diff --git a/.etckeeper b/.etckeeper index 63998e6c..e76d48d6 100755 --- a/.etckeeper +++ b/.etckeeper @@ -41,11 +41,13 @@ mkdir -p './nginx/conf.d' mkdir -p './nginx/modules-available' mkdir -p './opt' mkdir -p './parallel' -mkdir -p './perl/CPAN' mkdir -p './resolvconf/update-libc.d' mkdir -p './rsyslog.d' +mkdir -p './runit/runsvdir/default' mkdir -p './security/limits.d' mkdir -p './security/namespace.d' +mkdir -p './ssh/ssh_config.d' +mkdir -p './ssh/sshd_config.d' mkdir -p './triggerhappy/triggers.d' mkdir -p './udev/hwdb.d' mkdir -p './usb_modeswitch.d' @@ -440,7 +442,6 @@ maybe chmod 0755 'cron.daily' maybe chmod 0644 'cron.daily/.placeholder' maybe chmod 0755 'cron.daily/apt-compat' maybe chmod 0755 'cron.daily/aptitude' -maybe chmod 0755 'cron.daily/bsdmainutils' maybe chmod 0755 'cron.daily/dpkg' maybe chmod 0755 'cron.daily/etckeeper' maybe chmod 0755 'cron.daily/exim4-base' @@ -448,7 +449,6 @@ maybe chmod 0755 'cron.daily/lighttpd' maybe chmod 0755 'cron.daily/locate' maybe chmod 0755 'cron.daily/logrotate' maybe chmod 0755 'cron.daily/man-db' -maybe chmod 0755 'cron.daily/passwd' maybe chmod 0755 'cron.daily/sysstat' maybe chmod 0755 'cron.hourly' maybe chmod 0644 'cron.hourly/.placeholder' @@ -479,7 +479,6 @@ maybe chmod 0644 'default/avahi-daemon' maybe chmod 0644 'default/bind9' maybe chmod 0644 'default/bluetooth' maybe chmod 0644 'default/bridge-utils' -maybe chmod 0644 'default/bsdmainutils' maybe chmod 0644 'default/console-setup' maybe chmod 0644 'default/crda' maybe chmod 0644 'default/cron' @@ -1055,15 +1054,21 @@ maybe chmod 0644 'dhcp/.git/refs/remotes/origin/master' maybe chmod 0755 'dhcp/.git/refs/tags' maybe chmod 0644 'dhcp/.gitignore' maybe chmod 0644 'dhcp/debug' +maybe chmod 0644 'dhcp/debug.dpkg-new' maybe chmod 0755 'dhcp/dhclient-enter-hooks.d' maybe chmod 0644 'dhcp/dhclient-enter-hooks.d/resolvconf' +maybe chmod 0644 'dhcp/dhclient-enter-hooks.d/resolvconf.dpkg-new' maybe chmod 0755 'dhcp/dhclient-enter-hooks.d/samba' maybe chmod 0755 'dhcp/dhclient-exit-hooks.d' maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes' +maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes.dpkg-new' maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/timesyncd' maybe chmod 0644 'dhcp/dhclient.conf' +maybe chmod 0644 'dhcp/dhclient.conf.dpkg-new' maybe chmod 0644 'dhcp/dhcpd.conf' +maybe chmod 0644 'dhcp/dhcpd.conf.dpkg-new' maybe chmod 0644 'dhcp/dhcpd6.conf' +maybe chmod 0644 'dhcp/dhcpd6.conf.dpkg-new' maybe chmod 0644 'dhcp/dynamic.conf' maybe chmod 0644 'dhcp/fixed.conf' maybe chmod 0644 'dhcp/options.conf' @@ -1417,6 +1422,7 @@ maybe chmod 0644 'groff/man.local' maybe chmod 0644 'groff/mdoc.local' maybe chmod 0644 'group' maybe chmod 0644 'group-' +maybe chmod 0644 'group.org' maybe chgrp 'shadow' 'gshadow' maybe chmod 0640 'gshadow' maybe chgrp 'shadow' 'gshadow-' @@ -1441,7 +1447,6 @@ maybe chmod 0755 'init.d' maybe chmod 0755 'init.d/alsa-utils' maybe chmod 0755 'init.d/atd' maybe chmod 0755 'init.d/avahi-daemon' -maybe chmod 0755 'init.d/bind9' maybe chmod 0755 'init.d/bluetooth' maybe chmod 0755 'init.d/connman' maybe chmod 0755 'init.d/console-setup.sh' @@ -1507,7 +1512,6 @@ maybe chmod 0644 'init/mountnfs.sh.conf' maybe chmod 0644 'init/mtab.sh.conf' maybe chmod 0644 'init/paxctld.conf' maybe chmod 0644 'init/php7.3-fpm.conf' -maybe chmod 0644 'init/resolvconf.conf' maybe chmod 0644 'init/rpcbind.override' maybe chmod 0755 'initramfs-tools' maybe chmod 0755 'initramfs-tools/conf.d' @@ -13864,7 +13868,6 @@ maybe chmod 0644 'lighttpd/conf-available/99-unconfigured.conf' maybe chmod 0644 'lighttpd/conf-available/README' maybe chmod 0755 'lighttpd/conf-enabled' maybe chmod 0644 'lighttpd/lighttpd.conf' -maybe chmod 0644 'lintianrc' maybe chmod 0644 'locale.alias' maybe chmod 0644 'locale.gen' maybe chmod 0755 'logcheck' @@ -14022,13 +14025,12 @@ maybe chmod 0644 'pam.d/sshd' maybe chmod 0644 'pam.d/su' maybe chmod 0644 'pam.d/su-l' maybe chmod 0644 'pam.d/sudo' -maybe chmod 0644 'pam.d/systemd-user' maybe chmod 0755 'parallel' maybe chmod 0644 'passwd' maybe chmod 0644 'passwd-' +maybe chmod 0644 'passwd.org' maybe chmod 0644 'paxctld.conf' maybe chmod 0755 'perl' -maybe chmod 0755 'perl/CPAN' maybe chmod 0755 'perl/Net' maybe chmod 0644 'perl/Net/libnet.cfg' maybe chmod 0755 'perl/XML' @@ -14221,6 +14223,8 @@ maybe chmod 0755 'python3.6' maybe chmod 0644 'python3.6/sitecustomize.py' maybe chmod 0755 'python3.7' maybe chmod 0644 'python3.7/sitecustomize.py' +maybe chmod 0755 'python3.9' +maybe chmod 0644 'python3.9/sitecustomize.py' maybe chmod 0644 'python3/debian_config' maybe chmod 0755 'rc.local' maybe chmod 0755 'rc0.d' @@ -14252,13 +14256,16 @@ maybe chmod 0644 'rpc' maybe chmod 0644 'rpi-issue' maybe chmod 0644 'rsyslog.conf' maybe chmod 0755 'rsyslog.d' +maybe chmod 0755 'runit' +maybe chmod 0755 'runit/runsvdir' +maybe chmod 0755 'runit/runsvdir/default' maybe chmod 0755 'samba' maybe chmod 0644 'samba/gdbcommands' maybe chmod 0644 'samba/smb.conf' maybe chmod 0644 'screenrc' -maybe chmod 0644 'securetty' maybe chmod 0755 'security' maybe chmod 0644 'security/access.conf' +maybe chmod 0644 'security/faillock.conf' maybe chmod 0644 'security/group.conf' maybe chmod 0644 'security/limits.conf' maybe chmod 0755 'security/limits.d' @@ -14298,6 +14305,8 @@ maybe chgrp 'shadow' 'shadow' maybe chmod 0640 'shadow' maybe chgrp 'shadow' 'shadow-' maybe chmod 0640 'shadow-' +maybe chgrp 'shadow' 'shadow.org' +maybe chmod 0640 'shadow.org' maybe chmod 0644 'shells' maybe chmod 0755 'skel' maybe chmod 0644 'skel/.bash_logout' @@ -14306,6 +14315,7 @@ maybe chmod 0644 'skel/.profile' maybe chmod 0755 'ssh' maybe chmod 0644 'ssh/moduli' maybe chmod 0644 'ssh/ssh_config' +maybe chmod 0755 'ssh/ssh_config.d' maybe chmod 0600 'ssh/ssh_host_dsa_key' maybe chmod 0644 'ssh/ssh_host_dsa_key.pub' maybe chmod 0600 'ssh/ssh_host_ecdsa_key' @@ -14315,6 +14325,7 @@ maybe chmod 0644 'ssh/ssh_host_ed25519_key.pub' maybe chmod 0600 'ssh/ssh_host_rsa_key' maybe chmod 0644 'ssh/ssh_host_rsa_key.pub' maybe chmod 0644 'ssh/sshd_config' +maybe chmod 0755 'ssh/sshd_config.d' maybe chmod 0755 'ssl' maybe chmod 0755 'ssl/certs' maybe chmod 0644 'ssl/certs/ca-certificates.crt' @@ -14337,11 +14348,14 @@ maybe chmod 0440 'sudoers.d/README' maybe chmod 0440 'sudoers.d/gs-nopasswd' maybe chmod 0644 'sudoers.d/lecture' maybe chmod 0440 'sudoers.d/pihole' +maybe chmod 0755 'sv' +maybe chmod 0755 'sv/ssh' +maybe chmod 0755 'sv/ssh/.meta' +maybe chmod 0755 'sv/ssh/log' maybe chmod 0644 'sysctl.conf' maybe chmod 0755 'sysctl.d' maybe chmod 0644 'sysctl.d/98-rpi.conf' maybe chmod 0644 'sysctl.d/README.sysctl' -maybe chmod 0644 'sysctl.d/protect-links.conf' maybe chmod 0755 'sysstat' maybe chmod 0644 'sysstat/sysstat' maybe chmod 0644 'sysstat/sysstat.ioconf' @@ -14350,6 +14364,7 @@ maybe chmod 0644 'systemd/journald.conf' maybe chmod 0644 'systemd/logind.conf' maybe chmod 0755 'systemd/network' maybe chmod 0644 'systemd/networkd.conf' +maybe chmod 0644 'systemd/pstore.conf' maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0644 'systemd/sleep.conf' maybe chmod 0755 'systemd/system' @@ -14383,6 +14398,7 @@ maybe chmod 0644 'systemd/timesyncd.conf' maybe chmod 0755 'systemd/user' maybe chmod 0644 'systemd/user.conf' maybe chmod 0755 'systemd/user/default.target.wants' +maybe chmod 0755 'systemd/user/sockets.target.wants' maybe chmod 0755 'terminfo' maybe chmod 0644 'terminfo/README' maybe chmod 0644 'tesxt' diff --git a/alternatives/from b/alternatives/from deleted file mode 120000 index 3ee66431..00000000 --- a/alternatives/from +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/bsd-from \ No newline at end of file diff --git a/alternatives/from.1.gz b/alternatives/from.1.gz deleted file mode 120000 index 9c0d8d39..00000000 --- a/alternatives/from.1.gz +++ /dev/null @@ -1 +0,0 @@ -/usr/share/man/man1/bsd-from.1.gz \ No newline at end of file diff --git a/alternatives/x-cursor-theme b/alternatives/x-cursor-theme deleted file mode 120000 index 131c2558..00000000 --- a/alternatives/x-cursor-theme +++ /dev/null @@ -1 +0,0 @@ -/usr/share/icons/Adwaita/cursor.theme \ No newline at end of file diff --git a/apt/apt.conf.d/01autoremove b/apt/apt.conf.d/01autoremove index f9d9e85d..478c571e 100644 --- a/apt/apt.conf.d/01autoremove +++ b/apt/apt.conf.d/01autoremove @@ -10,31 +10,13 @@ APT VersionedKernelPackages { - # linux kernels - "linux-image"; - "linux-headers"; - "linux-image-extra"; - "linux-modules"; - "linux-modules-extra"; - "linux-signed-image"; - "linux-image-unsigned"; - # kfreebsd kernels - "kfreebsd-image"; - "kfreebsd-headers"; - # hurd kernels - "gnumach-image"; + # kernels + "linux-.*"; + "kfreebsd-.*"; + "gnumach-.*"; # (out-of-tree) modules ".*-modules"; ".*-kernel"; - "linux-backports-modules-.*"; - "linux-modules-.*"; - # tools - "linux-tools"; - "linux-cloud-tools"; - # build info - "linux-buildinfo"; - # source code - "linux-source"; }; Never-MarkAuto-Sections diff --git a/cron.daily/bsdmainutils b/cron.daily/bsdmainutils deleted file mode 100755 index e65cbd3b..00000000 --- a/cron.daily/bsdmainutils +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# /etc/cron.daily/calendar: BSD mainutils calendar daily maintenance script -# Written by Austin Donnelly - -. /etc/default/bsdmainutils - -[ x$RUN_DAILY = xtrue ] || exit 0 - -[ -x /usr/sbin/sendmail ] || exit 0 - -if [ ! -x /usr/bin/cpp ]; then - echo "The cpp package is needed to run calendar." - exit 1 -fi - -/usr/bin/calendar -a diff --git a/cron.daily/dpkg b/cron.daily/dpkg index 62da8172..11124f7d 100755 --- a/cron.daily/dpkg +++ b/cron.daily/dpkg @@ -4,33 +4,39 @@ dbdir=/var/lib/dpkg # Backup the 7 last versions of dpkg databases containing user data. if cd /var/backups ; then - # We backup all relevant database files if any has changed, so that - # the rotation number always contains an internally consistent set. - dbchanged=no - dbfiles="arch status diversions statoverride" + # We backup all relevant database files if any has changed, so that + # the rotation number always contains an internally consistent set. + dbchanged=no + dbfiles="arch status diversions statoverride" + for db in $dbfiles ; do + if ! [ -s "dpkg.${db}.0" ] && ! [ -s "$dbdir/$db" ]; then + # Special case the files not existing or being empty as being equal. + continue + elif ! cmp -s "dpkg.${db}.0" "$dbdir/$db"; then + dbchanged=yes + break + fi + done + if [ "$dbchanged" = "yes" ] ; then for db in $dbfiles ; do - if ! cmp -s "dpkg.${db}.0" "$dbdir/$db"; then - dbchanged=yes - break; - fi + if [ -e "$dbdir/$db" ]; then + cp -p "$dbdir/$db" "dpkg.$db" + else + touch "dpkg.$db" + fi + savelog -c 7 "dpkg.$db" >/dev/null done - if [ "$dbchanged" = "yes" ] ; then - for db in $dbfiles ; do - [ -e "$dbdir/$db" ] || continue - cp -p "$dbdir/$db" "dpkg.$db" - savelog -c 7 "dpkg.$db" >/dev/null - done - fi + fi - # The alternatives database is independent from the dpkg database. - dbalt=alternatives + # The alternatives database is independent from the dpkg database. + dbalt=alternatives - # XXX: Ideally we'd use --warning=none instead of discarding stderr, but - # as of GNU tar 1.27.1, it does not seem to work reliably (see #749307). - if ! test -e ${dbalt}.tar.0 || - ! tar -df ${dbalt}.tar.0 -C $dbdir $dbalt >/dev/null 2>&1 ; - then - tar -cf ${dbalt}.tar -C $dbdir $dbalt >/dev/null 2>&1 - savelog -c 7 ${dbalt}.tar >/dev/null - fi + # XXX: Ideally we'd use --warning=none instead of discarding stderr, but + # as of GNU tar 1.27.1, it does not seem to work reliably (see #749307). + if ! test -e ${dbalt}.tar.0 || + ! tar -df ${dbalt}.tar.0 -C $dbdir $dbalt >/dev/null 2>&1 ; + then + tar -cf ${dbalt}.tar -C $dbdir $dbalt >/dev/null 2>&1 + savelog -c 7 ${dbalt}.tar >/dev/null + fi fi diff --git a/cron.daily/passwd b/cron.daily/passwd deleted file mode 100755 index 4778bf09..00000000 --- a/cron.daily/passwd +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -cd /var/backups || exit 0 - -for FILE in passwd group shadow gshadow; do - test -f /etc/$FILE || continue - cmp -s $FILE.bak /etc/$FILE && continue - cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak -done diff --git a/debian_version b/debian_version index 73def33c..2dbc24b3 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -10.9 +11.0 diff --git a/default/bsdmainutils b/default/bsdmainutils deleted file mode 100644 index e4ac0543..00000000 --- a/default/bsdmainutils +++ /dev/null @@ -1,4 +0,0 @@ -# Uncomment the following line if you'd like all of your users' -# ~/calendar files to be checked daily. Calendar will send them mail -# to remind them of upcoming events. See calendar(1) for more details. -#RUN_DAILY=true diff --git a/default/useradd b/default/useradd index 9738ccb8..e32955a7 100644 --- a/default/useradd +++ b/default/useradd @@ -2,10 +2,10 @@ # # The SHELL variable specifies the default login shell on your # system. -# Similar to DHSELL in adduser. However, we use "sh" here because +# Similar to DSHELL in adduser. However, we use "sh" here because # useradd is a low level utility and should be as general # as possible -SHELL=/bin/bash +SHELL=/bin/sh # # The default group for users # 100=users on Debian systems @@ -29,7 +29,7 @@ SHELL=/bin/bash # The SKEL variable specifies the directory containing "skeletal" user # files; in other words, files such as a sample .profile that will be # copied to the new user's home directory when it is created. -SKEL=/etc/skel +# SKEL=/etc/skel # # Defines whether the mail spool should be created while # creating the account diff --git a/dpkg/origins/debian b/dpkg/origins/debian index 91f6ed1d..3b623d25 100644 --- a/dpkg/origins/debian +++ b/dpkg/origins/debian @@ -1,3 +1,3 @@ Vendor: Debian -Vendor-URL: http://www.debian.org/ +Vendor-URL: https://www.debian.org/ Bugs: debbugs://bugs.debian.org diff --git a/group.org b/group.org new file mode 100644 index 00000000..20af6a58 --- /dev/null +++ b/group.org @@ -0,0 +1,67 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27:middle,jgdye,pihole-sync +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +input:x:101: +systemd-journal:x:102: +systemd-timesync:x:103: +systemd-network:x:104: +systemd-resolve:x:105: +crontab:x:107: +netdev:x:108: +messagebus:x:109: +ssh:x:110: +bluetooth:x:111: +avahi:x:112: +spi:x:999: +i2c:x:998: +gpio:x:997: +middle:x:1001: +jgdye:x:1000: +bind:x:113: +Debian-exim:x:114: +vnstat:x:116: +systemd-coredump:x:995: +ovalwonder:x:1002:jgdye +kvm:x:106: +ssl-cert:x:117: +render:x:118: +rush:x:1003: +pihole:x:996:www-data +pihole-sync:x:1004: +mysql:x:115: diff --git a/init.d/bind9 b/init.d/bind9 deleted file mode 100755 index 59d8e3dc..00000000 --- a/init.d/bind9 +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/sh -e - -### BEGIN INIT INFO -# Provides: bind9 -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Should-Start: $network $syslog -# Should-Stop: $network $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start and stop bind9 -# Description: bind9 is a Domain Name Server (DNS) -# which translates ip addresses to and from internet names -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin - -# for a chrooted server: "-u bind -t /var/lib/named" -# Don't modify this line, change or create /etc/default/bind9. -OPTIONS="" -RESOLVCONF=no - -test -f /etc/default/bind9 && . /etc/default/bind9 - -test -x /usr/sbin/rndc || exit 0 - -. /lib/lsb/init-functions -PIDFILE=/run/named/named.pid - -check_network() { - if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then - IFCONFIG_OPTS="-au" - else - IFCONFIG_OPTS="" - fi - if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then - #log_action_msg "No networks configured." - return 1 - fi - return 0 -} - -case "$1" in - start) - log_daemon_msg "Starting domain name service..." "bind9" - - modprobe capability >/dev/null 2>&1 || true - - # dirs under /run can go away on reboots. - mkdir -p /run/named - chmod 775 /run/named - chown root:bind /run/named >/dev/null 2>&1 || true - - if [ ! -x /usr/sbin/named ]; then - log_action_msg "named binary missing - not starting" - log_end_msg 1 - fi - - if ! check_network; then - log_action_msg "no networks configured" - log_end_msg 1 - fi - - if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \ - --pidfile ${PIDFILE} -- $OPTIONS; then - if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then - echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named - fi - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - - stop) - log_daemon_msg "Stopping domain name service..." "bind9" - if ! check_network; then - log_action_msg "no networks configured" - log_end_msg 1 - fi - - if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then - /sbin/resolvconf -d lo.named - fi - pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true - if [ -z "$pid" ]; then # no pid found, so either not running, or error - pid=$(pgrep -f ^/usr/sbin/named) || true - start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \ - --pidfile ${PIDFILE} -- $OPTIONS - fi - if [ -n "$pid" ]; then - sig=0 - n=1 - while kill -$sig $pid 2>/dev/null; do - if [ $n -eq 1 ]; then - echo "waiting for pid $pid to die" - fi - if [ $n -eq 11 ]; then - echo "giving up on pid $pid with kill -0; trying -9" - sig=9 - fi - if [ $n -gt 20 ]; then - echo "giving up on pid $pid" - break - fi - n=$(($n+1)) - sleep 1 - done - fi - log_end_msg 0 - ;; - - reload|force-reload) - log_daemon_msg "Reloading domain name service..." "bind9" - if ! check_network; then - log_action_msg "no networks configured" - log_end_msg 1 - fi - - /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1 - ;; - - restart) - if ! check_network; then - log_action_msg "no networks configured" - exit 1 - fi - - $0 stop - $0 start - ;; - - status) - ret=0 - status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$? - exit $ret - ;; - - *) - log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}" - exit 1 - ;; -esac - -exit 0 diff --git a/init.d/hwclock.sh b/init.d/hwclock.sh index 208ca2d5..a9872b64 100755 --- a/init.d/hwclock.sh +++ b/init.d/hwclock.sh @@ -1,43 +1,27 @@ #!/bin/sh -# hwclock.sh Set and adjust the CMOS clock. -# -# Version: @(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl -# -# Patches: -# 2000-01-30 Henrique M. Holschuh -# - Minor cosmetic changes in an attempt to help new -# users notice something IS changing their clocks -# during startup/shutdown. -# - Added comments to alert users of hwclock issues -# and discourage tampering without proper doc reading. -# 2012-02-16 Roger Leigh -# - Use the UTC/LOCAL setting in /etc/adjtime rather than -# the UTC setting in /etc/default/rcS. Additionally -# source /etc/default/hwclock to permit configuration. ### BEGIN INIT INFO # Provides: hwclock -# Required-Start: mountdevsubfs +# Required-Start: # Required-Stop: mountdevsubfs # Should-Stop: umountfs # Default-Start: S -# X-Start-Before: checkroot # Default-Stop: 0 6 -# Short-Description: Sync hardware and system clock time. +# Short-Description: Save system clock to hardware on shutdown. ### END INIT INFO -# These defaults are user-overridable in /etc/default/hwclock -BADYEAR=no -HWCLOCKACCESS=yes -HWCLOCKPARS= -HCTOSYS_DEVICE=rtc0 +# Note: this init script and related code is only useful if you +# run a sysvinit system, without NTP synchronization. + +if [ -e /run/systemd/system ] ; then + exit 0 +fi -# We only want to use the system timezone or else we'll get -# potential inconsistency at startup. unset TZ hwclocksh() { + HCTOSYS_DEVICE=rtc0 [ ! -x /sbin/hwclock ] && return 0 [ ! -r /etc/default/rcS ] || . /etc/default/rcS [ ! -r /etc/default/hwclock ] || . /etc/default/hwclock @@ -45,75 +29,28 @@ hwclocksh() . /lib/lsb/init-functions verbose_log_action_msg() { [ "$VERBOSE" = no ] || log_action_msg "$@"; } - case "$BADYEAR" in - no|"") BADYEAR="" ;; - yes) BADYEAR="--badyear" ;; - *) log_action_msg "unknown BADYEAR setting: \"$BADYEAR\""; return 1 ;; - esac - case "$1" in - start) - # If the admin deleted the hwclock config, create a blank - # template with the defaults. - if [ -w /etc ] && [ ! -f /etc/adjtime ] && [ ! -e /etc/adjtime ]; then - printf "0.0 0 0.0\n0\nUTC\n" > /etc/adjtime - fi - - if [ -d /run/udev ] || [ -d /dev/.udev ]; then - return 0 - fi - - if [ "$HWCLOCKACCESS" != no ]; then - log_action_msg "Setting the system clock" - - # Just for reporting. - if sed '3!d' /etc/adjtime | grep -q '^UTC$'; then - UTC="--utc" - else - UTC= - fi - # Copies Hardware Clock time to System Clock using the correct - # timezone for hardware clocks in local time, and sets kernel - # timezone. DO NOT REMOVE. - if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --hctosys $HWCLOCKPARS $BADYEAR; then - # Announce the local time. - verbose_log_action_msg "System Clock set to: `date $UTC`" - else - log_warning_msg "Unable to set System Clock to: `date $UTC`" - fi - else - verbose_log_action_msg "Not setting System Clock" - fi - ;; - stop|restart|reload|force-reload) - # - # Updates the Hardware Clock with the System Clock time. - # This will *override* any changes made to the Hardware Clock. - # - # WARNING: If you disable this, any changes to the system - # clock will not be carried across reboots. - # - - if [ "$HWCLOCKACCESS" != no ]; then - log_action_msg "Saving the system clock" - if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --systohc $HWCLOCKPARS $BADYEAR; then - verbose_log_action_msg "Hardware Clock updated to `date`" - fi - else - verbose_log_action_msg "Not saving System Clock" - fi - ;; - show) - if [ "$HWCLOCKACCESS" != no ]; then - /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --show $HWCLOCKPARS $BADYEAR - fi - ;; - *) - log_success_msg "Usage: hwclock.sh {start|stop|reload|force-reload|show}" - log_success_msg " start sets kernel (system) clock from hardware (RTC) clock" - log_success_msg " stop and reload set hardware (RTC) clock from kernel (system) clock" - return 1 - ;; + start) + # start is handled by /usr/lib/udev/rules.d/85-hwclock.rules. + return 0 + ;; + stop|restart|reload|force-reload) + # Updates the Hardware Clock with the System Clock time. + # This will *override* any changes made to the Hardware Clock, + # for example by the Linux kernel when NTP is in use. + log_action_msg "Saving the system clock to /dev/$HCTOSYS_DEVICE" + if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --systohc; then + verbose_log_action_msg "Hardware Clock updated to `date`" + fi + ;; + show) + /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --show + ;; + *) + log_success_msg "Usage: hwclock.sh {stop|reload|force-reload|show}" + log_success_msg " stop and reload set hardware (RTC) clock from kernel (system) clock" + return 1 + ;; esac } diff --git a/init/resolvconf.conf b/init/resolvconf.conf deleted file mode 100644 index 93460111..00000000 --- a/init/resolvconf.conf +++ /dev/null @@ -1,19 +0,0 @@ -# upstart script for resolvconf - -description "Initialize or finalize resolvconf" - -start on mounted MOUNTPOINT=/run - -stop on runlevel [06] - -pre-start script - mkdir -p /run/resolvconf/interface - # Request a postponed update (needed in case the base file has content). - touch /run/resolvconf/postponed-update - # Enable updates and perform the postponed update. - resolvconf --enable-updates -end script - -post-stop script - resolvconf --disable-updates -end script diff --git a/issue b/issue index 0ecbda47..4a44e234 100644 --- a/issue +++ b/issue @@ -1,2 +1,2 @@ -Raspbian GNU/Linux 10 \n \l +Raspbian GNU/Linux 11 \n \l diff --git a/issue.net b/issue.net index 588f12ac..97379988 100644 --- a/issue.net +++ b/issue.net @@ -1 +1 @@ -Raspbian GNU/Linux 10 +Raspbian GNU/Linux 11 diff --git a/kernel/postinst.d/apt-auto-removal b/kernel/postinst.d/apt-auto-removal index 2c32b0c9..eef550a5 100755 --- a/kernel/postinst.d/apt-auto-removal +++ b/kernel/postinst.d/apt-auto-removal @@ -1,82 +1,15 @@ #!/bin/sh set -e -# Mark as not-for-autoremoval those kernel packages that are: -# - the currently booted version -# - the kernel version we've been called for -# - the latest kernel version (as determined by debian version number) -# - the second-latest kernel version -# -# In the common case this results in two kernels saved (booted into the -# second-latest kernel, we install the latest kernel in an upgrade), but -# can save up to four. Kernel refers here to a distinct release, which can -# potentially be installed in multiple flavours counting as one kernel. eval $(apt-config shell APT_CONF_D Dir::Etc::parts/d) test -n "${APT_CONF_D}" || APT_CONF_D="/etc/apt/apt.conf.d" config_file="${APT_CONF_D}/01autoremove-kernels" -eval $(apt-config shell DPKG Dir::bin::dpkg/f) -test -n "$DPKG" || DPKG="/usr/bin/dpkg" - -list="$("${DPKG}" -l | awk '/^[ih][^nc][ ]+(linux|kfreebsd|gnumach)-image-[0-9]+\./ && $2 !~ /-dbg(:.*)?$/ && $2 !~ /-dbgsym(:.*)?$/ { print $2,$3; }' \ - | sed -e 's#^\(linux\|kfreebsd\|gnumach\)-image-##' -e 's#:[^:]\+ # #')" -debverlist="$(echo "$list" | cut -d' ' -f 2 | sort --unique --reverse --version-sort)" - -if [ -n "$1" ]; then - installed_version="$(echo "$list" | awk "\$1 == \"$1\" { print \$2;exit; }")" -fi -unamer="$(uname -r | tr '[A-Z]' '[a-z]')" -if [ -n "$unamer" ]; then - running_version="$(echo "$list" | awk "\$1 == \"$unamer\" { print \$2;exit; }")" -fi -# ignore the currently running version if attempting a reproducible build -if [ -n "${SOURCE_DATE_EPOCH}" ]; then - unamer="" - running_version="" -fi -latest_version="$(echo "$debverlist" | sed -n 1p)" -previous_version="$(echo "$debverlist" | sed -n 2p)" - -debkernels="$(echo "$latest_version -$installed_version -$running_version -$previous_version" | sort -u | sed -e '/^$/ d')" -kernels="$( (echo "$1 -$unamer"; for deb in $debkernels; do echo "$list" | awk "\$2 == \"$deb\" { print \$1; }"; done; ) \ - | sed -e 's#\([\.\+]\)#\\\1#g' -e '/^$/ d' | sort -u)" - generateconfig() { cat < "${config_file}.dpkg-new" mv -f "${config_file}.dpkg-new" "$config_file" diff --git a/lintianrc b/lintianrc deleted file mode 100644 index 46361bf4..00000000 --- a/lintianrc +++ /dev/null @@ -1,53 +0,0 @@ -# /etc/lintianrc -- Lintian configuration file -# -# Note, that Lintian has reasonable default values for all variables -# specified below. Thus, you don't have to change this file unless you -# want something special. -# -# Also note, that this file uses a special syntax: -# Empty lines are allowed, comments are introduced by a hash sign (#). -# All other lines must have the format -# VAR=text -# or -# VAR="text" -# or -# VAR = text -# It is allowed to use `~' and `$HOME' in the variables, but not other -# shell/environment variables. - -# Enable info tags by default (--display info) -#display-info = yes - -# Limit the number of parallel unpacking jobs to X (--jobs) -#jobs = 8 - -# Enable pedantic tags by default (--pedantic) -#pedantic = yes - -# Enable experimental tags by default (--display-experimental) -#display-experimental = yes - -# Enable colored output for terminal output (--color) -#color = auto - -# Show overridden tags (--show-overrides) -#show-overrides = yes - -# Ignore all overrides (--no-override) -#override = no - -# Verbose output by default (--verbose) -#verbose = yes - -# Quiet by default (--quiet) -#quiet = yes - -# Use a different directory for temporary files - useful if /tmp is a -# tmpfs with "limited" capacity. -#TMPDIR="/var/tmp" - -# Suppress the listed tags (--suppress-tags) -#suppress-tags = debian-watch-does-not-check-gpg-signature - -# Specify "tag per package" display limit (--tag-display-limit) -#tag-display-limit = 42 diff --git a/logcheck/ignore.d.server/gpg-agent b/logcheck/ignore.d.server/gpg-agent index a2f21307..6de7991d 100644 --- a/logcheck/ignore.d.server/gpg-agent +++ b/logcheck/ignore.d.server/gpg-agent @@ -1,11 +1,11 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG network certificate management daemon\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(access for web browsers\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(ssh-agent emulation\)\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG network certificate management daemon\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(ssh-agent emulation\)\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(access for web browsers\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$ diff --git a/mailcap b/mailcap index 6554c6a9..e05d1673 100644 --- a/mailcap +++ b/mailcap @@ -26,10 +26,10 @@ ############################################################################### text/plain; less '%s'; needsterminal -application/x-troff-man; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page -text/troff; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page -application/x-troff-man; /usr/bin/man -l '%s'; needsterminal; description=Man page -text/troff; /usr/bin/man -l '%s'; needsterminal; description=Man page +application/x-troff-man; /usr/bin/man -X100 -l %s; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page +text/troff; /usr/bin/man -X100 -l %s; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page +application/x-troff-man; /usr/bin/man -l %s; needsterminal; description=Man page +text/troff; /usr/bin/man -l %s; needsterminal; description=Man page text/html; /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s.html application/x-troff-man; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- text/troff; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- @@ -54,15 +54,16 @@ text/html; /usr/bin/elinks -force-html %s; needsterminal; description=HTML Text; text/plain; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal text/html; /usr/bin/elinks -force-html -dump %s; copiousoutput; description=HTML Text; nametemplate=%s.html application/zip; unzip -l %s; nametemplate=%s.zip; copiousoutput +application/zip; unzip -l %s; nametemplate=%s.zip; copiousoutput text/plain; view %s; edit=vi %s; compose=vi %s; needsterminal -application/x-troff-man; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page -text/troff; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page +application/x-troff-man; /usr/bin/man -Tascii -l %s | col -b; copiousoutput; description=Man page +text/troff; /usr/bin/man -Tascii -l %s | col -b; copiousoutput; description=Man page text/*; less '%s'; needsterminal text/*; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal application/x-info; /usr/bin/info --subnodes -o /dev/stdout -f '%s' 2>/dev/null; copiousoutput; description=GNU Info document -application/x-tar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput -application/x-gtar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput -application/x-ustar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-tar; /bin/tar tvf %s; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-gtar; /bin/tar tvf %s; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-ustar; /bin/tar tvf %s; print=/bin/tar tvf - | print text/plain:-; copiousoutput text/*; more %s; needsterminal text/*; view %s; edit=vi %s; compose=vi %s; needsterminal application/vnd.debian.binary-package; /usr/lib/mime/debian-view %s; needsterminal; description=Debian GNU/Linux Package; nametemplate=%s.deb diff --git a/mysql/mariadb.cnf b/mysql/mariadb.cnf index 94d8f107..62b4ea8f 100644 --- a/mysql/mariadb.cnf +++ b/mysql/mariadb.cnf @@ -1,6 +1,7 @@ # The MariaDB configuration file # # The MariaDB/MySQL tools read configuration files in the following order: +# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read. # 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults, # 2. "/etc/mysql/conf.d/*.cnf" to set global options. # 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options. @@ -11,12 +12,17 @@ # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. +# +# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/ # -# This group is read both both by the client and the server +# This group is read both by the client and the server # use it for options that affect everything # [client-server] +# Port or socket location where to connect +# port = 3306 +socket = /run/mysqld/mysqld.sock # Import all .cnf files from configuration directory !includedir /etc/mysql/conf.d/ diff --git a/pam.d/common-auth b/pam.d/common-auth index 5facfa29..fd3591a7 100644 --- a/pam.d/common-auth +++ b/pam.d/common-auth @@ -14,7 +14,7 @@ # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) -auth [success=1 default=ignore] pam_unix.so nullok_secure +auth [success=1 default=ignore] pam_unix.so nullok # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; diff --git a/pam.d/common-password b/pam.d/common-password index cb8c7b71..6fa93461 100644 --- a/pam.d/common-password +++ b/pam.d/common-password @@ -6,14 +6,14 @@ # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. +# The "yescrypt" option enables +#hashed passwords using the yescrypt algorithm, introduced in Debian +#11. Without this option, the default is Unix crypt. Prior releases +#used the option "sha512"; if a shadow password hash will be shared +#between Debian 11 and older releases replace "yescrypt" with "sha512" +#for compatibility . The "obscure" option replaces the old +#`OBSCURE_CHECKS_ENAB' option in login.defs. See the pam_unix manpage +#for other options. # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any @@ -22,7 +22,7 @@ # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) -password [success=1 default=ignore] pam_unix.so obscure sha512 +password [success=1 default=ignore] pam_unix.so obscure yescrypt # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; diff --git a/pam.d/common-session b/pam.d/common-session index 074c561b..03b393ca 100644 --- a/pam.d/common-session +++ b/pam.d/common-session @@ -3,8 +3,7 @@ # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). +# at the start and end of interactive sessions. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any diff --git a/pam.d/login b/pam.d/login index 07ff9540..553145fa 100644 --- a/pam.d/login +++ b/pam.d/login @@ -12,25 +12,6 @@ auth optional pam_faildelay.so delay=3000000 # ISSUE_FILE option from login.defs). Uncomment for use # auth required pam_issue.so issue=/etc/issue -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - # Disallows other than root logins when /etc/nologin exists # (Replaces the `NOLOGINS_FILE' option from login.defs) auth requisite pam_nologin.so @@ -45,9 +26,19 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux # Sets the loginuid process attribute session required pam_loginuid.so +# Prints the message of the day upon successful login. +# (Replaces the `MOTD_FILE' option in login.defs) +# This includes a dynamically generated part from /run/motd.dynamic +# and a static (admin-editable) part from /etc/motd. +session optional pam_motd.so motd=/run/motd.dynamic +session optional pam_motd.so noupdate + # SELinux needs to intervene at login time to ensure that the process # starts in the proper default security context. Only sessions which are # intended to run in the user's context should be run after this. +# pam_selinux.so changes the SELinux context of the used TTY and configures +# SELinux in order to transition to the user context with the next execve() +# call. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open # When the module is present, "required" would be sufficient (When SELinux # is disabled, this returns success.) @@ -90,13 +81,6 @@ session required pam_limits.so # (Replaces the `LASTLOG_ENAB' option from login.defs) session optional pam_lastlog.so -# Prints the message of the day upon successful login. -# (Replaces the `MOTD_FILE' option in login.defs) -# This includes a dynamically generated part from /run/motd.dynamic -# and a static (admin-editable) part from /etc/motd. -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate - # Prints the status of the user's mailbox upon successful login # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). # diff --git a/pam.d/su b/pam.d/su index d5c6903a..67295985 100644 --- a/pam.d/su +++ b/pam.d/su @@ -5,10 +5,10 @@ # This allows root to su without passwords (normal operation) auth sufficient pam_rootok.so -# Uncomment this to force users to be a member of group root +# Uncomment this to force users to be a member of group wheel # before they can use `su'. You can also add "group=foo" # to the end of this line if you want to use a group other -# than the default "root" (but this may have side effect of +# than the default "wheel" (but this may have side effect of # denying "root" user, unless she's a member of "foo" or explicitly # permitted earlier by e.g. "sufficient pam_rootok.so"). # (Replaces the `SU_WHEEL_ONLY' option from login.defs) diff --git a/pam.d/systemd-user b/pam.d/systemd-user deleted file mode 100644 index 45b2e5e8..00000000 --- a/pam.d/systemd-user +++ /dev/null @@ -1,12 +0,0 @@ -# This file is part of systemd. -# -# Used by systemd --user instances. - -@include common-account - -session required pam_selinux.so close -session required pam_selinux.so nottys open -session required pam_loginuid.so -session required pam_limits.so -@include common-session-noninteractive -session optional pam_systemd.so diff --git a/passwd b/passwd index c5cf805c..71cc7c2e 100644 --- a/passwd +++ b/passwd @@ -13,7 +13,7 @@ proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin -irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin +irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false diff --git a/passwd.org b/passwd.org new file mode 100644 index 00000000..c5cf805c --- /dev/null +++ b/passwd.org @@ -0,0 +1,38 @@ +root:x:0:0:Samwise Root,,,:/root:/usr/bin/zsh +daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin +bin:x:2:2:bin:/bin:/usr/sbin/nologin +sys:x:3:3:sys:/dev:/usr/sbin/nologin +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/usr/sbin/nologin +man:x:6:12:man:/var/cache/man:/usr/sbin/nologin +lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin +mail:x:8:8:mail:/var/mail:/usr/sbin/nologin +news:x:9:9:news:/var/spool/news:/usr/sbin/nologin +uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin +proxy:x:13:13:proxy:/bin:/usr/sbin/nologin +www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin +backup:x:34:34:backup:/var/backups:/usr/sbin/nologin +list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin +irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin +nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin +systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false +systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false +systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false +_apt:x:104:65534::/nonexistent:/bin/false +messagebus:x:105:109::/var/run/dbus:/bin/false +statd:x:106:65534::/var/lib/nfs:/bin/false +sshd:x:107:65534::/run/sshd:/usr/sbin/nologin +avahi:x:108:112:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false +middle:x:1001:1001:,,,:/home/middle:/bin/bash +jgdye:x:1000:1000:Joshua Dye,,,:/home/jgdye:/usr/bin/zsh +bind:x:109:113::/var/cache/bind:/usr/sbin/nologin +Debian-exim:x:110:114::/var/spool/exim4:/usr/sbin/nologin +vnstat:x:112:116::/var/lib/vnstat:/usr/sbin/nologin +systemd-coredump:x:995:995:systemd Core Dumper:/:/sbin/nologin +mpd:x:103:29::/var/lib/mpd:/usr/sbin/nologin +_rpc:x:113:65534::/run/rpcbind:/usr/sbin/nologin +rush:x:1002:1003:Rush Limbaugh Downloading Account,,,:/home/rush:/bin/bash +pihole:x:999:996::/home/pihole:/usr/sbin/nologin +pihole-sync:x:1003:1004:,,,:/home/pihole-sync:/bin/bash +mysql:x:111:115:MySQL Server,,,:/nonexistent:/bin/false diff --git a/perl/XML/SAX/ParserDetails.ini b/perl/XML/SAX/ParserDetails.ini index 71033637..0f1bd469 100644 --- a/perl/XML/SAX/ParserDetails.ini +++ b/perl/XML/SAX/ParserDetails.ini @@ -2,14 +2,6 @@ http://xml.org/sax/features/namespaces = 1 -[XML::LibXML::SAX] -http://xml.org/sax/features/namespaces = 1 - - -[XML::LibXML::SAX::Parser] -http://xml.org/sax/features/namespaces = 1 - - [XML::SAX::Expat] http://xml.org/sax/features/external-general-entities = 1 http://xml.org/sax/features/namespaces = 1 diff --git a/python3.9/sitecustomize.py b/python3.9/sitecustomize.py new file mode 100644 index 00000000..89c67120 --- /dev/null +++ b/python3.9/sitecustomize.py @@ -0,0 +1,7 @@ +# install the apport exception handler if available +try: + import apport_python_hook +except ImportError: + pass +else: + apport_python_hook.install() diff --git a/securetty b/securetty deleted file mode 100644 index 2e346381..00000000 --- a/securetty +++ /dev/null @@ -1,412 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). - -console - -# Local X displays (allows empty passwords with pam_unix's nullok_secure) -:0 -:0.0 -:0.1 -:1 -:1.0 -:1.1 -:2 -:2.0 -:2.1 -:3 -:3.0 -:3.1 -#... - - -# ========================================================== -# -# TTYs sorted by major number according to Documentation/devices.txt -# -# ========================================================== - -# Virtual consoles -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 -tty13 -tty14 -tty15 -tty16 -tty17 -tty18 -tty19 -tty20 -tty21 -tty22 -tty23 -tty24 -tty25 -tty26 -tty27 -tty28 -tty29 -tty30 -tty31 -tty32 -tty33 -tty34 -tty35 -tty36 -tty37 -tty38 -tty39 -tty40 -tty41 -tty42 -tty43 -tty44 -tty45 -tty46 -tty47 -tty48 -tty49 -tty50 -tty51 -tty52 -tty53 -tty54 -tty55 -tty56 -tty57 -tty58 -tty59 -tty60 -tty61 -tty62 -tty63 - -# UART serial ports -ttyS0 -ttyS1 -ttyS2 -ttyS3 -ttyS4 -ttyS5 -#...ttyS191 - -# Serial Mux devices (Linux/PA-RISC only) -ttyB0 -ttyB1 -#... - -# Chase serial card -ttyH0 -ttyH1 -#... - -# Cyclades serial cards -ttyC0 -ttyC1 -#...ttyC31 - -# Digiboard serial cards -ttyD0 -ttyD1 -#... - -# Stallion serial cards -ttyE0 -ttyE1 -#...ttyE255 - -# Specialix serial cards -ttyX0 -ttyX1 -#... - -# Comtrol Rocketport serial cards -ttyR0 -ttyR1 -#... - -# SDL RISCom serial cards -ttyL0 -ttyL1 -#... - -# Hayes ESP serial card -ttyP0 -ttyP1 -#... - -# Computone IntelliPort II serial card -ttyF0 -ttyF1 -#...ttyF255 - -# Specialix IO8+ serial card -ttyW0 -ttyW1 -#... - -# Comtrol VS-1000 serial controller -ttyV0 -ttyV1 -#... - -# ISI serial card -ttyM0 -ttyM1 -#... - -# Technology Concepts serial card -ttyT0 -ttyT1 -#... - -# Specialix RIO serial card -ttySR0 -ttySR1 -#...ttySR511 - -# Chase Research AT/PCI-Fast serial card -ttyCH0 -ttyCH1 -#...ttyCH63 - -# Moxa Intellio serial card -ttyMX0 -ttyMX1 -#...ttyMX127 - -# SmartIO serial card -ttySI0 -ttySI1 -#... - -# USB dongles -ttyUSB0 -ttyUSB1 -ttyUSB2 -#... - -# LinkUp Systems L72xx UARTs -ttyLU0 -ttyLU1 -ttyLU2 -ttyLU3 - -# StrongARM builtin serial ports -ttySA0 -ttySA1 -ttySA2 - -# SCI serial port (SuperH) ports and SC26xx serial ports -ttySC0 -ttySC1 -ttySC2 -ttySC3 -ttySC4 -ttySC5 -ttySC6 -ttySC7 -ttySC8 -ttySC9 - -# ARM "AMBA" serial ports -ttyAM0 -ttyAM1 -ttyAM2 -ttyAM3 -ttyAM4 -ttyAM5 -ttyAM6 -ttyAM7 -ttyAM8 -ttyAM9 -ttyAM10 -ttyAM11 -ttyAM12 -ttyAM13 -ttyAM14 -ttyAM15 - -# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) -ttyAMA0 -ttyAMA1 -ttyAMA2 -ttyAMA3 - -# DataBooster serial ports -ttyDB0 -ttyDB1 -ttyDB2 -ttyDB3 -ttyDB4 -ttyDB5 -ttyDB6 -ttyDB7 - -# SGI Altix console ports -ttySG0 - -# Motorola i.MX ports -ttySMX0 -ttySMX1 -ttySMX2 - -# Marvell MPSC ports -ttyMM0 -ttyMM1 - -# PPC CPM (SCC or SMC) ports -ttyCPM0 -ttyCPM1 -ttyCPM2 -ttyCPM3 -ttyCPM4 -ttyCPM5 - -# Altix serial cards -ttyIOC0 -ttyIOC1 -#...ttyIOC31 - -# NEC VR4100 series SIU -ttyVR0 - -# NEC VR4100 series SSIU -ttyVR1 - -# Altix ioc4 serial cards -ttyIOC84 -ttyIOC85 -#...ttyIOC115 - -# Altix ioc3 serial cards -ttySIOC0 -ttySIOC1 -#...ttySIOC31 - -# PPC PSC ports -ttyPSC0 -ttyPSC1 -ttyPSC2 -ttyPSC3 -ttyPSC4 -ttyPSC5 - -# ATMEL serial ports -ttyAT0 -ttyAT1 -#...ttyAT15 - -# Hilscher netX serial port -ttyNX0 -ttyNX1 -#...ttyNX15 - -# Xilinx uartlite - port -ttyUL0 -ttyUL1 -ttyUL2 -ttyUL3 - -# Xen virtual console - port 0 -xvc0 - -# pmac_zilog - port -ttyPZ0 -ttyPZ1 -ttyPZ2 -ttyPZ3 - -# TX39/49 serial port -ttyTX0 -ttyTX1 -ttyTX2 -ttyTX3 -ttyTX4 -ttyTX5 -ttyTX6 -ttyTX7 - -# SC26xx serial ports (see SCI serial ports (SuperH)) - -# MAX3100 serial ports -ttyMAX0 -ttyMAX1 -ttyMAX2 -ttyMAX3 - -# OMAP serial ports -ttyO0 -ttyO1 -ttyO2 -ttyO3 - -# User space serial ports -ttyU0 -ttyU1 - -# A2232 serial card -ttyY0 -ttyY1 - -# IBM 3270 terminal Unix tty access -3270/tty1 -3270/tty2 -#... - -# IBM iSeries/pSeries virtual console -hvc0 -hvc1 -#... -#IBM pSeries console ports -hvsi0 -hvsi1 -hvsi2 - -# Equinox SST multi-port serial boards -ttyEQ0 -ttyEQ1 -#...ttyEQ1027 - -# ========================================================== -# -# Not in Documentation/Devices.txt -# -# ========================================================== - -# Embedded Freescale i.MX ports -ttymxc0 -ttymxc1 -ttymxc2 -ttymxc3 -ttymxc4 -ttymxc5 - -# LXC (Linux Containers) -lxc/console -lxc/tty1 -lxc/tty2 -lxc/tty3 -lxc/tty4 - -# Serial Console for MIPS Swarm -duart0 -duart1 - -# s390 and s390x ports in LPAR mode -ttysclp0 - -# ODROID XU4 serial console -ttySAC0 -ttySAC1 -ttySAC2 -ttySAC3 diff --git a/security/faillock.conf b/security/faillock.conf new file mode 100644 index 00000000..16d93df7 --- /dev/null +++ b/security/faillock.conf @@ -0,0 +1,62 @@ +# Configuration for locking the user after multiple failed +# authentication attempts. +# +# The directory where the user files with the failure records are kept. +# The default is /var/run/faillock. +# dir = /var/run/faillock +# +# Will log the user name into the system log if the user is not found. +# Enabled if option is present. +# audit +# +# Don't print informative messages. +# Enabled if option is present. +# silent +# +# Don't log informative messages via syslog. +# Enabled if option is present. +# no_log_info +# +# Only track failed user authentications attempts for local users +# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. +# The `faillock` command will also no longer track user failed +# authentication attempts. Enabling this option will prevent a +# double-lockout scenario where a user is locked out locally and +# in the centralized mechanism. +# Enabled if option is present. +# local_users_only +# +# Deny access if the number of consecutive authentication failures +# for this user during the recent interval exceeds n tries. +# The default is 3. +# deny = 3 +# +# The length of the interval during which the consecutive +# authentication failures must happen for the user account +# lock out is n seconds. +# The default is 900 (15 minutes). +# fail_interval = 900 +# +# The access will be re-enabled after n seconds after the lock out. +# The value 0 has the same meaning as value `never` - the access +# will not be re-enabled without resetting the faillock +# entries by the `faillock` command. +# The default is 600 (10 minutes). +# unlock_time = 600 +# +# Root account can become locked as well as regular accounts. +# Enabled if option is present. +# even_deny_root +# +# This option implies the `even_deny_root` option. +# Allow access after n seconds to root account after the +# account is locked. In case the option is not specified +# the value is the same as of the `unlock_time` option. +# root_unlock_time = 900 +# +# If a group name is specified with this option, members +# of the group will be handled by this module the same as +# the root account (the options `even_deny_root>` and +# `root_unlock_time` will apply to them. +# By default, the option is not set. +# admin_group = diff --git a/security/namespace.conf b/security/namespace.conf index b611a0f2..75ec6193 100644 --- a/security/namespace.conf +++ b/security/namespace.conf @@ -21,7 +21,10 @@ # is explicitly called with an argument to ignore the mode of the # instance parent. System administrators should use this argument with # caution, as it will reduce security and isolation achieved by -# polyinstantiation. +# polyinstantiation. The parent directories (except $HOME) are created +# at boot by pam_namespace_helper, but in a live system, system +# administrators should create the parent directories before enabling +# them here. # #/tmp /tmp-inst/ level root,adm #/var/tmp /var/tmp/tmp-inst/ level root,adm diff --git a/security/pam_env.conf b/security/pam_env.conf index 30e9d008..2549e430 100644 --- a/security/pam_env.conf +++ b/security/pam_env.conf @@ -26,7 +26,7 @@ # # Each line starts with the variable name, there are then two possible # options for each variable DEFAULT and OVERRIDE. -# DEFAULT allows and administrator to set the value of the +# DEFAULT allows an administrator to set the value of the # variable to some default value, if none is supplied then the empty # string is assumed. The OVERRIDE option tells pam_env that it should # enter in its value (overriding the default value) if there is one diff --git a/shadow.org b/shadow.org new file mode 100644 index 00000000..c6e15b82 --- /dev/null +++ b/shadow.org @@ -0,0 +1,38 @@ +root:*:17416:0:99999:7::: +daemon:*:17416:0:99999:7::: +bin:*:17416:0:99999:7::: +sys:*:17416:0:99999:7::: +sync:*:17416:0:99999:7::: +games:*:17416:0:99999:7::: +man:*:17416:0:99999:7::: +lp:*:17416:0:99999:7::: +mail:*:17416:0:99999:7::: +news:*:17416:0:99999:7::: +uucp:*:17416:0:99999:7::: +proxy:*:17416:0:99999:7::: +www-data:*:17416:0:99999:7::: +backup:*:17416:0:99999:7::: +list:*:17416:0:99999:7::: +irc:*:17416:0:99999:7::: +gnats:*:17416:0:99999:7::: +nobody:*:17416:0:99999:7::: +systemd-timesync:*:17416:0:99999:7::: +systemd-network:*:17416:0:99999:7::: +systemd-resolve:*:17416:0:99999:7::: +_apt:*:17416:0:99999:7::: +messagebus:*:17416:0:99999:7::: +statd:*:17416:0:99999:7::: +sshd:*:17416:0:99999:7::: +avahi:*:17416:0:99999:7::: +middle:$6$M8N7aBIv$5gaTB8ACCVT1N0DidZviQ3.T/YarR/FIkd86BUFDUxURJF32Wa.c1.KC6CNNpG5OVlBHyNcnJY2rgEkRyRvCH.:17452:0:99999:7::: +jgdye:$6$taLG2n/D$WCkHqVIY3aICSXIeg9pfcjEHPX1WWlnTGO8SUqXfXM/3ns56GVKCwxeKvgvzLBF3Ix3QuenmuST9.u8E.XNYD/:17452:0:99999:7::: +bind:*:17452:0:99999:7::: +Debian-exim:!:17452:0:99999:7::: +vnstat:*:17455:0:99999:7::: +systemd-coredump:!!:17669:::::: +mpd:*:17784:0:99999:7::: +_rpc:*:17868:0:99999:7::: +rush:*:18073:0:99999:7::: +pihole:!:18109:::::: +pihole-sync:$6$peuF/fFKOfFeqfnT$BhDGMpmGirBA.u2WQWy/NOdLJs5fo8ij3yiezNcPRyWH/H0kKDozaCHh5eZ.W1HPBVC2oiCtAhzIcVX5Qoiis.:18771:0:99999:7::: +mysql:!:18809:0:99999:7::: diff --git a/sv/ssh/log/supervise b/sv/ssh/log/supervise new file mode 120000 index 00000000..6b19d94e --- /dev/null +++ b/sv/ssh/log/supervise @@ -0,0 +1 @@ +/run/runit/supervise/ssh.log \ No newline at end of file diff --git a/sv/ssh/supervise b/sv/ssh/supervise new file mode 120000 index 00000000..15b2f273 --- /dev/null +++ b/sv/ssh/supervise @@ -0,0 +1 @@ +/run/runit/supervise/ssh \ No newline at end of file diff --git a/sysctl.d/protect-links.conf b/sysctl.d/protect-links.conf deleted file mode 100644 index 255805ef..00000000 --- a/sysctl.d/protect-links.conf +++ /dev/null @@ -1,8 +0,0 @@ -################################################################### -# Protected links -# -# Protects against creating or following links under certain conditions -# Debian kernels have both set to 1 (restricted) -# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt -fs.protected_hardlinks = 1 -fs.protected_symlinks = 1 diff --git a/systemd/journald.conf b/systemd/journald.conf index 8951d9e6..5e4b0e2a 100644 --- a/systemd/journald.conf +++ b/systemd/journald.conf @@ -41,3 +41,4 @@ #MaxLevelWall=emerg #LineMax=48K #ReadKMsg=yes +#Audit=no diff --git a/systemd/logind.conf b/systemd/logind.conf index d380a616..a8703801 100644 --- a/systemd/logind.conf +++ b/systemd/logind.conf @@ -18,20 +18,24 @@ #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 +#UserStopDelaySec=10 #HandlePowerKey=poweroff #HandleSuspendKey=suspend #HandleHibernateKey=hibernate #HandleLidSwitch=suspend #HandleLidSwitchExternalPower=suspend #HandleLidSwitchDocked=ignore +#HandleRebootKey=reboot #PowerKeyIgnoreInhibited=no #SuspendKeyIgnoreInhibited=no #HibernateKeyIgnoreInhibited=no #LidSwitchIgnoreInhibited=yes +#RebootKeyIgnoreInhibited=no #HoldoffTimeoutSec=30s #IdleAction=ignore #IdleActionSec=30min #RuntimeDirectorySize=10% +#RuntimeDirectoryInodes=400k #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 diff --git a/systemd/networkd.conf b/systemd/networkd.conf index 8dc56761..5339e5e5 100644 --- a/systemd/networkd.conf +++ b/systemd/networkd.conf @@ -11,6 +11,11 @@ # # See networkd.conf(5) for details +[Network] +#SpeedMeter=no +#SpeedMeterIntervalSec=10sec +#ManageForeignRoutes=yes + [DHCP] #DUIDType=vendor #DUIDRawData= diff --git a/systemd/pstore.conf b/systemd/pstore.conf new file mode 100644 index 00000000..93a8b670 --- /dev/null +++ b/systemd/pstore.conf @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See pstore.conf(5) for details. + +[PStore] +#Storage=external +#Unlink=yes diff --git a/systemd/resolved.conf b/systemd/resolved.conf index 72ae7b43..3c2d90c1 100644 --- a/systemd/resolved.conf +++ b/systemd/resolved.conf @@ -12,13 +12,19 @@ # See resolved.conf(5) for details [Resolve] +# Some examples of DNS servers which may be used for DNS= and FallbackDNS=: +# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 +# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 +# Quad9: 9.9.9.9 2620:fe::fe #DNS= #FallbackDNS= #Domains= -#LLMNR=yes -#MulticastDNS=yes -#DNSSEC=allow-downgrade +#DNSSEC=no #DNSOverTLS=no +#MulticastDNS=yes +#LLMNR=yes #Cache=yes #DNSStubListener=yes +#DNSStubListenerExtra= #ReadEtcHosts=yes +#ResolveUnicastSingleLabel=no diff --git a/systemd/system.conf b/systemd/system.conf index b428820e..0a52e034 100644 --- a/systemd/system.conf +++ b/systemd/system.conf @@ -16,6 +16,7 @@ #LogTarget=journal-or-kmsg #LogColor=yes #LogLocation=no +#LogTime=no #DumpCore=yes #ShowStatus=yes #CrashChangeVT=no @@ -23,18 +24,24 @@ #CrashReboot=no #CtrlAltDelBurstAction=reboot-force #CPUAffinity=1 2 +#NUMAPolicy=default +#NUMAMask= #RuntimeWatchdogSec=0 +#RebootWatchdogSec=10min #ShutdownWatchdogSec=10min +#KExecWatchdogSec=0 #WatchdogDevice= #CapabilityBoundingSet= #NoNewPrivileges=no #SystemCallArchitectures= #TimerSlackNSec= +#StatusUnitFormat=description #DefaultTimerAccuracySec=1min #DefaultStandardOutput=journal #DefaultStandardError=inherit #DefaultTimeoutStartSec=90s #DefaultTimeoutStopSec=90s +#DefaultTimeoutAbortSec= #DefaultRestartSec=100ms #DefaultStartLimitIntervalSec=10s #DefaultStartLimitBurst=5 @@ -45,7 +52,7 @@ #DefaultBlockIOAccounting=no #DefaultMemoryAccounting=yes #DefaultTasksAccounting=yes -#DefaultTasksMax= +#DefaultTasksMax=15% #DefaultLimitCPU= #DefaultLimitFSIZE= #DefaultLimitDATA= diff --git a/systemd/system/dbus-org.freedesktop.timesync1.service b/systemd/system/dbus-org.freedesktop.timesync1.service new file mode 120000 index 00000000..f64da569 --- /dev/null +++ b/systemd/system/dbus-org.freedesktop.timesync1.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-timesyncd.service \ No newline at end of file diff --git a/systemd/system/mpd.service b/systemd/system/mpd.service new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/systemd/system/mpd.service @@ -0,0 +1 @@ +/dev/null \ No newline at end of file diff --git a/systemd/system/mpd.socket b/systemd/system/mpd.socket new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/systemd/system/mpd.socket @@ -0,0 +1 @@ +/dev/null \ No newline at end of file diff --git a/systemd/system/sysinit.target.wants/systemd-pstore.service b/systemd/system/sysinit.target.wants/systemd-pstore.service new file mode 120000 index 00000000..06e55a6f --- /dev/null +++ b/systemd/system/sysinit.target.wants/systemd-pstore.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-pstore.service \ No newline at end of file diff --git a/systemd/user.conf b/systemd/user.conf index b427f1ef..944ba488 100644 --- a/systemd/user.conf +++ b/systemd/user.conf @@ -15,13 +15,16 @@ #LogTarget=console #LogColor=yes #LogLocation=no +#LogTime=no #SystemCallArchitectures= #TimerSlackNSec= +#StatusUnitFormat=description #DefaultTimerAccuracySec=1min #DefaultStandardOutput=inherit #DefaultStandardError=inherit #DefaultTimeoutStartSec=90s #DefaultTimeoutStopSec=90s +#DefaultTimeoutAbortSec= #DefaultRestartSec=100ms #DefaultStartLimitIntervalSec=10s #DefaultStartLimitBurst=5 diff --git a/systemd/user/mpd.service b/systemd/user/mpd.service new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/systemd/user/mpd.service @@ -0,0 +1 @@ +/dev/null \ No newline at end of file diff --git a/systemd/user/sockets.target.wants/dirmngr.socket b/systemd/user/sockets.target.wants/dirmngr.socket new file mode 120000 index 00000000..cfde2171 --- /dev/null +++ b/systemd/user/sockets.target.wants/dirmngr.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/dirmngr.socket \ No newline at end of file diff --git a/systemd/user/sockets.target.wants/gpg-agent-browser.socket b/systemd/user/sockets.target.wants/gpg-agent-browser.socket new file mode 120000 index 00000000..749a7e31 --- /dev/null +++ b/systemd/user/sockets.target.wants/gpg-agent-browser.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/gpg-agent-browser.socket \ No newline at end of file diff --git a/systemd/user/sockets.target.wants/gpg-agent-extra.socket b/systemd/user/sockets.target.wants/gpg-agent-extra.socket new file mode 120000 index 00000000..7031294c --- /dev/null +++ b/systemd/user/sockets.target.wants/gpg-agent-extra.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/gpg-agent-extra.socket \ No newline at end of file diff --git a/systemd/user/sockets.target.wants/gpg-agent-ssh.socket b/systemd/user/sockets.target.wants/gpg-agent-ssh.socket new file mode 120000 index 00000000..acb12ad4 --- /dev/null +++ b/systemd/user/sockets.target.wants/gpg-agent-ssh.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/gpg-agent-ssh.socket \ No newline at end of file diff --git a/systemd/user/sockets.target.wants/gpg-agent.socket b/systemd/user/sockets.target.wants/gpg-agent.socket new file mode 120000 index 00000000..26158f74 --- /dev/null +++ b/systemd/user/sockets.target.wants/gpg-agent.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/gpg-agent.socket \ No newline at end of file