mirror of
git://slackware.nl/current.git
synced 2024-12-30 10:24:23 +01:00
11b00957be
a/etc-15.0-x86_64-5.txz: Rebuilt. Don't hardcode passwd/shadow/group additions in doinst.sh - get them from the .new files. a/sysvinit-scripts-2.1-noarch-11.txz: Rebuilt. rc.S: don't start rc.haveged in this script - move it to rc.M. rc.M: start rc.haveged after seeding /dev/urandom in rc.S, and after starting syslogd, klogd, and udev in rc.M. rc.M: start rc.rndg (we don't ship it or rng-tools) after udev. H. Peter Anvin says that it's fine to run both haveged and rndg, and I trust his opinion on that. Thanks to GazL. ap/at-3.1.20-x86_64-4.txz: Rebuilt. Fixed wrong variable in rc.atd. Thanks to upnort. n/libgcrypt-1.8.3-x86_64-1.txz: Upgraded. Use blinding for ECDSA signing to mitigate a novel side-channel attack. For more information, see: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495 (* Security fix *)
114 lines
3.4 KiB
Bash
114 lines
3.4 KiB
Bash
#!/bin/sh
|
|
config() {
|
|
NEW="$1"
|
|
OLD="`dirname $NEW`/`basename $NEW .new`"
|
|
# If there's no config file by that name, mv it over:
|
|
if [ ! -r $OLD ]; then
|
|
mv $NEW $OLD
|
|
elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
|
|
rm $NEW
|
|
fi
|
|
# Otherwise, we leave the .new copy for the admin to consider...
|
|
}
|
|
|
|
# First, make sure any new entries in passwd/shadow/group are added:
|
|
if [ -r etc/passwd -a -r etc/passwd.new ]; then
|
|
cat etc/passwd.new | while read line ; do
|
|
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/passwd ; then
|
|
echo $line >> etc/passwd
|
|
fi
|
|
done
|
|
fi
|
|
if [ -r etc/shadow -a -r etc/shadow.new ]; then
|
|
cat etc/shadow.new | while read line ; do
|
|
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/shadow ; then
|
|
echo $line >> etc/shadow
|
|
fi
|
|
done
|
|
fi
|
|
if [ -r etc/group -a -r etc/group.new ]; then
|
|
cat etc/group.new | while read line ; do
|
|
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/group ; then
|
|
echo $line >> etc/group
|
|
fi
|
|
done
|
|
fi
|
|
|
|
config etc/mtab.new
|
|
config etc/motd.new
|
|
config etc/group.new
|
|
config etc/csh.login.new
|
|
config etc/ld.so.conf.new
|
|
config etc/profile.new
|
|
config etc/hosts.new
|
|
config etc/inputrc.new
|
|
config etc/shadow.new
|
|
config etc/passwd.new
|
|
config etc/printcap.new
|
|
config etc/networks.new
|
|
config etc/HOSTNAME.new
|
|
config etc/gshadow.new
|
|
config etc/issue.new
|
|
config etc/securetty.new
|
|
config etc/shells.new
|
|
config etc/services.new
|
|
config etc/issue.net.new
|
|
config etc/nsswitch.conf.new
|
|
config etc/profile.d/lang.csh.new
|
|
config etc/profile.d/lang.sh.new
|
|
config etc/profile.d/z-dot-in-non-root-path.csh.new
|
|
config etc/profile.d/z-dot-in-non-root-path.sh.new
|
|
config var/log/lastlog.new
|
|
config var/log/wtmp.new
|
|
config var/run/utmp.new
|
|
|
|
if [ -r etc/ld.so.conf.new -a -r etc/ld.so.conf ]; then
|
|
# Ensure that ld.so.conf contains the minimal set of paths:
|
|
cat etc/ld.so.conf | while read pathline ; do
|
|
if ! grep "^${pathline}$" etc/ld.so.conf.new 1> /dev/null 2> /dev/null ; then
|
|
echo "$pathline" >> etc/ld.so.conf.new
|
|
fi
|
|
done
|
|
cp etc/ld.so.conf.new etc/ld.so.conf
|
|
fi
|
|
|
|
# Clean up useless non-examples:
|
|
rm -f etc/mtab.new
|
|
rm -f etc/motd.new
|
|
rm -f etc/ld.so.conf.new
|
|
rm -f etc/hosts.new
|
|
#rm -f etc/shadow.new
|
|
rm -f etc/networks.new
|
|
rm -f etc/HOSTNAME.new
|
|
#rm -f etc/gshadow.new
|
|
rm -f etc/shells.new
|
|
rm -f etc/printcap.new
|
|
rm -f etc/issue.new
|
|
rm -f etc/issue.net.new
|
|
#rm -f etc/profile.d/lang.csh.new
|
|
#rm -f etc/profile.d/lang.sh.new
|
|
rm -f var/run/utmp.new
|
|
rm -f var/log/lastlog.new
|
|
rm -f var/log/wtmp.new
|
|
|
|
# Make sure $HOME is correct for user sddm:
|
|
chroot . /usr/sbin/usermod -d /var/lib/sddm sddm > /dev/null 2> /dev/null
|
|
# Make sure that sddm is a member of group video:
|
|
chroot . /usr/sbin/usermod --groups video sddm > /dev/null 2> /dev/null
|
|
|
|
# Also ensure ownerships/perms:
|
|
chown root.utmp var/run/utmp var/log/wtmp
|
|
chmod 664 var/run/utmp var/log/wtmp
|
|
chown root.shadow etc/shadow etc/gshadow
|
|
chmod 640 etc/shadow etc/gshadow
|
|
|
|
# Match permissions on any leftover config z-dot-in-non-root-path scripts
|
|
# to prevent anyone who turned them on from accidentally losing that setting
|
|
# by moving the .new script into place:
|
|
if [ -r etc/profile.d/z-dot-in-non-root-path.csh.new ]; then
|
|
touch -r etc/profile.d/z-dot-in-non-root-path.csh etc/profile.d/z-dot-in-non-root-path.csh.new
|
|
fi
|
|
if [ -r etc/profile.d/z-dot-in-non-root-path.sh.new ]; then
|
|
touch -r etc/profile.d/z-dot-in-non-root-path.sh etc/profile.d/z-dot-in-non-root-path.sh.new
|
|
fi
|
|
|