diff --git a/.etckeeper b/.etckeeper index a328d079..b540cc9d 100755 --- a/.etckeeper +++ b/.etckeeper @@ -16,8 +16,6 @@ mkdir -p './dhcp/.git/objects/pack' mkdir -p './dhcp/.git/refs/tags' mkdir -p './elinks' mkdir -p './fail2ban/fail2ban.d' -mkdir -p './gconf/gconf.xml.defaults' -mkdir -p './gconf/gconf.xml.mandatory' mkdir -p './initramfs-tools/conf.d' mkdir -p './initramfs-tools/hooks' mkdir -p './initramfs-tools/scripts/init-bottom' @@ -153,7 +151,6 @@ maybe chmod 0755 'bluetooth' maybe chmod 0644 'bluetooth/input.conf' maybe chmod 0644 'bluetooth/main.conf' maybe chmod 0644 'bluetooth/network.conf' -maybe chmod 0644 'bluetooth/proximity.conf' maybe chmod 0755 'byobu' maybe chmod 0644 'byobu/backend' maybe chmod 0644 'byobu/socketdir' @@ -715,8 +712,6 @@ maybe chmod 0755 'gconf' maybe chmod 0755 'gconf/2' maybe chmod 0644 'gconf/2/evoldap.conf' maybe chmod 0644 'gconf/2/path' -maybe chmod 0755 'gconf/gconf.xml.defaults' -maybe chmod 0755 'gconf/gconf.xml.mandatory' maybe chmod 0755 'gdb' maybe chmod 0644 'gdb/gdbinit' maybe chmod 0755 'groff' @@ -1504,6 +1499,7 @@ maybe chmod 0755 'logrotate.d' maybe chmod 0644 'logrotate.d/alternatives' maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/aptitude' +maybe chmod 0644 'logrotate.d/btmp' maybe chmod 0644 'logrotate.d/certbot' maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/exim4-base' @@ -1512,6 +1508,7 @@ maybe chmod 0644 'logrotate.d/fail2ban' maybe chmod 0644 'logrotate.d/mpd' maybe chmod 0644 'logrotate.d/nginx' maybe chmod 0644 'logrotate.d/rsyslog' +maybe chmod 0644 'logrotate.d/wtmp' maybe chmod 0444 'machine-id' maybe chmod 0644 'magic' maybe chmod 0644 'magic.mime' diff --git a/alternatives/ex.da.1.gz b/alternatives/ex.da.1.gz new file mode 120000 index 00000000..c90068fa --- /dev/null +++ b/alternatives/ex.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/ex.de.1.gz b/alternatives/ex.de.1.gz new file mode 120000 index 00000000..d89833a7 --- /dev/null +++ b/alternatives/ex.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/vi.da.1.gz b/alternatives/vi.da.1.gz new file mode 120000 index 00000000..c90068fa --- /dev/null +++ b/alternatives/vi.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/vi.de.1.gz b/alternatives/vi.de.1.gz new file mode 120000 index 00000000..d89833a7 --- /dev/null +++ b/alternatives/vi.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/view.da.1.gz b/alternatives/view.da.1.gz new file mode 120000 index 00000000..c90068fa --- /dev/null +++ b/alternatives/view.da.1.gz @@ -0,0 +1 @@ +/usr/share/man/da/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/view.de.1.gz b/alternatives/view.de.1.gz new file mode 120000 index 00000000..d89833a7 --- /dev/null +++ b/alternatives/view.de.1.gz @@ -0,0 +1 @@ +/usr/share/man/de/man1/vim.1.gz \ No newline at end of file diff --git a/apparmor.d/usr.bin.man b/apparmor.d/usr.bin.man index 17380795..c44ce724 100644 --- a/apparmor.d/usr.bin.man +++ b/apparmor.d/usr.bin.man @@ -20,8 +20,8 @@ # Similarly, use a special profile when man calls decompressors and other # simple filters. - /bin/bzip2 rmCx -> &man_filter, - /bin/gzip rmCx -> &man_filter, + /{,usr/}bin/bzip2 rmCx -> &man_filter, + /{,usr/}bin/gzip rmCx -> &man_filter, /usr/bin/col rmCx -> &man_filter, /usr/bin/compress rmCx -> &man_filter, /usr/bin/iconv rmCx -> &man_filter, @@ -77,8 +77,8 @@ profile man_filter { # open FDs before execve. #include - /bin/bzip2 rm, - /bin/gzip rm, + /{,usr/}bin/bzip2 rm, + /{,usr/}bin/gzip rm, /usr/bin/col rm, /usr/bin/compress rm, /usr/bin/iconv rm, diff --git a/apparmor.d/usr.sbin.named b/apparmor.d/usr.sbin.named index 4d94706a..87d528fa 100644 --- a/apparmor.d/usr.sbin.named +++ b/apparmor.d/usr.sbin.named @@ -29,6 +29,9 @@ # ssl /etc/ssl/openssl.cnf r, + # root hints from dns-data-root + /usr/share/dns/root.* r, + # GeoIP data files for GeoIP ACLs /usr/share/GeoIP/** r, diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 32d5cc91..d197b013 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,36 +1,36 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.14\.34-v7\+$"; "^linux-image-4\.14\.52-v7\+$"; - "^linux-headers-4\.14\.34-v7\+$"; + "^linux-image-4\.14\.62-v7\+$"; "^linux-headers-4\.14\.52-v7\+$"; - "^linux-image-extra-4\.14\.34-v7\+$"; + "^linux-headers-4\.14\.62-v7\+$"; "^linux-image-extra-4\.14\.52-v7\+$"; - "^linux-modules-4\.14\.34-v7\+$"; + "^linux-image-extra-4\.14\.62-v7\+$"; "^linux-modules-4\.14\.52-v7\+$"; - "^linux-modules-extra-4\.14\.34-v7\+$"; + "^linux-modules-4\.14\.62-v7\+$"; "^linux-modules-extra-4\.14\.52-v7\+$"; - "^linux-signed-image-4\.14\.34-v7\+$"; + "^linux-modules-extra-4\.14\.62-v7\+$"; "^linux-signed-image-4\.14\.52-v7\+$"; - "^kfreebsd-image-4\.14\.34-v7\+$"; + "^linux-signed-image-4\.14\.62-v7\+$"; "^kfreebsd-image-4\.14\.52-v7\+$"; - "^kfreebsd-headers-4\.14\.34-v7\+$"; + "^kfreebsd-image-4\.14\.62-v7\+$"; "^kfreebsd-headers-4\.14\.52-v7\+$"; - "^gnumach-image-4\.14\.34-v7\+$"; + "^kfreebsd-headers-4\.14\.62-v7\+$"; "^gnumach-image-4\.14\.52-v7\+$"; - "^.*-modules-4\.14\.34-v7\+$"; + "^gnumach-image-4\.14\.62-v7\+$"; "^.*-modules-4\.14\.52-v7\+$"; - "^.*-kernel-4\.14\.34-v7\+$"; + "^.*-modules-4\.14\.62-v7\+$"; "^.*-kernel-4\.14\.52-v7\+$"; - "^linux-backports-modules-.*-4\.14\.34-v7\+$"; + "^.*-kernel-4\.14\.62-v7\+$"; "^linux-backports-modules-.*-4\.14\.52-v7\+$"; - "^linux-modules-.*-4\.14\.34-v7\+$"; + "^linux-backports-modules-.*-4\.14\.62-v7\+$"; "^linux-modules-.*-4\.14\.52-v7\+$"; - "^linux-tools-4\.14\.34-v7\+$"; + "^linux-modules-.*-4\.14\.62-v7\+$"; "^linux-tools-4\.14\.52-v7\+$"; - "^linux-cloud-tools-4\.14\.34-v7\+$"; + "^linux-tools-4\.14\.62-v7\+$"; "^linux-cloud-tools-4\.14\.52-v7\+$"; + "^linux-cloud-tools-4\.14\.62-v7\+$"; }; /* Debug information: # dpkg list: @@ -38,13 +38,13 @@ APT::NeverAutoRemove # list of different kernel versions: -# Installing kernel: (4.14.52-v7+) -# Running kernel: ignored (4.14.34-v7+) +# Installing kernel: (4.14.62-v7+) +# Running kernel: ignored (4.14.52-v7+) # Last kernel: # Previous kernel: # Kernel versions list to keep: # Kernel packages (version part) to protect: -4\.14\.34-v7\+ 4\.14\.52-v7\+ +4\.14\.62-v7\+ */ diff --git a/bind/named.conf.default-zones b/bind/named.conf.default-zones index 355338bd..1a85ad34 100644 --- a/bind/named.conf.default-zones +++ b/bind/named.conf.default-zones @@ -1,7 +1,7 @@ // prime the server with knowledge of the root servers zone "." { type hint; - file "/etc/bind/db.root"; + file "/usr/share/dns/root.hints"; }; // be authoritative for the localhost forward and reverse zones, and for diff --git a/bluetooth/main.conf b/bluetooth/main.conf index 444aa811..49d47c57 100644 --- a/bluetooth/main.conf +++ b/bluetooth/main.conf @@ -1,7 +1,8 @@ [General] -# Default adapter name -# Defaults to 'BlueZ X.YZ' +# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded. +# The plugin 'hostname' is loaded by default and overides the Name set here so +# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME= instead. #Name = BlueZ # Default device class. Only the major and minor device class bits are @@ -77,6 +78,11 @@ # Default: always #Cache = always +# Minimum required Encryption Key Size for accessing secured characteristics. +# Possible values: 0 and 7-16. 0 means don't care. +# Defaults to 0 +# MinEncKeySize = 0 + [Policy] # # The ReconnectUUIDs defines the set of remote services that should try diff --git a/bluetooth/proximity.conf b/bluetooth/proximity.conf deleted file mode 100644 index 417610ff..00000000 --- a/bluetooth/proximity.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Configuration file for the proximity service - -# This section contains options which are not specific to any -# particular interface -[General] - -# Configuration to allow disabling Proximity services -# Allowed values: LinkLoss,PathLoss,FindMe -Disable=PathLoss diff --git a/cron.daily/logrotate b/cron.daily/logrotate index f4f56a9c..1ac15700 100755 --- a/cron.daily/logrotate +++ b/cron.daily/logrotate @@ -1,4 +1,18 @@ #!/bin/sh -test -x /usr/sbin/logrotate || exit 0 +# skip in favour of systemd timer +if [ -d /run/systemd/system ]; then + exit 0 +fi + +# this cronjob persists removals (but not purges) +if [ ! -x /usr/sbin/logrotate ]; then + exit 0 +fi + /usr/sbin/logrotate /etc/logrotate.conf +EXITVALUE=$? +if [ $EXITVALUE != 0 ]; then + /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" +fi +exit $EXITVALUE diff --git a/drirc b/drirc index c76f1ca4..edf14396 100644 --- a/drirc +++ b/drirc @@ -120,6 +120,10 @@ TODO: document the other workarounds.