/*gnome* -- cgit v1.2.3-55-g7522 From c5fec7e8317ad4e5210b97c242b8d76f3b3eeb78 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:05:15 +0200 Subject: [modprobe.d/50-mltk-blacklist.conf] Proposal for mltk-related module blacklists. Just an entry so far for Intel 82Q35 MEI controller, which spams syslogs under some 3.0 kernels. Entry is out-commented, as this is just a proposal. --- .../rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf diff --git a/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf b/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf new file mode 100644 index 00000000..7a01777c --- /dev/null +++ b/remote/rootfs/rootfs-stage32/data/etc/modprobe.d/50-mltk-blacklist.conf @@ -0,0 +1,5 @@ +# Blacklist for mltk related modules + +# Intel corporation 82Q35 Express MEI controller spams syslog under +# some 3.0 kernels +# blacklist mei -- cgit v1.2.3-55-g7522 From a32ed6bceab0ede03ca980d16b7a1e4951450ab0 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:21:03 +0200 Subject: [stage32-opensuse] Just some target links --- remote/targets/stage32-opensuse/consolekit | 1 + remote/targets/stage32-opensuse/dnbd3 | 1 + remote/targets/stage32-opensuse/polkit | 1 + remote/targets/stage32-opensuse/redsocks | 1 + remote/targets/stage32-opensuse/udisks | 1 + 5 files changed, 5 insertions(+) create mode 120000 remote/targets/stage32-opensuse/consolekit create mode 120000 remote/targets/stage32-opensuse/dnbd3 create mode 120000 remote/targets/stage32-opensuse/polkit create mode 120000 remote/targets/stage32-opensuse/redsocks create mode 120000 remote/targets/stage32-opensuse/udisks diff --git a/remote/targets/stage32-opensuse/consolekit b/remote/targets/stage32-opensuse/consolekit new file mode 120000 index 00000000..261968c7 --- /dev/null +++ b/remote/targets/stage32-opensuse/consolekit @@ -0,0 +1 @@ +../../modules/consolekit \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/dnbd3 b/remote/targets/stage32-opensuse/dnbd3 new file mode 120000 index 00000000..fa80b45c --- /dev/null +++ b/remote/targets/stage32-opensuse/dnbd3 @@ -0,0 +1 @@ +../../modules/dnbd3 \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/polkit b/remote/targets/stage32-opensuse/polkit new file mode 120000 index 00000000..0ad0b111 --- /dev/null +++ b/remote/targets/stage32-opensuse/polkit @@ -0,0 +1 @@ +../../modules/polkit \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/redsocks b/remote/targets/stage32-opensuse/redsocks new file mode 120000 index 00000000..0740c53b --- /dev/null +++ b/remote/targets/stage32-opensuse/redsocks @@ -0,0 +1 @@ +../../modules/redsocks \ No newline at end of file diff --git a/remote/targets/stage32-opensuse/udisks b/remote/targets/stage32-opensuse/udisks new file mode 120000 index 00000000..06e7da5f --- /dev/null +++ b/remote/targets/stage32-opensuse/udisks @@ -0,0 +1 @@ +../../modules/udisks \ No newline at end of file -- cgit v1.2.3-55-g7522 From 4c30101998dee155adb2c1a958a3451bea19e13f Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 14:33:52 +0200 Subject: [polkit] polkit.build: +missing directory for opensuse --- remote/modules/polkit/polkit.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/polkit/polkit.build b/remote/modules/polkit/polkit.build index 151da8a8..10203209 100644 --- a/remote/modules/polkit/polkit.build +++ b/remote/modules/polkit/polkit.build @@ -12,7 +12,7 @@ build () { tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" local POLPATH=$(find "$MODULE_BUILD_DIR" -name polkitd -executable | head -n 1) POLPATH="/${POLPATH#$MODULE_BUILD_DIR}" - mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" "$MODULE_BUILD_DIR/var/lib/polkit" sed "s,%POLKITD%,${POLPATH},g" "templates/systemd.service" > "$MODULE_BUILD_DIR/etc/systemd/system/polkit.service" || perror "Could not generate polkit.service for systemd" sed "s,%POLKITD%,${POLPATH},g" "templates/dbus.service" > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service" || perror "Could not generate polkit.service for dbus" } -- cgit v1.2.3-55-g7522 From 69669521453d299ff2a3d02ab9ac00a247bd47e5 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:05:07 +0200 Subject: [dbus] Create systemd service using a template instead of grabbing from running system Also remove the ugly hack that moves /lib/systemd to /etc/systemd; this would only help mixing systemd service files from the running system with our own -- trouble ahead! Warn if /lib/systemd exists in the target build dir. --- .../dbus/data/etc/systemd/system/dbus.socket | 5 +++++ remote/modules/dbus/dbus.build | 21 ++++++++++++++++++--- remote/modules/dbus/templates/dbus.service | 11 +++++++++++ remote/setup_target | 11 +++++------ 4 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 remote/modules/dbus/data/etc/systemd/system/dbus.socket create mode 100644 remote/modules/dbus/templates/dbus.service diff --git a/remote/modules/dbus/data/etc/systemd/system/dbus.socket b/remote/modules/dbus/data/etc/systemd/system/dbus.socket new file mode 100644 index 00000000..5c373cf4 --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/dbus.socket @@ -0,0 +1,5 @@ +[Unit] +Description=D-Bus System Message Bus Socket + +[Socket] +ListenStream=/run/dbus/system_bus_socket diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index bcab63b0..81c849fb 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -7,11 +7,26 @@ fetch_source() { build() { COPYLIST="list_dpkg_output" [ -e "${COPYLIST}" ] && rm "${COPYLIST}" - - list_packet_files >> "${COPYLIST}" + + list_packet_files >> "${COPYLIST}" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" - + + # Generate systemd files + mkdir "$MODULE_BUILD_DIR/etc/systemd/system" + local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) + local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) + UUIDGEN="${UUIDGEN#$MODULE_BUILD_DIR}" + DAEMON="${DAEMON#$MODULE_BUILD_DIR}" + SEND="${SEND#$MODULE_BUILD_DIR}" + [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" + [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" + [ -z "$SEND" ] && perror "Could not determine dbus-send location" + sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g" "templates/dbus.service" \ + > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ + || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } post_copy() { : } + diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service new file mode 100644 index 00000000..b6e05271 --- /dev/null +++ b/remote/modules/dbus/templates/dbus.service @@ -0,0 +1,11 @@ +[Unit] +Description=D-Bus System Message Bus +Requires=dbus.socket +After=syslog.target + +[Service] +ExecStartPre=%UUIDGEN% --ensure +ExecStartPre=-/bin/rm -f /run/dbus/pid +ExecStart=%DAEMON% --system --address=systemd: --nofork --activation=systemd +ExecReload=%SEND% --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig +OOMScoreAdjust=-900 diff --git a/remote/setup_target b/remote/setup_target index 04af2158..00a182f3 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -358,13 +358,12 @@ process_module() { post_process_target() { local TOOL_STR="$TOOL_STR post_process_target:" - # move systemd files from /lib to /etc/lib - pinfo "move systemd files from /lib/systemd to /etc/systemd" if [ -d "${TARGET_BUILD_DIR}/lib/systemd" ]; then - cd "${TARGET_BUILD_DIR}/lib" - tarcopy "systemd" "${TARGET_BUILD_DIR}/etc" - cd - &> /dev/null - rm -r "${TARGET_BUILD_DIR}/lib/systemd" + pwarning "/lib/systemd exists in the generated target. It is not advisable to fetch existing" + pwarning "systemd service files from the template system, as it might conflict with generated" + pwarning "ones. In fact, some systems don't even use systemd so there might be no existing" + pwarning "service files. Please generate your own service file and place it in /etc/systemd." + pwarning "All files in /lib/systemd will be ignored." fi # figure out all relevant ld-paths -- cgit v1.2.3-55-g7522 From 27a36ead9a8dfa042d649211dcdc1666081eea89 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:09:33 +0200 Subject: [dbus] Fix mkdir, remove /lib/systemd from required directories --- remote/modules/dbus/dbus.build | 2 +- remote/modules/dbus/dbus.conf.opensuse | 5 +---- remote/modules/dbus/dbus.conf.ubuntu | 4 +--- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index 81c849fb..beb557b4 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -12,7 +12,7 @@ build() { tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" # Generate systemd files - mkdir "$MODULE_BUILD_DIR/etc/systemd/system" + mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) diff --git a/remote/modules/dbus/dbus.conf.opensuse b/remote/modules/dbus/dbus.conf.opensuse index 93610f62..9bc514e2 100644 --- a/remote/modules/dbus/dbus.conf.opensuse +++ b/remote/modules/dbus/dbus.conf.opensuse @@ -1,7 +1,4 @@ REQUIRED_CONTENT_PACKAGES=" dbus-1 " -REQUIRED_DIRECTORIES+=" - /usr/lib/systemd -" -REQUIRED_FILES="" + diff --git a/remote/modules/dbus/dbus.conf.ubuntu b/remote/modules/dbus/dbus.conf.ubuntu index d007c2ef..9f302876 100644 --- a/remote/modules/dbus/dbus.conf.ubuntu +++ b/remote/modules/dbus/dbus.conf.ubuntu @@ -1,9 +1,7 @@ REQUIRED_CONTENT_PACKAGES=" dbus " -REQUIRED_DIRECTORIES+=" - /lib/systemd -" REQUIRED_FILES=" /etc/default/dbus " + -- cgit v1.2.3-55-g7522 From 4052504dc902765d109c34bff0db73a69a12b428 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:14:12 +0200 Subject: [dbus] Missed *.wants --- .../dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service | 1 + .../dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket | 1 + remote/modules/dbus/dbus.build | 2 +- remote/modules/dbus/templates/dbus.service | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) create mode 120000 remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service create mode 120000 remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket diff --git a/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service b/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service new file mode 120000 index 00000000..224df24b --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/multi-user.target.wants/dbus.service @@ -0,0 +1 @@ +../dbus.service \ No newline at end of file diff --git a/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket b/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket new file mode 120000 index 00000000..fe02d162 --- /dev/null +++ b/remote/modules/dbus/data/etc/systemd/system/sockets.target.wants/dbus.socket @@ -0,0 +1 @@ +../dbus.socket \ No newline at end of file diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index beb557b4..7b7e472c 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -22,7 +22,7 @@ build() { [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" [ -z "$SEND" ] && perror "Could not determine dbus-send location" - sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g" "templates/dbus.service" \ + sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,/$DAEMON,g;s,%SEND%,/$SEND,g" "templates/dbus.service" \ > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service index b6e05271..a49d8f0f 100644 --- a/remote/modules/dbus/templates/dbus.service +++ b/remote/modules/dbus/templates/dbus.service @@ -1,5 +1,6 @@ [Unit] Description=D-Bus System Message Bus +Wants=dbus.socket Requires=dbus.socket After=syslog.target -- cgit v1.2.3-55-g7522 From a868911a9f3816719113d570bcd2a92a67cdc507 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:16:24 +0200 Subject: [debug] Remove non existent binary --- remote/modules/debug/debug.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 82a741fe..66f90011 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,7 +12,6 @@ REQUIRED_BINARIES=" su file @htop - logger @tcpdump getfacl " -- cgit v1.2.3-55-g7522 From b3ae57767f7ca02e7901a07f087f9a40707d279d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 15:17:26 +0200 Subject: ...better yet, make it optional --- remote/modules/debug/debug.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/debug/debug.conf b/remote/modules/debug/debug.conf index 66f90011..71006514 100644 --- a/remote/modules/debug/debug.conf +++ b/remote/modules/debug/debug.conf @@ -12,6 +12,7 @@ REQUIRED_BINARIES=" su file @htop + @logger @tcpdump getfacl " -- cgit v1.2.3-55-g7522 From 173001fc4a1efc95f346ecec90373ded388dbf92 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Wed, 18 Sep 2013 15:45:42 +0200 Subject: [blacklists] Modifications for accounts-daemon.service --- server/blacklists/desktop-sessions/gnome/gnome-base | 4 +++- server/blacklists/essential/linux-extended | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/server/blacklists/desktop-sessions/gnome/gnome-base b/server/blacklists/desktop-sessions/gnome/gnome-base index fd7b73d7..b5e25eee 100644 --- a/server/blacklists/desktop-sessions/gnome/gnome-base +++ b/server/blacklists/desktop-sessions/gnome/gnome-base @@ -40,7 +40,9 @@ # gnome seems to need accountdaemon for screensaver login # (if not found 30sec timeout) -# + /usr/lib/systemd/system/accounts-daemon.service ++ /usr/lib/systemd/ ++ /usr/lib/systemd/system/ ++ /usr/lib/systemd/system/accounts-daemon.service # Suse version: + /usr/lib/accounts-daemon # Ubuntu version: diff --git a/server/blacklists/essential/linux-extended b/server/blacklists/essential/linux-extended index ab39fda0..54f500ed 100644 --- a/server/blacklists/essential/linux-extended +++ b/server/blacklists/essential/linux-extended @@ -8,6 +8,7 @@ - /usr/share/upstart - /lib/systemd - /usr/lib/systemd +- /usr/lib/systemd/** - /etc/systemd - /var/lib/NetworkManager -- cgit v1.2.3-55-g7522 From 0b7566e3478390555ee0f297a866b54b6db9c21b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:08:48 +0200 Subject: [setup_target] Actually CHECK IF A REQUIRED LIBRARY IS THERE! --- remote/setup_target | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/remote/setup_target b/remote/setup_target index 00a182f3..2f4d6e37 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -178,11 +178,11 @@ copy_files_with_deps () { done done - [ ! -z "${REQUIRED_LIBRARIES}" ] && pinfo "Gathering required libraries from config file..." - for LIB in ${REQUIRED_LIBRARIES} - do - for LOCATION in $(find . -name ${LIB}.so\*) - do + [ ! -z "$REQUIRED_LIBRARIES" ] && pinfo "Gathering required libraries from config file..." + for LIB in $REQUIRED_LIBRARIES; do + FILE_CANDIDATES=$(find . -name "${LIB}.so*") + [ -z "$FILE_CANDIDATES" ] && perror "Cannot find required library $LIB" + for LOCATION in $FILE_CANDIDATES; do pdebug "* $LOCATION" strip "$LOCATION" || pwarning "Could not strip '${LOCATION}'" get_link_chain "${MODULE_BUILD_DIR}/${LOCATION}" "${MODULE_BUILD_DIR}" >> "${COPYFILES_LIST}" -- cgit v1.2.3-55-g7522 From e943f087771b879f710a30c8d0e9e7f6320e4016 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:42:52 +0200 Subject: Make sure pam_ck_connector is required by and included in the consolekit module on all platforms (Previously it was in consolekit on suse and pam on ubuntu... -.-) --- remote/modules/consolekit/consolekit.build | 10 +++++++++- remote/modules/consolekit/consolekit.conf | 10 +++++++--- remote/modules/consolekit/consolekit.conf.debian | 6 +++++- remote/modules/consolekit/consolekit.conf.ubuntu | 6 +++++- remote/modules/consolekit/templates/consolekit.dbus.service | 6 ++++++ remote/modules/consolekit/templates/consolekit.systemd.service | 9 +++++++++ remote/modules/pam/pam.conf.ubuntu | 1 - remote/setup_target | 2 +- 8 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 remote/modules/consolekit/templates/consolekit.dbus.service create mode 100644 remote/modules/consolekit/templates/consolekit.systemd.service diff --git a/remote/modules/consolekit/consolekit.build b/remote/modules/consolekit/consolekit.build index ac31f9ed..0c63ec6b 100644 --- a/remote/modules/consolekit/consolekit.build +++ b/remote/modules/consolekit/consolekit.build @@ -10,11 +10,19 @@ build() { list_packet_files >> "${COPYLIST}" tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}" - + # Systemd/dbus + mkdir -p "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services" "$MODULE_BUILD_DIR/etc/systemd/system" + local DAEMON=$(find "$MODULE_BUILD_DIR" -name console-kit-daemon -executable | head -n 1) + DAEMON="${DAEMON#$MODULE_BUILD_DIR}" + [ -z "$DAEMON" ] && perror "Could not find console-kit-daemon binary" + sed "s,%DAEMON%,/$DAEMON,g" "templates/consolekit.systemd.service" > "$MODULE_BUILD_DIR/etc/systemd/system/console-kit-daemon.service" || perror "Could not generate systemd service" + sed "s,%DAEMON%,/$DAEMON,g" "templates/consolekit.dbus.service" > "$MODULE_BUILD_DIR/usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service" || perror "Could not generate dbus service" } + post_copy() { mkdir -p "${TARGET_BUILD_DIR}/usr/lib/ConsoleKit/run-seat.d" mkdir -p "${TARGET_BUILD_DIR}/etc/ConsoleKit/run-seat.d" mkdir -p "${TARGET_BUILD_DIR}/etc/ConsoleKit/run-session.d" mkdir -p "${TARGET_BUILD_DIR}/var/log/ConsoleKit" } + diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index 91fc6dc2..b84bf697 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -1,12 +1,16 @@ REQUIRED_BINARIES=" console-kit-daemon + ck-history + ck-launch-session + ck-list-sessions " REQUIRED_DIRECTORIES=" - /usr - /etc - /$LIB64 + /etc/ConsoleKit + /etc/dbus-1 + /usr/share " REQUIRED_LIBRARIES=" pam_ck_connector + libck-connector " diff --git a/remote/modules/consolekit/consolekit.conf.debian b/remote/modules/consolekit/consolekit.conf.debian index c0fffffa..0171868a 100644 --- a/remote/modules/consolekit/consolekit.conf.debian +++ b/remote/modules/consolekit/consolekit.conf.debian @@ -1,2 +1,6 @@ -REQUIRED_CONTENT_PACKAGES="consolekit" +REQUIRED_CONTENT_PACKAGES=" + consolekit + libpam-ck-connector +" + diff --git a/remote/modules/consolekit/consolekit.conf.ubuntu b/remote/modules/consolekit/consolekit.conf.ubuntu index c0fffffa..3b160bc9 100644 --- a/remote/modules/consolekit/consolekit.conf.ubuntu +++ b/remote/modules/consolekit/consolekit.conf.ubuntu @@ -1,2 +1,6 @@ -REQUIRED_CONTENT_PACKAGES="consolekit" +REQUIRED_CONTENT_PACKAGES=" + consolekit + libpam-ck-connector + libck-connector0 +" diff --git a/remote/modules/consolekit/templates/consolekit.dbus.service b/remote/modules/consolekit/templates/consolekit.dbus.service new file mode 100644 index 00000000..5720e4cf --- /dev/null +++ b/remote/modules/consolekit/templates/consolekit.dbus.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=org.freedesktop.ConsoleKit +Exec=%DAEMON% --no-daemon +User=root +SystemdService=console-kit-daemon.service + diff --git a/remote/modules/consolekit/templates/consolekit.systemd.service b/remote/modules/consolekit/templates/consolekit.systemd.service new file mode 100644 index 00000000..f86158cc --- /dev/null +++ b/remote/modules/consolekit/templates/consolekit.systemd.service @@ -0,0 +1,9 @@ +[Unit] +Description=ConsoleKit (Legacy) +After=syslog.target + +[Service] +Type=dbus +BusName=org.freedesktop.ConsoleKit +ExecStart=%DAEMON% --no-daemon + diff --git a/remote/modules/pam/pam.conf.ubuntu b/remote/modules/pam/pam.conf.ubuntu index c1516e13..fe034225 100644 --- a/remote/modules/pam/pam.conf.ubuntu +++ b/remote/modules/pam/pam.conf.ubuntu @@ -14,7 +14,6 @@ REQUIRED_INSTALLED_PACKAGES=" REQUIRED_CONTENT_PACKAGES=" libpam0g libpam-modules - libpam-ck-connector libpam-cap libldap-2.4-2 libpam-ldap diff --git a/remote/setup_target b/remote/setup_target index 2f4d6e37..dc8bd151 100755 --- a/remote/setup_target +++ b/remote/setup_target @@ -338,7 +338,7 @@ process_module() { [ -d "${TARGET_BUILD_DIR}" ] && TARGET_BUILD_SIZE=$(du -bc "${TARGET_BUILD_DIR}" | awk 'END {print $1}') || TARGET_BUILD_SIZE=0 pinfo "## Copying files with dependencies" copy_files_with_deps - pinfo "## Copying required system files" + pinfo "## Copying required system files" # REQUIRED_SYSTEM_FILES copy_system_files pinfo "## Copying static module files" copy_static_data -- cgit v1.2.3-55-g7522 From 32e9b5cd1fa28bc9fc8d50d193ac256dbf1f94a3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:53:14 +0200 Subject: [rootfs-stage32] Remove libau because it's not there and I have no clue what it is --- remote/rootfs/rootfs-stage32/rootfs-stage32.conf | 472 ++++++++++++----------- 1 file changed, 240 insertions(+), 232 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf index 5c453397..1dd76e68 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf @@ -1,236 +1,244 @@ -REQUIRED_MODULES=" kernel" +REQUIRED_MODULES=" + kernel +" REQUIRED_BINARIES=" - bash - more - less - agetty - cat - false - loadkeys - setfont - login - sulogin - mount - umount - mount.nfs4 - umount.nfs4 - fdisk - mkfs.xfs - rm - blkid - modprobe - ps - scp - ssh - tput - xterm - xvidtune - bc - dirname - mkdosfs - iptables - ntpdate - rdns - find + bash + more + less + agetty + cat + false + loadkeys + setfont + login + sulogin + mount + umount + mount.nfs4 + umount.nfs4 + fdisk + mkfs.xfs + rm + blkid + modprobe + ps + scp + ssh + tput + xterm + xvidtune + bc + dirname + mkdosfs + iptables + ntpdate + rdns + find +" +REQUIRED_LIBRARIES=" + libcap + libcidn + libcom_err + libcrypt + libcrypto + libnsl + libnss_compat + libnss_dns + libnss_files + libnss_hesiod + libnss_nis + libnss_nisplus + libnss_mdns + libpam + libutil + libtinfo + libresolv " -REQUIRED_LIBRARIES=" libcap - libcidn - libcom_err - libcrypt - libcrypto - libnsl - libnss_compat - libnss_dns - libnss_files - libnss_hesiod - libnss_nis - libnss_nisplus - libnss_mdns - libpam - libutil - libtinfo - libresolv - libau" REQUIRED_FILES=" - /etc/inputrc - /etc/localtime - /etc/login.defs - /etc/securetty - /etc/protocols - /etc/services - /etc/networks - /etc/netconfig - /etc/fonts/fonts.conf + /etc/inputrc + /etc/localtime + /etc/login.defs + /etc/securetty + /etc/protocols + /etc/services + /etc/networks + /etc/netconfig + /etc/fonts/fonts.conf +" +REQUIRED_KERNEL_MODULES=" + kernel/drivers/cpufreq + kernel/drivers/memstick + kernel/drivers/mfd + kernel/drivers/gpio + kernel/drivers/block + kernel/drivers/uwb + kernel/drivers/w1 + kernel/drivers/regulator + kernel/drivers/leds + kernel/drivers/firmware + kernel/drivers/watchdog + kernel/drivers/media/rc + kernel/drivers/media/video + kernel/drivers/media/common + kernel/drivers/mmc + kernel/drivers/staging + kernel/drivers/firewire + kernel/drivers/bluetooth + kernel/drivers/power + kernel/drivers/video + kernel/drivers/uio + kernel/drivers/md + kernel/drivers/virtio + kernel/drivers/pci + kernel/drivers/acpi + kernel/drivers/input + kernel/drivers/ssb + kernel/drivers/spi + kernel/drivers/crypto + kernel/drivers/bcma + kernel/drivers/nfc + kernel/drivers/usb + kernel/drivers/char + kernel/drivers/vhost + kernel/drivers/i2c + kernel/drivers/ata + kernel/drivers/tty + kernel/drivers/parport + kernel/drivers/misc + kernel/drivers/scsi + kernel/drivers/auxdisplay + kernel/drivers/target + kernel/drivers/dca + kernel/drivers/dma + kernel/drivers/rtc + kernel/drivers/pps + kernel/drivers/hid + kernel/drivers/atm + kernel/drivers/platform + kernel/drivers/edac + kernel/drivers/hv + kernel/drivers/idle + kernel/drivers/xen + kernel/ubuntu/aufs + kernel/arch + kernel/lib + kernel/fs + kernel/crypto + kernel/net + kernel/sound + kernel/fs/autofs4/autofs4 +" +REQUIRED_FIRMWARE=" + 3com + acenic + adaptec + advansys + ar3k + asihpi + av7110 + bnx2 + bnx2x + brcm + cis + cpia2 + cxgb3 + cxgb4 + dabusb + dsp56k + e100 + ea + edgeport + emi26 + emi62 + ene-ub6250 + ess + hp + isci + kaweth + keyspan + keyspan_pda + korg + libertas + matrox + mrvl + mwl8k + ositech + r128 + radeon + RTL8192E + RTL8192SE + rtl_nic + sb16 + scripts + slicoss + sun + sxg + tehuti + ti-connectivity + tigon + ttusb-budget + ueagle-atm + usbdux + vicam + vxge + yam + yamaha + agere_ap_fw.bin + agere_sta_fw.bin + aic94xx-seq.fw + ath3k-1.fw + atmel_at76c502_3com.bin + atmel_at76c502.bin + atmel_at76c502d.bin + atmel_at76c502e.bin + atmel_at76c504_2958.bin + atmel_at76c504a_2958.bin + atmel_at76c504.bin + atmel_at76c506.bin + atmsar11.fw + carl9170-1.fw + f2255usb.bin + GPL-3 + htc_7010.fw + htc_9271.fw + i2400m-fw-usb-1.4.sbcf + i2400m-fw-usb-1.5.sbcf + i6050-fw-usb-1.5.sbcf + intelliport2.bin + lbtf_usb.bin + lgs8g75.fw + mts_cdma.fw + mts_edge.fw + mts_gsm.fw + mts_mt9234mu.fw + mts_mt9234zba.fw + mwl8335_duplex.fw + NPE-B + NPE-C + phanfw.bin + rt2561.bin + rt2561s.bin + rt2661.bin + rt2860.bin + rt2870.bin + rt3070.bin + rt3071.bin + rt3090.bin + rt73.bin + s2250.fw + s2250_loader.fw + TDA7706_OM_v2.5.1_boot.txt + TDA7706_OM_v3.0.2_boot.txt + ti_3410.fw + ti_5052.fw + tlg2300_firmware.bin + tr_smctr.bin + usbduxfast_firmware.bin + usbdux_firmware.bin + usbduxsigma_firmware.bin + vntwusb.fw + WHENCE.ubuntu + whiteheat.fw + whiteheat_loader.fw " -REQUIRED_KERNEL_MODULES=" kernel/drivers/cpufreq - kernel/drivers/memstick - kernel/drivers/mfd - kernel/drivers/gpio - kernel/drivers/block - kernel/drivers/uwb - kernel/drivers/w1 - kernel/drivers/regulator - kernel/drivers/leds - kernel/drivers/firmware - kernel/drivers/watchdog - kernel/drivers/media/rc - kernel/drivers/media/video - kernel/drivers/media/common - kernel/drivers/mmc - kernel/drivers/staging - kernel/drivers/firewire - kernel/drivers/bluetooth - kernel/drivers/power - kernel/drivers/video - kernel/drivers/uio - kernel/drivers/md - kernel/drivers/virtio - kernel/drivers/pci - kernel/drivers/acpi - kernel/drivers/input - kernel/drivers/ssb - kernel/drivers/spi - kernel/drivers/crypto - kernel/drivers/bcma - kernel/drivers/nfc - kernel/drivers/usb - kernel/drivers/char - kernel/drivers/vhost - kernel/drivers/i2c - kernel/drivers/ata - kernel/drivers/tty - kernel/drivers/parport - kernel/drivers/misc - kernel/drivers/scsi - kernel/drivers/auxdisplay - kernel/drivers/target - kernel/drivers/dca - kernel/drivers/dma - kernel/drivers/rtc - kernel/drivers/pps - kernel/drivers/hid - kernel/drivers/atm - kernel/drivers/platform - kernel/drivers/edac - kernel/drivers/hv - kernel/drivers/idle - kernel/drivers/xen - kernel/ubuntu/aufs - kernel/arch - kernel/lib - kernel/fs - kernel/crypto - kernel/net - kernel/sound - kernel/fs/autofs4/autofs4" -REQUIRED_FIRMWARE=" 3com - acenic - adaptec - advansys - ar3k - asihpi - av7110 - bnx2 - bnx2x - brcm - cis - cpia2 - cxgb3 - cxgb4 - dabusb - dsp56k - e100 - ea - edgeport - emi26 - emi62 - ene-ub6250 - ess - hp - isci - kaweth - keyspan - keyspan_pda - korg - libertas - matrox - mrvl - mwl8k - ositech - r128 - radeon - RTL8192E - RTL8192SE - rtl_nic - sb16 - scripts - slicoss - sun - sxg - tehuti - ti-connectivity - tigon - ttusb-budget - ueagle-atm - usbdux - vicam - vxge - yam - yamaha - agere_ap_fw.bin - agere_sta_fw.bin - aic94xx-seq.fw - ath3k-1.fw - atmel_at76c502_3com.bin - atmel_at76c502.bin - atmel_at76c502d.bin - atmel_at76c502e.bin - atmel_at76c504_2958.bin - atmel_at76c504a_2958.bin - atmel_at76c504.bin - atmel_at76c506.bin - atmsar11.fw - carl9170-1.fw - f2255usb.bin - GPL-3 - htc_7010.fw - htc_9271.fw - i2400m-fw-usb-1.4.sbcf - i2400m-fw-usb-1.5.sbcf - i6050-fw-usb-1.5.sbcf - intelliport2.bin - lbtf_usb.bin - lgs8g75.fw - mts_cdma.fw - mts_edge.fw - mts_gsm.fw - mts_mt9234mu.fw - mts_mt9234zba.fw - mwl8335_duplex.fw - NPE-B - NPE-C - phanfw.bin - rt2561.bin - rt2561s.bin - rt2661.bin - rt2860.bin - rt2870.bin - rt3070.bin - rt3071.bin - rt3090.bin - rt73.bin - s2250.fw - s2250_loader.fw - TDA7706_OM_v2.5.1_boot.txt - TDA7706_OM_v3.0.2_boot.txt - ti_3410.fw - ti_5052.fw - tlg2300_firmware.bin - tr_smctr.bin - usbduxfast_firmware.bin - usbdux_firmware.bin - usbduxsigma_firmware.bin - vntwusb.fw - WHENCE.ubuntu - whiteheat.fw - whiteheat_loader.fw" + -- cgit v1.2.3-55-g7522 From 4b3fcd7facf0cf44177f85fd554c60f3680afa8e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 16:54:58 +0200 Subject: [rootfs-stage32] Tweak startup order (systemd) --- .../rootfs-stage32/data/etc/systemd/system/setup-partitions.service | 3 ++- .../rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service | 1 + .../data/opt/openslx/scripts/systemd-setup_slx_addons | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service index 4e663d56..df075922 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-partitions.service @@ -1,7 +1,8 @@ [Unit] Description=Setup local disk partitions (tmp, swap) DefaultDependencies=no -Before=sysinit.target shutdown.target +Before=sysinit.target +After=systemd-udev-trigger.service Wants=sysinit.target [Service] diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service index 20909813..d7ec53c2 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/setup-slx-addon@.service @@ -1,5 +1,6 @@ [Unit] Description=Setup SLX addon %i +DefaultDependencies=no [Service] Type=oneshot diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons index 661beac4..b5e2040b 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons @@ -41,9 +41,9 @@ mkdir -p "$SYS_TMP" || { echo "Failed to create $SYS_TMP"; exit 1; } # NO ARGUMENTS -> LOOP OVER ALL ADDONS # -if [ $# == 0 ]; then +if [ $# -eq 0 ]; then for ADDON in ${SLX_ADDONS}; do - systemctl start setup-slx-addon@$ADDON + systemctl start "setup-slx-addon@$ADDON" & done fi @@ -52,7 +52,7 @@ fi # WITH ARGUMENTS -> SETUP ADDON # -if [ $# == 1 ]; then +if [ $# -eq 1 ]; then ADDON="$1" # sanity check -- cgit v1.2.3-55-g7522 From 55edfee84d418957d88d271fb77eb7f555614b9e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 17:02:51 +0200 Subject: [dbus] Add missing systemd service file --- remote/modules/dbus/dbus.conf | 18 +++++++++++------- remote/modules/dbus/dbus.conf.ubuntu | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/remote/modules/dbus/dbus.conf b/remote/modules/dbus/dbus.conf index 64457541..40f8a53d 100644 --- a/remote/modules/dbus/dbus.conf +++ b/remote/modules/dbus/dbus.conf @@ -1,11 +1,15 @@ REQUIRED_BINARIES=" - dbus-cleanup-sockets - dbus-daemon - dbus-uuidgen - dbus-monitor - dbus-send - dbus-daemon-launch-helper + dbus-cleanup-sockets + dbus-daemon + dbus-uuidgen + dbus-monitor + dbus-send + dbus-daemon-launch-helper " REQUIRED_DIRECTORIES=" - /etc/dbus-1 + /etc/dbus-1 " +REQUIRED_FILES=" + /etc/systemd/system/dbus.service +" + diff --git a/remote/modules/dbus/dbus.conf.ubuntu b/remote/modules/dbus/dbus.conf.ubuntu index 9f302876..558eea7f 100644 --- a/remote/modules/dbus/dbus.conf.ubuntu +++ b/remote/modules/dbus/dbus.conf.ubuntu @@ -1,7 +1,7 @@ REQUIRED_CONTENT_PACKAGES=" dbus " -REQUIRED_FILES=" +REQUIRED_FILES+=" /etc/default/dbus " -- cgit v1.2.3-55-g7522 From 62bf388f442fc68040b4f8aa73f67594a6e3ff7b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 18:42:14 +0200 Subject: [dbus] dbus parameters changed over time. Try to get them right --- remote/modules/dbus/dbus.build | 45 +++++++++++++++++++++++++----- remote/modules/dbus/templates/dbus.service | 7 +++-- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/remote/modules/dbus/dbus.build b/remote/modules/dbus/dbus.build index 7b7e472c..c5b2d353 100644 --- a/remote/modules/dbus/dbus.build +++ b/remote/modules/dbus/dbus.build @@ -13,20 +13,51 @@ build() { # Generate systemd files mkdir -p "$MODULE_BUILD_DIR/etc/systemd/system" - local UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + # This is ugly, as the command line arguments changed over time. Try to do the right thing (whatever that is) + # Need to run dbus-uuidgen first? + local UUIDGEN="# This line intentionally left blank" + if files_contain "ExecStartPre.*uuidgen" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + UUIDGEN=$(find "$MODULE_BUILD_DIR" -name dbus-uuidgen -executable | head -n 1) + [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" + UUIDGEN="ExecStartPre=/${UUIDGEN#$MODULE_BUILD_DIR} --ensure" + fi + # Figure out daemon location local DAEMON=$(find "$MODULE_BUILD_DIR" -name dbus-daemon -executable | head -n 1) - local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) - UUIDGEN="${UUIDGEN#$MODULE_BUILD_DIR}" - DAEMON="${DAEMON#$MODULE_BUILD_DIR}" - SEND="${SEND#$MODULE_BUILD_DIR}" - [ -z "$UUIDGEN" ] && perror "Could not determine dbus-uuidgen location" [ -z "$DAEMON" ] && perror "Could not determine dbus-daemon location" + DAEMON="/${DAEMON#$MODULE_BUILD_DIR}" + local DAEMON_ARGS="" + # Daemon arguments + if files_contain "dbus-daemon.*nopidfile" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --nopidfile" + fi + if files_contain "dbus-daemon.*activation=systemd" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --activation=systemd" + fi + if files_contain "dbus-daemon.*systemd-activation" "/lib/systemd/system/dbus.service" "/usr/lib/systemd/system/dbus.service"; then + DAEMON_ARGS+=" --systemd-activation" + fi + # dbus-send location + local SEND=$(find "$MODULE_BUILD_DIR" -name dbus-send -executable | head -n 1) [ -z "$SEND" ] && perror "Could not determine dbus-send location" - sed "s,%UUIDGEN%,/$UUIDGEN,g;s,%DAEMON%,/$DAEMON,g;s,%SEND%,/$SEND,g" "templates/dbus.service" \ + SEND="/${SEND#$MODULE_BUILD_DIR}" + sed "s,%UUIDGEN%,$UUIDGEN,g;s,%DAEMON%,$DAEMON,g;s,%SEND%,$SEND,g;s,%DAEMON_ARGS%,$DAEMON_ARGS,g" "templates/dbus.service" \ > "$MODULE_BUILD_DIR/etc/systemd/system/dbus.service" \ || perror "Could not generate $MODULE_BUILD_DIR/etc/systemd/system/dbus.service" } + post_copy() { : } +files_contain () { + [ $# -lt 2 ] && perror "files_contain needs at least 2 arguments (pattern, file)" + local PATTERN="$1" + shift + local FILE + for FILE in $@; do + [ -e "$FILE" ] || continue + grep -q "$PATTERN" "$FILE" && return 0 # Found + done + return 1 +} + diff --git a/remote/modules/dbus/templates/dbus.service b/remote/modules/dbus/templates/dbus.service index a49d8f0f..00b721f2 100644 --- a/remote/modules/dbus/templates/dbus.service +++ b/remote/modules/dbus/templates/dbus.service @@ -5,8 +5,9 @@ Requires=dbus.socket After=syslog.target [Service] -ExecStartPre=%UUIDGEN% --ensure -ExecStartPre=-/bin/rm -f /run/dbus/pid -ExecStart=%DAEMON% --system --address=systemd: --nofork --activation=systemd +%UUIDGEN% +ExecStartPre=-/bin/rm -f /var/run/dbus/pid +ExecStart=%DAEMON% --system --address=systemd: --nofork %DAEMON_ARGS% ExecReload=%SEND% --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig OOMScoreAdjust=-900 + -- cgit v1.2.3-55-g7522 From 74e5255a54b54bce86216de803bd94990bd69788 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Sep 2013 18:52:41 +0200 Subject: [debug] Fix service type of udevd-logger --- remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service index d834292f..387defde 100644 --- a/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service +++ b/remote/modules/debug/data/etc/systemd/system/debug-udevd_logger.service @@ -4,5 +4,5 @@ DefaultDependencies=no IgnoreOnIsolate=yes [Service] -Type=oneshot ExecStart=/opt/openslx/scripts/systemd-debug_udevd_logger + -- cgit v1.2.3-55-g7522 From fe5b7bc0a0c10b66f28162dfea870056de1d3411 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 15:19:16 +0200 Subject: [mltk] add comments about needed package to use mltk. TODO make it install automaticly --- mltk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mltk b/mltk index 5d5ea80f..2ba63fc4 100755 --- a/mltk +++ b/mltk @@ -98,6 +98,10 @@ check_devtools() { for i in $DEVTOOLS; do which "$i" 2>/dev/null 1>&2 || { echo "Essential development tool $i not found - exiting."; exit 1; } done + + # TODO make the script install the dev-stuff automaticly. + # Ubuntu: 'build-essential', 'm4', 'squashfs-tools' + # OpenSUSE: ??? } initial_checks() { -- cgit v1.2.3-55-g7522 From abe0ee2c6b0edb942242e337f3ffcbc024701d79 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 16:01:56 +0200 Subject: [consolekit] added back missing folder, fixes error msg upon login --- remote/modules/consolekit/consolekit.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/consolekit/consolekit.conf b/remote/modules/consolekit/consolekit.conf index b84bf697..e27b15e6 100644 --- a/remote/modules/consolekit/consolekit.conf +++ b/remote/modules/consolekit/consolekit.conf @@ -7,6 +7,7 @@ REQUIRED_BINARIES=" REQUIRED_DIRECTORIES=" /etc/ConsoleKit /etc/dbus-1 + /usr/lib/ConsoleKit /usr/share " REQUIRED_LIBRARIES=" -- cgit v1.2.3-55-g7522 From 628bc5fc85aa4121c33f7211b7cff01d007f4235 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 20 Sep 2013 16:31:08 +0200 Subject: [rootfs-stage32] buildscript and conf file updated for openSuse --- remote/rootfs/rootfs-stage32/rootfs-stage32.build | 3 ++- remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.build b/remote/rootfs/rootfs-stage32/rootfs-stage32.build index 02f238de..94642a8c 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.build +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.build @@ -33,7 +33,8 @@ build() { pinfo "Searching libraries from config file in system... (could take some time)" for LIB in ${REQUIRED_LIBRARIES} do - for LIB_LOCATION in $(find /lib/ -name "${LIB}.so*") + # lib + lib64: Ugly hack, will be replaced by a better solution + for LIB_LOCATION in $(find /lib/ /lib64/ -name "${LIB}.so*") do get_link_chain "${LIB_LOCATION}" >> "${FILELIST}" done diff --git a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse index bd9b7562..316cb5e4 100644 --- a/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse +++ b/remote/rootfs/rootfs-stage32/rootfs-stage32.conf.opensuse @@ -3,9 +3,11 @@ REQUIRED_INSTALLED_PACKAGES=" xfsprogs squashfs timezone + libcap2 " REQUIRED_CONTENT_PACKAGES=" timezone + libcap2 " REQUIRED_DIRECTORIES=" /usr/$LIB64/xtables -- cgit v1.2.3-55-g7522 From 0d752ca17591f69b4ab31bd63a41d76a69670b82 Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Fri, 20 Sep 2013 16:59:48 +0200 Subject: [xorg] conf file for openSuse updated --- remote/modules/xorg/xorg.conf.opensuse | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/xorg/xorg.conf.opensuse b/remote/modules/xorg/xorg.conf.opensuse index a91aca4d..38517d00 100644 --- a/remote/modules/xorg/xorg.conf.opensuse +++ b/remote/modules/xorg/xorg.conf.opensuse @@ -34,6 +34,7 @@ REQUIRED_CONTENT_PACKAGES=" xkbevd libpixman-1-0 xrandr + vaapi-intel-driver " REQUIRED_LIBRARIES=" libI810XvMC -- cgit v1.2.3-55-g7522 From 147a988579d871668f7a3724d517b21d299b4bdc Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 16:59:55 +0200 Subject: [pam-hso] fix permissions for pam scripts mouting homes. --- .../pam-hso/etc/pam-script/pam_script_ses_close | 1 + .../pam-hso/etc/pam-script/pam_script_ses_open | 1 - .../pam-hso/etc/pam-script/pam_script_ses_open.bak | 30 -------------- .../etc/pam-script/pam_script_ses_open.save | 47 ---------------------- 4 files changed, 1 insertion(+), 78 deletions(-) delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close index 8bc8d3bb..dc7b5bd7 100755 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close @@ -5,3 +5,4 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o echo "[$PAM_TYPE] Closing session for $PAM_USER" [ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER + diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open index 2189c347..4cf6bf58 100755 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open +++ b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open @@ -22,4 +22,3 @@ fi #mount H-Drive ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser - diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak deleted file mode 100755 index 79a94169..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.bak +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -echo "[$PAM_TYPE] Opening session for $PAM_USER" - -if [ $(id -g $PAM_USER) -eq 1001 ]; then - echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" - - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" - - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - - # now we can mount the home directory - mkdir -p /home/$PAM_USER - if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then - exit 0 - else - echo "Failed to mount home directory for $PAM_USER" - exit 1 - fi - -fi - diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save deleted file mode 100755 index 1bbb9d81..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open.save +++ /dev/null @@ -1,47 +0,0 @@ -/root/tm-scripts/server/boot/local/initramfs-stage32/root/tm-scripts/server/boot/local/initramfs-stage32#!/bin/sh - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - - -#check who is logged in to put the "Home"-Folder on the correct Desktop -#Doesn't work with root! -#export loggedInUser=$(whoami) -[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" - - -#create Folder on Desktop to link with H-Drive, if not already existent -if [ ! -d /home/$loggedInUser ]; then - mkdir -p /home/$loggedInUser -fi - - -#ask for username -#read -p "Benutzername: " username - - -#mount H-Drive -ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser#!/bin/sh - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - - -#check who is logged in to put the "Home"-Folder on the correct Desktop -#Doesn't work with root! -#export loggedInUser=$(whoami) -[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" - - -#create Folder on Desktop to link with H-Drive, if not already existent -if [ ! -d /home/$loggedInUser ]; then - mkdir -p /home/$loggedInUser -fi - - -#ask for username -#read -p "Benutzername: " username - - -#mount H-Drive -ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/$loggedInUser - - -- cgit v1.2.3-55-g7522 From e0b46c096fdf57ce948d687a62faec7493a775b3 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:01:22 +0200 Subject: [pam-freiburg] fix permission --- server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close | 1 + server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close index 01d409a1..44dcd418 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -2,3 +2,4 @@ [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" + diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open index 9af51e7f..205090b6 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -22,7 +22,7 @@ if [ $(id -g $PAM_USER) -ge 1000 ]; then FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - # now we can mount the home directory + # now we can mount the home directory! mkdir -p /home/$PAM_USER if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then exit 0 -- cgit v1.2.3-55-g7522 From e511a39a5f7c53312c9bb97e32631cfe17f5889a Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:02:07 +0200 Subject: [export_target] set owner and group of config files to root, always --- server/export_target | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/export_target b/server/export_target index 52f87942..4dbf2aae 100755 --- a/server/export_target +++ b/server/export_target @@ -128,7 +128,7 @@ generate_config() { done # no conflict, add file to archive - tar cf "${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar" $(ls) + tar --owner=root --group=root -c -f "${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar" $(ls) RET=$? [ "x$RET" != "x0" ] && perror "\tCould not create '${TARGET_CONFIG_BUILD_DIR}/${MODULE_CONFIG}.tar'" done -- cgit v1.2.3-55-g7522 From 85043c30d4b801445a085bf9f6da8d2ef21c8388 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:06:59 +0200 Subject: workaround for permissions fix not working. .. --- server/modules/pam-freiburg/etc/gssapi_mech.conf | 21 ----- server/modules/pam-freiburg/etc/idmapd.conf | 12 --- server/modules/pam-freiburg/etc/krb5.conf | 28 ------ server/modules/pam-freiburg/etc/ldap.conf | 11 --- server/modules/pam-freiburg/etc/ldap/ldap.conf | 7 -- server/modules/pam-freiburg/etc/openldap/ldap.conf | 1 - .../etc/pam-script/pam_script_ses_close | 1 - .../etc/pam-script/pam_script_ses_open | 1 - .../modules/pam-freiburg/etc/pam.d/common-account | 26 ------ server/modules/pam-freiburg/etc/pam.d/common-auth | 27 ------ .../modules/pam-freiburg/etc/pam.d/common-password | 33 ------- .../modules/pam-freiburg/etc/pam.d/common-session | 38 -------- .../etc/pam.d/common-session-noninteractive | 30 ------ server/modules/pam-freiburg/etc/pam.d/kdm | 10 -- server/modules/pam-freiburg/etc/pam.d/kdm-np | 11 --- server/modules/pam-freiburg/etc/pam.d/login | 101 --------------------- server/modules/pam-freiburg/etc/pam.d/other | 10 -- server/modules/pam-freiburg/etc/pam.d/passwd | 6 -- server/modules/pam-freiburg/etc/pam.d/sshd | 41 --------- server/modules/pam-freiburg/etc/pam.d/vmware-authd | 6 -- server/modules/pam-freiburg/etc/pam.d/xdm | 6 -- .../etc/systemd/system/activate-nss-ldap.service | 10 -- .../getty.target.wants/activate-nss-ldap.service | 1 - .../system/getty.target.wants/rpc-gssd.service | 1 - .../system/getty.target.wants/rpc-idmapd.service | 1 - .../etc/systemd/system/rpc-gssd.service | 7 -- .../etc/systemd/system/rpc-idmapd.service | 7 -- .../etc/systemd/system/run-rpc_pipefs.mount | 7 -- .../opt/openslx/scripts/pam_script_ses_close | 5 - .../opt/openslx/scripts/pam_script_ses_open | 35 ------- 30 files changed, 501 deletions(-) delete mode 100644 server/modules/pam-freiburg/etc/gssapi_mech.conf delete mode 100644 server/modules/pam-freiburg/etc/idmapd.conf delete mode 100644 server/modules/pam-freiburg/etc/krb5.conf delete mode 100644 server/modules/pam-freiburg/etc/ldap.conf delete mode 100644 server/modules/pam-freiburg/etc/ldap/ldap.conf delete mode 120000 server/modules/pam-freiburg/etc/openldap/ldap.conf delete mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close delete mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-account delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-auth delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-password delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session delete mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive delete mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm delete mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm-np delete mode 100644 server/modules/pam-freiburg/etc/pam.d/login delete mode 100644 server/modules/pam-freiburg/etc/pam.d/other delete mode 100644 server/modules/pam-freiburg/etc/pam.d/passwd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/sshd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/vmware-authd delete mode 100644 server/modules/pam-freiburg/etc/pam.d/xdm delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service delete mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service delete mode 100644 server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount delete mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close delete mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf deleted file mode 100644 index ac41f5fd..00000000 --- a/server/modules/pam-freiburg/etc/gssapi_mech.conf +++ /dev/null @@ -1,21 +0,0 @@ -# Example /etc/gssapi_mech.conf file -# -# GSSAPI Mechanism Definitions -# -# This configuration file determines which GSS-API mechanisms -# the gssd code should use -# -# NOTE: -# The initiaiization function "mechglue_internal_krb5_init" -# is used for the MIT krb5 gssapi mechanism. This special -# function name indicates that an internal function should -# be used to determine the entry points for the MIT gssapi -# mechanism funtions. -# -# library initialization function -# ================================ ========================== -# The MIT K5 gssapi library, use special function for initialization. -libgssapi_krb5.so.2 mechglue_internal_krb5_init -# -# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. -# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf deleted file mode 100644 index 2253cf0d..00000000 --- a/server/modules/pam-freiburg/etc/idmapd.conf +++ /dev/null @@ -1,12 +0,0 @@ -[General] - -Verbosity = 0 -Pipefs-Directory = /run/rpc_pipefs -# set your own domain here, if id differs from FQDN minus hostname -Domain = uni-freiburg.de -# localdomain - -[Mapping] - -Nobody-User = nobody -Nobody-Group = nogroup diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf deleted file mode 100644 index 6fd49243..00000000 --- a/server/modules/pam-freiburg/etc/krb5.conf +++ /dev/null @@ -1,28 +0,0 @@ -# file copied from configuration package (rootfs/etc/krb5.conf) -######################################################################### -[libdefaults] - noaddresses = false - clockskew = 300 - default_realm = PUBLIC.ADS.UNI-FREIBURG.DE - forwardable = true - minimum_uid = 1000 - proxiable = false - renew_lifetime = 30d - retain_after_close = false - ticket_lifetime = 3d - use_shmem = sshd - allow_weak_crypto=true -######################################################################### -[realms] - PUBLIC.ADS.UNI-FREIBURG.DE = { - kdc = kerberos.uni-freiburg.de - default_domain = uni-freiburg.de - admin_server = kerberos.uni-freiburg.de - } -######################################################################### -[domain_realm] - uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE - .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE -########################################################################## -[appdefaults] -######################################################################### diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf deleted file mode 100644 index 483595d2..00000000 --- a/server/modules/pam-freiburg/etc/ldap.conf +++ /dev/null @@ -1,11 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -BIND_TIMELIMIT 5 -TIMELIMIT 10 -LOGDIR /tmp/ldap -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - -nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf deleted file mode 100644 index 809065cc..00000000 --- a/server/modules/pam-freiburg/etc/ldap/ldap.conf +++ /dev/null @@ -1,7 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf deleted file mode 120000 index c0aaf459..00000000 --- a/server/modules/pam-freiburg/etc/openldap/ldap.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/ldap.conf \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close deleted file mode 120000 index f3682056..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_close \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open deleted file mode 120000 index 4f5598e5..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_open \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account deleted file mode 100644 index 3a5d5a14..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-account +++ /dev/null @@ -1,26 +0,0 @@ -# -# /etc/pam.d/common-account - authorization settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define -# the central access policy for use on the system. The default is to -# only deny service to users whose accounts are expired in /etc/shadow. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. -# - -# here are the per-package modules (the "Primary" block) -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -account requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -account required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth deleted file mode 100644 index 790afa1d..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-auth +++ /dev/null @@ -1,27 +0,0 @@ -# -# /etc/pam.d/common-auth - authentication settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 -auth [success=2 default=ignore] pam_unix.so try_first_pass -auth [success=1 default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password deleted file mode 100644 index cb8c7b71..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-password +++ /dev/null @@ -1,33 +0,0 @@ -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. - -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -password [success=1 default=ignore] pam_unix.so obscure sha512 -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session deleted file mode 100644 index 9a8b73e1..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ /dev/null @@ -1,38 +0,0 @@ -# -# /etc/pam.d/common-session - session-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_ck_connector.so -session optional pam_env.so readenv=1 -session optional pam_env.so readenv=1 envfile=/etc/default/locale -session optional pam_krb5.so minimum_uid=1000 -session [success=1] pam_unix.so -session [success=ok] pam_ldap.so -session sufficient pam_script.so -session optional pam_mkhomedir.so skel=/etc/skel umask=0022 -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive deleted file mode 100644 index 1fee2c4f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive +++ /dev/null @@ -1,30 +0,0 @@ -# -# /etc/pam.d/common-session-noninteractive - session-related modules -# common to all non-interactive services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of all non-interactive sessions. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_unix.so -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm deleted file mode 100644 index e6a4ec9b..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm +++ /dev/null @@ -1,10 +0,0 @@ -# -# /etc/pam.d/kdm - specify the PAM behaviour of kdm -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -auth include common-auth -account include common-account -password include common-password -session include common-session diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np deleted file mode 100644 index dc10e5b5..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm-np +++ /dev/null @@ -1,11 +0,0 @@ -# -# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -session required pam_limits.so -account include common-account -password include common-password -session include common-session -auth required pam_permit.so diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login deleted file mode 100644 index 1065f351..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/login +++ /dev/null @@ -1,101 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -# OpenSLX: Not Needed? -#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# TODO do we need this? -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -#auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# TODO do we need this? -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -#session required pam_limits.so - -# TODO check if this is needed -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Standard Un*x account and session -account include common-account -session include common-session -password include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other deleted file mode 100644 index 840eb77f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/other +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd deleted file mode 100644 index 32eaa3c6..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/passwd +++ /dev/null @@ -1,6 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password - diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd deleted file mode 100644 index 8954d639..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/sshd +++ /dev/null @@ -1,41 +0,0 @@ -# PAM configuration for the Secure Shell service - -# Read environment variables from /etc/environment and -# /etc/security/pam_env.conf. -auth required pam_env.so # [1] -# In Debian 4.0 (etch), locale-related environment variables were moved to -# /etc/default/locale, so read that as well. -auth required pam_env.so envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# Disallow non-root logins when /etc/nologin exists. -account required pam_nologin.so - -# Uncomment and edit /etc/security/access.conf if you need to set complex -# access limits that are hard to express in sshd_config. -# account required pam_access.so - -# Standard Un*x authorization. -account include common-account - -# Standard Un*x session setup and teardown. -session include common-session - -# Print the message of the day upon successful login. -session optional pam_motd.so # [1] - -# TODO do we need this? -# Print the status of the user's mailbox upon successful login. -#session optional pam_mail.so standard noenv # [1] - -# TODO do we need this? -# Set up user limits from /etc/security/limits.conf. -#session required pam_limits.so - -# Set up SELinux capabilities (need modified pam) -# session required pam_selinux.so multiple - -# Standard Un*x password updating. -password include common-password diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd deleted file mode 100644 index 1f9b60f9..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/vmware-authd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session include common-session - diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm deleted file mode 100644 index d21651db..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/xdm +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service deleted file mode 100644 index 664f7dd7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Activate NSS-LDAP lookups -Before=graphical.target - -[Service] -Type=oneshot -ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap -ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf -ExecStart=/usr/bin/systemctl restart nscd - diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service deleted file mode 120000 index 1102840c..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service +++ /dev/null @@ -1 +0,0 @@ -../activate-nss-ldap.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service deleted file mode 120000 index 194aba77..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-gssd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service deleted file mode 120000 index 66a28252..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-idmapd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service deleted file mode 100644 index 79ffce8d..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFS rpcsec_gss daemon -Requires=run-rpc_pipefs.mount -After=run-rpc_pipefs.mount - -[Service] -ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service deleted file mode 100644 index c4da93e7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFSv4 ID-name mapping daemon -Requires=network.target run-rpc_pipefs.mount -After=network.target - -[Service] -ExecStart=/usr/sbin/rpc.idmapd -f diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount deleted file mode 100644 index 692adce8..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Pipefs RPC filesystem - -[Mount] -What=rpc_pipefs -Where=/run/rpc_pipefs -Type=rpc_pipefs diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close deleted file mode 100755 index 44dcd418..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" - - diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open deleted file mode 100755 index 205090b6..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" - -if [ ! -z "$(mount|grep $PAM_USER)" ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." - exit 0 -fi - -if [ $(id -g $PAM_USER) -ge 1000 ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" - - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" - - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - - # now we can mount the home directory! - mkdir -p /home/$PAM_USER - if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then - exit 0 - else - echo "Failed to mount home directory for $PAM_USER" - exit 1 - fi - -fi - -- cgit v1.2.3-55-g7522 From 3ef531582fad59eaa78266967f150cf35d03ff6b Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Fri, 20 Sep 2013 17:07:41 +0200 Subject: workaround part 2 --- server/modules/pam-freiburg/etc/gssapi_mech.conf | 21 +++++ server/modules/pam-freiburg/etc/idmapd.conf | 12 +++ server/modules/pam-freiburg/etc/krb5.conf | 28 ++++++ server/modules/pam-freiburg/etc/ldap.conf | 11 +++ server/modules/pam-freiburg/etc/ldap/ldap.conf | 7 ++ server/modules/pam-freiburg/etc/openldap/ldap.conf | 1 + .../etc/pam-script/pam_script_ses_close | 1 + .../etc/pam-script/pam_script_ses_open | 1 + .../modules/pam-freiburg/etc/pam.d/common-account | 26 ++++++ server/modules/pam-freiburg/etc/pam.d/common-auth | 27 ++++++ .../modules/pam-freiburg/etc/pam.d/common-password | 33 +++++++ .../modules/pam-freiburg/etc/pam.d/common-session | 38 ++++++++ .../etc/pam.d/common-session-noninteractive | 30 ++++++ server/modules/pam-freiburg/etc/pam.d/kdm | 10 ++ server/modules/pam-freiburg/etc/pam.d/kdm-np | 11 +++ server/modules/pam-freiburg/etc/pam.d/login | 101 +++++++++++++++++++++ server/modules/pam-freiburg/etc/pam.d/other | 10 ++ server/modules/pam-freiburg/etc/pam.d/passwd | 6 ++ server/modules/pam-freiburg/etc/pam.d/sshd | 41 +++++++++ server/modules/pam-freiburg/etc/pam.d/vmware-authd | 6 ++ server/modules/pam-freiburg/etc/pam.d/xdm | 6 ++ .../etc/systemd/system/activate-nss-ldap.service | 10 ++ .../getty.target.wants/activate-nss-ldap.service | 1 + .../system/getty.target.wants/rpc-gssd.service | 1 + .../system/getty.target.wants/rpc-idmapd.service | 1 + .../etc/systemd/system/rpc-gssd.service | 7 ++ .../etc/systemd/system/rpc-idmapd.service | 7 ++ .../etc/systemd/system/run-rpc_pipefs.mount | 7 ++ .../opt/openslx/scripts/pam_script_ses_close | 5 + .../opt/openslx/scripts/pam_script_ses_open | 35 +++++++ 30 files changed, 501 insertions(+) create mode 100644 server/modules/pam-freiburg/etc/gssapi_mech.conf create mode 100644 server/modules/pam-freiburg/etc/idmapd.conf create mode 100644 server/modules/pam-freiburg/etc/krb5.conf create mode 100644 server/modules/pam-freiburg/etc/ldap.conf create mode 100644 server/modules/pam-freiburg/etc/ldap/ldap.conf create mode 120000 server/modules/pam-freiburg/etc/openldap/ldap.conf create mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close create mode 120000 server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-account create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-auth create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-password create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session create mode 100644 server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive create mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm create mode 100644 server/modules/pam-freiburg/etc/pam.d/kdm-np create mode 100644 server/modules/pam-freiburg/etc/pam.d/login create mode 100644 server/modules/pam-freiburg/etc/pam.d/other create mode 100644 server/modules/pam-freiburg/etc/pam.d/passwd create mode 100644 server/modules/pam-freiburg/etc/pam.d/sshd create mode 100644 server/modules/pam-freiburg/etc/pam.d/vmware-authd create mode 100644 server/modules/pam-freiburg/etc/pam.d/xdm create mode 100644 server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service create mode 120000 server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service create mode 100644 server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount create mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close create mode 100755 server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf new file mode 100644 index 00000000..ac41f5fd --- /dev/null +++ b/server/modules/pam-freiburg/etc/gssapi_mech.conf @@ -0,0 +1,21 @@ +# Example /etc/gssapi_mech.conf file +# +# GSSAPI Mechanism Definitions +# +# This configuration file determines which GSS-API mechanisms +# the gssd code should use +# +# NOTE: +# The initiaiization function "mechglue_internal_krb5_init" +# is used for the MIT krb5 gssapi mechanism. This special +# function name indicates that an internal function should +# be used to determine the entry points for the MIT gssapi +# mechanism funtions. +# +# library initialization function +# ================================ ========================== +# The MIT K5 gssapi library, use special function for initialization. +libgssapi_krb5.so.2 mechglue_internal_krb5_init +# +# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. +# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf new file mode 100644 index 00000000..2253cf0d --- /dev/null +++ b/server/modules/pam-freiburg/etc/idmapd.conf @@ -0,0 +1,12 @@ +[General] + +Verbosity = 0 +Pipefs-Directory = /run/rpc_pipefs +# set your own domain here, if id differs from FQDN minus hostname +Domain = uni-freiburg.de +# localdomain + +[Mapping] + +Nobody-User = nobody +Nobody-Group = nogroup diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf new file mode 100644 index 00000000..6fd49243 --- /dev/null +++ b/server/modules/pam-freiburg/etc/krb5.conf @@ -0,0 +1,28 @@ +# file copied from configuration package (rootfs/etc/krb5.conf) +######################################################################### +[libdefaults] + noaddresses = false + clockskew = 300 + default_realm = PUBLIC.ADS.UNI-FREIBURG.DE + forwardable = true + minimum_uid = 1000 + proxiable = false + renew_lifetime = 30d + retain_after_close = false + ticket_lifetime = 3d + use_shmem = sshd + allow_weak_crypto=true +######################################################################### +[realms] + PUBLIC.ADS.UNI-FREIBURG.DE = { + kdc = kerberos.uni-freiburg.de + default_domain = uni-freiburg.de + admin_server = kerberos.uni-freiburg.de + } +######################################################################### +[domain_realm] + uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE + .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE +########################################################################## +[appdefaults] +######################################################################### diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf new file mode 100644 index 00000000..483595d2 --- /dev/null +++ b/server/modules/pam-freiburg/etc/ldap.conf @@ -0,0 +1,11 @@ +URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de +BASE ou=people,dc=uni-freiburg,dc=de +BIND_TIMELIMIT 5 +TIMELIMIT 10 +LOGDIR /tmp/ldap +TLS_REQCERT allow +nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) +nss_base_group ou=group,dc=uni-freiburg,dc=de?one +nss_map_attribute homeDirectory rufClientHome + +nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf new file mode 100644 index 00000000..809065cc --- /dev/null +++ b/server/modules/pam-freiburg/etc/ldap/ldap.conf @@ -0,0 +1,7 @@ +URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de +BASE ou=people,dc=uni-freiburg,dc=de +TLS_REQCERT allow +nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) +nss_base_group ou=group,dc=uni-freiburg,dc=de?one +nss_map_attribute homeDirectory rufClientHome + diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf new file mode 120000 index 00000000..c0aaf459 --- /dev/null +++ b/server/modules/pam-freiburg/etc/openldap/ldap.conf @@ -0,0 +1 @@ +/etc/ldap.conf \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close new file mode 120000 index 00000000..f3682056 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close @@ -0,0 +1 @@ +/opt/openslx/scripts/pam_script_ses_close \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open new file mode 120000 index 00000000..4f5598e5 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open @@ -0,0 +1 @@ +/opt/openslx/scripts/pam_script_ses_open \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account new file mode 100644 index 00000000..3a5d5a14 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-account @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth new file mode 100644 index 00000000..790afa1d --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-auth @@ -0,0 +1,27 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 +auth [success=2 default=ignore] pam_unix.so try_first_pass +auth [success=1 default=ignore] pam_ldap.so use_first_pass +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password new file mode 100644 index 00000000..cb8c7b71 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session new file mode 100644 index 00000000..9a8b73e1 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -0,0 +1,38 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_systemd.so +session optional pam_ck_connector.so +session optional pam_env.so readenv=1 +session optional pam_env.so readenv=1 envfile=/etc/default/locale +session optional pam_krb5.so minimum_uid=1000 +session [success=1] pam_unix.so +session [success=ok] pam_ldap.so +session sufficient pam_script.so +session optional pam_mkhomedir.so skel=/etc/skel umask=0022 +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive new file mode 100644 index 00000000..1fee2c4f --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# The pam_umask module will set the umask according to the system default in +# /etc/login.defs and user settings, solving the problem of different +# umask settings with different shells, display managers, remote sessions etc. +# See "man pam_umask". +session optional pam_umask.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so +# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm new file mode 100644 index 00000000..e6a4ec9b --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/kdm @@ -0,0 +1,10 @@ +# +# /etc/pam.d/kdm - specify the PAM behaviour of kdm +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np new file mode 100644 index 00000000..dc10e5b5 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/kdm-np @@ -0,0 +1,11 @@ +# +# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins +# +auth required pam_nologin.so +auth required pam_env.so readenv=1 +auth required pam_env.so readenv=1 envfile=/etc/default/locale +session required pam_limits.so +account include common-account +password include common-password +session include common-session +auth required pam_permit.so diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login new file mode 100644 index 00000000..1065f351 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/login @@ -0,0 +1,101 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +# OpenSLX: Not Needed? +#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# TODO do we need this? +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +#auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# TODO do we need this? +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +#session required pam_limits.so + +# TODO check if this is needed +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the motd upon succesful login +# (Replaces the `MOTD_FILE' option in login.defs) +session optional pam_motd.so + +# Standard Un*x account and session +account include common-account +session include common-session +password include common-password + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other new file mode 100644 index 00000000..840eb77f --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/other @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd new file mode 100644 index 00000000..32eaa3c6 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/passwd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `passwd' service +# + +password include common-password + diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd new file mode 100644 index 00000000..8954d639 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/sshd @@ -0,0 +1,41 @@ +# PAM configuration for the Secure Shell service + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +auth required pam_env.so # [1] +# In Debian 4.0 (etch), locale-related environment variables were moved to +# /etc/default/locale, so read that as well. +auth required pam_env.so envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +account include common-account + +# Standard Un*x session setup and teardown. +session include common-session + +# Print the message of the day upon successful login. +session optional pam_motd.so # [1] + +# TODO do we need this? +# Print the status of the user's mailbox upon successful login. +#session optional pam_mail.so standard noenv # [1] + +# TODO do we need this? +# Set up user limits from /etc/security/limits.conf. +#session required pam_limits.so + +# Set up SELinux capabilities (need modified pam) +# session required pam_selinux.so multiple + +# Standard Un*x password updating. +password include common-password diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd new file mode 100644 index 00000000..1f9b60f9 --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/vmware-authd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session + diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm new file mode 100644 index 00000000..d21651db --- /dev/null +++ b/server/modules/pam-freiburg/etc/pam.d/xdm @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service new file mode 100644 index 00000000..664f7dd7 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service @@ -0,0 +1,10 @@ +[Unit] +Description=Activate NSS-LDAP lookups +Before=graphical.target + +[Service] +Type=oneshot +ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap +ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf +ExecStart=/usr/bin/systemctl restart nscd + diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service new file mode 120000 index 00000000..1102840c --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service @@ -0,0 +1 @@ +../activate-nss-ldap.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service new file mode 120000 index 00000000..194aba77 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service @@ -0,0 +1 @@ +../rpc-gssd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service new file mode 120000 index 00000000..66a28252 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service @@ -0,0 +1 @@ +../rpc-idmapd.service \ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service new file mode 100644 index 00000000..79ffce8d --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service @@ -0,0 +1,7 @@ +[Unit] +Description=NFS rpcsec_gss daemon +Requires=run-rpc_pipefs.mount +After=run-rpc_pipefs.mount + +[Service] +ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service new file mode 100644 index 00000000..c4da93e7 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service @@ -0,0 +1,7 @@ +[Unit] +Description=NFSv4 ID-name mapping daemon +Requires=network.target run-rpc_pipefs.mount +After=network.target + +[Service] +ExecStart=/usr/sbin/rpc.idmapd -f diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount new file mode 100644 index 00000000..692adce8 --- /dev/null +++ b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount @@ -0,0 +1,7 @@ +[Unit] +Description=Pipefs RPC filesystem + +[Mount] +What=rpc_pipefs +Where=/run/rpc_pipefs +Type=rpc_pipefs diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close new file mode 100755 index 00000000..44dcd418 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -0,0 +1,5 @@ +#!/bin/bash + +[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" + + diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open new file mode 100755 index 00000000..205090b6 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -0,0 +1,35 @@ +#!/bin/bash + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + +[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" + +if [ ! -z "$(mount|grep $PAM_USER)" ]; then + [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." + exit 0 +fi + +if [ $(id -g $PAM_USER) -ge 1000 ]; then + [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" + + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab + chmod 600 /etc/krb5.keytab + + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + + FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + + # now we can mount the home directory! + mkdir -p /home/$PAM_USER + if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then + exit 0 + else + echo "Failed to mount home directory for $PAM_USER" + exit 1 + fi + +fi + -- cgit v1.2.3-55-g7522 From 70e8a6cc6475a7e7a07363b6d61f5c3367da93cb Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Mon, 30 Sep 2013 13:30:44 +0200 Subject: remove wrong commit --- .../pam-hso/etc/pam-script/pam_script_ses_close | 8 -- .../pam-hso/etc/pam-script/pam_script_ses_open | 24 ----- server/modules/pam-hso/etc/pam.d/common-account | 26 ------ server/modules/pam-hso/etc/pam.d/common-auth | 26 ------ server/modules/pam-hso/etc/pam.d/common-password | 33 ------- server/modules/pam-hso/etc/pam.d/common-session | 36 -------- .../etc/pam.d/common-session-noninteractive | 30 ------ server/modules/pam-hso/etc/pam.d/kdm | 10 -- server/modules/pam-hso/etc/pam.d/kdm-np | 11 --- server/modules/pam-hso/etc/pam.d/login | 101 --------------------- server/modules/pam-hso/etc/pam.d/other | 10 -- server/modules/pam-hso/etc/pam.d/passwd | 6 -- server/modules/pam-hso/etc/pam.d/sshd | 41 --------- server/modules/pam-hso/etc/pam.d/vmware-authd | 6 -- server/modules/pam-hso/etc/pam.d/xdm | 6 -- 15 files changed, 374 deletions(-) delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_close delete mode 100755 server/modules/pam-hso/etc/pam-script/pam_script_ses_open delete mode 100644 server/modules/pam-hso/etc/pam.d/common-account delete mode 100644 server/modules/pam-hso/etc/pam.d/common-auth delete mode 100644 server/modules/pam-hso/etc/pam.d/common-password delete mode 100644 server/modules/pam-hso/etc/pam.d/common-session delete mode 100644 server/modules/pam-hso/etc/pam.d/common-session-noninteractive delete mode 100644 server/modules/pam-hso/etc/pam.d/kdm delete mode 100644 server/modules/pam-hso/etc/pam.d/kdm-np delete mode 100644 server/modules/pam-hso/etc/pam.d/login delete mode 100644 server/modules/pam-hso/etc/pam.d/other delete mode 100644 server/modules/pam-hso/etc/pam.d/passwd delete mode 100644 server/modules/pam-hso/etc/pam.d/sshd delete mode 100644 server/modules/pam-hso/etc/pam.d/vmware-authd delete mode 100644 server/modules/pam-hso/etc/pam.d/xdm diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close deleted file mode 100755 index dc7b5bd7..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -echo "[$PAM_TYPE] Closing session for $PAM_USER" - -[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER - diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open deleted file mode 100755 index 4cf6bf58..00000000 --- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - - -#check who is logged in to put the "Home"-Folder on the correct Desktop -#Doesn't work with root! -#export loggedInUser=$(whoami) -[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER" - - -#create Folder on Desktop to link with H-Drive, if not already existent -if [ ! -d /home/users/$loggedInUser ]; then - mkdir -p /home/users/$loggedInUser -fi - - -#ask for username -#read -p "Benutzername: " username - - -#mount H-Drive -ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser - diff --git a/server/modules/pam-hso/etc/pam.d/common-account b/server/modules/pam-hso/etc/pam.d/common-account deleted file mode 100644 index 3a5d5a14..00000000 --- a/server/modules/pam-hso/etc/pam.d/common-account +++ /dev/null @@ -1,26 +0,0 @@ -# -# /etc/pam.d/common-account - authorization settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define -# the central access policy for use on the system. The default is to -# only deny service to users whose accounts are expired in /etc/shadow. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. -# - -# here are the per-package modules (the "Primary" block) -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -account requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -account required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-auth b/server/modules/pam-hso/etc/pam.d/common-auth deleted file mode 100644 index 8a2d4c86..00000000 --- a/server/modules/pam-hso/etc/pam.d/common-auth +++ /dev/null @@ -1,26 +0,0 @@ -# -# /etc/pam.d/common-auth - authentication settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -auth [success=2 default=ignore] pam_unix.so try_first_pass -auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-password b/server/modules/pam-hso/etc/pam.d/common-password deleted file mode 100644 index cb8c7b71..00000000 --- a/server/modules/pam-hso/etc/pam.d/common-password +++ /dev/null @@ -1,33 +0,0 @@ -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. - -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -password [success=1 default=ignore] pam_unix.so obscure sha512 -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session b/server/modules/pam-hso/etc/pam.d/common-session deleted file mode 100644 index 4c4a7e95..00000000 --- a/server/modules/pam-hso/etc/pam.d/common-session +++ /dev/null @@ -1,36 +0,0 @@ -# -# /etc/pam.d/common-session - session-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_env.so readenv=1 -session optional pam_env.so readenv=1 envfile=/etc/default/locale -session [success=1] pam_unix.so -session [success=ok] pam_ldap.so -session sufficient pam_script.so -session optional pam_mkhomedir.so skel=/etc/skel umask=0022 -# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive deleted file mode 100644 index 1fee2c4f..00000000 --- a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive +++ /dev/null @@ -1,30 +0,0 @@ -# -# /etc/pam.d/common-session-noninteractive - session-related modules -# common to all non-interactive services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of all non-interactive sessions. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_unix.so -# end of pam-auth-update config diff --git a/server/modules/pam-hso/etc/pam.d/kdm b/server/modules/pam-hso/etc/pam.d/kdm deleted file mode 100644 index e6a4ec9b..00000000 --- a/server/modules/pam-hso/etc/pam.d/kdm +++ /dev/null @@ -1,10 +0,0 @@ -# -# /etc/pam.d/kdm - specify the PAM behaviour of kdm -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -auth include common-auth -account include common-account -password include common-password -session include common-session diff --git a/server/modules/pam-hso/etc/pam.d/kdm-np b/server/modules/pam-hso/etc/pam.d/kdm-np deleted file mode 100644 index dc10e5b5..00000000 --- a/server/modules/pam-hso/etc/pam.d/kdm-np +++ /dev/null @@ -1,11 +0,0 @@ -# -# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -session required pam_limits.so -account include common-account -password include common-password -session include common-session -auth required pam_permit.so diff --git a/server/modules/pam-hso/etc/pam.d/login b/server/modules/pam-hso/etc/pam.d/login deleted file mode 100644 index 1065f351..00000000 --- a/server/modules/pam-hso/etc/pam.d/login +++ /dev/null @@ -1,101 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -# OpenSLX: Not Needed? -#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# TODO do we need this? -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -#auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# TODO do we need this? -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -#session required pam_limits.so - -# TODO check if this is needed -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Standard Un*x account and session -account include common-account -session include common-session -password include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/server/modules/pam-hso/etc/pam.d/other b/server/modules/pam-hso/etc/pam.d/other deleted file mode 100644 index 840eb77f..00000000 --- a/server/modules/pam-hso/etc/pam.d/other +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - diff --git a/server/modules/pam-hso/etc/pam.d/passwd b/server/modules/pam-hso/etc/pam.d/passwd deleted file mode 100644 index 32eaa3c6..00000000 --- a/server/modules/pam-hso/etc/pam.d/passwd +++ /dev/null @@ -1,6 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password - diff --git a/server/modules/pam-hso/etc/pam.d/sshd b/server/modules/pam-hso/etc/pam.d/sshd deleted file mode 100644 index 8954d639..00000000 --- a/server/modules/pam-hso/etc/pam.d/sshd +++ /dev/null @@ -1,41 +0,0 @@ -# PAM configuration for the Secure Shell service - -# Read environment variables from /etc/environment and -# /etc/security/pam_env.conf. -auth required pam_env.so # [1] -# In Debian 4.0 (etch), locale-related environment variables were moved to -# /etc/default/locale, so read that as well. -auth required pam_env.so envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# Disallow non-root logins when /etc/nologin exists. -account required pam_nologin.so - -# Uncomment and edit /etc/security/access.conf if you need to set complex -# access limits that are hard to express in sshd_config. -# account required pam_access.so - -# Standard Un*x authorization. -account include common-account - -# Standard Un*x session setup and teardown. -session include common-session - -# Print the message of the day upon successful login. -session optional pam_motd.so # [1] - -# TODO do we need this? -# Print the status of the user's mailbox upon successful login. -#session optional pam_mail.so standard noenv # [1] - -# TODO do we need this? -# Set up user limits from /etc/security/limits.conf. -#session required pam_limits.so - -# Set up SELinux capabilities (need modified pam) -# session required pam_selinux.so multiple - -# Standard Un*x password updating. -password include common-password diff --git a/server/modules/pam-hso/etc/pam.d/vmware-authd b/server/modules/pam-hso/etc/pam.d/vmware-authd deleted file mode 100644 index 1f9b60f9..00000000 --- a/server/modules/pam-hso/etc/pam.d/vmware-authd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session include common-session - diff --git a/server/modules/pam-hso/etc/pam.d/xdm b/server/modules/pam-hso/etc/pam.d/xdm deleted file mode 100644 index d21651db..00000000 --- a/server/modules/pam-hso/etc/pam.d/xdm +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session -- cgit v1.2.3-55-g7522 From 204a320a3a6800a104c0170f1678e83a01a8a73a Mon Sep 17 00:00:00 2001 From: Christian Rößler Date: Mon, 30 Sep 2013 18:28:42 +0200 Subject: [systemd] Providing links in to systemctl/systemd (halt, init, poweroff, reboot, runlevel, shutdown, telinit) --- remote/modules/systemd/data/sbin/halt | 1 + remote/modules/systemd/data/sbin/init | 1 + remote/modules/systemd/data/sbin/poweroff | 1 + remote/modules/systemd/data/sbin/reboot | 1 + remote/modules/systemd/data/sbin/runlevel | 1 + remote/modules/systemd/data/sbin/shutdown | 1 + remote/modules/systemd/data/sbin/telinit | 1 + 7 files changed, 7 insertions(+) create mode 120000 remote/modules/systemd/data/sbin/halt create mode 120000 remote/modules/systemd/data/sbin/init create mode 120000 remote/modules/systemd/data/sbin/poweroff create mode 120000 remote/modules/systemd/data/sbin/reboot create mode 120000 remote/modules/systemd/data/sbin/runlevel create mode 120000 remote/modules/systemd/data/sbin/shutdown create mode 120000 remote/modules/systemd/data/sbin/telinit diff --git a/remote/modules/systemd/data/sbin/halt b/remote/modules/systemd/data/sbin/halt new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/halt @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/init b/remote/modules/systemd/data/sbin/init new file mode 120000 index 00000000..60baf528 --- /dev/null +++ b/remote/modules/systemd/data/sbin/init @@ -0,0 +1 @@ +/usr/lib/systemd/systemd \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/poweroff b/remote/modules/systemd/data/sbin/poweroff new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/poweroff @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/reboot b/remote/modules/systemd/data/sbin/reboot new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/reboot @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/runlevel b/remote/modules/systemd/data/sbin/runlevel new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/runlevel @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/shutdown b/remote/modules/systemd/data/sbin/shutdown new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/shutdown @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file diff --git a/remote/modules/systemd/data/sbin/telinit b/remote/modules/systemd/data/sbin/telinit new file mode 120000 index 00000000..5d9faf5d --- /dev/null +++ b/remote/modules/systemd/data/sbin/telinit @@ -0,0 +1 @@ +/usr/bin/systemctl \ No newline at end of file -- cgit v1.2.3-55-g7522 From 2c5131cb19be127852d4f4f8f5f8b4bbd75c693d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 30 Sep 2013 18:53:37 +0200 Subject: [vmchooser] Add windows binary that will set the resolution in the VM. The binary will be placed in the virtual drive B floppy image --- .../data/opt/openslx/etc/vmchooser/openslx.exe | Bin 0 -> 12800 bytes .../data/opt/openslx/scripts/vmchooser-run_virt | 2 ++ 2 files changed, 2 insertions(+) create mode 100755 remote/modules/vmchooser/data/opt/openslx/etc/vmchooser/openslx.exe diff --git a/remote/modules/vmchooser/data/opt/openslx/etc/vmchooser/openslx.exe b/remote/modules/vmchooser/data/opt/openslx/etc/vmchooser/openslx.exe new file mode 100755 index 00000000..e016f407 Binary files /dev/null and b/remote/modules/vmchooser/data/opt/openslx/etc/vmchooser/openslx.exe differ diff --git a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt index 7e594747..b0d01738 100755 --- a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt +++ b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt @@ -432,6 +432,8 @@ fi cp "$xmlfile" "/opt/openslx/etc/vmchooser/fd-loop/config.xml" # Add another file with resolution information xrandr | grep -o -E 'current\s*[0-9]+\s*x\s*[0-9]+' | cut -c 8- | sed -r 's/(\s|\t|\n)//g' | head -n 1 > "/opt/openslx/etc/vmchooser/fd-loop/hostres.txt" +# Add our magic openslx binary that sets the correct guest resolution +cp "/opt/openslx/etc/vmchooser/openslx.exe" "/opt/openslx/etc/vmchooser/fd-loop/" # Try to use dnbd3 to access the image unset vm_diskfile -- cgit v1.2.3-55-g7522 From 5d27089f162367f6510c3323cfd2b29233e4effb Mon Sep 17 00:00:00 2001 From: Manuel Schneider Date: Tue, 1 Oct 2013 14:20:22 +0200 Subject: [german] Fix locale generation on ubuntu --- remote/modules/german/german.build | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/remote/modules/german/german.build b/remote/modules/german/german.build index c8795254..cd68f009 100644 --- a/remote/modules/german/german.build +++ b/remote/modules/german/german.build @@ -10,10 +10,10 @@ build() { locale-gen || perror "Could not generate locales (debian style)" fi # Ubuntu's version - if [ -d "/var/lib/locales/supported.d" ] && ! grep -q -E -r '^\s*de_DE\.UTF-8' "/var/lib/locales/supported.d"; then + if [ -d "/var/lib/locales/supported.d" ] && [ ! -d /usr/lib/locale/de_DE.utf8 ]; then pinfo "Generating locales..." - echo 'de_DE.UTF-8 UTF-8' >> "/var/lib/locales/supported.d/openslx" - locale-gen "de_DE.UTF-8" || perror "Could not generate locales (ubuntu style)" + grep -q -E -r '^\s*de_DE\.UTF-8' "/var/lib/locales/supported.d" || echo 'de_DE.UTF-8 UTF-8' >> "/var/lib/locales/supported.d/openslx" + locale-gen --no-archive --purge "de_DE.UTF-8" || perror "Could not generate locales (ubuntu style)" fi # Put everything we build or get from the system in build dir -- cgit v1.2.3-55-g7522 From d566089a340cf9a971c26a357758f79149f83655 Mon Sep 17 00:00:00 2001 From: Manuel Schneider Date: Tue, 1 Oct 2013 14:20:40 +0200 Subject: [vmchooser] Make sure Qt4 is used, only patch source if not already patched --- remote/modules/vmchooser/vmchooser.build | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/remote/modules/vmchooser/vmchooser.build b/remote/modules/vmchooser/vmchooser.build index 9a9d6d63..0e68eea1 100644 --- a/remote/modules/vmchooser/vmchooser.build +++ b/remote/modules/vmchooser/vmchooser.build @@ -11,17 +11,20 @@ build() { cd "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" # patch globals.cpp and globals.h to use standardised paths /opt/openslx/... - sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"/g' "${SRCDIR}"/src/globals.h - sed -i 's/^#define VMCHOOSER_ETC_BASE_PATH.*/#define VMCHOOSER_ETC_BASE_PATH "\/opt\/openslx\/etc\/vmchooser"/g' "${SRCDIR}"/src/globals.h - sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"\n#define VMCHOOSER_SCRIPTS_PATH "\/opt\/openslx\/scripts"/g' "${SRCDIR}"/src/globals.h - sed -i 's/^#define VMCHOOSER_THEME_BASE.*/#define VMCHOOSER_THEME_BASE "\/opt\/openslx\/usr\/share\/vmchooser\/themes"/g' "${SRCDIR}"/src/globals.h - - sed -i 's/^QString binPath(VMCHOOSER_BIN_PATH);/QString binPath(VMCHOOSER_BIN_PATH);\nQString scriptsPath(VMCHOOSER_SCRIPTS_PATH);/g' "${SRCDIR}"/src/globals.cpp - sed -i 's/^QString runVmScript(binPath + "\/run-virt.sh");/QString runVmScript(scriptsPath + "\/vmchooser-run_virt");/g' "${SRCDIR}"/src/globals.cpp - sed -i 's/^QString filterScript(binPath + "\/xmlfilter.sh");/QString filterScript(scriptsPath + "\/vmchooser-xml_filter");/g' "${SRCDIR}"/src/globals.cpp - sed -i 's/^#define VMCHOOSER_VMPATH.*/#define VMCHOOSER_VMPATH "\/mnt\/vmstore"/g' "${SRCDIR}"/src/globals.h + if ! grep -q VMCHOOSER_SCRIPTS_PATH "$SRCDIR/src/globals.h"; then + sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"/g' "${SRCDIR}"/src/globals.h + sed -i 's/^#define VMCHOOSER_ETC_BASE_PATH.*/#define VMCHOOSER_ETC_BASE_PATH "\/opt\/openslx\/etc\/vmchooser"/g' "${SRCDIR}"/src/globals.h + sed -i 's/^#define VMCHOOSER_BIN_PATH.*/#define VMCHOOSER_BIN_PATH "\/opt\/openslx\/bin"\n#define VMCHOOSER_SCRIPTS_PATH "\/opt\/openslx\/scripts"/g' "${SRCDIR}"/src/globals.h + sed -i 's/^#define VMCHOOSER_THEME_BASE.*/#define VMCHOOSER_THEME_BASE "\/opt\/openslx\/usr\/share\/vmchooser\/themes"/g' "${SRCDIR}"/src/globals.h + + sed -i 's/^QString binPath(VMCHOOSER_BIN_PATH);/QString binPath(VMCHOOSER_BIN_PATH);\nQString scriptsPath(VMCHOOSER_SCRIPTS_PATH);/g' "${SRCDIR}"/src/globals.cpp + sed -i 's/^QString runVmScript(binPath + "\/run-virt.sh");/QString runVmScript(scriptsPath + "\/vmchooser-run_virt");/g' "${SRCDIR}"/src/globals.cpp + sed -i 's/^QString filterScript(binPath + "\/xmlfilter.sh");/QString filterScript(scriptsPath + "\/vmchooser-xml_filter");/g' "${SRCDIR}"/src/globals.cpp + sed -i 's/^#define VMCHOOSER_VMPATH.*/#define VMCHOOSER_VMPATH "\/mnt\/vmstore"/g' "${SRCDIR}"/src/globals.h + fi pinfo "Running cmake" + ln -sf qt4.conf /usr/share/qtchooser/default.conf cmake "$SRCDIR" || perror "'cmake $SRCDIR' failed." make || perror "'make' failed." -- cgit v1.2.3-55-g7522 From 8f3dd1062808593f23ba8f2394c1b28cf8ad6851 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 4 Oct 2013 10:08:41 +0200 Subject: [rootfs-stage32] Add dnbd3 support to stage4 mounting --- .../data/etc/systemd/system/nfs-mount.service | 2 ++ .../data/opt/openslx/scripts/systemd-mount_export | 32 +++++++++++++++++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/nfs-mount.service b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/nfs-mount.service index 922656f1..3deb3def 100644 --- a/remote/rootfs/rootfs-stage32/data/etc/systemd/system/nfs-mount.service +++ b/remote/rootfs/rootfs-stage32/data/etc/systemd/system/nfs-mount.service @@ -1,6 +1,8 @@ [Unit] Description=Mount NFS Share [TEST] DefaultDependencies=no +Wants=setup-dnbd3.service +After=setup-dnbd3.service [Service] Type=oneshot diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export index b116c067..fd3e1b0a 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-mount_export @@ -2,14 +2,38 @@ . /opt/openslx/config -[ -z "${SLX_STAGE4_NFS}" ] && { echo "SLX_STAGE4_NFS is not set in /opt/openslx/config." && exit 1; } +[ -z "${SLX_STAGE4}" ] && { echo "SLX_STAGE4 is not set in /opt/openslx/config." && exit 1; } MOUNTPOINT="/opt/openslx/mnt/stage4" mkdir -p "$MOUNTPOINT" -echo "Mounting ${SLX_STAGE4_NFS} to $MOUNTPOINT" -mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4_NFS" "$MOUNTPOINT" || { echo "Fail." && exit 1; } + +if [[ "$SLX_STAGE4" == dnbd3* ]]; then + # dnbd3 it is + [ -z "${SLX_DNBD3_SERVERS}" ] && { echo "SLX_DNBD3_SERVERS empty or not set in /opt/openslx/config." && exit 1; } + # Randomize list + SERVERS=$(for SERVER in $SLX_DNBD3_SERVERS; do echo "$RANDOM $SERVER"; done | sort -u | sed -r 's/^[0-9]+ //') + IMAGE=$(echo $SLX_STAGE4 | awk '{printf $2}') + [ -e /var/run/dnbd3.socket ] || sleep 2 # Ugly, service should only start when dnbd3 daemon is up and running + RET=1337 + for SRV in $SERVERS; do + echo "Requesting $IMAGE from $SRV" + dnbd3=$(dnbd3-client -h "$SRV" -i "$IMAGE" -r 0) + RET=$? + [ "$RET" -eq "0" ] && break + echo "... didn't work ($RET)" + done + [ "$RET" -ne "0" ] && exit $RET + echo "Mounting $dnbd3 to $MOUNTPOINT" + mount -t squashfs -o ro "$dnbd3" "$MOUNTPOINT" || { echo "Fail."; exit 1; } +else + # Try nfs + echo "Mounting ${SLX_STAGE4} to $MOUNTPOINT" + mount -t nfs -o ro,async,nolock,vers=3 "$SLX_STAGE4" "$MOUNTPOINT" || { echo "Fail." && exit 1; } +fi + echo "Appending $MOUNTPOINT to /" -mount -o "remount,append:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } +mount -o "remount,add:1:$MOUNTPOINT=ro" / || { echo "Fail." && exit 1; } # dbus reload needed eg. for gnome etc. and perhaps other service files which stage4 needs: systemctl reload dbus.service + -- cgit v1.2.3-55-g7522 From 64a97ca16b810dd1d32a58394be0e7d554bd0be3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 4 Oct 2013 10:13:13 +0200 Subject: [config.tgz] Add module to mount stage4 at boot-up, enable by default inf configs/freiburg --- server/blacklists/essential/linux-base | 3 +++ server/configs/freiburg/stage4-at-boot | 1 + .../etc/systemd/system/basic.target.wants/nfs-mount.service | 1 + 3 files changed, 5 insertions(+) create mode 120000 server/configs/freiburg/stage4-at-boot create mode 120000 server/modules/stage4-at-boot/etc/systemd/system/basic.target.wants/nfs-mount.service diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base index 522ae191..0f417425 100644 --- a/server/blacklists/essential/linux-base +++ b/server/blacklists/essential/linux-base @@ -1,3 +1,5 @@ +# Always include ldconfig/cache of full system: ++ /etc/ld.so.** - /boot/ - /cdrom/ - /dev/ @@ -23,6 +25,7 @@ - /var/spool/** - /etc/resolv.conf - /etc/resolvconf/ +- /etc/mtab - **/tm-scripts/ - /initrd.img - /initrd.img.old diff --git a/server/configs/freiburg/stage4-at-boot b/server/configs/freiburg/stage4-at-boot new file mode 120000 index 00000000..b1ec86ba --- /dev/null +++ b/server/configs/freiburg/stage4-at-boot @@ -0,0 +1 @@ +../../modules/stage4-at-boot \ No newline at end of file diff --git a/server/modules/stage4-at-boot/etc/systemd/system/basic.target.wants/nfs-mount.service b/server/modules/stage4-at-boot/etc/systemd/system/basic.target.wants/nfs-mount.service new file mode 120000 index 00000000..1936daef --- /dev/null +++ b/server/modules/stage4-at-boot/etc/systemd/system/basic.target.wants/nfs-mount.service @@ -0,0 +1 @@ +../nfs-mount.service \ No newline at end of file -- cgit v1.2.3-55-g7522 From 0c968bee0d80515a5abfdbdc0508b715a2f348ac Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 4 Oct 2013 11:56:28 +0200 Subject: [blacklist] Add /etc/mtab* --- server/blacklists/essential/linux-base | 1 + 1 file changed, 1 insertion(+) diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base index 0f417425..4f58b6c9 100644 --- a/server/blacklists/essential/linux-base +++ b/server/blacklists/essential/linux-base @@ -26,6 +26,7 @@ - /etc/resolv.conf - /etc/resolvconf/ - /etc/mtab +- /etc/mtab.* - **/tm-scripts/ - /initrd.img - /initrd.img.old -- cgit v1.2.3-55-g7522 From f4aabd68043307e8b6f24c572f098acda2548fbe Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 4 Oct 2013 14:06:18 +0200 Subject: [rootfs-stage32] Add iptables rule to redirect printing jobs to port 515 --- remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx index 4c1d9ffc..c2dbfbb4 100755 --- a/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx +++ b/remote/rootfs/rootfs-stage32/data/opt/openslx/scripts/udhcpc-openslx @@ -132,6 +132,10 @@ case "$1" in # Mark network target as reached systemctl start network.target + # Port redirection for printing + iptables -A INPUT -i br0 -p tcp --dport 515 -j DROP + iptables -A INPUT -i br0 -p tcp --dport 5515 -j DROP + iptables -t nat -A PREROUTING -p tcp --dport 515 -j DNAT --to-destination 127.0.0.1:5515 fi ;; -- cgit v1.2.3-55-g7522 From bf63b009959594d67ec7f077f643dbc84ec6e582 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 7 Oct 2013 11:20:29 +0200 Subject: Ansering to Ticket #518 (reducing the number of MAXCORES) ... Should be checked, if working and should be configured more properly ... --- remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include b/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include index b755133f..65699e31 100755 --- a/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include +++ b/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include @@ -33,8 +33,9 @@ runvmwareconfheader () { echo "# This configuration file was generated by $0" > "$conffile" + # does this makes sense? Depends on the VMworkstation in use MAXMEM="9999999" - MAXCORES="256" + MAXCORES="4" # check for the ostype # 1) memory limits -- cgit v1.2.3-55-g7522 From 207cb85cf257aac62766279f26ef24635a43477c Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 7 Oct 2013 11:22:35 +0200 Subject: ... --- remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include | 1 + 1 file changed, 1 insertion(+) diff --git a/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include b/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include index 65699e31..e60d5a5b 100755 --- a/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include +++ b/remote/modules/vmplayer/data/opt/openslx/etc/vmware/run-virt.include @@ -154,6 +154,7 @@ runvmwareconfheader () shfolders="TRUE" ;; winxp*|winvista*|windows7*) + MAXCORES="4" shfolders="TRUE" ;; winnet*) -- cgit v1.2.3-55-g7522